update expense-claims

backend/src/modules/hr/hr.routes.ts

@@ -2,8 +2,50 @@ import { Router } from 'express';
 import { hrController } from './hr.controller';
 import { portalController } from './portal.controller';
 import { authenticate, authorize } from '../../shared/middleware/auth';
+import multer from 'multer';
+import path from 'path';
+import fs from 'fs';
+import crypto from 'crypto';
+import { config } from '../../config';
 
 const router = Router();
+const expenseClaimsUploadDir = path.join(config.upload.path, 'expense-claims');
+
+if (!fs.existsSync(expenseClaimsUploadDir)) {
+  fs.mkdirSync(expenseClaimsUploadDir, { recursive: true });
+}
+
+const expenseClaimStorage = multer.diskStorage({
+  destination: (_req, _file, cb) => cb(null, expenseClaimsUploadDir),
+  filename: (_req, file, cb) => {
+    const safeName = (file.originalname || 'file').replace(/[^a-zA-Z0-9.-]/g, '_');
+    cb(null, `${crypto.randomUUID()}-${safeName}`);
+  },
+});
+
+const expenseClaimUpload = multer({
+  storage: expenseClaimStorage,
+  limits: { fileSize: config.upload.maxFileSize },
+
+  fileFilter: (_req, file, cb) => {
+    const allowedTypes = [
+      'image/jpeg',
+      'image/png',
+      'image/webp',
+      'image/gif',
+      'application/pdf',
+    ];
+
+    if (!allowedTypes.includes(file.mimetype)) {
+      return cb(
+        new Error('نوع الملف غير مدعوم. يرجى رفع صورة أو ملف PDF.')
+      );
+    }
+
+    cb(null, true);
+  },
+});
+
 router.use(authenticate);
 
 // ========== EMPLOYEE PORTAL (authenticate only, scoped by employeeId) ==========
@@ -60,13 +102,27 @@ router.get('/portal/attendance', portalController.getMyAttendance);
 router.get('/portal/salaries', portalController.getMySalaries);
 
 router.get('/portal/expense-claims', portalController.getMyExpenseClaims);
-router.post('/portal/expense-claims', portalController.submitExpenseClaim);
+router.post(
+  '/portal/expense-claims',
+  (req, res, next) => {
+    expenseClaimUpload.single('attachment')(req, res, (error: any) => {
+      if (error) {
+        return res.status(400).json({
+          success: false,
+          message: error.message || 'تعذر رفع المرفق',
+        });
+      }
 
-router.get(
-  '/portal/managed-expense-claims',
-  authorize('department_expense_claims', '*', 'read'),
-  portalController.getManagedExpenseClaims
+      next();
+    });
+  },
+  portalController.submitExpenseClaim
 );
+router.get(
+  '/portal/expense-claims/attachments/:attachmentId/view',
+  portalController.viewExpenseClaimAttachment
+);
+router.get('/portal/managed-expense-claims', authorize('department_expense_claims', '*', 'read'), portalController.getManagedExpenseClaims);
 
 router.post(
   '/portal/managed-expense-claims/:id/approve',