feat: Refactor API routes to separate public and protected endpoints for better organization

2025-03-10 22:54:54 +00:00 · 2025-03-10 22:54:54 +00:00 · baf656c093
commit baf656c093
parent 460235b832
1 changed files with 74 additions and 67 deletions
--- a/backend/internal/api/routes/router.go
+++ b/backend/internal/api/routes/router.go
@ -16,85 +16,92 @@ func SetupRouter(r *gin.Engine) {
 	projectHandler := handlers.NewProjectHandler()
 	timeEntryHandler := handlers.NewTimeEntryHandler()
-	// Public routes
+	// API routes
 	r.POST("/auth/login", userHandler.Login)
 	r.POST("/auth/register", userHandler.Register)
 	// API routes (protected)
 	api := r.Group("/api")
 	api.Use(middleware.AuthMiddleware())
 	{
-		// Auth routes
+		// Auth routes (public)
 		auth := api.Group("/auth")
 		{
-			auth.GET("/me", userHandler.GetCurrentUser)
+			auth.POST("/login", userHandler.Login)
 			auth.POST("/register", userHandler.Register)
 		}
-		// User routes
+		// Protected routes
-		users := api.Group("/users")
+		protected := api.Group("")
 		protected.Use(middleware.AuthMiddleware())
 		{
-			users.GET("", userHandler.GetUsers)
+			// Auth routes (protected)
-			users.GET("/:id", userHandler.GetUserByID)
+			protectedAuth := protected.Group("/auth")
-			users.POST("", middleware.RoleMiddleware("admin"), userHandler.CreateUser)
+			{
-			users.PUT("/:id", middleware.RoleMiddleware("admin"), userHandler.UpdateUser)
+				protectedAuth.GET("/me", userHandler.GetCurrentUser)
-			users.DELETE("/:id", middleware.RoleMiddleware("admin"), userHandler.DeleteUser)
+			}
 		}
-		// Activity routes
+			// User routes
-		activities := api.Group("/activities")
+			users := protected.Group("/users")
-		{
+			{
-			activities.GET("", activityHandler.GetActivities)
+				users.GET("", userHandler.GetUsers)
-			activities.GET("/:id", activityHandler.GetActivityByID)
+				users.GET("/:id", userHandler.GetUserByID)
-			activities.POST("", middleware.RoleMiddleware("admin"), activityHandler.CreateActivity)
+				users.POST("", middleware.RoleMiddleware("admin"), userHandler.CreateUser)
-			activities.PUT("/:id", middleware.RoleMiddleware("admin"), activityHandler.UpdateActivity)
+				users.PUT("/:id", middleware.RoleMiddleware("admin"), userHandler.UpdateUser)
-			activities.DELETE("/:id", middleware.RoleMiddleware("admin"), activityHandler.DeleteActivity)
+				users.DELETE("/:id", middleware.RoleMiddleware("admin"), userHandler.DeleteUser)
-		}
+			}
-		// Company routes
+			// Activity routes
-		companies := api.Group("/companies")
+			activities := protected.Group("/activities")
-		{
+			{
-			companies.GET("", companyHandler.GetCompanies)
+				activities.GET("", activityHandler.GetActivities)
-			companies.GET("/:id", companyHandler.GetCompanyByID)
+				activities.GET("/:id", activityHandler.GetActivityByID)
-			companies.POST("", middleware.RoleMiddleware("admin"), companyHandler.CreateCompany)
+				activities.POST("", middleware.RoleMiddleware("admin"), activityHandler.CreateActivity)
-			companies.PUT("/:id", middleware.RoleMiddleware("admin"), companyHandler.UpdateCompany)
+				activities.PUT("/:id", middleware.RoleMiddleware("admin"), activityHandler.UpdateActivity)
-			companies.DELETE("/:id", middleware.RoleMiddleware("admin"), companyHandler.DeleteCompany)
+				activities.DELETE("/:id", middleware.RoleMiddleware("admin"), activityHandler.DeleteActivity)
-		}
+			}
-		// Customer routes
+			// Company routes
-		customers := api.Group("/customers")
+			companies := protected.Group("/companies")
-		{
+			{
-			customers.GET("", customerHandler.GetCustomers)
+				companies.GET("", companyHandler.GetCompanies)
-			customers.GET("/:id", customerHandler.GetCustomerByID)
+				companies.GET("/:id", companyHandler.GetCompanyByID)
