Reviews API

Base path: /api/reviews
File: ayts-api/src/routes/reviews.ts

GET /api/reviews/product/:productId

Get reviews for a product.

Query params: limit, offset, sort (newest/highest/lowest)

Response 200:

{
  "success": true,
  "reviews": [{
    "id": "uuid",
    "userId": "uuid",
    "rating": 5,
    "comment": "Excellent quality!",
    "user": { "firstName": "Juan", "avatarUrl": "..." },
    "vendorResponse": null,
    "createdAt": "2026-01-01T00:00:00Z"
  }],
  "averageRating": 4.5,
  "totalReviews": 12,
  "ratingDistribution": { "5": 7, "4": 3, "3": 1, "2": 1, "1": 0 }
}

GET /api/reviews/store/:storeId

Get reviews for a store. Same response shape as product reviews.

POST /api/reviews

Submit a review. Requires auth. Customer must have an delivered order containing this product.

{
  "productId": "uuid",
  "rating": 5,
  "comment": "Great product, fast delivery!"
}

Response 201:

{ "success": true, "review": { "id": "uuid", "rating": 5, ... } }

Response 403: Not eligible (no completed order with this product)

PATCH /api/reviews/:id/vendor-response

Vendor responds to a review. Requires vendor role and must own the reviewed store.

{ "response": "Thank you for your kind feedback!" }

DELETE /api/reviews/:id

Delete a review. Customer can delete own review; admin can delete any.

PATCH /api/reviews/:id/moderate (Admin only)

Moderate (hide) a review.

{ "isVisible": false, "moderationReason": "Violates community guidelines" }

Rating Aggregation

After each review is created or deleted, the product/store average rating is recalculated and stored on the products.rating / stores.rating column for fast retrieval without joins.

GET /api/reviews/product/:productId​

GET /api/reviews/store/:storeId​

POST /api/reviews​

PATCH /api/reviews/:id/vendor-response​

DELETE /api/reviews/:id​

PATCH /api/reviews/:id/moderate (Admin only)​

Rating Aggregation​