feat(backend): re-implement team management routes for CRUD operations

Author: Lasim

services/backend/src/routes/teams/createTeam.ts

@@ -0,0 +1,85 @@
+import type { FastifyInstance, FastifyRequest, FastifyReply } from 'fastify';
+import { ZodError } from 'zod';
+import { createSchema } from 'zod-openapi';
+import { TeamService } from '../../services/teamService';
+import { requirePermission } from '../../middleware/roleMiddleware';
+import { CreateTeamSchema, TeamResponseSchema, ErrorResponseSchema, type CreateTeamInput } from './schemas';
+
+export default async function createTeamRoute(fastify: FastifyInstance) {
+  // POST /teams - Create a new team
+  fastify.post<{ Body: CreateTeamInput }>('/teams', {
+    schema: {
+      tags: ['Teams'],
+      summary: 'Create new team',
+      description: 'Creates a new team with the specified name and description. Users can create up to 3 teams maximum. The slug is automatically generated from the team name and made unique.',
+      security: [{ cookieAuth: [] }],
+      body: createSchema(CreateTeamSchema),
+      response: {
+        201: createSchema(TeamResponseSchema.describe('Team created successfully')),
+        400: createSchema(ErrorResponseSchema.describe('Bad Request - Validation error or team limit reached')),
+        401: createSchema(ErrorResponseSchema.describe('Unauthorized - Authentication required')),
+        403: createSchema(ErrorResponseSchema.describe('Forbidden - Insufficient permissions')),
+        500: createSchema(ErrorResponseSchema.describe('Internal Server Error'))
+      }
+    },
+    preValidation: requirePermission('teams.create'),
+  }, async (request: FastifyRequest<{ Body: CreateTeamInput }>, reply: FastifyReply) => {
+    try {
+      if (!request.user) {
+        return reply.status(401).send({
+          success: false,
+          error: 'Authentication required',
+        });
+      }
+
+      // Validate request body
+      const validatedData = CreateTeamSchema.parse(request.body);
+
+      // Check if user can create more teams (3 team limit)
+      const canCreate = await TeamService.canUserCreateTeam(request.user.id);
+      if (!canCreate) {
+        return reply.status(400).send({
+          success: false,
+          error: 'You have reached the maximum limit of 3 teams',
+        });
+      }
+
+      // Create the team
+      const team = await TeamService.createTeam({
+        name: validatedData.name,
+        description: validatedData.description,
+        owner_id: request.user.id,
+      });
+
+      return reply.status(201).send({
+        success: true,
+        data: team,
+        message: 'Team created successfully',
+      });
+    } catch (error) {
+      if (error instanceof ZodError) {
+        return reply.status(400).send({
+          success: false,
+          error: 'Validation error',
+          details: error.issues,
+        });
+      }
+
+      if (error instanceof Error) {
+        // Handle specific team creation errors
+        if (error.message.includes('slug')) {
+          return reply.status(400).send({
+            success: false,
+            error: 'Team name conflicts with existing team',
+          });
+        }
+      }
+
+      fastify.log.error(error, 'Error creating team');
+      return reply.status(500).send({
+        success: false,
+        error: 'Failed to create team',
+      });
+    }
+  });
+}

