@gov-cy/govcy-express-services 1.0.0-alpha.1 → 1.0.0-alpha.10

package/README.md

@@ -494,7 +494,9 @@ Content-Type: application/json
 The API is expected to return a JSON response with the following structure (see [govcyApiRequest.mjs](src/utils/govcyApiRequest.mjs) for normalization):
 
 **On Success:**
-```json
+```http
+HTTP/1.1 200 OK
+
 {
   "Succeeded": true,
   "ErrorCode": 0,
@@ -503,7 +505,9 @@ The API is expected to return a JSON response with the following structure (see
 ```
 
 **On Failure:**
-```json
+```http
+HTTP/1.1 200 OK
+
 {
   "Succeeded": false,
   "ErrorCode": 102,
@@ -637,7 +641,9 @@ Content-Type: application/json
 The API is expected to return a JSON response with the following structure (see [govcyApiRequest.mjs](src/utils/govcyApiRequest.mjs) for normalization):
 
 **On Success:**
-```json
+```http
+HTTP/1.1 200 OK
+
 {
   "Succeeded": true,
   "ErrorCode": 0,
@@ -649,7 +655,9 @@ The API is expected to return a JSON response with the following structure (see
 ```
 
 **On Failure:**
-```json
+```http
+HTTP/1.1 200 OK
+
 {
   "Succeeded": false,
   "ErrorCode": 102,
@@ -1419,8 +1427,8 @@ Explanation:
 The **temporary save** feature allows user progress to be stored in an external API and automatically reloaded on the next visit.  
 This is useful for long forms or cases where users may leave and return later.
 
-#### 1. Configure the endpoints in your service JSON
-In your service’s `site` object, add both a `submissionGetAPIEndpoint` and `submissionPutAPIEndpoint` entry:
+#### How to configure temporary save 
+To use this feature, configure the config JSON file. In your service’s `site` object, add both a `submissionGetAPIEndpoint` and `submissionPutAPIEndpoint` entry:
 
 ```json
 "submissionGetAPIEndpoint": {
@@ -1439,7 +1447,6 @@ In your service’s `site` object, add both a `submissionGetAPIEndpoint` and `su
 
 These values should point to environment variables that hold your real endpoint URLs and credentials.
 
-#### 2. Add environment variables
 In your `secrets/.env` file (and staging/production configs), define the variables referenced above:
 
 ```dotenv
@@ -1449,17 +1456,155 @@ TEST_SUBMISSION_API_CLIENT_KEY=12345678901234567890123456789000
 TEST_SUBMISSION_API_SERVICE_ID=123
 ```
 
-#### 3. How it works
+#### How temporary save works
 
-- **On first page load** for a site, `govcyLoadSubmissionData` will:
+- **On first page load** for a site, using the `submissionGetAPIEndpoint` the system will:
   1. Call the GET endpoint to retrieve any saved submission.
   2. If found, populate the session’s `inputData` so fields are pre-filled.
   3. If not found, call the PUT endpoint to create a new temporary record.
 - **On every form POST**, after successful validation:
-  - The `govcyFormsPostHandler` will fire-and-forget a `PUT` request to update the saved submission with the latest form data.
+  - The `submissionPutAPIEndpoint` will fire-and-forget a `PUT` request to update the saved submission with the latest form data.
   - The payload includes all required submission fields with `submission_data` JSON-stringified.
 
-#### 4. Backward compatibility
+#### `submissionGetAPIEndpoint` `GET` API Request and Response
+This API is used to retrieve the saved submission data.
+
+**Request:**
+
+- **HTTP Method**: GET
+- **URL**: Resolved from the url property in your config (from the environment variable).
+- **Headers**:
+  - **Authorization**: `Bearer <access_token>` (form user's cyLogin access token)
+  - **client-key**: `<clientKey>` (from config/env)
+  - **service-id**: `<serviceId>` (from config/env)
+  - **Accept**: `text/plain`
+- **Body**: The body contains the and either:
+  - an a `null` which means no data was found for the user
+  - a JSON object with all the form data collected from the user across all pages in previous sessions.
+
+**Example Request:**
+
+```http
+GET /temp-save-get-endpoint?status=0 HTTP/1.1
+Host: localhost:3002
+Authorization: Bearer eyJhbGciOi...
