Restructure backend into modular API layers with admin/organizador/invitados routes, add role-based middleware, flatten module models, and update build scripts

packages/server/src/api/admin/gifts/routes.ts

@@ -0,0 +1,51 @@
+import { Router } from "express";
+import { GiftService } from "../../../modules/gifts/service";
+import { validateBody } from "../../../core/middleware/validate";
+import { createGiftSchema, createContributionSchema } from "../../../modules/gifts/types";
+import { requireAuth } from "../../../core/middleware/auth";
+
+const service = new GiftService();
+
+export function registerGiftRoutes(router: Router) {
+  const r = Router();
+
+  // Admin routes are protected and can include additional checks
+  r.use(requireAuth);
+
+  r.post("/gift", validateBody(createGiftSchema), async (req, res) => {
+    const ownerId = (req as any).user?.id;
+    const gift = await service.createGift({ ...req.body, ownerId });
+    res.json(gift);
+  });
+
+  r.get("/gift", async (_req, res) => {
+    const gifts = await service.listGifts();
+    res.json(gifts);
+  });
+
+  r.get("/gift/:id", async (req, res) => {
+    const requesterId = (req as any).user?.id;
+    const gift = await service.getGiftById(req.params.id, requesterId);
+    if (!gift) {
+      return res.status(404).json({ error: "Gift not found" });
+    }
+    res.json(gift);
+  });
+
+  r.post(
+    "/gift/contribution",
+    validateBody(createContributionSchema),
+    async (req, res) => {
+      const contribution = await service.createContribution(req.body);
+      res.json(contribution);
+    },
+  );
+
+  r.get("/gift/:id/contributions", async (req, res) => {
+    const requesterId = (req as any).user?.id;
+    const contributions = await service.listContributions(req.params.id, requesterId);
+    res.json(contributions);
+  });
+
+  router.use(r);
+}

packages/server/src/api/admin/guests/routes.ts

@@ -0,0 +1,36 @@
+import { Router } from "express";
+import { GuestService } from "../../../modules/guests/service";
+import { validateBody } from "../../../core/middleware/validate";
+import { createGuestSchema, updateRsvpSchema } from "../../../modules/guests/types";
+
+const service = new GuestService();
+
+export function registerGuestRoutes(router: Router) {
+  const r = Router();
+
+  // Admin can manage guests (same endpoints, can be extended with extra checks)
+
+  r.post("/guest", validateBody(createGuestSchema), async (req, res) => {
+    const guest = await service.createGuest(req.body);
+    res.json(guest);
+  });
+
+  r.get("/guest", async (_req, res) => {
+    const guests = await service.listGuests();
+    res.json(guests);
+  });
+
+  r.patch(
+    "/guest/:id/rsvp",
+    validateBody(updateRsvpSchema),
+    async (req, res) => {
+      const updated = await service.updateRsvp(req.params.id, req.body);
+      if (!updated) {
+        return res.status(404).json({ error: "Guest not found" });
+      }
+      res.json(updated);
+    },
+  );
+
+  router.use(r);
+}

packages/server/src/api/admin/routes.ts

@@ -0,0 +1,19 @@
+import { Router } from "express";
+import { requireRole } from "../middleware";
+import { registerGuestRoutes } from "./guests/routes";
+import { registerGiftRoutes } from "./gifts/routes";
+import { registerTodoRoutes } from "./todos/routes";
+
+export function registerAdminRoutes() {
+  const router = Router();
+
+  // Admin routes are intended for administrators.
+  // Access control is enforced in api/index.ts, but individual route groups
+  // also apply role checks so they remain safe if reused elsewhere.
+
+  registerGuestRoutes(router);
+  registerGiftRoutes(router);
+  registerTodoRoutes(router);
+
+  return router;
+}

packages/server/src/api/admin/todos/routes.ts

@@ -0,0 +1,33 @@
+import { Router } from "express";
+import { TodoService } from "../../../modules/todos/service";
+import { validateBody } from "../../../core/middleware/validate";
+import { createTodoSchema } from "../../../modules/todos/types";
+import { requireAuth } from "../../../core/middleware/auth";
+
+const service = new TodoService();
+
+export function registerTodoRoutes(router: Router) {
+  const r = Router();
+
+  r.use(requireAuth);
+
+  r.post("/todo", validateBody(createTodoSchema), async (req, res) => {
+    const todo = await service.createTodo(req.body);
+    res.json(todo);
+  });
+
+  r.get("/todo", async (_req, res) => {
+    const todos = await service.listTodos();
+    res.json(todos);
+  });
+
+  r.patch("/todo/:id/complete", async (req, res) => {
+    const updated = await service.markComplete(req.params.id);
+    if (!updated) {
+      return res.status(404).json({ error: "Todo not found" });
+    }
+    res.json(updated);
+  });
+
+  router.use(r);
+}