services/backend/src/routes/teams/deleteTeam.ts

@@ -0,0 +1,98 @@
+import type { FastifyInstance, FastifyRequest, FastifyReply } from 'fastify';
+import { createSchema } from 'zod-openapi';
+import { TeamService } from '../../services/teamService';
+import { requirePermission } from '../../middleware/roleMiddleware';
+import { ErrorResponseSchema } from './schemas';
+
+export default async function deleteTeamRoute(fastify: FastifyInstance) {
+  // DELETE /teams/:id - Delete team
+  fastify.delete<{ Params: { id: string } }>('/teams/:id', {
+    schema: {
+      tags: ['Teams'],
+      summary: 'Delete team',
+      description: 'Deletes a team from the system. Only team owners can delete teams. Default teams cannot be deleted.',
+      security: [{ cookieAuth: [] }],
+      params: {
+        type: 'object',
+        properties: {
+          id: { type: 'string' }
+        },
+        required: ['id']
+      },
+      response: {
+        200: {
+          type: 'object',
+          properties: {
+            success: { type: 'boolean' },
+            message: { type: 'string' }
+          },
+          required: ['success', 'message']
+        },
+        400: createSchema(ErrorResponseSchema.describe('Bad Request - Cannot delete default team or team has active resources')),
+        401: createSchema(ErrorResponseSchema.describe('Unauthorized - Authentication required')),
+        403: createSchema(ErrorResponseSchema.describe('Forbidden - Insufficient permissions')),
+        404: createSchema(ErrorResponseSchema.describe('Not Found - Team not found')),
+        500: createSchema(ErrorResponseSchema.describe('Internal Server Error'))
+      }
+    },
+    preValidation: requirePermission('teams.delete'),
+  }, async (request: FastifyRequest<{ Params: { id: string } }>, reply: FastifyReply) => {
+    try {
+      if (!request.user) {
+        return reply.status(401).send({
+          success: false,
+          error: 'Authentication required',
+        });
+      }
+
+      const teamId = request.params.id;
+
+      // Check if team exists
+      const existingTeam = await TeamService.getTeamById(teamId);
+      if (!existingTeam) {
+        return reply.status(404).send({
+          success: false,
+          error: 'Team not found',
+        });
+      }
+
+      // Check if user is team owner
+      if (existingTeam.owner_id !== request.user.id) {
+        return reply.status(403).send({
+          success: false,
+          error: 'Only team owners can delete teams',
+        });
+      }
+
+      // Check if it's a default team
+      if (existingTeam.is_default) {
+        return reply.status(400).send({
+          success: false,
+          error: 'Default teams cannot be deleted',
+        });
+      }
+
+      // Delete the team
+      await TeamService.deleteTeam(teamId);
+
+      return reply.status(200).send({
+        success: true,
+        message: 'Team deleted successfully',
+      });
+    } catch (error) {
+      if (error instanceof Error && error.message.includes('active resources')) {
+        return reply.status(400).send({
+          success: false,
+          error: 'Cannot delete team with active resources',
+        });
+      }
+
+      fastify.log.error(error, 'Error deleting team');
+      return reply.status(500).send({
+        success: false,
+        error: 'Failed to delete team',
+        details: error instanceof Error ? error.message : 'Unknown error'
+      });
+    }
+  });
+}

services/backend/src/routes/teams/getDefaultTeam.ts

@@ -0,0 +1,73 @@
+import type { FastifyInstance, FastifyRequest, FastifyReply } from 'fastify';
+import { createSchema } from 'zod-openapi';
+import { TeamService } from '../../services/teamService';
+import { requireAuthenticationAny, requireOAuthScope } from '../../middleware/oauthMiddleware';
+import { TeamResponseSchema, ErrorResponseSchema } from './schemas';
+
+export default async function getDefaultTeamRoute(fastify: FastifyInstance) {
+  // GET /teams/me/default - Get current user's default team
+  fastify.get('/teams/me/default', {
+    schema: {
+      tags: ['Teams'],
+      summary: 'Get current user default team',
+      description: 'Retrieves the default team for the currently authenticated user. Supports both cookie-based authentication (for web users) and OAuth2 Bearer token authentication (for CLI users). Requires teams:read scope for OAuth2 access.',
+      security: [
+        { cookieAuth: [] },
+        { bearerAuth: [] }
+      ],
+      response: {
+        200: createSchema(TeamResponseSchema.describe('Default team retrieved successfully')),
+        401: createSchema(ErrorResponseSchema.describe('Unauthorized - Authentication required or invalid token')),
+        403: createSchema(ErrorResponseSchema.describe('Forbidden - Insufficient permissions or scope')),
+        404: createSchema(ErrorResponseSchema.describe('Not Found - No default team found')),
+        500: createSchema(ErrorResponseSchema.describe('Internal Server Error'))
+      }
+    },
+    preValidation: [
+      requireAuthenticationAny(),
+      requireOAuthScope('teams:read')
+    ]
+  }, async (request: FastifyRequest, reply: FastifyReply) => {
+    try {
+      if (!request.user) {
+        return reply.status(401).send({
+          success: false,
+          error: 'Authentication required',
+        });
+      }
+
+      const authType = request.tokenPayload ? 'oauth2' : 'cookie';
+      const userId = request.user.id;
+
+      request.log.debug({
+        operation: 'get_user_default_team',
+        userId,
+        authType,
+        clientId: request.tokenPayload?.clientId,
+        scope: request.tokenPayload?.scope,
+        endpoint: request.url
+      }, 'Authentication method determined for default team retrieval');
+
+      const defaultTeam = await TeamService.getUserDefaultTeam(request.user.id);
+      
+      if (!defaultTeam) {
+        return reply.status(404).send({
+          success: false,
+          error: 'No default team found',
+        });
+      }
+
+      return reply.status(200).send({
+        success: true,
+        data: defaultTeam,
+        message: 'Default team retrieved successfully',
+      });
+    } catch (error) {
+      fastify.log.error(error, 'Error fetching user default team');
+      return reply.status(500).send({
+        success: false,
+        error: 'Failed to fetch default team',
+      });
+    }
+  });
+}

