package routes import ( "ares/controllers" "ares/middlewares" "github.com/gofiber/fiber/v3" ) func RouterUser(app *fiber.App) { app.Get("/", func(c fiber.Ctx) error { return c.SendFile("./views/coming_soon.html") }) app.Use(middlewares.DynamicCORS()) api := app.Group("/api/v1", middlewares.RequireRateLimit("global", 100, 60)) // Global rate limit: 100 requests per minute users := api.Group("/users") auth := api.Group("/auth") //admin := api.Group("/admin", middlewares.RejectAll()) // Admin routes are protected by RejectAll to prevent access until properly implemented //users.Get("/", controllers.GetUser) usersProtected := users.Group("", middlewares.RequireAuth) usersProtected.Get("/me", controllers.Me) usersProtected.Get("/admin/example", middlewares.RequireAdmin, controllers.AdminOnlyExample) usersProtected.Get("/list", middlewares.RequireAdmin, controllers.AdminListUsers) usersProtected.Get("/list/deleted", middlewares.RequireAdmin, controllers.AdminListDeletedUsers) usersProtected.Get("/user/example", middlewares.RequireNormalUser, controllers.UserOnlyExample) users.Get(":id", controllers.GetUserOne) users.Put(":id", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.UpdateUser) users.Delete(":id", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.DeleteUser) users.Delete(":id/hard", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.HardDeleteUser) users.Post(":id/restore", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.RestoreUser) auth.Post("/register", middlewares.RequireRateLimit("register", 5, 60), controllers.Register) auth.Post("/login", middlewares.RequireRateLimit("login", 10, 60), controllers.Login) auth.Post("/refresh", middlewares.RequireRateLimit("refresh", 10, 60), controllers.RefreshToken) auth.Post("/logout", middlewares.RequireAuth, controllers.Logout) auth.Post("/resend-verification", controllers.ResendVerificationEmail) auth.Get("/verify-email", controllers.VerifyEmail) auth.Get("/google", controllers.GoogleAuth) auth.Get("/google/callback", controllers.GoogleAuthCallback) auth.Get("/github", controllers.GithubAuth) auth.Get("/github/callback", controllers.GithubAuthCallback) // Hero Routes api.Get("/hero", controllers.GetHero) api.Get("/heroes", controllers.GetHeroAll) api.Get("/setting", controllers.GetSetting) // Blog/Public Routes api.Get("/posts", controllers.GetPosts) api.Get("/posts/:slug", controllers.GetPost) api.Get("/categories", controllers.ListCategories) api.Get("/categories/:slug", controllers.GetCategory) api.Get("/tags", controllers.ListTags) api.Get("/comments", controllers.ListComments) // Product/Public Routes api.Get("/products", controllers.GetProducts) api.Get("/products/:slug", controllers.GetProduct) api.Get("/products/:id/comments", controllers.GetProductComments) api.Post("/product-categories/:id/view", controllers.RecordProductCategoryView) // Auth (Protected) Post routes for Comments api.Post("/products/comments", middlewares.RequireAuth, controllers.AddProductComment) // Blog/Admin Routes // api.Post("/posts", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.CreatePost) // api.Put("/posts/:id", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.UpdatePost) // api.Delete("/posts/:id", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.DeletePost) // Admin list posts (include trashed filter) // admin.Get("/posts", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.AdminListPosts) // admin.Delete("/posts/:id/hard", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.HardDeletePost) // admin.Post("/posts/:id/restore", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.AdminRestorePost) // Admin tags operations (list including trashed, hard delete, restore) // admin.Get("/tags", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.AdminListTags) // admin.Delete("/tags/:id/hard", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.HardDeleteTag) // admin.Post("/tags/:id/restore", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.AdminRestoreTag) // Admin category-views operations // admin.Get("/category-views", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.AdminListCategoryViews) // admin.Delete("/category-views/:id/hard", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.HardDeleteCategoryView) // admin.Post("/category-views/:id/restore", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.AdminRestoreCategoryView) // Admin categories operations (list including trashed, hard delete, restore) // admin.Get("/categories", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.AdminListCategories) // admin.Delete("/categories/:id/hard", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.HardDeleteCategory) // admin.Post("/categories/:id/restore", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.AdminRestoreCategory) // api.Post("/categories", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.CreateCategory) // api.Put("/categories/:id", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.UpdateCategory) // api.Delete("/categories/:id", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.DeleteCategory) // api.Post("/tags", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.CreateTag) // api.Put("/tags/:id", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.UpdateTag) // api.Delete("/tags/:id", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.DeleteTag) api.Post("/comments", controllers.CreateComment) // public //api.Delete("/comments/:id", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.DeleteComment) // Auth Middleware Group authProtected := auth.Group("", middlewares.RequireAuth) authProtected.Get("/me", controllers.Me) //authProtected.Get("/admin/example", middlewares.RequireAdmin, controllers.AdminOnlyExample) //authProtected.Get("/user/example", middlewares.RequireNormalUser, controllers.UserOnlyExample) // Cart APIs cartApi := api.Group("/cart", middlewares.RequireAuth) cartApi.Get("/", controllers.GetMyCart) cartApi.Delete("/", controllers.ClearCart) cartApi.Post("/items", controllers.AddToCart) cartApi.Put("/items/:item_id", controllers.UpdateCartItem) cartApi.Delete("/items/:item_id", controllers.RemoveFromCart) // Admin Hero Operations // api.Post("/hero", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.CreateHero) // api.Put("/hero/:id", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.UpdateHero) // api.Delete("/hero/:id", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.DeleteHero) // Admin Setting Operations // api.Post("/setting", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.CreateSetting) // api.Put("/setting/:id", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.UpdateSetting) // api.Delete("/setting/:id", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.DeleteSetting) // Admin Security (CORS & Rate Limit) Operations - internal use only // admin.Get("/cors/whitelist", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.ListCorsWhitelists) // admin.Post("/cors/whitelist", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.CreateCorsWhitelist) // admin.Put("/cors/whitelist/:id", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.UpdateCorsWhitelist) // admin.Delete("/cors/whitelist/:id", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.DeleteCorsWhitelist) // admin.Delete("/cors/whitelist/:id/hard", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.HardDeleteCorsWhitelist) // admin.Get("/cors/blacklist", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.ListCorsBlacklists) // admin.Post("/cors/blacklist", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.CreateCorsBlacklist) // admin.Put("/cors/blacklist/:id", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.UpdateCorsBlacklist) // admin.Delete("/cors/blacklist/:id", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.DeleteCorsBlacklist) // admin.Delete("/cors/blacklist/:id/hard", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.HardDeleteCorsBlacklist) // admin.Get("/rate-limit", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.ListRateLimitSettings) // admin.Post("/rate-limit", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.CreateRateLimitSetting) // admin.Put("/rate-limit/:id", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.UpdateRateLimitSetting) // admin.Delete("/rate-limit/:id", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.DeleteRateLimitSetting) // admin.Delete("/rate-limit/:id/hard", middlewares.RequireAuth, middlewares.RequireAdmin, controllers.HardDeleteRateLimitSetting) } //