[codex] Update Darwin Core export metadata

backend/src/api-tests/locality/dwcArchiveExportLocalities.test.ts

@@ -42,7 +42,7 @@ describe('DwC-A locality export (admin-only)', () => {
 
     expect(result.status).toEqual(200)
     expect(result.headers['content-type']).toMatch(/application\/zip/i)
-    expect(result.headers['content-disposition']).toMatch(/attachment;\s*filename="now_dwc_localities_test_export_/i)
+    expect(result.headers['content-disposition']).toMatch(/attachment;\s*filename="now_dwc_localities_export_/i)
 
     const zip = await JSZip.loadAsync(result.body as unknown as Buffer)
     expect(zip.file('location.csv')).toBeTruthy()
@@ -57,6 +57,39 @@ describe('DwC-A locality export (admin-only)', () => {
     expect(measurementCsv).toContain('"verbatimMeasurementType"')
   })
 
+  it('returns a filtered ZIP archive for POST requests', async () => {
+    const loginResult = await send<{ token: string }>('user/login', 'POST', { username: 'testSu', password: 'test' })
+    expect(loginResult.status).toEqual(200)
+
+    const result = await request(app)
+      .post('/locality/export/dwc-archive')
+      .set('authorization', `bearer ${loginResult.body.token}`)
+      .send({ ids: [21050] })
+      .buffer(true)
+      .parse(parseBinary)
+
+    expect(result.status).toEqual(200)
+    expect(result.headers['content-type']).toMatch(/application\/zip/i)
+
+    const zip = await JSZip.loadAsync(result.body as unknown as Buffer)
+    const locationCsv = await zip.file('location.csv')!.async('string')
+    expect(locationCsv).toContain('NOW:LOC:21050')
+    expect(locationCsv).not.toContain('NOW:LOC:24750')
+  })
+
+  it('returns 400 for invalid POST id payloads', async () => {
+    const loginResult = await send<{ token: string }>('user/login', 'POST', { username: 'testSu', password: 'test' })
+    expect(loginResult.status).toEqual(200)
+
+    const result = await request(app)
+      .post('/locality/export/dwc-archive')
+      .set('authorization', `bearer ${loginResult.body.token}`)
+      .send({ ids: ['21050.5'] })
+
+    expect(result.status).toEqual(400)
+    expect(result.body).toEqual({ error: 'ids must contain only integers.' })
+  })
+
   it('rejects non-admin requests', async () => {
     const result = await request(app).get('/locality/export/dwc-archive')
     expect(result.status).toEqual(403)

backend/src/api-tests/occurrence/dwcArchiveExportOccurrences.test.ts

@@ -42,7 +42,7 @@ describe('DwC-A occurrence export (admin-only)', () => {
 
     expect(result.status).toEqual(200)
     expect(result.headers['content-type']).toMatch(/application\/zip/i)
-    expect(result.headers['content-disposition']).toMatch(/attachment;\s*filename="now_dwc_occurrences_test_export_/i)
+    expect(result.headers['content-disposition']).toMatch(/attachment;\s*filename="now_dwc_occurrences_export_/i)
 
     const zip = await JSZip.loadAsync(result.body as unknown as Buffer)
     expect(zip.file('location.csv')).toBeTruthy()
@@ -62,6 +62,75 @@ describe('DwC-A occurrence export (admin-only)', () => {
     expect(measurementCsv).toContain('"verbatimMeasurementType"')
   })
 
