first commit

This commit is contained in:
Beyhan Oğur
2026-04-26 21:46:42 +03:00
commit 2a5b661443
202 changed files with 49770 additions and 0 deletions

150
app/routes/router.go Normal file
View File

@@ -0,0 +1,150 @@
package routes
import (
"log"
"goGin/app/controllers"
"goGin/app/middlewares"
"github.com/gin-gonic/gin"
)
// Böylece Gin artık “tüm proxylere güveniyorum” modundan çıktı, uyarı gidecek ve IP/scheme güvenliği artmış olacak.
// İleride reverse proxy arkası deploy yaparsan, SetTrustedProxies(nil)
// satırını kendi proxy IP / CIDRlarınla değiştirebiliriz.
func SetupRouter() *gin.Engine {
r := gin.Default()
// Güvenli varsayılan: hiçbir proxy'ye güvenme (lokal geliştirme ve basit deploy'lar için ideal).
// İleride reverse proxy arkasına alırsan, ilgili IP/CIDR bloklarını burada SetTrustedProxies ile tanımlayabilirsin.
if err := r.SetTrustedProxies(nil); err != nil {
log.Fatalf("failed to set trusted proxies: %v", err)
}
r.Use(middlewares.DynamicCORS())
r.Use(middlewares.RequireRateLimit("global", 100, 60))
// Uploads klasörünü statik olarak dışarııyoruz
r.Static("/uploads", "./uploads")
api := r.Group("/api/v1")
admin := r.Group("/api/v1/admin")
// Protect admin group with auth + admin requirement
admin.Use(middlewares.RequireAuth)
admin.Use(middlewares.RequireAdmin)
auth := r.Group("/api/v1/auth")
{
auth.POST("/register", controllers.Register, middlewares.RequireRateLimit("register", 10, 60))
auth.POST("/login", controllers.Login, middlewares.RequireRateLimit("login", 10, 60))
auth.POST("/refresh", controllers.Refresh)
auth.GET("/verify-email", controllers.VerifyEmail, middlewares.RequireRateLimit("verify_email", 10, 60))
// Protected auth endpoints
authProtected := auth.Group("")
authProtected.Use(middlewares.RequireAuth)
{
authProtected.GET("/me", controllers.Me)
}
auth.GET("/google", controllers.GoogleLogin)
auth.GET("/google/callback", controllers.GoogleCallback)
auth.GET("/github", controllers.GithubLogin)
auth.GET("/github/callback", controllers.GithubCallback)
}
// Public GET endpoints
api.GET("/posts", controllers.ListPosts)
// use slug instead of numeric id
api.GET("/posts/:slug", controllers.GetPost)
api.GET("/categories", controllers.ListCategories)
// use slug for category retrieval as well
api.GET("/categories/:slug", controllers.GetCategory)
api.GET("/tags", controllers.ListTags)
api.GET("/tags/:id", controllers.GetTag)
api.GET("/comments", controllers.ListComments)
api.GET("/comments/:id", controllers.GetComment)
api.GET("/categoryviews", controllers.ListCategoryViews)
api.GET("/categoryviews/:id", controllers.GetCategoryView)
api.GET("/tags/:id/posts", controllers.FilterPostsByTag)
// Settings public endpoints
api.GET("/settings", controllers.GetSettings)
// optional public get by id
api.GET("/settings/:id", controllers.AdminGetSetting)
// Hero public endpoints
api.GET("/heroes", controllers.ListHeroes)
api.GET("/heroes/:id", controllers.GetHero)
// User routes (Profile)
userGroup := api.Group("/users")
userGroup.Use(middlewares.RequireAuth)
{
userGroup.GET("/profile", controllers.GetProfile)
userGroup.PUT("/profile", controllers.UpdateProfile)
}
// Admin POST, PUT, DELETE endpoints
admin.POST("/posts", controllers.CreatePost)
admin.GET("/posts/:id", controllers.AdminGetPost)
admin.PUT("/posts/:id", controllers.UpdatePost)
admin.DELETE("/posts/:id", controllers.DeletePost)
// Admin GET list (with soft-delete filters)
admin.GET("/posts", controllers.AdminListPosts)
// soft-delete management
admin.GET("/posts/deleted", controllers.ListDeletedPosts)
admin.POST("/posts/:id/restore", controllers.RestorePost)
admin.POST("/categories", controllers.CreateCategory)
admin.PUT("/categories/:id", controllers.UpdateCategory)
admin.DELETE("/categories/:id", controllers.DeleteCategory)
// Admin GET list (with soft-delete filters)
admin.GET("/categories", controllers.AdminListCategories)
// categories soft-delete management
admin.GET("/categories/deleted", controllers.ListDeletedCategories)
admin.POST("/categories/:id/restore", controllers.RestoreCategory)
admin.POST("/tags", controllers.CreateTag)
admin.PUT("/tags/:id", controllers.UpdateTag)
admin.DELETE("/tags/:id", controllers.DeleteTag)
// Admin GET list (with soft-delete filters)
admin.GET("/tags", controllers.AdminListTags)
admin.POST("/tags/:id/restore", controllers.RestoreTag)
admin.POST("/comments", controllers.CreateComment)
admin.PUT("/comments/:id", controllers.UpdateComment)
admin.DELETE("/comments/:id", controllers.DeleteComment)
// Admin GET list (with soft-delete filters)
admin.GET("/comments", controllers.AdminListComments)
admin.POST("/categoryviews", controllers.CreateCategoryView)
// Admin GET list (with soft-delete filters)
admin.GET("/categoryviews", controllers.AdminListCategoryViews)
// Admin Settings endpoints
admin.GET("/settings", controllers.AdminListSettings)
admin.POST("/settings", controllers.AdminCreateSetting)
admin.GET("/settings/:id", controllers.AdminGetSetting)
admin.PUT("/settings/:id", controllers.AdminUpdateSetting)
admin.DELETE("/settings/:id", controllers.AdminDeleteSetting)
admin.POST("/settings/:id/restore", controllers.AdminRestoreSetting)
// Hero Admin endpoints
admin.GET("/heroes", controllers.AdminListHeroes)
admin.POST("/heroes", controllers.CreateHero)
admin.GET("/heroes/:id", controllers.AdminGetHero)
admin.PUT("/heroes/:id", controllers.UpdateHero)
admin.DELETE("/heroes/:id", controllers.DeleteHero)
admin.POST("/heroes/:id/restore", controllers.RestoreHero)
// User Management
admin.GET("/users", controllers.AdminListUsers)
admin.GET("/users/:id", controllers.AdminGetUser)
admin.PUT("/users/:id", controllers.AdminUpdateUser)
admin.DELETE("/users/:id", controllers.AdminDeleteUser)
admin.POST("/users/:id/restore", controllers.AdminRestoreUser)
// İlişkili işlemler
admin.POST("/posts/:id/comments", controllers.AddCommentToPost)
admin.POST("/categories/:id/posts", controllers.AddPostToCategory)
return r
}