-			customers.GET("/company/:companyId", customerHandler.GetCustomersByCompanyID)
+				companies.POST("", middleware.RoleMiddleware("admin"), companyHandler.CreateCompany)
-			customers.POST("", middleware.RoleMiddleware("admin"), customerHandler.CreateCustomer)
+				companies.PUT("/:id", middleware.RoleMiddleware("admin"), companyHandler.UpdateCompany)
-			customers.PUT("/:id", middleware.RoleMiddleware("admin"), customerHandler.UpdateCustomer)
+				companies.DELETE("/:id", middleware.RoleMiddleware("admin"), companyHandler.DeleteCompany)
-			customers.DELETE("/:id", middleware.RoleMiddleware("admin"), customerHandler.DeleteCustomer)
+			}
 		}
-		// Project routes
+			// Customer routes
-		projects := api.Group("/projects")
+			customers := protected.Group("/customers")
-		{
+			{
-			projects.GET("", projectHandler.GetProjects)
+				customers.GET("", customerHandler.GetCustomers)
-			projects.GET("/with-customers", projectHandler.GetProjectsWithCustomers)
+				customers.GET("/:id", customerHandler.GetCustomerByID)
-			projects.GET("/:id", projectHandler.GetProjectByID)
+				customers.GET("/company/:companyId", customerHandler.GetCustomersByCompanyID)
-			projects.GET("/customer/:customerId", projectHandler.GetProjectsByCustomerID)
+				customers.POST("", middleware.RoleMiddleware("admin"), customerHandler.CreateCustomer)
-			projects.POST("", middleware.RoleMiddleware("admin"), projectHandler.CreateProject)
+				customers.PUT("/:id", middleware.RoleMiddleware("admin"), customerHandler.UpdateCustomer)
-			projects.PUT("/:id", middleware.RoleMiddleware("admin"), projectHandler.UpdateProject)
+				customers.DELETE("/:id", middleware.RoleMiddleware("admin"), customerHandler.DeleteCustomer)
-			projects.DELETE("/:id", middleware.RoleMiddleware("admin"), projectHandler.DeleteProject)
+			}
 		}
-		// Time Entry routes
+			// Project routes
-		timeEntries := api.Group("/time-entries")
+			projects := protected.Group("/projects")
-		{
+			{
-			timeEntries.GET("", timeEntryHandler.GetTimeEntries)
+				projects.GET("", projectHandler.GetProjects)
-			timeEntries.GET("/me", timeEntryHandler.GetMyTimeEntries)
+				projects.GET("/with-customers", projectHandler.GetProjectsWithCustomers)
-			timeEntries.GET("/range", timeEntryHandler.GetTimeEntriesByDateRange)
+				projects.GET("/:id", projectHandler.GetProjectByID)
-			timeEntries.GET("/:id", timeEntryHandler.GetTimeEntryByID)
+				projects.GET("/customer/:customerId", projectHandler.GetProjectsByCustomerID)
-			timeEntries.GET("/user/:userId", timeEntryHandler.GetTimeEntriesByUserID)
+				projects.POST("", middleware.RoleMiddleware("admin"), projectHandler.CreateProject)
-			timeEntries.GET("/project/:projectId", timeEntryHandler.GetTimeEntriesByProjectID)
+				projects.PUT("/:id", middleware.RoleMiddleware("admin"), projectHandler.UpdateProject)
-			timeEntries.POST("", timeEntryHandler.CreateTimeEntry)
+				projects.DELETE("/:id", middleware.RoleMiddleware("admin"), projectHandler.DeleteProject)
-			timeEntries.PUT("/:id", timeEntryHandler.UpdateTimeEntry)
+			}
-			timeEntries.DELETE("/:id", timeEntryHandler.DeleteTimeEntry)
+
 			// Time Entry routes
 			timeEntries := protected.Group("/time-entries")
 			{
 				timeEntries.GET("", timeEntryHandler.GetTimeEntries)
 				timeEntries.GET("/me", timeEntryHandler.GetMyTimeEntries)
 				timeEntries.GET("/range", timeEntryHandler.GetTimeEntriesByDateRange)
 				timeEntries.GET("/:id", timeEntryHandler.GetTimeEntryByID)
 				timeEntries.GET("/user/:userId", timeEntryHandler.GetTimeEntriesByUserID)
 				timeEntries.GET("/project/:projectId", timeEntryHandler.GetTimeEntriesByProjectID)
 				timeEntries.POST("", timeEntryHandler.CreateTimeEntry)
 				timeEntries.PUT("/:id", timeEntryHandler.UpdateTimeEntry)
 				timeEntries.DELETE("/:id", timeEntryHandler.DeleteTimeEntry)
 			}
 		}
 	}
 }