4 * @description Order management API routes. Retrieves order records with tenant filtering. Basic endpoint for order history and tracking.
5 * @see {@link ../services/db} for database connection
6 * @see {@link ../middleware/auth} for authentication middleware
7 * @see {@link ../middleware/tenant} for tenant context utilities
8 * @apiDefine OrdersGroup Orders
10 * @apiHeader {string} Authorization Bearer token required.
11 * @apiError (Error 401) Unauthorized Missing or invalid token.
12 * @apiError (Error 500) ServerError Internal server error.
15const express = require('express');
16const router = express.Router();
17const pool = require('../services/db');
18const authenticateToken = require('../middleware/auth');
20const { getTenantFilter } = require('../middleware/tenant');
22// Define your routes for orders here
25 * @api {get} /orders List all orders
28 * @apiDescription Retrieve all orders for the current tenant, ordered by creation date (newest first). Returns complete order records with tenant filtering applied automatically.
29 * @apiSuccess {object[]} orders Array of order objects.
30 * @apiSuccess {number} orders.order_id Order ID.
31 * @apiSuccess {Date} orders.created_at Order creation timestamp.
32 * @apiExample {curl} Example usage:
33 * curl -H "Authorization: Bearer <token>" https://api.example.com/orders
35router.get('/', authenticateToken, async (req, res) => {
37 const { clause: tenantClause, params: tenantParams } = getTenantFilter(req);
38 let query = `SELECT * FROM orders`;
40 query += ` WHERE ${tenantClause}`;
42 query += ' ORDER BY created_at DESC';
43 const result = await pool.query(query, tenantParams);
44 res.json(result.rows);
46 console.error('Error fetching orders:', err);
47 res.status(500).send('Server error');
52module.exports = router;
1.14.0