From f5a0df779522a905a6b2f7e88722e83b0a9229dc Mon Sep 17 00:00:00 2001
From: ajdj100 <ajairplane@gmail.com>
Date: Tue, 9 Dec 2025 17:02:39 -0500
Subject: [PATCH] Supported public vs internal application comments, and moved
 some type dependencies to the shared lib

---
 api/src/routes/applications.ts                | 66 +++++++++++++-
 api/src/services/applicationService.ts        |  9 +-
 shared/types/application.ts                   |  1 +
 ui/src/api/application.ts                     | 90 ++++---------------
 .../application/ApplicationChat.vue           | 32 +++++--
 .../application/ApplicationForm.vue           |  2 +-
 ui/src/pages/Application.vue                  | 14 ++-
 ui/src/pages/ManageApplications.vue           |  3 +-
 ui/src/pages/MyApplications.vue               |  3 +-
 9 files changed, 128 insertions(+), 92 deletions(-)

diff --git a/api/src/routes/applications.ts b/api/src/routes/applications.ts
index bf877e0..c79514e 100644
--- a/api/src/routes/applications.ts
+++ b/api/src/routes/applications.ts
@@ -8,6 +8,7 @@ import { getRankByName, insertMemberRank } from '../services/rankService';
 import { ApplicationFull, CommentRow } from "@app/shared/types/application"
 import { assignUserToStatus } from '../services/statusService';
 import { Request, Response } from 'express';
+import { getUserRoles } from '../services/rolesService';
 
 // POST /application
 router.post('/', async (req, res) => {
@@ -104,14 +105,28 @@ router.get('/me/:id', async (req: Request, res: Response) => {
 });
 
 // GET /application/:id
-router.get('/:id', async (req, res) => {
-  let appID = req.params.id;
+router.get('/:id', async (req: Request, res: Response) => {
+  let appID = Number(req.params.id);
+  let asAdmin = !!req.query.admin || false;
+  let user = req.user.id;
+
+  //TODO: Replace this with bigger authorization system eventually
+  if (asAdmin) {
+    let allowed = (await getUserRoles(user)).some((role) =>
+      role.name.toLowerCase() === 'dev' ||
+      role.name.toLowerCase() === 'recruiter' ||
+      role.name.toLowerCase() === 'administrator')
+    console.log(allowed)
+    if (!allowed) {
+      return res.sendStatus(403)
+    }
+  }
   try {
     const application = await getApplicationByID(appID);
     if (application === undefined)
       return res.sendStatus(204);
 
-    const comments: CommentRow[] = await getApplicationComments(appID);
+    const comments: CommentRow[] = await getApplicationComments(appID, asAdmin);
 
     const output: ApplicationFull = {
       application,
@@ -211,6 +226,51 @@ VALUES(?, ?, ?);`
   }
 });
 
+// POST /application/:id/comment
+router.post('/:id/adminComment', async (req: Request, res: Response) => {
+  const appID = req.params.id;
+  const data = req.body.message;
+  const user = req.user;
+
+  console.log(user)
+
+  const sql = `INSERT INTO application_comments(
+    application_id,
+    poster_id,
+    post_content,
+    admin_only
+  )
+VALUES(?, ?, ?, 1);`
+
+  try {
+    const conn = await pool.getConnection();
+
+    const result = await conn.query(sql, [appID, user.id, data])
+    console.log(result)
+    if (result.affectedRows !== 1) {
+      conn.release();
+      throw new Error("Insert Failure")
+    }
+
+    const getSQL = `SELECT app.id AS comment_id,
+      app.post_content,
+      app.poster_id,
+      app.post_time,
+      app.last_modified,
+      app.admin_only,
+      member.name AS poster_name
+        FROM application_comments AS app
+          INNER JOIN members AS member ON member.id = app.poster_id
+        WHERE app.id = ?; `;
+    const comment = await conn.query(getSQL, [result.insertId])
+    res.status(201).json(comment[0]);
+
+  } catch (err) {
+    console.error('Comment failed:', err);
+    res.status(500).json({ error: 'Could not post comment' });
+  }
+});
+
 router.post('/restart', async (req: Request, res: Response) => {
   const user = req.user.id;
   try {
diff --git a/api/src/services/applicationService.ts b/api/src/services/applicationService.ts
index 3224479..dceaad3 100644
--- a/api/src/services/applicationService.ts
+++ b/api/src/services/applicationService.ts
@@ -90,15 +90,20 @@ export async function denyApplication(id: number) {
   }
 }
 
