first commit

This commit is contained in:
Beyhan Oğur
2026-04-26 21:33:39 +03:00
commit 4362c3b83f
1991 changed files with 285411 additions and 0 deletions

181
routes/admin_routes.go Normal file
View File

@@ -0,0 +1,181 @@
package routes
import (
configs "ares/config"
"ares/controllers"
"ares/middlewares"
"strings"
"github.com/gofiber/fiber/v3"
"go.uber.org/zap"
)
func RouterAdmin(app *fiber.App) {
// Log all /admin requests before auth middleware.
app.Use(func(c fiber.Ctx) error {
if strings.HasPrefix(c.Path(), "/admin") {
configs.Logger.Info(
"admin request pre-auth",
zap.String("method", c.Method()),
zap.String("path", c.Path()),
zap.String("content_type", c.Get("Content-Type")),
)
}
return c.Next()
})
// Login Routes
app.Get("/login", controllers.AdminLogin, middlewares.RequireRateLimit("login", 3, 60))
app.Post("/login", controllers.AdminLoginPost, middlewares.RequireRateLimit("login", 3, 60))
app.Get("/logout", controllers.AdminLogout)
// Admin Group
admin := app.Group("/admin")
// Protect admin routes (apply after login/logout routes)
admin.Use(middlewares.RequireAuth, middlewares.RequireAdmin)
admin.Use(func(c fiber.Ctx) error {
configs.Logger.Info(
"admin request received",
zap.String("method", c.Method()),
zap.String("path", c.Path()),
zap.String("content_type", c.Get("Content-Type")),
)
return c.Next()
})
// Provide a small endpoint for the admin UI to fetch current user info
admin.Get("/me", controllers.AdminMe)
// Main Layout
admin.Get("/", controllers.AdminDashboard)
// HTMX Content Partials
content := admin.Group("/content")
content.Get("/dashboard", controllers.AdminContentDashboard)
content.Get("/categories", controllers.AdminContentCategories)
content.Get("/posts", controllers.AdminContentPosts)
content.Get("/tags", controllers.AdminContentTags)
content.Get("/category-views", controllers.AdminContentCategoryViews)
content.Get("/comments", controllers.AdminContentComments)
// User Management Routes
// User Management Routes
// List Users
content.Get("/users", controllers.AdminContentUsers)
// Create User
admin.Get("/users/new", controllers.AdminUserNew) // Full page form
admin.Post("/users/create", controllers.AdminUserCreate) // Action
// Edit User
admin.Get("/users/:id/edit", controllers.AdminUserEdit) // Full page form
admin.Post("/users/:id/update", controllers.AdminUserUpdate) // Action
// Delete User
admin.Post("/users/:id/delete", controllers.AdminUserDelete) // Action using POST for form support
// Restore User
admin.Post("/users/:id/restore", controllers.AdminUserRestore)
// Settings & Hero Routes
content.Get("/settings", controllers.AdminContentSettings)
admin.Post("/settings", controllers.AdminSettingsPost)
// Category Management
admin.Get("/categories/new", controllers.AdminCategoryNew)
admin.Post("/categories/create", controllers.AdminCategoryCreate)
admin.Get("/categories/:id/edit", controllers.AdminCategoryEdit)
admin.Post("/categories/:id/update", controllers.AdminCategoryUpdate)
admin.Post("/categories/:id/delete", controllers.AdminCategoryDelete)
admin.Post("/categories/:id/restore", controllers.AdminCategoryRestore)
// Tag Management
admin.Get("/tags/new", controllers.AdminTagNew)
admin.Post("/tags/create", controllers.AdminTagCreate)
admin.Get("/tags/:id/edit", controllers.AdminTagEdit)
admin.Post("/tags/:id/update", controllers.AdminTagUpdate)
admin.Post("/tags/:id/delete", controllers.AdminTagDelete)
admin.Post("/tags/:id/restore", controllers.AdminTagRestore)
// Category Views
admin.Post("/category-views/:id/delete", controllers.AdminCategoryViewDelete)
admin.Post("/category-views/:id/restore", controllers.AdminCategoryViewRestore)
// Comments
admin.Get("/comments/:id/edit", controllers.AdminCommentEdit)
admin.Post("/comments/:id/update", controllers.AdminCommentUpdate)
admin.Post("/comments/:id/delete", controllers.AdminCommentDelete)
admin.Post("/comments/:id/restore", controllers.AdminCommentRestore)
// CORS management (whitelist / blacklist / rate limit)
admin.Post("/settings/cors/whitelist/create", controllers.AdminCorsWhitelistCreate)
admin.Post("/settings/cors/whitelist/create", controllers.AdminCorsWhitelistCreate)