+  it('returns a filtered ZIP archive for POST requests', async () => {
+    const loginResult = await send<{ token: string }>('user/login', 'POST', { username: 'testSu', password: 'test' })
+    expect(loginResult.status).toEqual(200)
+
+    const result = await request(app)
+      .post('/occurrence/export/dwc-archive')
+      .set('authorization', `bearer ${loginResult.body.token}`)
+      .send({ columnFilters: [{ id: 'lid_now_loc', value: '21050' }], sorting: [] })
+      .buffer(true)
+      .parse(parseBinary)
+
+    expect(result.status).toEqual(200)
+    expect(result.headers['content-type']).toMatch(/application\/zip/i)
+
+    const zip = await JSZip.loadAsync(result.body as unknown as Buffer)
+    const occurrenceCsv = await zip.file('occurrence.csv')!.async('string')
+    expect(occurrenceCsv).toContain('NOW:OCC:21050:')
+    expect(occurrenceCsv).not.toContain('NOW:OCC:24750:')
+  })
+
+  it('uses the unfiltered export path for empty POST filters', async () => {
+    const loginResult = await send<{ token: string }>('user/login', 'POST', { username: 'testSu', password: 'test' })
+    expect(loginResult.status).toEqual(200)
+
+    const result = await request(app)
+      .post('/occurrence/export/dwc-archive')
+      .set('authorization', `bearer ${loginResult.body.token}`)
+      .send({ columnFilters: [], sorting: [] })
+      .buffer(true)
+      .parse(parseBinary)
+
+    expect(result.status).toEqual(200)
+    const zip = await JSZip.loadAsync(result.body as unknown as Buffer)
+    const occurrenceCsv = await zip.file('occurrence.csv')!.async('string')
+    expect(occurrenceCsv).toContain('NOW:OCC:21050:')
+    expect(occurrenceCsv).toContain('NOW:OCC:24750:')
+  })
+
+  it('returns an empty filtered DwC-DP ZIP archive for POST requests', async () => {
+    const loginResult = await send<{ token: string }>('user/login', 'POST', { username: 'testSu', password: 'test' })
+    expect(loginResult.status).toEqual(200)
+
+    const result = await request(app)
+      .post('/occurrence/export/dwc-data-package')
+      .set('authorization', `bearer ${loginResult.body.token}`)
+      .send({ columnFilters: [{ id: 'lid_now_loc', value: '9999999' }], sorting: [] })
+      .buffer(true)
+      .parse(parseBinary)
+
+    expect(result.status).toEqual(200)
+    const zip = await JSZip.loadAsync(result.body as unknown as Buffer)
+    const occurrenceCsv = await zip.file('occurrence.csv')!.async('string')
+    expect(occurrenceCsv).toContain('"occurrenceID"')
+    expect(occurrenceCsv).not.toContain('NOW:OCC:')
+  })
+
+  it('returns structured validation errors for invalid POST filters', async () => {
+    const loginResult = await send<{ token: string }>('user/login', 'POST', { username: 'testSu', password: 'test' })
+    expect(loginResult.status).toEqual(200)
+
+    const result = await request(app)
+      .post('/occurrence/export/dwc-data-package')
+      .set('authorization', `bearer ${loginResult.body.token}`)
+      .send({ columnFilters: [{ id: '', value: '21050' }], sorting: [] })
+
+    expect(result.status).toEqual(400)
+    expect(result.body).toEqual([{ name: 'Column Filters', error: 'Invalid or missing id field in filter' }])
+  })
+
   it('rejects non-admin requests', async () => {
     const result = await request(app).get('/occurrence/export/dwc-archive')
     expect(result.status).toEqual(403)
@@ -80,7 +149,7 @@ describe('DwC-A occurrence export (admin-only)', () => {
 
     expect(result.status).toEqual(200)
     expect(result.headers['content-type']).toMatch(/application\/zip/i)
-    expect(result.headers['content-disposition']).toMatch(/attachment;\s*filename="now_dwc_dp_test_export_/i)
+    expect(result.headers['content-disposition']).toMatch(/attachment;\s*filename="now_dwc_dp_export_/i)
 
     const zip = await JSZip.loadAsync(result.body as unknown as Buffer)
     expect(zip.file('datapackage.json')).toBeTruthy()
@@ -110,7 +179,7 @@ describe('DwC-A occurrence export (admin-only)', () => {
 
     expect(result.status).toEqual(200)
     expect(result.headers['content-type']).toMatch(/application\/zip/i)
-    expect(result.headers['content-disposition']).toMatch(/attachment;\s*filename="now_dwc_full_test_export_/i)
+    expect(result.headers['content-disposition']).toMatch(/attachment;\s*filename="now_dwc_full_export_/i)
 
     const zip = await JSZip.loadAsync(result.body as unknown as Buffer)
     expect(zip.file('README.txt')).toBeTruthy()

backend/src/api-tests/species/dwcArchiveExport.test.ts

@@ -42,7 +42,7 @@ describe('DwC-A species export (admin-only)', () => {
 
     expect(result.status).toEqual(200)
     expect(result.headers['content-type']).toMatch(/application\/zip/i)
-    expect(result.headers['content-disposition']).toMatch(/attachment;\s*filename="now_dwc_test_export_/i)
+    expect(result.headers['content-disposition']).toMatch(/attachment;\s*filename="now_dwc_export_/i)
 
     const zip = await JSZip.loadAsync(result.body as unknown as Buffer)
     expect(zip.file('taxon.csv')).toBeTruthy()
@@ -66,6 +66,39 @@ describe('DwC-A species export (admin-only)', () => {
     expect(metaXml).toContain('<extension')
   })
 
