Routes and Controllers
Route Structure
The www application organizes routes into logical groups with clear separation between public and authenticated areas.
Public Routes (src/routes/public/)
Main Public Routes
- Home (
/) - Landing page - Join (
/join) - Membership information - Discover (
/discover) - Platform discovery - Resources (
/resources) - Educational content - Safety (
/safety) - Safety information - Skills (
/skills) - Skill progression info - Tunnels (
/tunnels) - Tunnel directory - Videos (
/videos) - Video resources - News (
/news) - News and updates - Contact (
/contact) - Contact information - Legal (
/legal) - Terms, privacy, cookies
Specialized Public Routes
- Countries (
/countries) - Country-specific data - Language (
/lang) - Language switching - External (
/external) - External integrations - Wallet (
/wallet) - Digital wallet integration - Chatbot (
/chatbot) - AI assistance
Authentication Routes (src/routes/auth/)
Auth Endpoints
- Login (
/login) - User authentication - Register (
/register) - User registration - Verification (
/verification) - Account verification - Silent Login (
/silent-login) - Background authentication - Account Access (
/account-access) - Account recovery
OAuth Integration
- Google OAuth 2.0 integration via Passport.js
- Callback handling for social authentication
- Session management with JWT tokens
Account Routes (src/routes/account/)
Protected routes requiring authentication:
Core Account Features
- Dashboard (
/account/dashboard) - User dashboard - Profile (
/account/profile) - Profile management - Logbook (
/account/logbook) - Flight logging - Notifications (
/account/notifications) - User notifications
Training & Assessment
- Safety Training (
/account/safety-training) - Safety modules - Coach Assessment (
/account/coach-assessment) - Coach evaluations - Guides (
/account/guides) - Training guides - Reference Materials (
/account/reference-materials) - Educational resources
Administrative
- Fees (
/account/fees) - Payment management - Change Requests (
/account/change-requests) - Profile change requests - Manage Requests (
/account/manage-requests) - Request management - Approve Skills Manually (
/account/approve-skills-manually) - Manual skill approval - Approve Manually Confirm (
/account/approve-manually-confirm) - Confirmation workflows
Social Features
- Member Directory (
/account/member-directory) - Member search and contact - Verify (
/account/verify) - Identity verification
Helper Routes (src/routes/helpers/)
Utility Endpoints
- Render Helper - Template rendering utilities
- Debug Routes - Development and debugging tools
Route Middleware
Authentication Middleware
// User authentication check
app.use('/account', userAuthenticate);
// Profile-specific middleware
app.use('/account/profile', profile);
// Payment-related middleware
app.use('/account/fees', payment);
Language Middleware
// Multi-language support
app.use(loadLang);
app.use(setLang);
Utility Middleware
// Current route tracking
app.use(setCurrentRoute);
// Response locals setup
app.use(setResLocals);
// Site maintenance mode
app.use(siteDown);
Route Controllers
Public Controllers (src/controllers/public/)
- Countries Controller: Manages country-specific data
- FAQs Controller: Handles frequently asked questions
Auth Controllers (src/controllers/auth/)
- Auth Controller: Handles authentication logic and user sessions
Route Patterns
RESTful Conventions
- GET routes for data retrieval and page rendering
- POST routes for form submissions and data creation
- PUT/PATCH routes for data updates
- DELETE routes for resource removal
URL Structure
/[language]/[section]/[subsection]/[action]
Examples:
/en/account/logbook- English logbook page/es/skills/instructor- Spanish instructor skills page/fr/tunnels/europe- French European tunnels page
Dynamic Routes
- Slug-based routing:
/skills/[slug],/tunnels/[slug] - Language prefixes:
/[lang]/... - Nested parameters:
/account/member-directory/[memberId]
Route Security
Protected Routes
All /account/* routes require authentication via JWT token validation.
CSRF Protection
Form submissions protected with CSRF tokens.
Rate Limiting
API endpoints implement rate limiting to prevent abuse.
Input Validation
All route parameters and form data validated before processing.