-export async function getApplicationComments(appID: number): Promise<CommentRow[]> {
+export async function getApplicationComments(appID: number, admin: boolean = false): Promise<CommentRow[]> {
+  const excludeAdmin = ' AND app.admin_only = false';
+
+  const whereClause = `WHERE app.application_id = ?${!admin ? excludeAdmin : ''}`;
+
   return await pool.query(`SELECT app.id AS comment_id,
           app.post_content,
           app.poster_id,
           app.post_time,
           app.last_modified,
+          app.admin_only,
           member.name AS poster_name
         FROM application_comments AS app
           INNER JOIN members AS member ON member.id = app.poster_id
-        WHERE app.application_id = ?;`,
+        ${whereClause}`,
     [appID]);
 }
\ No newline at end of file
diff --git a/shared/types/application.ts b/shared/types/application.ts
index f8b648d..12b0db5 100644
--- a/shared/types/application.ts
+++ b/shared/types/application.ts
@@ -40,6 +40,7 @@ export interface CommentRow {
     post_time: string;
     last_modified: string | null;
     poster_name: string;
+    admin_only: boolean;
 }
 
 export interface ApplicationFull {
diff --git a/ui/src/api/application.ts b/ui/src/api/application.ts
index ef5c543..8f60f1e 100644
--- a/ui/src/api/application.ts
+++ b/ui/src/api/application.ts
@@ -1,80 +1,11 @@
-export type ApplicationDto = Partial<{
-  age: number | string
-  name: string
-  playtime: number | string
-  hobbies: string
-  military: boolean
-  communities: string
-  joinReason: string
-  milsimAttraction: string
-  referral: string
-  steamProfile: string
-  timezone: string
-  canAttendSaturday: boolean
-  interests: string
-  aknowledgeRules: boolean
-}>
-
-export interface ApplicationData {
-  dob: string;
-  name: string;
-  playtime: number;
-  hobbies: string;
-  military: boolean;
-  communities: string;
-  joinReason: string;
-  milsimAttraction: string;
-  referral: string;
-  steamProfile: string;
-  timezone: string;
-  canAttendSaturday: boolean;
-  interests: string;
-  aknowledgeRules: boolean;
-}
-
-//reflects how applications are stored in the database
-export interface ApplicationRow {
-  id: number;
-  member_id: number;
-  app_version: number;
-  app_data: ApplicationData;
-
-  submitted_at: string;        // ISO datetime from DB (e.g., "2025-08-25T18:04:29.000Z")
-  updated_at: string | null;
-  approved_at: string | null;
-  denied_at: string | null;
-
-  app_status: ApplicationStatus;       // generated column
-  decision_at: string | null;  // generated column
-
-  // present when you join members (e.g., SELECT a.*, m.name AS member_name)
-  member_name: string;
-}
-export interface CommentRow {
-  comment_id: number;
-  post_content: string;
-  poster_id: number;
-  post_time: string;
-  last_modified: string | null;
-  poster_name: string;
-}
-
-export interface ApplicationFull {
-  application: ApplicationRow;
-  comments: CommentRow[];
-}
+import { ApplicationFull } from "@shared/types/application";
 
 
-export enum ApplicationStatus {
-  Pending = "Pending",
-  Accepted = "Accepted",
-  Denied = "Denied",
-}
 //  @ts-ignore
 const addr = import.meta.env.VITE_APIHOST;
 
-export async function loadApplication(id: number | string): Promise<ApplicationFull | null> {
-  const res = await fetch(`${addr}/application/${id}`, { credentials: 'include' })
+export async function loadApplication(id: number | string, asAdmin: boolean = false): Promise<ApplicationFull | null> {
+  const res = await fetch(`${addr}/application/${id}?admin=${asAdmin}`, { credentials: 'include' })
   if (res.status === 204) return null
   if (!res.ok) throw new Error('Failed to load application')
   const json = await res.json()
@@ -112,6 +43,21 @@ export async function postChatMessage(message: any, post_id: number) {
   return await response.json();
 }
 
