feat: add edited_at column to notes and implement note update functionality with audit logging

2025-11-18 09:43:39 +01:00
parent acb7117c7d
commit fae7615818
4 changed files with 222 additions and 83 deletions
--- a/src/app/api/notes/route.js
+++ b/src/app/api/notes/route.js
@@ -136,50 +136,7 @@ async function deleteNoteHandler(req, { params }) {
 	return NextResponse.json({ success: true });
 }

-async function updateNoteHandler(req, { params }) {
-	const { id } = await params;
-	const noteId = id;
-	const { note } = await req.json();
-
-	if (!note || !noteId) {
-		return NextResponse.json({ error: "Missing note or ID" }, { status: 400 });
-	}
-
-	// Get original note for audit log
-	const originalNote = db
-		.prepare("SELECT * FROM notes WHERE note_id = ?")
-		.get(noteId);
-
-	db.prepare(
-		`
-	  UPDATE notes SET note = ? WHERE note_id = ?
-	`
-	).run(note, noteId);
-
-	// Log note update
-	await logApiActionSafe(
-		req,
-		AUDIT_ACTIONS.NOTE_UPDATE,
-		RESOURCE_TYPES.NOTE,
-		noteId,
-		req.auth, // Use req.auth instead of req.session
-		{
-			originalNote: {
-				note_length: originalNote?.note?.length || 0,
-				project_id: originalNote?.project_id,
-				task_id: originalNote?.task_id,
-			},
-			updatedNote: {
-				note_length: note.length,
-			},
-		}
-	);
-
-	return NextResponse.json({ success: true });
-}
-
 // Protected routes - require authentication
 export const GET = withReadAuth(getNotesHandler);
 export const POST = withUserAuth(createNoteHandler);
 export const DELETE = withUserAuth(deleteNoteHandler);
-export const PUT = withUserAuth(updateNoteHandler);