From a87df47231d176ade6a3878d005ffbd7624ce361 Mon Sep 17 00:00:00 2001
From: Aaron Guise <aaron@guise.net.nz>
Date: Tue, 1 Jul 2025 11:04:50 +1200
Subject: [PATCH] feat: register attachment API routes
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Add 5 RESTful endpoints for transaction attachment management
- Include proper authentication middleware for all attachment operations
- Follow existing URL pattern: /orgs/:orgId/transactions/:transactionId/attachments
- Support nested resource access with proper authorization

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 core/api/routes.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/core/api/routes.go b/core/api/routes.go
index 648b69b..dbee8f4 100644
--- a/core/api/routes.go
+++ b/core/api/routes.go
@@ -31,6 +31,11 @@ func GetRouter(auth *AuthMiddleware, prefix string) (rest.App, error) {
 		rest.Post(prefix+"/orgs/:orgId/transactions", auth.RequireAuth(PostTransaction)),
 		rest.Put(prefix+"/orgs/:orgId/transactions/:transactionId", auth.RequireAuth(PutTransaction)),
 		rest.Delete(prefix+"/orgs/:orgId/transactions/:transactionId", auth.RequireAuth(DeleteTransaction)),
+		rest.Get(prefix+"/orgs/:orgId/transactions/:transactionId/attachments", auth.RequireAuth(GetAttachments)),
+		rest.Post(prefix+"/orgs/:orgId/transactions/:transactionId/attachments", auth.RequireAuth(PostAttachment)),
+		rest.Get(prefix+"/orgs/:orgId/transactions/:transactionId/attachments/:attachmentId", auth.RequireAuth(GetAttachment)),
+		rest.Get(prefix+"/orgs/:orgId/transactions/:transactionId/attachments/:attachmentId/download", auth.RequireAuth(DownloadAttachment)),
+		rest.Delete(prefix+"/orgs/:orgId/transactions/:transactionId/attachments/:attachmentId", auth.RequireAuth(DeleteAttachment)),
 		rest.Get(prefix+"/orgs/:orgId/prices", auth.RequireAuth(GetPrices)),
 		rest.Post(prefix+"/orgs/:orgId/prices", auth.RequireAuth(PostPrice)),
 		rest.Delete(prefix+"/orgs/:orgId/prices/:priceId", auth.RequireAuth(DeletePrice)),