+export async function postAdminChatMessage(message: any, post_id: number) {
+  const out = {
+    message: message
+  }
+
+  const response = await fetch(`${addr}/application/${post_id}/adminComment`, {
+    method: 'POST',
+    credentials: 'include',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify(out),
+  })
+
+  return await response.json();
+}
+
 export async function getAllApplications(): Promise<ApplicationFull> {
   const res = await fetch(`${addr}/application/all`)
 
diff --git a/ui/src/components/application/ApplicationChat.vue b/ui/src/components/application/ApplicationChat.vue
index cc1d653..896ad0d 100644
--- a/ui/src/components/application/ApplicationChat.vue
+++ b/ui/src/components/application/ApplicationChat.vue
@@ -11,13 +11,18 @@ import {
 import Textarea from '@/components/ui/textarea/Textarea.vue'
 import { toTypedSchema } from '@vee-validate/zod'
 import * as z from 'zod'
+import { useAuth } from '@/composables/useAuth'
+import { CommentRow } from '@shared/types/application'
+import { Dot } from 'lucide-vue-next'
+import { ref } from 'vue'
 
 const props = defineProps<{
-  messages: Array<Record<string, any>>
+  messages: CommentRow[]
 }>()
 
 const emit = defineEmits<{
   (e: 'post', text: string): void
+  (e: 'postInternal', text: string): void
 }>()
 
 const commentSchema = toTypedSchema(
@@ -26,9 +31,14 @@ const commentSchema = toTypedSchema(
   })
 )
 
+const submitMode = ref("public");
+
 // vee-validate passes (values, actions) to @submit
 function onSubmit(values: { text: string }, { resetForm }: { resetForm: () => void }) {
-  emit('post', values.text.trim())
+  if (submitMode.value === "internal")
+    emit('postInternal', values.text.trim())
+  else
+    emit('post', values.text.trim())
   resetForm()
 }
 </script>
@@ -48,25 +58,31 @@ function onSubmit(values: { text: string }, { resetForm }: { resetForm: () => vo
       </FormField>
 
       <!-- Button below, right-aligned -->
-      <div class="mt-2 flex justify-end">
-        <Button type="submit">Post</Button>
+      <div class="mt-2 flex justify-end gap-2">
+        <Button type="submit" @click="submitMode = 'internal'" variant="outline">Post (Internal)</Button>
+        <Button type="submit" @click="submitMode = 'public'">Post</Button>
       </div>
     </Form>
 
     <!-- Existing posts -->
     <div class="space-y-3">
-      <div v-for="(message, i) in props.messages" :key="message.id ?? i"
-        class="rounded-md border border-neutral-800 p-3 space-y-5">
+      <div v-for="(message, i) in props.messages" :key="message.comment_id ?? i" class="rounded-md border p-3 space-y-5"
+        :class="message.admin_only ? 'border-amber-300/70' : 'border-neutral-800'">
         <!-- Comment header -->
         <div class="flex justify-between">
-          <p>{{ message.poster_name }}</p>
+          <div class="flex">
+            <p>{{ message.poster_name }}</p>
+            <p v-if="message.admin_only" class="flex">
+              <Dot /><span class="text-amber-300">Internal</span>
+            </p>
+          </div>
           <p class="text-muted-foreground">{{ new Date(message.post_time).toLocaleString("EN-us", {
             year: "numeric",
             month: "long",
             day: "numeric",
             hour: "2-digit",
             minute: "2-digit"
-            }) }}</p>
+          }) }}</p>
         </div>
         <p>{{ message.post_content }}</p>
       </div>
diff --git a/ui/src/components/application/ApplicationForm.vue b/ui/src/components/application/ApplicationForm.vue
index 9bcc058..eb1a85f 100644
--- a/ui/src/components/application/ApplicationForm.vue
+++ b/ui/src/components/application/ApplicationForm.vue
@@ -16,7 +16,7 @@ import { Form } from 'vee-validate';
 import { onMounted, ref } from 'vue';
 import * as z from 'zod';
 import DateInput from '../form/DateInput.vue';
-import { ApplicationData } from '@/api/application';
+import { ApplicationData } from '@shared/types/application';
 
