Files
goGin/app/routes/router.go
Beyhan Oğur 2a5b661443 first commit
2026-04-26 21:46:42 +03:00

151 lines
5.8 KiB
Go
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
package routes
import (
"log"
"goGin/app/controllers"
"goGin/app/middlewares"
"github.com/gin-gonic/gin"
)
// Böylece Gin artık “tüm proxylere güveniyorum” modundan çıktı, uyarı gidecek ve IP/scheme güvenliği artmış olacak.
// İleride reverse proxy arkası deploy yaparsan, SetTrustedProxies(nil)
// satırını kendi proxy IP / CIDRlarınla değiştirebiliriz.
func SetupRouter() *gin.Engine {
r := gin.Default()
// Güvenli varsayılan: hiçbir proxy'ye güvenme (lokal geliştirme ve basit deploy'lar için ideal).
// İleride reverse proxy arkasına alırsan, ilgili IP/CIDR bloklarını burada SetTrustedProxies ile tanımlayabilirsin.
if err := r.SetTrustedProxies(nil); err != nil {
log.Fatalf("failed to set trusted proxies: %v", err)
}
r.Use(middlewares.DynamicCORS())
r.Use(middlewares.RequireRateLimit("global", 100, 60))
// Uploads klasörünü statik olarak dışarııyoruz
r.Static("/uploads", "./uploads")
api := r.Group("/api/v1")
admin := r.Group("/api/v1/admin")
// Protect admin group with auth + admin requirement
admin.Use(middlewares.RequireAuth)
admin.Use(middlewares.RequireAdmin)
auth := r.Group("/api/v1/auth")
{
auth.POST("/register", controllers.Register, middlewares.RequireRateLimit("register", 10, 60))
auth.POST("/login", controllers.Login, middlewares.RequireRateLimit("login", 10, 60))
auth.POST("/refresh", controllers.Refresh)
auth.GET("/verify-email", controllers.VerifyEmail, middlewares.RequireRateLimit("verify_email", 10, 60))
// Protected auth endpoints
authProtected := auth.Group("")
authProtected.Use(middlewares.RequireAuth)
{
authProtected.GET("/me", controllers.Me)
}
auth.GET("/google", controllers.GoogleLogin)
auth.GET("/google/callback", controllers.GoogleCallback)
auth.GET("/github", controllers.GithubLogin)
auth.GET("/github/callback", controllers.GithubCallback)
}
// Public GET endpoints
api.GET("/posts", controllers.ListPosts)
// use slug instead of numeric id
api.GET("/posts/:slug", controllers.GetPost)
api.GET("/categories", controllers.ListCategories)
// use slug for category retrieval as well
api.GET("/categories/:slug", controllers.GetCategory)
api.GET("/tags", controllers.ListTags)
api.GET("/tags/:id", controllers.GetTag)
api.GET("/comments", controllers.ListComments)
api.GET("/comments/:id", controllers.GetComment)
api.GET("/categoryviews", controllers.ListCategoryViews)
api.GET("/categoryviews/:id", controllers.GetCategoryView)
api.GET("/tags/:id/posts", controllers.FilterPostsByTag)
// Settings public endpoints
api.GET("/settings", controllers.GetSettings)
// optional public get by id
api.GET("/settings/:id", controllers.AdminGetSetting)
// Hero public endpoints
api.GET("/heroes", controllers.ListHeroes)
api.GET("/heroes/:id", controllers.GetHero)
// User routes (Profile)
userGroup := api.Group("/users")
userGroup.Use(middlewares.RequireAuth)
{
userGroup.GET("/profile", controllers.GetProfile)
userGroup.PUT("/profile", controllers.UpdateProfile)
}
// Admin POST, PUT, DELETE endpoints
admin.POST("/posts", controllers.CreatePost)
admin.GET("/posts/:id", controllers.AdminGetPost)
admin.PUT("/posts/:id", controllers.UpdatePost)
admin.DELETE("/posts/:id", controllers.DeletePost)
// Admin GET list (with soft-delete filters)
admin.GET("/posts", controllers.AdminListPosts)
// soft-delete management
admin.GET("/posts/deleted", controllers.ListDeletedPosts)
admin.POST("/posts/:id/restore", controllers.RestorePost)
admin.POST("/categories", controllers.CreateCategory)
admin.PUT("/categories/:id", controllers.UpdateCategory)
admin.DELETE("/categories/:id", controllers.DeleteCategory)
// Admin GET list (with soft-delete filters)
admin.GET("/categories", controllers.AdminListCategories)
// categories soft-delete management
admin.GET("/categories/deleted", controllers.ListDeletedCategories)
admin.POST("/categories/:id/restore", controllers.RestoreCategory)
admin.POST("/tags", controllers.CreateTag)
admin.PUT("/tags/:id", controllers.UpdateTag)
admin.DELETE("/tags/:id", controllers.DeleteTag)
// Admin GET list (with soft-delete filters)
admin.GET("/tags", controllers.AdminListTags)
admin.POST("/tags/:id/restore", controllers.RestoreTag)
admin.POST("/comments", controllers.CreateComment)
admin.PUT("/comments/:id", controllers.UpdateComment)
admin.DELETE("/comments/:id", controllers.DeleteComment)
// Admin GET list (with soft-delete filters)
admin.GET("/comments", controllers.AdminListComments)
admin.POST("/categoryviews", controllers.CreateCategoryView)
// Admin GET list (with soft-delete filters)
admin.GET("/categoryviews", controllers.AdminListCategoryViews)
// Admin Settings endpoints
admin.GET("/settings", controllers.AdminListSettings)
admin.POST("/settings", controllers.AdminCreateSetting)
admin.GET("/settings/:id", controllers.AdminGetSetting)
admin.PUT("/settings/:id", controllers.AdminUpdateSetting)
admin.DELETE("/settings/:id", controllers.AdminDeleteSetting)
admin.POST("/settings/:id/restore", controllers.AdminRestoreSetting)
// Hero Admin endpoints
admin.GET("/heroes", controllers.AdminListHeroes)
admin.POST("/heroes", controllers.CreateHero)
admin.GET("/heroes/:id", controllers.AdminGetHero)
admin.PUT("/heroes/:id", controllers.UpdateHero)
admin.DELETE("/heroes/:id", controllers.DeleteHero)
admin.POST("/heroes/:id/restore", controllers.RestoreHero)
// User Management
admin.GET("/users", controllers.AdminListUsers)
admin.GET("/users/:id", controllers.AdminGetUser)
admin.PUT("/users/:id", controllers.AdminUpdateUser)
admin.DELETE("/users/:id", controllers.AdminDeleteUser)
admin.POST("/users/:id/restore", controllers.AdminRestoreUser)
// İlişkili işlemler
admin.POST("/posts/:id/comments", controllers.AddCommentToPost)
admin.POST("/categories/:id/posts", controllers.AddPostToCategory)
return r
}