admin.Post("/settings/cors/whitelist/:id/update", controllers.AdminCorsWhitelistUpdate)
admin.Post("/settings/cors/whitelist/:id/delete", controllers.AdminCorsWhitelistDelete)
admin.Post("/settings/cors/whitelist/:id/restore", controllers.AdminCorsWhitelistRestore)
admin.Post("/settings/cors/blacklist/create", controllers.AdminCorsBlacklistCreate)
admin.Post("/settings/cors/blacklist/create", controllers.AdminCorsBlacklistCreate)
admin.Post("/settings/cors/blacklist/:id/update", controllers.AdminCorsBlacklistUpdate)
admin.Post("/settings/cors/blacklist/:id/delete", controllers.AdminCorsBlacklistDelete)
admin.Post("/settings/cors/blacklist/:id/restore", controllers.AdminCorsBlacklistRestore)
admin.Post("/settings/rate-limit/create", controllers.AdminRateLimitCreate)
admin.Post("/settings/rate-limit/create", controllers.AdminRateLimitCreate)
admin.Post("/settings/rate-limit/:id/update", controllers.AdminRateLimitUpdate)
admin.Post("/settings/rate-limit/:id/delete", controllers.AdminRateLimitDelete)
admin.Post("/settings/rate-limit/:id/restore", controllers.AdminRateLimitRestore)
// Hero (Banner) Management
admin.Get("/heroes/new", controllers.AdminHeroNew)
admin.Post("/heroes/create", controllers.AdminHeroCreate)
admin.Get("/heroes/:id/edit", controllers.AdminHeroEdit)
admin.Post("/heroes/:id/update", controllers.AdminHeroUpdate)
admin.Post("/heroes/:id/delete", controllers.AdminHeroDelete)
admin.Post("/heroes/:id/restore", controllers.AdminHeroRestore)
// Product Management
content.Get("/products", controllers.AdminContentProducts)
admin.Get("/products/new", controllers.AdminProductNew)
admin.Post("/products/create", controllers.AdminProductCreate)
admin.Get("/products/:id/edit", controllers.AdminProductEdit)
admin.Post("/products/:id/update", controllers.AdminProductUpdate)
admin.Post("/products/:id/delete", controllers.AdminProductDelete)
admin.Post("/products/:id/restore", controllers.AdminProductRestore)
content.Get("/product-categories", controllers.AdminContentProductCategories)
admin.Get("/product-categories/new", controllers.AdminProductCategoryNew)
admin.Post("/product-categories/create", controllers.AdminProductCategoryCreate)
admin.Get("/product-categories/:id/edit", controllers.AdminProductCategoryEdit)
admin.Post("/product-categories/:id/update", controllers.AdminProductCategoryUpdate)
admin.Post("/product-categories/:id/delete", controllers.AdminProductCategoryDelete)
admin.Post("/product-categories/:id/restore", controllers.AdminProductCategoryRestore)
content.Get("/product-tags", controllers.AdminContentProductTags)
admin.Get("/product-tags/new", controllers.AdminProductTagNew)
admin.Post("/product-tags/create", controllers.AdminProductTagCreate)
admin.Get("/product-tags/:id/edit", controllers.AdminProductTagEdit)
admin.Post("/product-tags/:id/update", controllers.AdminProductTagUpdate)
admin.Post("/product-tags/:id/delete", controllers.AdminProductTagDelete)
admin.Post("/product-tags/:id/restore", controllers.AdminProductTagRestore)
// Cart Management
content.Get("/carts", controllers.AdminContentCarts)
admin.Post("/carts/:id/delete", controllers.AdminCartDelete)
// Product Insights (Comments, Views)
content.Get("/product-comments", controllers.AdminContentProductComments)
admin.Post("/product-comments/:id/delete", controllers.AdminProductCommentDelete)
content.Get("/product-category-views", controllers.AdminContentProductCategoryViews)
// Post Management (Admin)
admin.Get("/posts/new", controllers.AdminPostNew)
admin.Post("/posts/create", controllers.AdminPostCreate)
// Fetch remote image and save (used by editor image URL handler)
admin.Post("/uploads/fetch", controllers.AdminFetchImage)
admin.Get("/posts/:id/edit", controllers.AdminPostEdit)
admin.Post("/posts/:id/update", controllers.AdminPostUpdate)
admin.Post("/posts/:id/delete", controllers.AdminPostDelete)
admin.Post("/posts/:id/restore", controllers.AdminPostRestore)
}

148
routes/router.go Normal file
View File

@@ -0,0 +1,148 @@
package routes
import (
"ares/controllers"
"ares/middlewares"
"github.com/gofiber/fiber/v3"
)
func RouterUser(app *fiber.App) {
app.Get("/", func(c fiber.Ctx) error {