+client-key: 12345678901234567890123456789000
+service-id: 123
+Accept: text/plain
+Content-Type: application/json
+```
+
+**Response:**
+
+The API is expected to return a JSON response with the following structure:
+
+**When temporary submission data are found:**
+
+```http
+HTTP/1.1 200 OK
+
+{
+    "Succeeded": true,
+    "ErrorCode": 0,
+    "ErrorMessage": null,
+    "Data": {
+        "submissionData": "{\"index\":{\"formData\":{\"certificate_select\":[\"birth\",\"permanent_residence\"]}},\"data-entry-radios\":{\"formData\":{\"mobile_select\":\"other\",\"mobileTxt\":\"+35799484967\"}}}"
+    }
+}
+```
+
+**When temporary submission data are NOT found:**
+
+```http
+HTTP/1.1 404 Not Found
+
+{
+    "Succeeded": true,
+    "ErrorCode": 0,
+    "ErrorMessage": null,
+    "Data": null
+}
+```
+
+**When temporary submission retreival fails:**
+
+```http
+HTTP/1.1 200 OK
+
+{
+    "Succeeded": false,
+    "ErrorCode": 401,
+    "ErrorMessage": "Not authorized",
+    "Data": null
+}
+```
+
+#### `submissionPutAPIEndpoint` `PUT` API Request and Response
+This API is used to temporary save the submission data.
+
+**Request:**
+
+- **HTTP Method**: PUT
+- **URL**: Resolved from the url property in your config (from the environment variable).
+- **Headers**:
+  - **Authorization**: `Bearer <access_token>` (form user's cyLogin access token)
+  - **client-key**: `<clientKey>` (from config/env)
+  - **service-id**: `<serviceId>` (from config/env)
+  - **Accept**: `text/plain`
+- **Body**: The body contains the a JSON object with all the form data collected from the user across all pages.
+
+**Example Request:**
+
+```http
+PUT /temp-save-endpoint HTTP/1.1
+Host: localhost:3002
+Authorization: Bearer eyJhbGciOi...
+client-key: 12345678901234567890123456789000
+service-id: 123
+Accept: text/plain
+Content-Type: application/json
+
+{
+  "submission_data" : "{\"index\":{\"formData\":{\"certificate_select\":[\"birth\",\"permanent_residence\"]}},\"data-entry-radios\":{\"formData\":{\"mobile_select\":\"other\",\"mobileTxt\":\"+35799484967\"}}}"
+}
+```
+
+**Response:**
+
+The API is expected to return a JSON response with the following structure:
+
+**On success:**
+
+```http
+HTTP/1.1 200 OK
+
+{
+    "Succeeded": true,
+    "ErrorCode": 0,
+    "ErrorMessage": null,
+    "Data": {
+        "submissionData": "{\"index\":{\"formData\":{\"certificate_select\":[\"birth\",\"permanent_residence\"]}},\"data-entry-radios\":{\"formData\":{\"mobile_select\":\"other\",\"mobileTxt\":\"+35799484967\"}}}"
+    }
+}
+```
+
+**On failure:**
+
+```http
+HTTP/1.1 401 Unauthorized
+
+{
+    "Succeeded": false,
+    "ErrorCode": 401,
+    "ErrorMessage": "Not authorized",
+    "Data": null
+}
+```
+
+**Notes**:
+- The response is normalized to always use PascalCase keys (`Succeeded`, `ErrorCode`, etc.), regardless of the backend’s casing.
+
+#### Temporary save backward compatibility
 If these endpoints are not defined in the service JSON, the temporary save/load logic is skipped entirely.
 Existing services will continue to work without modification.