+  it('returns a filtered ZIP archive for POST requests', async () => {
+    const loginResult = await send<{ token: string }>('user/login', 'POST', { username: 'testSu', password: 'test' })
+    expect(loginResult.status).toEqual(200)
+
+    const result = await request(app)
+      .post('/species/export/dwc-archive')
+      .set('authorization', `bearer ${loginResult.body.token}`)
+      .send({ ids: [85729] })
+      .buffer(true)
+      .parse(parseBinary)
+
+    expect(result.status).toEqual(200)
+    expect(result.headers['content-type']).toMatch(/application\/zip/i)
+
+    const zip = await JSZip.loadAsync(result.body as unknown as Buffer)
+    const taxonCsv = await zip.file('taxon.csv')!.async('string')
+    expect(taxonCsv).toContain('NOW:85729')
+    expect(taxonCsv).not.toContain('NOW:85730')
+  })
+
+  it('returns 400 for invalid POST id payloads', async () => {
+    const loginResult = await send<{ token: string }>('user/login', 'POST', { username: 'testSu', password: 'test' })
+    expect(loginResult.status).toEqual(200)
+
+    const result = await request(app)
+      .post('/species/export/dwc-archive')
+      .set('authorization', `bearer ${loginResult.body.token}`)
+      .send({ ids: ['85729abc'] })
+
+    expect(result.status).toEqual(400)
+    expect(result.body).toEqual({ error: 'ids must contain only integers.' })
+  })
+
   it('rejects non-admin requests', async () => {
     const result = await request(app).get('/species/export/dwc-archive')
     expect(result.status).toEqual(403)

backend/src/routes/locality.ts

@@ -1,4 +1,4 @@
-import { Request, Router } from 'express'
+import { Request, Response, Router } from 'express'
 import {
   getAllLocalities,
   canEditRestrictedWriteLocality,
@@ -12,6 +12,7 @@ import { AccessError, requireOneOf } from '../middlewares/authorizer'
 import { deleteLocality, writeLocality } from '../services/write/locality'
 import { buildDwcLocalityArchiveZipBuffer } from '../services/dwcArchiveExportLocalities'
 import { currentDateAsString } from '../../../frontend/src/shared/currentDateAsString'
+import { parseRequiredNumericIdsBody } from './utils/exportFilters'
 
 const router = Router()
 
@@ -20,14 +21,25 @@ router.get('/all', async (req, res) => {
   return res.status(200).send(fixBigInt(localities))
 })
 
-router.get('/export/dwc-archive', requireOneOf([Role.Admin]), async (_req, res) => {
-  const zipBuffer = await buildDwcLocalityArchiveZipBuffer()
+const sendDwcArchive = async (ids: number[] | undefined, res: Response) => {
+  const zipBuffer = await buildDwcLocalityArchiveZipBuffer(ids)
   res.setHeader('Content-Type', 'application/zip')
-  res.setHeader(
-    'Content-Disposition',
-    `attachment; filename="now_dwc_localities_test_export_${currentDateAsString()}.zip"`
-  )
+  res.setHeader('Content-Disposition', `attachment; filename="now_dwc_localities_export_${currentDateAsString()}.zip"`)
   return res.status(200).send(zipBuffer)
+}
+
+router.get('/export/dwc-archive', requireOneOf([Role.Admin]), async (_req, res) => {
+  return sendDwcArchive(undefined, res)
+})
+
+router.post('/export/dwc-archive', requireOneOf([Role.Admin]), async (req, res) => {
+  let ids: number[]
+  try {
+    ids = parseRequiredNumericIdsBody(req.body)
+  } catch (error) {
+    return res.status(400).send({ error: error instanceof Error ? error.message : 'Invalid export filters.' })
+  }
+  return sendDwcArchive(ids, res)
 })
 
 router.get('/:id', async (req, res) => {