return c.SendFile("./views/coming_soon.html")
})
app.Use(middlewares.DynamicCORS())
api := app.Group("/api/v1", middlewares.RequireRateLimit("global", 100, 60)) // Global rate limit: 100 requests per minute
users := api.Group("/users")
auth := api.Group("/auth")
//admin := api.Group("/admin", middlewares.RejectAll()) // Admin routes are protected by RejectAll to prevent access until properly implemented
//users.Get("/", controllers.GetUser)
usersProtected := users.Group("", middlewares.RequireAuth)
usersProtected.Get("/me", controllers.Me)
usersProtected.Get("/admin/example", middlewares.RequireAdmin, controllers.AdminOnlyExample)
usersProtected.Get("/list", middlewares.RequireAdmin, controllers.AdminListUsers)
usersProtected.Get("/list/deleted", middlewares.RequireAdmin, controllers.AdminListDeletedUsers)
usersProtected.Get("/user/example", middlewares.RequireNormalUser, controllers.UserOnlyExample)
users.Get(":id", controllers.GetUserOne)
users.Put(":id", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.UpdateUser)
users.Delete(":id", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.DeleteUser)
users.Delete(":id/hard", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.HardDeleteUser)
users.Post(":id/restore", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.RestoreUser)
auth.Post("/register", middlewares.RequireRateLimit("register", 5, 60), controllers.Register)
auth.Post("/login", middlewares.RequireRateLimit("login", 10, 60), controllers.Login)
auth.Post("/refresh", middlewares.RequireRateLimit("refresh", 10, 60), controllers.RefreshToken)
auth.Post("/logout", middlewares.RequireAuth, controllers.Logout)
auth.Post("/resend-verification", controllers.ResendVerificationEmail)
auth.Get("/verify-email", controllers.VerifyEmail)
auth.Get("/google", controllers.GoogleAuth)
auth.Get("/google/callback", controllers.GoogleAuthCallback)
auth.Get("/github", controllers.GithubAuth)
auth.Get("/github/callback", controllers.GithubAuthCallback)
// Hero Routes
api.Get("/hero", controllers.GetHero)
api.Get("/heroes", controllers.GetHeroAll)
api.Get("/setting", controllers.GetSetting)
// Blog/Public Routes
api.Get("/posts", controllers.GetPosts)
api.Get("/posts/:slug", controllers.GetPost)
api.Get("/categories", controllers.ListCategories)
api.Get("/categories/:slug", controllers.GetCategory)
api.Get("/tags", controllers.ListTags)
api.Get("/comments", controllers.ListComments)
// Product/Public Routes
api.Get("/products", controllers.GetProducts)
api.Get("/products/:slug", controllers.GetProduct)
api.Get("/products/:id/comments", controllers.GetProductComments)
api.Post("/product-categories/:id/view", controllers.RecordProductCategoryView)
// Auth (Protected) Post routes for Comments
api.Post("/products/comments", middlewares.RequireAuth, controllers.AddProductComment)
// Blog/Admin Routes
// api.Post("/posts", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.CreatePost)
// api.Put("/posts/:id", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.UpdatePost)
// api.Delete("/posts/:id", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.DeletePost)
// Admin list posts (include trashed filter)
// admin.Get("/posts", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.AdminListPosts)
// admin.Delete("/posts/:id/hard", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.HardDeletePost)
// admin.Post("/posts/:id/restore", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.AdminRestorePost)
// Admin tags operations (list including trashed, hard delete, restore)
// admin.Get("/tags", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.AdminListTags)
// admin.Delete("/tags/:id/hard", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.HardDeleteTag)
// admin.Post("/tags/:id/restore", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.AdminRestoreTag)
// Admin category-views operations
// admin.Get("/category-views", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.AdminListCategoryViews)
// admin.Delete("/category-views/:id/hard", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.HardDeleteCategoryView)
// admin.Post("/category-views/:id/restore", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.AdminRestoreCategoryView)