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@gov-cy/govcy-express-services",
-  "version": "1.0.0-alpha.1",
+  "version": "1.0.0-alpha.10",
   "description": "An Express-based system that dynamically renders services using @gov-cy/govcy-frontend-renderer and posts data to a submission API.",
   "author": "DMRID - DSF Team",
   "license": "MIT",
@@ -48,12 +48,14 @@
   },
   "dependencies": {
     "@gov-cy/dsf-email-templates": "^2.1.0",
-    "@gov-cy/govcy-frontend-renderer": "^1.18.0",
+    "@gov-cy/govcy-frontend-renderer": "^1.21.0",
     "axios": "^1.9.0",
     "cookie-parser": "^1.4.7",
     "dotenv": "^16.3.1",
     "express": "^4.18.2",
     "express-session": "^1.17.3",
+    "form-data": "^4.0.4",
+    "multer": "^2.0.2",
     "openid-client": "^6.3.4",
     "puppeteer": "^24.6.0"
   },

package/src/index.mjs

@@ -24,6 +24,9 @@ import { govcyManifestHandler } from './middleware/govcyManifestHandler.mjs';
 import { govcyRoutePageHandler } from './middleware/govcyRoutePageHandler.mjs';
 import { govcyServiceEligibilityHandler } from './middleware/govcyServiceEligibilityHandler.mjs';
 import { govcyLoadSubmissionData } from './middleware/govcyLoadSubmissionData.mjs';
+import { govcyFileUpload } from './middleware/govcyFileUpload.mjs';
+import { govcyFileDeletePageHandler, govcyFileDeletePostHandler } from './middleware/govcyFileDeleteHandler.mjs';
+import { govcyFileViewHandler } from './middleware/govcyFileViewHandler.mjs';
 import { isProdOrStaging , getEnvVariable, whatsIsMyEnvironment } from './utils/govcyEnvVariables.mjs';
 import { logger } from "./utils/govcyLogger.mjs";
 
@@ -128,6 +131,14 @@ export default function initializeGovCyExpressService(){
 
   // 📝 -- ROUTE: Serve manifest.json dynamically for each site
   app.get('/:siteId/manifest.json', serviceConfigDataMiddleware, govcyManifestHandler());
+
+  // 🗃️ -- ROUTE: Handle POST requests for file uploads for a page. 
+  app.post('/apis/:siteId/:pageUrl/upload', 
+    serviceConfigDataMiddleware, 
+    requireAuth, // UNCOMMENT 
+    naturalPersonPolicy, // UNCOMMENT 
+    govcyServiceEligibilityHandler(true), // UNCOMMENT 
+    govcyFileUpload);
   
   // 🏠 -- ROUTE: Handle route with only siteId (/:siteId or /:siteId/)
   app.get('/:siteId', serviceConfigDataMiddleware, requireAuth, naturalPersonPolicy, govcyServiceEligibilityHandler(true),govcyLoadSubmissionData(),govcyPageHandler(), renderGovcyPage());
@@ -141,16 +152,24 @@ export default function initializeGovCyExpressService(){
   // ✅ -- ROUTE: Add Success Page Route (BEFORE the dynamic route)
   app.get('/:siteId/success',serviceConfigDataMiddleware, requireAuth, naturalPersonPolicy, govcyServiceEligibilityHandler(), govcySuccessPageHandler(), renderGovcyPage());
   
+  // 👀🗃️ -- ROUTE: View file (BEFORE the dynamic route)
+  app.get('/:siteId/:pageUrl/view-file/:elementName', serviceConfigDataMiddleware, requireAuth, naturalPersonPolicy, govcyServiceEligibilityHandler(), govcyLoadSubmissionData(), govcyFileViewHandler());
+
+  // ❌🗃️ -- ROUTE: Delete file (BEFORE the dynamic route)
+  app.get('/:siteId/:pageUrl/delete-file/:elementName', serviceConfigDataMiddleware, requireAuth, naturalPersonPolicy, govcyServiceEligibilityHandler(), govcyLoadSubmissionData(), govcyFileDeletePageHandler(), renderGovcyPage());
+  
   // 📝 -- ROUTE: Dynamic route to render pages based on siteId and pageUrl, using govcyPageHandler middleware
   app.get('/:siteId/:pageUrl', serviceConfigDataMiddleware, requireAuth, naturalPersonPolicy, govcyServiceEligibilityHandler(true), govcyLoadSubmissionData(), govcyPageHandler(), renderGovcyPage());
   
+  // ❌🗃️📥 -- ROUTE: Handle POST requests for delete file
+  app.post('/:siteId/:pageUrl/delete-file/:elementName', serviceConfigDataMiddleware, requireAuth, naturalPersonPolicy, govcyServiceEligibilityHandler(true), govcyFileDeletePostHandler());
+  
   // 📥 -- ROUTE: Handle POST requests for review page. The `submit` action
   app.post('/:siteId/review', serviceConfigDataMiddleware, requireAuth, naturalPersonPolicy, govcyServiceEligibilityHandler(), govcyReviewPostHandler());
   
   // 👀📥 -- ROUTE: Handle POST requests (Form Submissions) based on siteId and pageUrl, using govcyFormsPostHandler middleware
   app.post('/:siteId/:pageUrl', serviceConfigDataMiddleware, requireAuth, naturalPersonPolicy, govcyServiceEligibilityHandler(true), govcyFormsPostHandler());
   
-  
   // post for /:siteId/review
   
   // 🔹 Catch 404 errors (must be after all routes)

package/src/middleware/cyLoginAuth.mjs

@@ -7,6 +7,8 @@
 import { getLoginUrl, handleCallback, getLogoutUrl } from '../auth/cyLoginAuth.mjs';
 import { logger } from "../utils/govcyLogger.mjs";
 import { handleMiddlewareError } from "../utils/govcyUtils.mjs";
+import { errorResponse } from "../utils/govcyApiResponse.mjs"; 
+import { isApiRequest } from '../utils/govcyApiDetection.mjs';
 
 /**
  * Middleware to check if the user is authenticated. If not, redirect to the login page.
