veza/veza-backend-api/internal/api/routes_marketplace.go

package api

import (
	"github.com/gin-gonic/gin"
	"github.com/google/uuid"
	"go.uber.org/zap"

	"veza-backend-api/internal/config"
	"veza-backend-api/internal/core/marketplace"
	"veza-backend-api/internal/handlers"
	"veza-backend-api/internal/services"
	"veza-backend-api/internal/services/hyperswitch"
)

// setupMarketplaceRoutes configure les routes de la marketplace
func (r *APIRouter) setupMarketplaceRoutes(router *gin.RouterGroup) {
	uploadDir := r.config.UploadDir
	if uploadDir == "" {
		uploadDir = "uploads/tracks"
	}

	storageService := services.NewTrackStorageService(uploadDir, false, r.logger)
	opts := []marketplace.ServiceOption{}
	if r.config.HyperswitchEnabled && r.config.HyperswitchAPIKey != "" && r.config.HyperswitchURL != "" {
		if r.config.SentryEnvironment == config.EnvProduction && !r.config.HyperswitchLiveMode {
			r.logger.Warn("Hyperswitch is enabled in production but HYPERSWITCH_LIVE_MODE=false; using test keys",
				zap.String("hint", "Set HYPERSWITCH_LIVE_MODE=true and use live API keys for production payments"))
		}
		hsClient := hyperswitch.NewClient(r.config.HyperswitchURL, r.config.HyperswitchAPIKey)
		hsProvider := hyperswitch.NewProvider(hsClient)
		opts = append(opts,
			marketplace.WithPaymentProvider(hsProvider),
			marketplace.WithHyperswitchConfig(true, r.config.CheckoutSuccessURL),
		)
	}
	marketService := marketplace.NewService(r.db.GormDB, r.logger, storageService, opts...)
	productPreviewDir := uploadDir
	if productPreviewDir == "" {
		productPreviewDir = "uploads"
	}
	marketHandler := handlers.NewMarketplaceHandler(marketService, r.logger, productPreviewDir)

	group := router.Group("/marketplace")
	group.GET("/products", marketHandler.ListProducts)
	group.GET("/products/:id", marketHandler.GetProduct)
	group.GET("/products/:id/preview", marketHandler.StreamProductPreview)
	group.GET("/products/:id/reviews", marketHandler.ListReviews)

	if r.config.AuthMiddleware != nil {
		protected := group.Group("")
		protected.Use(r.config.AuthMiddleware.RequireAuth())
		r.applyCSRFProtection(protected)

		createGroup := protected.Group("")
		createGroup.Use(r.config.AuthMiddleware.RequireContentCreatorRole())
		createGroup.POST("/products", marketHandler.CreateProduct)
		createGroup.POST("/products/:id/preview", marketHandler.UploadProductPreview)

		productOwnerResolver := func(c *gin.Context) (uuid.UUID, error) {
			productIDStr := c.Param("id")
			productID, err := uuid.Parse(productIDStr)
			if err != nil {
				return uuid.Nil, err
			}
			product, err := marketService.GetProduct(c.Request.Context(), productID)
			if err != nil {
				return uuid.Nil, err
			}
			return product.SellerID, nil
		}
		protected.PUT("/products/:id", r.config.AuthMiddleware.RequireOwnershipOrAdmin("product", productOwnerResolver), marketHandler.UpdateProduct)
		protected.PUT("/products/:id/images", r.config.AuthMiddleware.RequireOwnershipOrAdmin("product", productOwnerResolver), marketHandler.UpdateProductImages)

		protected.GET("/orders", marketHandler.ListOrders)
		protected.GET("/orders/:id", marketHandler.GetOrder)
		protected.GET("/orders/:id/invoice", marketHandler.GetOrderInvoice)
		protected.POST("/orders/:id/refund", marketHandler.RefundOrder)
		protected.POST("/orders", marketHandler.CreateOrder)
		protected.GET("/download/:product_id", marketHandler.GetDownloadURL)
		protected.GET("/licenses/mine", marketHandler.GetMyLicenses)
		protected.POST("/products/:id/reviews", marketHandler.CreateReview)

		marketplaceExtHandler := handlers.NewMarketplaceExtHandler(marketService, r.logger)
		protected.GET("/wishlist", marketplaceExtHandler.GetWishlist)
		protected.POST("/wishlist", marketplaceExtHandler.AddToWishlist)
		protected.DELETE("/wishlist/:productId", marketplaceExtHandler.RemoveFromWishlist)
	}

	sell := router.Group("/sell")
	if r.config.AuthMiddleware != nil {
		sellProtected := sell.Group("")
		sellProtected.Use(r.config.AuthMiddleware.RequireAuth())
		sellProtected.Use(r.config.AuthMiddleware.RequireContentCreatorRole())
		r.applyCSRFProtection(sellProtected)
		sellProtected.GET("/stats", marketHandler.GetSellStats)
		sellProtected.GET("/stats/evolution", marketHandler.GetSellStatsEvolution)
		sellProtected.GET("/stats/top-products", marketHandler.GetSellTopProducts)
		sellProtected.GET("/sales", marketHandler.GetSellSales)

		var stripeConnectSvc *services.StripeConnectService
		if r.config.StripeConnectEnabled && r.config.StripeConnectSecretKey != "" {
			stripeConnectSvc = services.NewStripeConnectService(r.db.GormDB, r.config.StripeConnectSecretKey, r.logger)
		}
		sellHandler := handlers.NewSellHandler(stripeConnectSvc, r.logger)
		sellProtected.POST("/connect/onboard", sellHandler.ConnectOnboard)
		sellProtected.GET("/connect/callback", sellHandler.ConnectCallback)
		sellProtected.GET("/balance", sellHandler.GetBalance)
	}

	commerce := router.Group("/commerce")
	if r.config.AuthMiddleware != nil {
		cartProtected := commerce.Group("")
		cartProtected.Use(r.config.AuthMiddleware.RequireAuth())
		r.applyCSRFProtection(cartProtected)

		marketplaceExtHandler := handlers.NewMarketplaceExtHandler(marketService, r.logger)
		cartProtected.GET("/cart", marketplaceExtHandler.GetCart)
		cartProtected.GET("/promo/:code", marketplaceExtHandler.ValidatePromo)
		cartProtected.POST("/cart/items", marketplaceExtHandler.AddToCart)
		cartProtected.DELETE("/cart/items/:id", marketplaceExtHandler.RemoveFromCart)
		cartProtected.POST("/cart/checkout", marketplaceExtHandler.Checkout)
	}
}