services/backend/src/routes/teams/getTeamById.ts

@@ -0,0 +1,118 @@
+import type { FastifyInstance, FastifyRequest, FastifyReply } from 'fastify';
+import { z } from 'zod';
+import { createSchema } from 'zod-openapi';
+import { TeamService } from '../../services/teamService';
+import { requireAuthenticationAny, requireOAuthScope } from '../../middleware/oauthMiddleware';
+import { TeamWithRoleInfoSchema, ErrorResponseSchema } from './schemas';
+
+export default async function getTeamByIdRoute(fastify: FastifyInstance) {
+  // GET /teams/:id - Get team by ID with user role info
+  fastify.get<{ Params: { id: string } }>('/teams/:id', {
+    schema: {
+      tags: ['Teams'],
+      summary: 'Get team by ID with user role',
+      description: 'Retrieves a specific team by its ID with the current user\'s role and permissions within that team. User must be a member of the team. Supports both cookie-based authentication (for web users) and OAuth2 Bearer token authentication (for CLI users). Requires teams:read scope for OAuth2 access.',
+      security: [
+        { cookieAuth: [] },
+        { bearerAuth: [] }
+      ],
+      params: {
+        type: 'object',
+        properties: {
+          id: { type: 'string' }
+        },
+        required: ['id']
+      },
+      response: {
+        200: createSchema(z.object({
+          success: z.boolean().describe('Indicates if the operation was successful'),
+          data: TeamWithRoleInfoSchema.describe('Team data with user role information')
+        }).describe('Team retrieved successfully with user role info')),
+        401: createSchema(ErrorResponseSchema.describe('Unauthorized - Authentication required or invalid token')),
+        403: createSchema(ErrorResponseSchema.describe('Forbidden - Insufficient permissions or scope')),
+        404: createSchema(ErrorResponseSchema.describe('Not Found - Team not found')),
+        500: createSchema(ErrorResponseSchema.describe('Internal Server Error'))
+      }
+    },
+    preValidation: [
+      requireAuthenticationAny(),
+      requireOAuthScope('teams:read')
+    ]
+  }, async (request: FastifyRequest<{ Params: { id: string } }>, reply: FastifyReply) => {
+    try {
+      if (!request.user) {
+        const errorResponse = {
+          success: false,
+          error: 'Authentication required'
+        };
+        const jsonString = JSON.stringify(errorResponse);
+        return reply.status(401).type('application/json').send(jsonString);
+      }
+
+      const authType = request.tokenPayload ? 'oauth2' : 'cookie';
+      const userId = request.user.id;
+      const teamId = request.params.id;
+
+      request.log.debug({
+        operation: 'get_team_by_id',
+        userId,
+        teamId,
+        authType,
+        clientId: request.tokenPayload?.clientId,
+        scope: request.tokenPayload?.scope,
+        endpoint: request.url
+      }, 'Authentication method determined for team retrieval');
+
+      const team = await TeamService.getTeamById(teamId);
+
+      if (!team) {
+        const errorResponse = {
+          success: false,
+          error: 'Team not found'
+        };
+        const jsonString = JSON.stringify(errorResponse);
+        return reply.status(404).type('application/json').send(jsonString);
+      }
+
+      // Check if user has access to this team
+      const isTeamMember = await TeamService.isTeamMember(teamId, request.user.id);
+      
+      if (!isTeamMember) {
+        const errorResponse = {
+          success: false,
+          error: 'You do not have access to this team'
+        };
+        const jsonString = JSON.stringify(errorResponse);
+        return reply.status(403).type('application/json').send(jsonString);
+      }
+
+      // Get user's role and permissions within this team
+      const membership = await TeamService.getTeamMembership(teamId, request.user.id);
+      const memberCount = await TeamService.getTeamMemberCount(teamId);
+      
+      // Build team response with role information
+      const teamWithRoleInfo = {
+        ...team,
+        role: membership?.role || 'team_user',
+        is_admin: membership?.role === 'team_admin',
+        is_owner: team.owner_id === request.user.id,
+        member_count: memberCount
+      };
+
+      const successResponse = {
+        success: true,
+        data: teamWithRoleInfo
+      };
+      const jsonString = JSON.stringify(successResponse);
+      return reply.status(200).type('application/json').send(jsonString);
+    } catch (error) {
+      fastify.log.error(error, 'Error fetching team');
+      const errorResponse = {
+        success: false,
+        error: 'Failed to fetch team'
+      };
+      const jsonString = JSON.stringify(errorResponse);
+      return reply.status(500).type('application/json').send(jsonString);
+    }
+  });
+}