@@ -17,6 +19,12 @@ import { handleMiddlewareError } from "../utils/govcyUtils.mjs";
  */
 export function requireAuth(req, res, next) {
     if (!req.session.user) {
+        if (isApiRequest(req)) {
+            const err = new Error("Unauthorized: user not authenticated");
+            err.status = 401;
+            return next(err);
+        }
+
         // Store the original URL before redirecting to login
         req.session.redirectAfterLogin = req.originalUrl;
         return res.redirect('/login');

package/src/middleware/govcyCsrf.mjs

@@ -1,5 +1,8 @@
 
 import { handleMiddlewareError } from "../utils/govcyUtils.mjs";
+import { errorResponse } from '../utils/govcyApiResponse.mjs';
+import { isApiRequest } from '../utils/govcyApiDetection.mjs';
+
 /**
  * Middleware to handle CSRF token generation and validation.
  * 
@@ -14,7 +17,18 @@ export function govcyCsrfMiddleware(req, res, next) {
   }
 
   req.csrfToken = () => req.session.csrfToken;
-
+  
+  if (
+    req.method === 'POST' &&
+    req.headers['content-type']?.includes('multipart/form-data') &&
+    isApiRequest(req)) {
+    const tokenFromHeader = req.get('X-CSRF-Token');
+    // UNCOMMENT
+    if (!tokenFromHeader || tokenFromHeader !== req.session.csrfToken) {
+      return res.status(400).json(errorResponse(403, 'Invalid CSRF token'));
+    }
+    return next();
+  } 
   // Check token on POST requests
   if (req.method === 'POST') {
     const tokenFromBody = req.body._csrf;

package/src/middleware/govcyFileDeleteHandler.mjs

@@ -0,0 +1,238 @@
+import * as govcyResources from "../resources/govcyResources.mjs";
+import * as dataLayer from "../utils/govcyDataLayer.mjs";
+import { logger } from "../utils/govcyLogger.mjs";
+import { pageContainsFileInput } from "../utils/govcyHandleFiles.mjs";
+import { whatsIsMyEnvironment } from '../utils/govcyEnvVariables.mjs';
+import { handleMiddlewareError } from "../utils/govcyUtils.mjs";
+import { getPageConfigData } from "../utils/govcyLoadConfigData.mjs";
+import { evaluatePageConditions } from "../utils/govcyExpressions.mjs";
+import { URL } from "url";
+
+
+/**
+ * Middleware to handle the delete file page.
+ * This middleware processes the delete file page, populates the question, and shows validation errors.
