import { Request, Response } from 'express'; import fs from 'fs'; import prisma from '../lib/prisma.js'; import * as contractService from '../services/contract.service.js'; import * as contractCockpitService from '../services/contractCockpit.service.js'; import * as contractHistoryService from '../services/contractHistory.service.js'; import * as authorizationService from '../services/authorization.service.js'; import { recordPredecessorFinalReading } from '../services/customer.service.js'; import { ApiResponse, AuthRequest } from '../types/index.js'; import { logChange } from '../services/audit.service.js'; import { sanitizeContract, sanitizeContractStrict, sanitizeContracts, sanitizeContractsStrict, stripHtml, sanitizeNotes, validateContractDocumentType } from '../utils/sanitize.js'; import { canAccessContract } from '../utils/accessControl.js'; import { maybeActivateOnDeliveryConfirmation, withContractDocumentLock } from '../services/contractStatusScheduler.service.js'; /** * Walk-and-clean: strippt HTML/Script-/URI-Schemata in allen String-Werten * eines Body-Objekts (rekursiv über energyDetails, internetDetails etc.). * Pentest 2026-05-24 (MEDIUM, 31.1): providerName, tariffName und die * price*-Felder nahmen rohe HTML-Payloads an (`