b7955a680c
Backend Go: - Remplacement complet des anciennes migrations par la base V1 alignée sur ORIGIN. - Durcissement global du parsing JSON (BindAndValidateJSON + RespondWithAppError). - Sécurisation de config.go, CORS, statuts de santé et monitoring. - Implémentation des transactions P0 (RBAC, duplication de playlists, social toggles). - Ajout d’un job worker structuré (emails, analytics, thumbnails) + tests associés. - Nouvelle doc backend : AUDIT_CONFIG, BACKEND_CONFIG, AUTH_PASSWORD_RESET, JOB_WORKER_*. Chat server (Rust): - Refonte du pipeline JWT + sécurité, audit et rate limiting avancé. - Implémentation complète du cycle de message (read receipts, delivered, edit/delete, typing). - Nettoyage des panics, gestion d’erreurs robuste, logs structurés. - Migrations chat alignées sur le schéma UUID et nouvelles features. Stream server (Rust): - Refonte du moteur de streaming (encoding pipeline + HLS) et des modules core. - Transactions P0 pour les jobs et segments, garanties d’atomicité. - Documentation détaillée de la pipeline (AUDIT_STREAM_*, DESIGN_STREAM_PIPELINE, TRANSACTIONS_P0_IMPLEMENTATION). Documentation & audits: - TRIAGE.md et AUDIT_STABILITY.md à jour avec l’état réel des 3 services. - Cartographie complète des migrations et des transactions (DB_MIGRATIONS_*, DB_TRANSACTION_PLAN, AUDIT_DB_TRANSACTIONS, TRANSACTION_TESTS_PHASE3). - Scripts de reset et de cleanup pour la lab DB et la V1. Ce commit fige l’ensemble du travail de stabilisation P0 (UUID, backend, chat et stream) avant les phases suivantes (Coherence Guardian, WS hardening, etc.).
596 lines
No EOL
20 KiB
Go
596 lines
No EOL
20 KiB
Go
package api
|
|
|
|
import (
|
|
"context"
|
|
"os"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
"go.uber.org/zap"
|
|
|
|
"veza-backend-api/internal/config"
|
|
"veza-backend-api/internal/database"
|
|
"veza-backend-api/internal/handlers" // Single handlers import
|
|
"veza-backend-api/internal/middleware"
|
|
|
|
"veza-backend-api/internal/repositories"
|
|
|
|
// swaggerFiles "github.com/swaggo/files" // Uncommented
|
|
// ginSwagger "github.com/swaggo/gin-swagger" // Uncommented
|
|
|
|
// Add missing imports.
|
|
swaggerFiles "github.com/swaggo/files"
|
|
ginSwagger "github.com/swaggo/gin-swagger"
|
|
|
|
"veza-backend-api/internal/core/marketplace"
|
|
"veza-backend-api/internal/services"
|
|
authcore "veza-backend-api/internal/core/auth"
|
|
trackcore "veza-backend-api/internal/core/track"
|
|
"veza-backend-api/internal/validators"
|
|
"veza-backend-api/internal/workers"
|
|
|
|
// swaggerFiles "github.com/swaggo/files"
|
|
// ginSwagger "github.com/swaggo/gin-swagger"
|
|
)
|
|
|
|
// APIRouter gère la configuration des routes de l'API
|
|
type APIRouter struct {
|
|
db *database.Database
|
|
config *config.Config
|
|
engine *gin.Engine
|
|
logger *zap.Logger
|
|
}
|
|
|
|
// NewAPIRouter crée une nouvelle instance de APIRouter
|
|
func NewAPIRouter(db *database.Database, cfg *config.Config) *APIRouter {
|
|
return &APIRouter{
|
|
db: db,
|
|
config: cfg,
|
|
logger: zap.L(),
|
|
}
|
|
}
|
|
|
|
// Setup configure toutes les routes de l'API
|
|
func (r *APIRouter) Setup(router *gin.Engine) {
|
|
r.engine = router
|
|
|
|
// Middlewares globaux
|
|
router.Use(middleware.RequestLogger(r.logger)) // Utilisation du structured logger
|
|
router.Use(middleware.Metrics()) // Prometheus Metrics
|
|
router.Use(middleware.SentryRecover(r.logger)) // Sentry error tracking
|
|
router.Use(middleware.Recovery(r.logger))
|
|
// SECURITY: CORS configuration - use config.CORSOrigins strictly (P0-SECURITY)
|
|
// No fallback to CORSDefault() to avoid wildcard in production
|
|
if r.config != nil && len(r.config.CORSOrigins) > 0 {
|
|
router.Use(middleware.CORS(r.config.CORSOrigins))
|
|
} else {
|
|
// If CORSOrigins is empty, log warning but don't use wildcard
|
|
// This should have been caught by ValidateForEnvironment() in production
|
|
r.logger.Warn("CORS origins not configured - CORS middleware not applied. This may cause CORS errors in browsers.")
