code base

frontend/src/services/upsertApplicationAction.js

@@ -0,0 +1,49 @@
+import { json, redirect } from 'react-router-dom';
+import { toastSuccess, toastError, toastSecurityAlert } from '../utils/toast';
+
+export async function upsertApplicationAction({ request }) {
+  const formData = await request.formData();
+
+  const resubmission = JSON.parse(formData.get('resubmission'));
+  formData.delete('resubmission');
+  
+  try {
+    let res;
+    if (resubmission) {
+      res = await fetch(`${import.meta.env.VITE_APP_API_URL}/applicant/resubmit-application`, {
+        method: 'PUT',
+        credentials: 'include',
+        body: formData
+      });
+    } else {
+      res = await fetch(`${import.meta.env.VITE_APP_API_URL}/applicant/create-application`, {
+        method: 'POST',
+        credentials: 'include',
+        body: formData
+      });
+    }
+
+    if (res.status === 401) {
+      return json({ message: 'Unauthorized access' }, { status: res.status });
+    }
+
+    if (!res.ok) {
+      const errorData = await res.text();
+      
+      // Check for field tampering attempt
+      if (errorData.includes("Forbidden: Field") && errorData.includes("Tampering detected")) {
+        toastSecurityAlert("SECURITY ALERT: Your submission was blocked because form tampering was detected. Disabled fields cannot be modified. This incident has been logged.");
+      } else {
+        toastError(errorData);
+      }
+      
+      return json({ message: errorData }, { status: res.status });
+    }
+    
+    toastSuccess("Application Submitted Successfully");
+    return redirect("../dashboard/pending");
+  } catch (error) {
+    console.error('Fetch error:', error);
+    return json({ message: error.message || 'An unexpected error occurred' }, { status: error.status || 500 });
+  }
+}