package routes import ( configs "ares/config" "ares/controllers" "ares/middlewares" "strings" "github.com/gofiber/fiber/v3" "go.uber.org/zap" ) func RouterAdmin(app *fiber.App) { // Log all /admin requests before auth middleware. app.Use(func(c fiber.Ctx) error { if strings.HasPrefix(c.Path(), "/admin") { configs.Logger.Info( "admin request pre-auth", zap.String("method", c.Method()), zap.String("path", c.Path()), zap.String("content_type", c.Get("Content-Type")), ) } return c.Next() }) // Login Routes app.Get("/login", controllers.AdminLogin, middlewares.RequireRateLimit("login", 3, 60)) app.Post("/login", controllers.AdminLoginPost, middlewares.RequireRateLimit("login", 3, 60)) app.Get("/logout", controllers.AdminLogout) // Admin Group admin := app.Group("/admin") // Protect admin routes (apply after login/logout routes) admin.Use(middlewares.RequireAuth, middlewares.RequireAdmin) admin.Use(func(c fiber.Ctx) error { configs.Logger.Info( "admin request received", zap.String("method", c.Method()), zap.String("path", c.Path()), zap.String("content_type", c.Get("Content-Type")), ) return c.Next() }) // Provide a small endpoint for the admin UI to fetch current user info admin.Get("/me", controllers.AdminMe) // Main Layout admin.Get("/", controllers.AdminDashboard) // HTMX Content Partials content := admin.Group("/content") content.Get("/dashboard", controllers.AdminContentDashboard) content.Get("/categories", controllers.AdminContentCategories) content.Get("/posts", controllers.AdminContentPosts) content.Get("/tags", controllers.AdminContentTags) content.Get("/category-views", controllers.AdminContentCategoryViews) content.Get("/comments", controllers.AdminContentComments) // User Management Routes // User Management Routes // List Users content.Get("/users", controllers.AdminContentUsers) // Create User admin.Get("/users/new", controllers.AdminUserNew) // Full page form admin.Post("/users/create", controllers.AdminUserCreate) // Action // Edit User admin.Get("/users/:id/edit", controllers.AdminUserEdit) // Full page form admin.Post("/users/:id/update", controllers.AdminUserUpdate) // Action // Delete User admin.Post("/users/:id/delete", controllers.AdminUserDelete) // Action using POST for form support // Restore User admin.Post("/users/:id/restore", controllers.AdminUserRestore) // Settings & Hero Routes content.Get("/settings", controllers.AdminContentSettings) admin.Post("/settings", controllers.AdminSettingsPost) // Category Management admin.Get("/categories/new", controllers.AdminCategoryNew) admin.Post("/categories/create", controllers.AdminCategoryCreate) admin.Get("/categories/:id/edit", controllers.AdminCategoryEdit) admin.Post("/categories/:id/update", controllers.AdminCategoryUpdate) admin.Post("/categories/:id/delete", controllers.AdminCategoryDelete) admin.Post("/categories/:id/restore", controllers.AdminCategoryRestore) // Tag Management admin.Get("/tags/new", controllers.AdminTagNew) admin.Post("/tags/create", controllers.AdminTagCreate) admin.Get("/tags/:id/edit", controllers.AdminTagEdit) admin.Post("/tags/:id/update", controllers.AdminTagUpdate) admin.Post("/tags/:id/delete", controllers.AdminTagDelete) admin.Post("/tags/:id/restore", controllers.AdminTagRestore) // Category Views admin.Post("/category-views/:id/delete", controllers.AdminCategoryViewDelete) admin.Post("/category-views/:id/restore", controllers.AdminCategoryViewRestore) // Comments admin.Get("/comments/:id/edit", controllers.AdminCommentEdit) admin.Post("/comments/:id/update", controllers.AdminCommentUpdate) admin.Post("/comments/:id/delete", controllers.AdminCommentDelete) admin.Post("/comments/:id/restore", controllers.AdminCommentRestore) // CORS management (whitelist / blacklist / rate