first commit
This commit is contained in:
150
app/routes/router.go
Normal file
150
app/routes/router.go
Normal file
@@ -0,0 +1,150 @@
|
||||
package routes
|
||||
|
||||
import (
|
||||
"log"
|
||||
|
||||
"goGin/app/controllers"
|
||||
"goGin/app/middlewares"
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
)
|
||||
|
||||
// Böylece Gin artık “tüm proxy’lere güveniyorum” modundan çıktı, uyarı gidecek ve IP/scheme güvenliği artmış olacak.
|
||||
// İleride reverse proxy arkası deploy yaparsan, SetTrustedProxies(nil)
|
||||
// satırını kendi proxy IP / CIDR’larınla değiştirebiliriz.
|
||||
func SetupRouter() *gin.Engine {
|
||||
r := gin.Default()
|
||||
// Güvenli varsayılan: hiçbir proxy'ye güvenme (lokal geliştirme ve basit deploy'lar için ideal).
|
||||
// İleride reverse proxy arkasına alırsan, ilgili IP/CIDR bloklarını burada SetTrustedProxies ile tanımlayabilirsin.
|
||||
if err := r.SetTrustedProxies(nil); err != nil {
|
||||
log.Fatalf("failed to set trusted proxies: %v", err)
|
||||
}
|
||||
r.Use(middlewares.DynamicCORS())
|
||||
r.Use(middlewares.RequireRateLimit("global", 100, 60))
|
||||
// Uploads klasörünü statik olarak dışarı açıyoruz
|
||||
r.Static("/uploads", "./uploads")
|
||||
|
||||
api := r.Group("/api/v1")
|
||||
admin := r.Group("/api/v1/admin")
|
||||
// Protect admin group with auth + admin requirement
|
||||
admin.Use(middlewares.RequireAuth)
|
||||
admin.Use(middlewares.RequireAdmin)
|
||||
|
||||
auth := r.Group("/api/v1/auth")
|
||||
{
|
||||
auth.POST("/register", controllers.Register, middlewares.RequireRateLimit("register", 10, 60))
|
||||
auth.POST("/login", controllers.Login, middlewares.RequireRateLimit("login", 10, 60))
|
||||
auth.POST("/refresh", controllers.Refresh)
|
||||
auth.GET("/verify-email", controllers.VerifyEmail, middlewares.RequireRateLimit("verify_email", 10, 60))
|
||||
|
||||
// Protected auth endpoints
|
||||
authProtected := auth.Group("")
|
||||
authProtected.Use(middlewares.RequireAuth)
|
||||
{
|
||||
authProtected.GET("/me", controllers.Me)
|
||||
}
|
||||
|
||||
auth.GET("/google", controllers.GoogleLogin)
|
||||
auth.GET("/google/callback", controllers.GoogleCallback)
|
||||
auth.GET("/github", controllers.GithubLogin)
|
||||
auth.GET("/github/callback", controllers.GithubCallback)
|
||||
}
|
||||
|
||||
// Public GET endpoints
|
||||
api.GET("/posts", controllers.ListPosts)
|
||||
// use slug instead of numeric id
|
||||
api.GET("/posts/:slug", controllers.GetPost)
|
||||
api.GET("/categories", controllers.ListCategories)
|
||||
// use slug for category retrieval as well
|
||||
api.GET("/categories/:slug", controllers.GetCategory)
|
||||
api.GET("/tags", controllers.ListTags)
|
||||
api.GET("/tags/:id", controllers.GetTag)
|
||||
api.GET("/comments", controllers.ListComments)
|
||||
api.GET("/comments/:id", controllers.GetComment)
|
||||
api.GET("/categoryviews", controllers.ListCategoryViews)
|
||||
api.GET("/categoryviews/:id", controllers.GetCategoryView)
|
||||
api.GET("/tags/:id/posts", controllers.FilterPostsByTag)
|
||||
|
||||
// Settings public endpoints
|
||||
api.GET("/settings", controllers.GetSettings)
|
||||
// optional public get by id
|
||||
api.GET("/settings/:id", controllers.AdminGetSetting)
|
||||
|
||||
// Hero public endpoints
|
||||
api.GET("/heroes", controllers.ListHeroes)
|
||||
api.GET("/heroes/:id", controllers.GetHero)
|
||||
|
||||
// User routes (Profile)
|
||||
userGroup := api.Group("/users")
|
||||
