148 lines
8.8 KiB
Go
148 lines
8.8 KiB
Go
package routes
|
|
|
|
import (
|
|
"ares/controllers"
|
|
"ares/middlewares"
|
|
|
|
"github.com/gofiber/fiber/v3"
|
|
)
|
|
|
|
func RouterUser(app *fiber.App) {
|
|
|
|
app.Get("/", func(c fiber.Ctx) error {
|
|
|
|
return c.SendFile("./views/coming_soon.html")
|
|
})
|
|
app.Use(middlewares.DynamicCORS())
|
|
api := app.Group("/api/v1", middlewares.RequireRateLimit("global", 100, 60)) // Global rate limit: 100 requests per minute
|
|
users := api.Group("/users")
|
|
auth := api.Group("/auth")
|
|
//admin := api.Group("/admin", middlewares.RejectAll()) // Admin routes are protected by RejectAll to prevent access until properly implemented
|
|
|
|
//users.Get("/", controllers.GetUser)
|
|
usersProtected := users.Group("", middlewares.RequireAuth)
|
|
usersProtected.Get("/me", controllers.Me)
|
|
usersProtected.Get("/admin/example", middlewares.RequireAdmin, controllers.AdminOnlyExample)
|
|
usersProtected.Get("/list", middlewares.RequireAdmin, controllers.AdminListUsers)
|
|
usersProtected.Get("/list/deleted", middlewares.RequireAdmin, controllers.AdminListDeletedUsers)
|
|
usersProtected.Get("/user/example", middlewares.RequireNormalUser, controllers.UserOnlyExample)
|
|
users.Get(":id", controllers.GetUserOne)
|
|
users.Put(":id", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.UpdateUser)
|
|
users.Delete(":id", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.DeleteUser)
|
|
users.Delete(":id/hard", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.HardDeleteUser)
|
|
users.Post(":id/restore", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.RestoreUser)
|
|
|
|
auth.Post("/register", middlewares.RequireRateLimit("register", 5, 60), controllers.Register)
|
|
auth.Post("/login", middlewares.RequireRateLimit("login", 10, 60), controllers.Login)
|
|
auth.Post("/refresh", controllers.RefreshToken, middlewares.RequireRateLimit("refresh", 10, 60), controllers.RefreshToken)
|
|
auth.Post("/resend-verification", controllers.ResendVerificationEmail)
|
|
auth.Get("/verify-email", controllers.VerifyEmail)
|
|
auth.Get("/google", controllers.GoogleAuth)
|
|
auth.Get("/google/callback", controllers.GoogleAuthCallback)
|
|
auth.Get("/github", controllers.GithubAuth)
|
|
auth.Get("/github/callback", controllers.GithubAuthCallback)
|
|
|
|
// Hero Routes
|
|
api.Get("/hero", controllers.GetHero)
|
|
api.Get("/heroes", controllers.GetHeroAll)
|
|
api.Get("/setting", controllers.GetSetting)
|
|
|
|
// Blog/Public Routes
|
|
api.Get("/posts", controllers.GetPosts)
|
|
api.Get("/posts/:slug", controllers.GetPost)
|
|
api.Get("/categories", controllers.ListCategories)
|
|
api.Get("/categories/:slug", controllers.GetCategory)
|
|
api.Get("/tags", controllers.ListTags)
|
|
api.Get("/comments", controllers.ListComments)
|
|
|
|
// Product/Public Routes
|
|
api.Get("/products", controllers.GetProducts)
|
|
api.Get("/products/:slug", controllers.GetProduct)
|
|
api.Get("/products/:id/comments", controllers.GetProductComments)
|
|
api.Post("/product-categories/:id/view", controllers.RecordProductCategoryView)
|
|
|
|
// Auth (Protected) Post routes for Comments
|
|
api.Post("/products/comments", middlewares.RequireAuth, controllers.AddProductComment)
|
|
|
|
// Blog/Admin Routes
|
|
// api.Post("/posts", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.CreatePost)
|
|
// api.Put("/posts/:id", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.UpdatePost)
|
|
// api.Delete("/posts/:id", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.DeletePost)
|
|
|
|
// Admin list posts (include trashed filter)
|
|
// admin.Get("/posts", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.AdminListPosts)
|
|
// admin.Delete("/posts/:id/hard", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.HardDeletePost)
|
|
// admin.Post("/posts/:id/restore", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.AdminRestorePost)
|
|
|
|
// Admin tags operations (list including trashed, hard delete, restore)
|
|
// admin.Get("/tags", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.AdminListTags)
|
|
// admin.Delete("/tags/:id/hard", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.HardDeleteTag)
|
|
// admin.Post("/tags/:id/restore", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.AdminRestoreTag)
|
|
|
|
// Admin category-views operations
|
|
// admin.Get("/category-views", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.AdminListCategoryViews)
|
|
// admin.Delete("/category-views/:id/hard", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.HardDeleteCategoryView)