limit) admin.Post("/settings/cors/whitelist/create", controllers.AdminCorsWhitelistCreate) admin.Post("/settings/cors/whitelist/create", controllers.AdminCorsWhitelistCreate) admin.Post("/settings/cors/whitelist/:id/update", controllers.AdminCorsWhitelistUpdate) admin.Post("/settings/cors/whitelist/:id/delete", controllers.AdminCorsWhitelistDelete) admin.Post("/settings/cors/whitelist/:id/restore", controllers.AdminCorsWhitelistRestore) admin.Post("/settings/cors/blacklist/create", controllers.AdminCorsBlacklistCreate) admin.Post("/settings/cors/blacklist/create", controllers.AdminCorsBlacklistCreate) admin.Post("/settings/cors/blacklist/:id/update", controllers.AdminCorsBlacklistUpdate) admin.Post("/settings/cors/blacklist/:id/delete", controllers.AdminCorsBlacklistDelete) admin.Post("/settings/cors/blacklist/:id/restore", controllers.AdminCorsBlacklistRestore) admin.Post("/settings/rate-limit/create", controllers.AdminRateLimitCreate) admin.Post("/settings/rate-limit/create", controllers.AdminRateLimitCreate) admin.Post("/settings/rate-limit/:id/update", controllers.AdminRateLimitUpdate) admin.Post("/settings/rate-limit/:id/delete", controllers.AdminRateLimitDelete) admin.Post("/settings/rate-limit/:id/restore", controllers.AdminRateLimitRestore) // Hero (Banner) Management admin.Get("/heroes/new", controllers.AdminHeroNew) admin.Post("/heroes/create", controllers.AdminHeroCreate) admin.Get("/heroes/:id/edit", controllers.AdminHeroEdit) admin.Post("/heroes/:id/update", controllers.AdminHeroUpdate) admin.Post("/heroes/:id/delete", controllers.AdminHeroDelete) admin.Post("/heroes/:id/restore", controllers.AdminHeroRestore) // Product Management content.Get("/products", controllers.AdminContentProducts) admin.Get("/products/new", controllers.AdminProductNew) admin.Post("/products/create", controllers.AdminProductCreate) admin.Get("/products/:id/edit", controllers.AdminProductEdit) admin.Post("/products/:id/update", controllers.AdminProductUpdate) admin.Post("/products/:id/delete", controllers.AdminProductDelete) admin.Post("/products/:id/restore", controllers.AdminProductRestore) content.Get("/product-categories", controllers.AdminContentProductCategories) admin.Get("/product-categories/new", controllers.AdminProductCategoryNew) admin.Post("/product-categories/create", controllers.AdminProductCategoryCreate) admin.Get("/product-categories/:id/edit", controllers.AdminProductCategoryEdit) admin.Post("/product-categories/:id/update", controllers.AdminProductCategoryUpdate) admin.Post("/product-categories/:id/delete", controllers.AdminProductCategoryDelete) admin.Post("/product-categories/:id/restore", controllers.AdminProductCategoryRestore) content.Get("/product-tags", controllers.AdminContentProductTags) admin.Get("/product-tags/new", controllers.AdminProductTagNew) admin.Post("/product-tags/create", controllers.AdminProductTagCreate) admin.Get("/product-tags/:id/edit", controllers.AdminProductTagEdit) admin.Post("/product-tags/:id/update", controllers.AdminProductTagUpdate) admin.Post("/product-tags/:id/delete", controllers.AdminProductTagDelete) admin.Post("/product-tags/:id/restore", controllers.AdminProductTagRestore) // Cart Management content.Get("/carts", controllers.AdminContentCarts) admin.Post("/carts/:id/delete", controllers.AdminCartDelete) // Product Insights (Comments, Views) content.Get("/product-comments", controllers.AdminContentProductComments) admin.Post("/product-comments/:id/delete", controllers.AdminProductCommentDelete) content.Get("/product-category-views", controllers.AdminContentProductCategoryViews) // Post Management (Admin) admin.Get("/posts/new", controllers.AdminPostNew) admin.Post("/posts/create", controllers.AdminPostCreate) // Fetch remote image and save (used by editor image URL handler) admin.Post("/uploads/fetch", controllers.AdminFetchImage) admin.Get("/posts/:id/edit", controllers.AdminPostEdit) admin.Post("/posts/:id/update", controllers.AdminPostUpdate) admin.Post("/posts/:id/delete", controllers.AdminPostDelete) admin.Post("/posts/:id/restore", controllers.AdminPostRestore) }