// Admin categories operations (list including trashed, hard delete, restore)
// admin.Get("/categories", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.AdminListCategories)
// admin.Delete("/categories/:id/hard", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.HardDeleteCategory)
// admin.Post("/categories/:id/restore", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.AdminRestoreCategory)
// api.Post("/categories", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.CreateCategory)
// api.Put("/categories/:id", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.UpdateCategory)
// api.Delete("/categories/:id", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.DeleteCategory)
// api.Post("/tags", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.CreateTag)
// api.Put("/tags/:id", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.UpdateTag)
// api.Delete("/tags/:id", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.DeleteTag)
api.Post("/comments", controllers.CreateComment) // public
//api.Delete("/comments/:id", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.DeleteComment)
// Auth Middleware Group
authProtected := auth.Group("", middlewares.RequireAuth)
authProtected.Get("/me", controllers.Me)
//authProtected.Get("/admin/example", middlewares.RequireAdmin, controllers.AdminOnlyExample)
//authProtected.Get("/user/example", middlewares.RequireNormalUser, controllers.UserOnlyExample)
// Cart APIs
cartApi := api.Group("/cart", middlewares.RequireAuth)
cartApi.Get("/", controllers.GetMyCart)
cartApi.Delete("/", controllers.ClearCart)
cartApi.Post("/items", controllers.AddToCart)
cartApi.Put("/items/:item_id", controllers.UpdateCartItem)
cartApi.Delete("/items/:item_id", controllers.RemoveFromCart)
// Admin Hero Operations
// api.Post("/hero", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.CreateHero)
// api.Put("/hero/:id", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.UpdateHero)
// api.Delete("/hero/:id", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.DeleteHero)
// Admin Setting Operations
// api.Post("/setting", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.CreateSetting)
// api.Put("/setting/:id", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.UpdateSetting)
// api.Delete("/setting/:id", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.DeleteSetting)
// Admin Security (CORS & Rate Limit) Operations - internal use only
// admin.Get("/cors/whitelist", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.ListCorsWhitelists)
// admin.Post("/cors/whitelist", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.CreateCorsWhitelist)
// admin.Put("/cors/whitelist/:id", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.UpdateCorsWhitelist)
// admin.Delete("/cors/whitelist/:id", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.DeleteCorsWhitelist)
// admin.Delete("/cors/whitelist/:id/hard", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.HardDeleteCorsWhitelist)
// admin.Get("/cors/blacklist", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.ListCorsBlacklists)
// admin.Post("/cors/blacklist", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.CreateCorsBlacklist)
// admin.Put("/cors/blacklist/:id", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.UpdateCorsBlacklist)
// admin.Delete("/cors/blacklist/:id", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.DeleteCorsBlacklist)
// admin.Delete("/cors/blacklist/:id/hard", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.HardDeleteCorsBlacklist)
// admin.Get("/rate-limit", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.ListRateLimitSettings)
// admin.Post("/rate-limit", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.CreateRateLimitSetting)
// admin.Put("/rate-limit/:id", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.UpdateRateLimitSetting)
// admin.Delete("/rate-limit/:id", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.DeleteRateLimitSetting)
// admin.Delete("/rate-limit/:id/hard", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.HardDeleteRateLimitSetting)
}
//