 const regexA = /^https?:\/\/steamcommunity\.com\/id\/[A-Za-z0-9_]+\/?$/;
 const regexB = /^https?:\/\/steamcommunity\.com\/profiles\/\d+\/?$/;
diff --git a/ui/src/pages/Application.vue b/ui/src/pages/Application.vue
index 091c926..0c30c0e 100644
--- a/ui/src/pages/Application.vue
+++ b/ui/src/pages/Application.vue
@@ -2,15 +2,16 @@
 import ApplicationChat from '@/components/application/ApplicationChat.vue';
 import ApplicationForm from '@/components/application/ApplicationForm.vue';
 import { onMounted, ref } from 'vue';
-import { ApplicationData, approveApplication, denyApplication, loadApplication, postApplication, postChatMessage, ApplicationStatus, getMyApplication, ApplicationFull } from '@/api/application';
+import { approveApplication, denyApplication, loadApplication, postApplication, postChatMessage, getMyApplication, postAdminChatMessage } from '@/api/application';
 import { useRoute } from 'vue-router';
 import Button from '@/components/ui/button/Button.vue';
 import { CheckIcon, XIcon } from 'lucide-vue-next';
 import Unauthorized from './Unauthorized.vue';
+import { ApplicationData, ApplicationFull, ApplicationStatus, CommentRow } from '@shared/types/application';
 
 const appData = ref<ApplicationData>(null);
 const appID = ref<number | null>(null);
-const chatData = ref<object[]>([])
+const chatData = ref<CommentRow[]>([])
 const readOnly = ref<boolean>(false);
 const newApp = ref<boolean>(null);
 const status = ref<ApplicationStatus>(null);
@@ -47,7 +48,7 @@ onMounted(async () => {
     //recruiter mode
     if (props.mode === 'view-recruiter') {
         finalMode.value = 'view-recruiter';
-        loadData(await loadApplication(Number(route.params.id)))
+        loadData(await loadApplication(Number(route.params.id), true))
     }
 
     //viewer mode
@@ -87,6 +88,10 @@ async function postComment(comment) {
     chatData.value.push(await postChatMessage(comment, appID.value));
 }
 
+async function postCommentInternal(comment) {
+    chatData.value.push(await postAdminChatMessage(comment, appID.value));
+}
+
 const emit = defineEmits(['submit']);
 
 async function postApp(appData) {
@@ -159,7 +164,8 @@ async function handleDeny(id) {
             </ApplicationForm>
             <div v-if="!newApp" class="pb-15">
                 <h3 class="scroll-m-20 text-2xl font-semibold tracking-tight mb-4">Discussion</h3>
-                <ApplicationChat :messages="chatData" @post="postComment"></ApplicationChat>
+                <ApplicationChat :messages="chatData" @post="postComment" @post-internal="postCommentInternal">
+                </ApplicationChat>
             </div>
         </div>
 
diff --git a/ui/src/pages/ManageApplications.vue b/ui/src/pages/ManageApplications.vue
index cc3e689..a19316b 100644
--- a/ui/src/pages/ManageApplications.vue
+++ b/ui/src/pages/ManageApplications.vue
@@ -1,5 +1,6 @@
 <script setup>
-import { getAllApplications, approveApplication, denyApplication, ApplicationStatus } from '@/api/application';
+import { getAllApplications, approveApplication, denyApplication     } from '@/api/application';
+import { ApplicationStatus } from '@shared/types/application'
 import {
     Table,
     TableBody,
diff --git a/ui/src/pages/MyApplications.vue b/ui/src/pages/MyApplications.vue
index 5c21ae6..b73916f 100644
--- a/ui/src/pages/MyApplications.vue
+++ b/ui/src/pages/MyApplications.vue
@@ -1,5 +1,6 @@
 <script setup>
-import { getAllApplications, approveApplication, denyApplication, ApplicationStatus, loadMyApplications } from '@/api/application';
+import { loadMyApplications } from '@/api/application';
+import { ApplicationStatus } from '@shared/types/application';
 import {
     Table,
     TableBody,