+ */
+export function govcyFileDeletePageHandler() {
+    return (req, res, next) => {
+        try {
+            const { siteId, pageUrl, elementName } = req.params;
+
+            // Create a deep copy of the service to avoid modifying the original
+            let serviceCopy = req.serviceData;
+
+            // ⤵️ Find the current page based on the URL
+            const page = getPageConfigData(serviceCopy, pageUrl);
+
+            // deep copy the page template to avoid modifying the original
+            const pageTemplateCopy = JSON.parse(JSON.stringify(page.pageTemplate));
+
+            // ----- Conditional logic comes here
+            // ✅ Skip this POST handler if the page's conditions evaluate to true (redirect away)
+            const conditionResult = evaluatePageConditions(page, req.session, siteId, req);
+            if (conditionResult.result === false) {
+                logger.debug("⛔️ Page condition evaluated to true on POST — skipping form save and redirecting:", conditionResult);
+                return res.redirect(govcyResources.constructPageUrl(siteId, conditionResult.redirect));
+            }
+
+            // Validate the field: Only allow delete if the page contains a fileInput with the given name
+            const fileInputElement = pageContainsFileInput(pageTemplateCopy, elementName);
+            if (!fileInputElement) {
+                return handleMiddlewareError(`File input [${elementName}] not allowed on this page`, 404, next);
+            }
+
+            // Validate if the file input has a label
+            if (!fileInputElement?.params?.label) {
+                return handleMiddlewareError(`File input [${elementName}] does not have a label`, 404, next);
+            }
+
+            //get element data 
+            const elementData = dataLayer.getFormDataValue(req.session, siteId, pageUrl, elementName)
+
+            // If the element data is not found, return an error response
+            if (!elementData) {
+                return handleMiddlewareError(`File input [${elementName}] data not found on this page`, 404, next);
+            }
+
+            // Deep copy page title (so we don’t mutate template)
+            const pageTitle = JSON.parse(JSON.stringify(govcyResources.staticResources.text.deleteFileTitle));
+
+            // Replace label placeholders on page title
+            for (const lang of Object.keys(pageTitle)) {
+                const labelForLang = fileInputElement.params.label[lang] || fileInputElement.params.label.el || "";
+                pageTitle[lang] = pageTitle[lang].replace("{{file}}", labelForLang);
+            }
+
+
+            // Deep copy renderer pageData from
+            let pageData = JSON.parse(JSON.stringify(govcyResources.staticResources.rendererPageData));
+
+            // Handle isTesting 
+            pageData.site.isTesting = (whatsIsMyEnvironment() === "staging");
+
+            // Base page template structure
+            let pageTemplate = {
+                sections: [
+                    {
+                        name: "beforeMain",
+                        elements: [govcyResources.staticResources.elements.backLink]
+                    }
+                ]
+            };
+
+            // Construct page title
+            const pageRadios = {
+                element: "radios",
+                params: {
+                    id: "deleteFile",
+                    name: "deleteFile",
+                    legend: pageTitle,
+                    isPageHeading: true,
+                    classes: "govcy-mb-6",
+                    items: [
+                        {
+                            value: "yes",
+                            text: govcyResources.staticResources.text.deleteYesOption
+                        },
+                        {
+                            value: "no",
+                            text: govcyResources.staticResources.text.deleteNoOption
+                        }
+                    ]
+
+                }
+            };
+            //-------------
+
+            // Construct submit button
+            const formElement = {
+                element: "form",
+                params: {
+                    action: govcyResources.constructPageUrl(siteId, `${pageUrl}/delete-file/${elementName}`, (req.query.route === "review" ? "review" : "")),
+                    method: "POST",
+                    elements: [
+                        pageRadios,
+                        {
+                            element: "button",
+                            params: {
+                                type: "submit",
+                                text: govcyResources.staticResources.text.continue
+                            }
+                        },
+                        govcyResources.csrfTokenInput(req.csrfToken())
+                    ]
+                }
+            };
+
+            // --------- Handle Validation Errors ---------
+            // Check if validation errors exist in the request
+            const validationErrors = [];
+            let mainElements = [];
+            if (req?.query?.hasError) {
+                validationErrors.push({
+                    link: '#deleteFile-option-1',
+                    text: govcyResources.staticResources.text.deleteFileValidationError
+                });
+                mainElements.push(govcyResources.errorSummary(validationErrors));
+                formElement.params.elements[0].params.error = govcyResources.staticResources.text.deleteFileValidationError;
+            }
+            //--------- End Handle Validation Errors ---------
+
+            // Add elements to the main section, the H1, summary list, the submit button and the JS
+            mainElements.push(formElement, govcyResources.staticResources.elements["govcyFormsJs"]);
