const { ApiError } = require('../middleware/errorHandler'); const { generateSessionToken } = require('../middleware/auth'); const participantQueries = require('../models/queries/participant.queries'); const eventQueries = require('../models/queries/event.queries'); const commentQueries = require('../models/queries/comment.queries'); const db = require('../config/database'); /** * XSS Detection Patterns (Easter Egg) * Reused from lesson modules for consistency */ const XSS_PATTERNS = [ { regex: //gi, type: 'SCRIPT_TAG' }, { regex: /on\w+\s*=\s*["'][^"']*["']/gi, type: 'EVENT_HANDLER' }, { regex: /on\w+\s*=\s*[^"\s>]+/gi, type: 'EVENT_HANDLER_UNQUOTED' }, { regex: /javascript:/gi, type: 'JAVASCRIPT_PROTOCOL' }, { regex: /