package routes import ( "gauth-central/api/handlers" "gauth-central/api/middlewares" _ "gauth-central/docs" // docs import "gauth-central/internal/services" "net/http" "github.com/gin-gonic/gin" swaggerFiles "github.com/swaggo/files" ginSwagger "github.com/swaggo/gin-swagger" ) func SetupRoutes(r *gin.Engine) { jwtService := services.NewJWTService() authService := services.NewAuthService() authHandler := handlers.NewAuthHandler(authService) settingsService := services.NewSettingsService() settingsHandler := handlers.NewSettingsHandler(settingsService) userManagementService := services.NewUserManagementService() userManagementHandler := handlers.NewUserManagementHandler(userManagementService) avatarHandler := handlers.NewAvatarHandler() profileHandler := handlers.NewProfileHandler() // Serve static files (uploaded avatars) r.Static("/uploads", "./uploads") // Homepage r.LoadHTMLGlob("web/*") r.GET("/", func(c *gin.Context) { c.HTML(http.StatusOK, "index.html", nil) }) v1 := r.Group("/v1") v1.Use(middlewares.APIRateLimitMiddleware()) // General API rate limiting { // Swagger v1.GET("/docs/*any", ginSwagger.WrapHandler(swaggerFiles.Handler)) auth := v1.Group("/auth") { auth.POST("/register", middlewares.RegisterRateLimitMiddleware(), authHandler.Register) auth.POST("/login", middlewares.LoginRateLimitMiddleware(), authHandler.Login) auth.GET("/verify-email", authHandler.VerifyEmail) auth.GET("/:provider", authHandler.BeginAuth) auth.GET("/:provider/callback", authHandler.Callback) auth.POST("/refresh", authHandler.Refresh) // Protected routes protected := auth.Group("/") protected.Use(middlewares.AuthMiddleware(jwtService)) { protected.GET("/me", authHandler.Me) protected.GET("/validate", func(c *gin.Context) { c.JSON(http.StatusOK, gin.H{ "message": "Token is valid", "user_id": c.GetString("user_id"), "email": c.GetString("email"), }) }) } } // User endpoints user := v1.Group("/user") user.Use(middlewares.AuthMiddleware(jwtService)) { // Avatar management user.POST("/avatar", avatarHandler.UploadAvatar) user.DELETE("/avatar", avatarHandler.DeleteAvatar) } // Profile endpoints profile := v1.Group("/profile") profile.Use(middlewares.AuthMiddleware(jwtService)) { profile.GET("", profileHandler.GetProfile) profile.PUT("", profileHandler.UpdateProfile) profile.PUT("/password", profileHandler.ChangePassword) profile.PUT("/email", profileHandler.ChangeEmail) } // Settings endpoints (Admin only) settings := v1.Group("/settings") settings.Use(middlewares.AuthMiddleware(jwtService)) settings.Use(middlewares.AdminMiddleware()) { // CORS Whitelist corsWhitelist := settings.Group("/cors/whitelist") { corsWhitelist.GET("", settingsHandler.GetAllWhitelist) corsWhitelist.POST("", settingsHandler.CreateWhitelist) corsWhitelist.PUT("/:id", settingsHandler.UpdateWhitelist) corsWhitelist.DELETE("/:id", settingsHandler.DeleteWhitelist) } // CORS Blacklist corsBlacklist := settings.Group("/cors/blacklist") { corsBlacklist.GET("", settingsHandler.GetAllBlacklist) corsBlacklist.POST("", settingsHandler.CreateBlacklist) corsBlacklist.PUT("/:id", settingsHandler.UpdateBlacklist) corsBlacklist.DELETE("/:id", settingsHandler.DeleteBlacklist) } // Rate Limit Settings rateLimit := settings.Group("/ratelimit") { rateLimit.GET("", settingsHandler.GetAllRateLimits) rateLimit.PUT("/:id", settingsHandler.UpdateRateLimit) } } // Admin - User Management admin := v1.Group("/admin") admin.Use(middlewares.AuthMiddleware(jwtService)) admin.Use(middlewares.AdminMiddleware()) { users := admin.Group("/users") { users.GET("/search", userManagementHandler.SearchUsers) users.GET("/deleted", userManagementHandler.GetDeletedUsers) // Yeni: Silinen kullanıcılar users.GET("", userManagementHandler.GetAllUsers) users.POST("", userManagementHandler.CreateUser) users.GET("/:id", userManagementHandler.GetUserByID) users.PUT("/:id", userManagementHandler.UpdateUser) users.DELETE("/:id", userManagementHandler.DeleteUser) users.POST("/:id/roles", userManagementHandler.AssignRoles) users.DELETE("/:id/roles/:role", userManagementHandler.RemoveRole) users.POST("/:id/restore", userManagementHandler.RestoreUser) // Yeni: Kullanıcıyı restore et // Avatar management for users (Admin) users.POST("/:id/avatar", avatarHandler.AdminUploadAvatar) } } } }