userGroup.Use(middlewares.RequireAuth)
|
||||
{
|
||||
userGroup.GET("/profile", controllers.GetProfile)
|
||||
userGroup.PUT("/profile", controllers.UpdateProfile)
|
||||
}
|
||||
|
||||
// Admin POST, PUT, DELETE endpoints
|
||||
admin.POST("/posts", controllers.CreatePost)
|
||||
admin.GET("/posts/:id", controllers.AdminGetPost)
|
||||
admin.PUT("/posts/:id", controllers.UpdatePost)
|
||||
admin.DELETE("/posts/:id", controllers.DeletePost)
|
||||
// Admin GET list (with soft-delete filters)
|
||||
admin.GET("/posts", controllers.AdminListPosts)
|
||||
// soft-delete management
|
||||
admin.GET("/posts/deleted", controllers.ListDeletedPosts)
|
||||
admin.POST("/posts/:id/restore", controllers.RestorePost)
|
||||
|
||||
admin.POST("/categories", controllers.CreateCategory)
|
||||
admin.PUT("/categories/:id", controllers.UpdateCategory)
|
||||
admin.DELETE("/categories/:id", controllers.DeleteCategory)
|
||||
// Admin GET list (with soft-delete filters)
|
||||
admin.GET("/categories", controllers.AdminListCategories)
|
||||
// categories soft-delete management
|
||||
admin.GET("/categories/deleted", controllers.ListDeletedCategories)
|
||||
admin.POST("/categories/:id/restore", controllers.RestoreCategory)
|
||||
|
||||
admin.POST("/tags", controllers.CreateTag)
|
||||
admin.PUT("/tags/:id", controllers.UpdateTag)
|
||||
admin.DELETE("/tags/:id", controllers.DeleteTag)
|
||||
// Admin GET list (with soft-delete filters)
|
||||
admin.GET("/tags", controllers.AdminListTags)
|
||||
admin.POST("/tags/:id/restore", controllers.RestoreTag)
|
||||
|
||||
admin.POST("/comments", controllers.CreateComment)
|
||||
admin.PUT("/comments/:id", controllers.UpdateComment)
|
||||
admin.DELETE("/comments/:id", controllers.DeleteComment)
|
||||
// Admin GET list (with soft-delete filters)
|
||||
admin.GET("/comments", controllers.AdminListComments)
|
||||
|
||||
admin.POST("/categoryviews", controllers.CreateCategoryView)
|
||||
// Admin GET list (with soft-delete filters)
|
||||
admin.GET("/categoryviews", controllers.AdminListCategoryViews)
|
||||
|
||||
// Admin Settings endpoints
|
||||
admin.GET("/settings", controllers.AdminListSettings)
|
||||
admin.POST("/settings", controllers.AdminCreateSetting)
|
||||
admin.GET("/settings/:id", controllers.AdminGetSetting)
|
||||
admin.PUT("/settings/:id", controllers.AdminUpdateSetting)
|
||||
admin.DELETE("/settings/:id", controllers.AdminDeleteSetting)
|
||||
admin.POST("/settings/:id/restore", controllers.AdminRestoreSetting)
|
||||
|
||||
// Hero Admin endpoints
|
||||
admin.GET("/heroes", controllers.AdminListHeroes)
|
||||
admin.POST("/heroes", controllers.CreateHero)
|
||||
admin.GET("/heroes/:id", controllers.AdminGetHero)
|
||||
admin.PUT("/heroes/:id", controllers.UpdateHero)
|
||||
admin.DELETE("/heroes/:id", controllers.DeleteHero)
|
||||
admin.POST("/heroes/:id/restore", controllers.RestoreHero)
|
||||
|
||||
// User Management
|
||||
admin.GET("/users", controllers.AdminListUsers)
|
||||
admin.GET("/users/:id", controllers.AdminGetUser)
|
||||
admin.PUT("/users/:id", controllers.AdminUpdateUser)
|
||||
admin.DELETE("/users/:id", controllers.AdminDeleteUser)
|
||||
admin.POST("/users/:id/restore", controllers.AdminRestoreUser)
|
||||
|
||||
// İlişkili işlemler
|
||||
admin.POST("/posts/:id/comments", controllers.AddCommentToPost)
|
||||
admin.POST("/categories/:id/posts", controllers.AddPostToCategory)
|
||||
|
||||
return r
|
||||
}
|
||||
Reference in New Issue
Block a user