|
|
// admin.Post("/category-views/:id/restore", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.AdminRestoreCategoryView)
|
|
|
|
// Admin categories operations (list including trashed, hard delete, restore)
|
|
// admin.Get("/categories", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.AdminListCategories)
|
|
// admin.Delete("/categories/:id/hard", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.HardDeleteCategory)
|
|
// admin.Post("/categories/:id/restore", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.AdminRestoreCategory)
|
|
|
|
// api.Post("/categories", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.CreateCategory)
|
|
// api.Put("/categories/:id", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.UpdateCategory)
|
|
// api.Delete("/categories/:id", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.DeleteCategory)
|
|
|
|
// api.Post("/tags", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.CreateTag)
|
|
// api.Put("/tags/:id", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.UpdateTag)
|
|
// api.Delete("/tags/:id", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.DeleteTag)
|
|
|
|
api.Post("/comments", controllers.CreateComment) // public
|
|
//api.Delete("/comments/:id", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.DeleteComment)
|
|
|
|
// Auth Middleware Group
|
|
authProtected := auth.Group("", middlewares.RequireAuth)
|
|
authProtected.Get("/me", controllers.Me)
|
|
//authProtected.Get("/admin/example", middlewares.RequireAdmin, controllers.AdminOnlyExample)
|
|
//authProtected.Get("/user/example", middlewares.RequireNormalUser, controllers.UserOnlyExample)
|
|
|
|
// Cart APIs
|
|
cartApi := api.Group("/cart", middlewares.RequireAuth)
|
|
cartApi.Get("/", controllers.GetMyCart)
|
|
cartApi.Delete("/", controllers.ClearCart)
|
|
cartApi.Post("/items", controllers.AddToCart)
|
|
cartApi.Put("/items/:item_id", controllers.UpdateCartItem)
|
|
cartApi.Delete("/items/:item_id", controllers.RemoveFromCart)
|
|
|
|
// Admin Hero Operations
|
|
// api.Post("/hero", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.CreateHero)
|
|
// api.Put("/hero/:id", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.UpdateHero)
|
|
// api.Delete("/hero/:id", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.DeleteHero)
|
|
|
|
// Admin Setting Operations
|
|
// api.Post("/setting", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.CreateSetting)
|
|
// api.Put("/setting/:id", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.UpdateSetting)
|
|
// api.Delete("/setting/:id", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.DeleteSetting)
|
|
|
|
// Admin Security (CORS & Rate Limit) Operations - internal use only
|
|
// admin.Get("/cors/whitelist", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.ListCorsWhitelists)
|
|
// admin.Post("/cors/whitelist", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.CreateCorsWhitelist)
|
|
// admin.Put("/cors/whitelist/:id", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.UpdateCorsWhitelist)
|
|
// admin.Delete("/cors/whitelist/:id", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.DeleteCorsWhitelist)
|
|
// admin.Delete("/cors/whitelist/:id/hard", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.HardDeleteCorsWhitelist)
|
|
|
|
// admin.Get("/cors/blacklist", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.ListCorsBlacklists)
|
|
// admin.Post("/cors/blacklist", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.CreateCorsBlacklist)
|
|
// admin.Put("/cors/blacklist/:id", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.UpdateCorsBlacklist)
|
|
// admin.Delete("/cors/blacklist/:id", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.DeleteCorsBlacklist)
|
|
// admin.Delete("/cors/blacklist/:id/hard", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.HardDeleteCorsBlacklist)
|
|
|
|
// admin.Get("/rate-limit", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.ListRateLimitSettings)
|
|
// admin.Post("/rate-limit", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.CreateRateLimitSetting)
|
|
// admin.Put("/rate-limit/:id", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.UpdateRateLimitSetting)
|
|
// admin.Delete("/rate-limit/:id", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.DeleteRateLimitSetting)
|
|
// admin.Delete("/rate-limit/:id/hard", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.HardDeleteRateLimitSetting)
|
|
}
|
|
|
|
//
|