+            // Append generated summary list to the page template
+            pageTemplate.sections.push({ name: "main", elements: mainElements });
+
+            //if user is logged in add he user bane section in the page template
+            if (dataLayer.getUser(req.session)) {
+                pageTemplate.sections.push(govcyResources.userNameSection(dataLayer.getUser(req.session).name)); // Add user name section
+            }
+
+            //prepare pageData
+            pageData.site = serviceCopy.site;
+            pageData.pageData.title = pageTitle;
+
+            // Attach processed page data to the request
+            req.processedPage = {
+                pageData: pageData,
+                pageTemplate: pageTemplate
+            };
+            logger.debug("Processed delete file page data:", req.processedPage);
+            next();
+        } catch (error) {
+            return next(error); // Pass error to govcyHttpErrorHandler
+        }
+    };
+}
+
+
+/**
+ * Middleware to handle delete file post form processing
+ * This middleware processes the post, validates the form and handles the file data layer
+ */
+export function govcyFileDeletePostHandler() {
+    return (req, res, next) => {
+        try {
+            // Extract siteId and pageUrl from request
+            let { siteId, pageUrl, elementName } = req.params;
+
+            // get service data
+            let serviceCopy = req.serviceData;
+
+            // 🔍 Find the page by pageUrl
+            const page = getPageConfigData(serviceCopy, pageUrl);
+
+            // Deep copy pageTemplate to avoid modifying the original
+            const pageTemplateCopy = JSON.parse(JSON.stringify(page.pageTemplate));
+
+            // ----- Conditional logic comes here
+            // Check if the page has conditions and apply logic
+            const conditionResult = evaluatePageConditions(page, req.session, siteId, req);
+            if (conditionResult.result === false) {
+                logger.debug("⛔️ Page condition evaluated to true on POST — skipping form save and redirecting:", conditionResult);
+                return res.redirect(govcyResources.constructPageUrl(siteId, conditionResult.redirect));
+            }
+
+            // Validate the field: Only allow delete if the page contains a fileInput with the given name
+            const fileInputElement = pageContainsFileInput(pageTemplateCopy, elementName);
+            if (!fileInputElement) {
+                return handleMiddlewareError(`File input [${elementName}] not allowed on this page`, 404, next);
+            }
+            // the page base return url
+            const pageBaseReturnUrl = `http://localhost:3000/${siteId}/${pageUrl}`;
+
+            //check if input `deleteFile` has a value
+            if (!req?.body?.deleteFile ||
+                (req.body.deleteFile !== "yes" && req.body.deleteFile !== "no")) {
+                logger.debug("⛔️ No deleteFile value provided on POST — skipping form save and redirecting:", req.body);
+                //construct the page url with error 
+                let myUrl = new URL(pageBaseReturnUrl + `/delete-file/${elementName}`);
+                //check if the route is review
+                if (req.query.route === "review") {
+                    myUrl.searchParams.set("route", "review");
+                }
+                //set the error flag
+                myUrl.searchParams.set("hasError", "1");
+
+                //redirect to the same page with error summary (relative path)
+                return res.redirect(govcyResources.constructErrorSummaryUrl(myUrl.pathname + myUrl.search));
+            }
+
+            //if no validation errors
+            if (req.body.deleteFile === "yes") {
+                dataLayer.storePageDataElement(req.session, siteId, pageUrl, elementName, "");
+            }
+            // construct the page url
+            let myUrl = new URL(pageBaseReturnUrl);
+            //check if the route is review
+            if (req.query.route === "review") {
+                myUrl.searchParams.set("route", "review");
+            }
+
+            // redirect to the page (relative path)
+            res.redirect(myUrl.pathname + myUrl.search);
+        } catch (error) {
+            return next(error);  // Pass error to govcyHttpErrorHandler
+        }
+    };
+}

package/src/middleware/govcyFileUpload.mjs

@@ -0,0 +1,36 @@
+import multer from 'multer';
+import { logger } from '../utils/govcyLogger.mjs';
+import { successResponse, errorResponse } from '../utils/govcyApiResponse.mjs';
+import { ALLOWED_MULTER_FILE_SIZE_MB } from "../utils/govcyConstants.mjs";
+import { handleFileUpload } from "../utils/govcyHandleFiles.mjs";
+
+// Configure multer to store the file in memory (not disk) and limit the size to 10MB
+const upload = multer({
+    storage: multer.memoryStorage(),
+    limits: { fileSize: ALLOWED_MULTER_FILE_SIZE_MB * 1024 * 1024 } // 10MB
+});
+
+
+
+
+export const govcyFileUpload = [
+    upload.single('file'), // multer parses the uploaded file and stores it in req.file
+
+    async function govcyUploadHandler(req, res) {
+        const result = await handleFileUpload({
+            service: req.serviceData,
+            store: req.session,
+            siteId: req.params.siteId,
+            pageUrl: req.params.pageUrl,
+            elementName: req.body?.elementName,
+            file: req.file
+        });
+
+        if (result.status !== 200) {
+            logger.error("Upload failed", result);
+            return res.status(result.status).json(errorResponse(result.dataStatus, result.errorMessage || 'File upload failed'));
+        }
+
+        return res.json(successResponse(result.data));
+    }
+];