package routes import ( "log" "goGin/app/controllers" "goGin/app/middlewares" "github.com/gin-gonic/gin" ) // Böylece Gin artık “tüm proxy’lere güveniyorum” modundan çıktı, uyarı gidecek ve IP/scheme güvenliği artmış olacak. // İleride reverse proxy arkası deploy yaparsan, SetTrustedProxies(nil) // satırını kendi proxy IP / CIDR’larınla değiştirebiliriz. func SetupRouter() *gin.Engine { r := gin.Default() // Güvenli varsayılan: hiçbir proxy'ye güvenme (lokal geliştirme ve basit deploy'lar için ideal). // İleride reverse proxy arkasına alırsan, ilgili IP/CIDR bloklarını burada SetTrustedProxies ile tanımlayabilirsin. if err := r.SetTrustedProxies(nil); err != nil { log.Fatalf("failed to set trusted proxies: %v", err) } r.Use(middlewares.DynamicCORS()) r.Use(middlewares.RequireRateLimit("global", 100, 60)) // Uploads klasörünü statik olarak dışarı açıyoruz r.Static("/uploads", "./uploads") api := r.Group("/api/v1") admin := r.Group("/api/v1/admin") // Protect admin group with auth + admin requirement admin.Use(middlewares.RequireAuth) admin.Use(middlewares.RequireAdmin) auth := r.Group("/api/v1/auth") { auth.POST("/register", controllers.Register, middlewares.RequireRateLimit("register", 10, 60)) auth.POST("/login", controllers.Login, middlewares.RequireRateLimit("login", 10, 60)) auth.POST("/refresh", controllers.Refresh) auth.GET("/verify-email", controllers.VerifyEmail, middlewares.RequireRateLimit("verify_email", 10, 60)) // Protected auth endpoints authProtected := auth.Group("") authProtected.Use(middlewares.RequireAuth) { authProtected.GET("/me", controllers.Me) } auth.GET("/google", controllers.GoogleLogin) auth.GET("/google/callback", controllers.GoogleCallback) auth.GET("/github", controllers.GithubLogin) auth.GET("/github/callback", controllers.GithubCallback) } // Public GET endpoints api.GET("/posts", controllers.ListPosts) // use slug instead of numeric id api.GET("/posts/:slug", controllers.GetPost) api.GET("/categories", controllers.ListCategories) // use slug for category retrieval as well api.GET("/categories/:slug", controllers.GetCategory) api.GET("/tags", controllers.ListTags) api.GET("/tags/:id", controllers.GetTag) api.GET("/comments", controllers.ListComments) api.GET("/comments/:id", controllers.GetComment) api.GET("/categoryviews", controllers.ListCategoryViews) api.GET("/categoryviews/:id", controllers.GetCategoryView) api.GET("/tags/:id/posts", controllers.FilterPostsByTag) // Settings public endpoints api.GET("/settings", controllers.GetSettings) // optional public get by id api.GET("/settings/:id", controllers.AdminGetSetting) // Hero public endpoints api.GET("/heroes", controllers.ListHeroes) api.GET("/heroes/:id", controllers.GetHero) // User routes (Profile) userGroup := api.Group("/users") userGroup.Use(middlewares.RequireAuth) { userGroup.GET("/profile", controllers.GetProfile) userGroup.PUT("/profile", controllers.UpdateProfile) } // Admin POST, PUT, DELETE endpoints admin.POST("/posts", controllers.CreatePost) admin.GET("/posts/:id", controllers.AdminGetPost) admin.PUT("/posts/:id", controllers.UpdatePost) admin.DELETE("/posts/:id", controllers.DeletePost) // Admin GET list (with soft-delete filters) admin.GET("/posts", controllers.AdminListPosts) // soft-delete management admin.GET("/posts/deleted", controllers.ListDeletedPosts) admin.POST("/posts/:id/restore", controllers.RestorePost) admin.POST("/categories", controllers.CreateCategory) admin.PUT("/categories/:id", controllers.UpdateCategory) admin.DELETE("/categories/:id", controllers.DeleteCategory) // Admin GET list (with soft-delete filters) admin.GET("/categories", controllers.AdminListCategories) // categories soft-delete management admin.GET("/categories/deleted", controllers.ListDeletedCategories) admin.POST("/categories/:id/restore", controllers.RestoreCategory) admin.POST("/tags", controllers.CreateTag) admin.PUT("/tags/:id", controllers.UpdateTag) admin.DELETE("/tags/:id", controllers.DeleteTag) // Admin GET list (with soft-delete filters) admin.GET("/tags", controllers.AdminListTags) admin.POST("/tags/:id/restore", controllers.RestoreTag) admin.POST("/comments", controllers.CreateComment) admin.PUT("/comments/:id", controllers.UpdateComment) admin.DELETE("/comments/:id", controllers.DeleteComment) // Admin GET list (with soft-delete filters) admin.GET("/comments", controllers.AdminListComments) admin.POST("/categoryviews", controllers.CreateCategoryView) // Admin GET list (with soft-delete filters) admin.GET("/categoryviews", controllers.AdminListCategoryViews) // Admin Settings endpoints admin.GET("/settings", controllers.AdminListSettings) admin.POST("/settings", controllers.AdminCreateSetting) admin.GET("/settings/:id", controllers.AdminGetSetting) admin.PUT("/settings/:id", controllers.AdminUpdateSetting) admin.DELETE("/settings/:id", controllers.AdminDeleteSetting) admin.POST("/settings/:id/restore", controllers.AdminRestoreSetting) // Hero Admin endpoints admin.GET("/heroes", controllers.AdminListHeroes) admin.POST("/heroes", controllers.CreateHero) admin.GET("/heroes/:id", controllers.AdminGetHero) admin.PUT("/heroes/:id", controllers.UpdateHero) admin.DELETE("/heroes/:id", controllers.DeleteHero) admin.POST("/heroes/:id/restore", controllers.RestoreHero) // User Management admin.GET("/users", controllers.AdminListUsers) admin.GET("/users/:id", controllers.AdminGetUser) admin.PUT("/users/:id", controllers.AdminUpdateUser) admin.DELETE("/users/:id", controllers.AdminDeleteUser) admin.POST("/users/:id/restore", controllers.AdminRestoreUser) // İlişkili işlemler admin.POST("/posts/:id/comments", controllers.AddCommentToPost) admin.POST("/categories/:id/posts", controllers.AddPostToCategory) return r }