|
|
}
|
|
router.Use(middleware.RequestID())
|
|
// Rate limiting via config.RateLimiter si disponible, sinon utiliser SimpleRateLimiter
|
|
if r.config != nil && r.config.RateLimiter != nil {
|
|
router.Use(r.config.RateLimiter.RateLimitMiddleware())
|
|
} else if r.config != nil && r.config.SimpleRateLimiter != nil {
|
|
router.Use(r.config.SimpleRateLimiter.Middleware())
|
|
}
|
|
|
|
// Swagger Documentation
|
|
router.GET("/swagger/*any", ginSwagger.WrapHandler(swaggerFiles.Handler))
|
|
|
|
// Routes core publiques (health, metrics, upload info)
|
|
r.setupCorePublicRoutes(router)
|
|
|
|
// Groupe API v1 (nouveau frontend React)
|
|
v1 := router.Group("/api/v1")
|
|
{
|
|
// Routes core protégées (sessions, uploads, audit, admin, conversations)
|
|
r.setupCoreProtectedRoutes(v1)
|
|
|
|
r.setupAuthRoutes(v1)
|
|
|
|
// Réactivation des routes User et Track pour Phase 1
|
|
r.setupUserRoutes(v1)
|
|
r.setupTrackRoutes(v1)
|
|
|
|
// Réactivation des routes Chat pour Phase 4
|
|
r.setupChatRoutes(v1)
|
|
// Réactivation des routes Playlists pour Phase 5
|
|
r.setupPlaylistRoutes(v1)
|
|
// Réactivation des routes Webhooks
|
|
r.setupWebhookRoutes(v1)
|
|
|
|
// Marketplace Routes (v1.2.0)
|
|
r.setupMarketplaceRoutes(v1)
|
|
}
|
|
}
|
|
|
|
// Méthodes de configuration des routes par module
|
|
// setupMarketplaceRoutes configure les routes de la marketplace
|
|
func (r *APIRouter) setupMarketplaceRoutes(router *gin.RouterGroup) {
|
|
uploadDir := r.config.UploadDir
|
|
if uploadDir == "" {
|
|
uploadDir = "uploads/tracks"
|
|
}
|
|
|
|
// Storage service (reused from tracks logic)
|
|
storageService := services.NewTrackStorageService(uploadDir, false, r.logger)
|
|
|
|
// Marketplace service
|
|
marketService := marketplace.NewService(r.db.GormDB, r.logger, storageService)
|
|
marketHandler := handlers.NewMarketplaceHandler(marketService, r.logger)
|
|
|
|
group := router.Group("/marketplace")
|
|
// Public routes
|
|
group.GET("/products", marketHandler.ListProducts)
|
|
|
|
// Protected routes
|
|
if r.config.AuthMiddleware != nil {
|
|
protected := group.Group("")
|
|
protected.Use(r.config.AuthMiddleware.RequireAuth())
|
|
|
|
// GO-012: Create product requires creator/premium/admin role
|
|
createGroup := protected.Group("")
|
|
createGroup.Use(r.config.AuthMiddleware.RequireContentCreatorRole())
|
|
createGroup.POST("/products", marketHandler.CreateProduct)
|
|
protected.POST("/orders", marketHandler.CreateOrder)
|
|
protected.GET("/download/:product_id", marketHandler.GetDownloadURL)
|
|
}
|
|
}
|
|
|
|
// setupAuthRoutes configure les routes d'authentification avec toutes les dépendances
|
|
func (r *APIRouter) setupAuthRoutes(router *gin.RouterGroup) {
|
|
// 1. Instanciation des dépendances
|
|
emailValidator := validators.NewEmailValidator(r.db.GormDB)
|
|
passwordValidator := validators.NewPasswordValidator()
|
|
passwordService := services.NewPasswordService(r.db, r.logger)
|
|
passwordResetService := services.NewPasswordResetService(r.db, r.logger)
|
|
jwtService := services.NewJWTService(r.config.JWTSecret)
|
|
refreshTokenService := services.NewRefreshTokenService(r.db.GormDB)
|
|
emailVerificationService := services.NewEmailVerificationService(r.db, r.logger)
|
|
emailService := services.NewEmailService(r.db, r.logger)
|
|
sessionService := services.NewSessionService(r.db, r.logger)
|
|
|
|
// 2. Service Auth complet
|
|
authService := authcore.NewAuthService(
|
|
r.db.GormDB,
|
|
emailValidator,
|
|
passwordValidator,
|
|
passwordService,
|
|
jwtService,
|
|
refreshTokenService,
|
|
emailVerificationService,
|
|
passwordResetService,
|
|
emailService,
|
|
r.config.JobWorker, // Passer le JobWorker
|
|
r.logger,
|
|
)
|
|
|
|
// 3. Handlers
|
|
authGroup := router.Group("/auth")
|
|
{
|
|
authGroup.POST("/register", handlers.Register(authService, r.logger))
|
|
authGroup.POST("/login", handlers.Login(authService, sessionService, r.logger))
|
|
authGroup.POST("/refresh", handlers.Refresh(authService, r.logger))
|
|
authGroup.POST("/verify-email", handlers.VerifyEmail(authService))
|
|
authGroup.POST("/resend-verification", handlers.ResendVerification(authService, r.logger))
|
|
authGroup.GET("/check-username", handlers.CheckUsername(authService))
|
|
|
|
// Password reset routes (public)
|
|
passwordGroup := authGroup.Group("/password")
|
|
{
|
|
passwordGroup.POST("/reset-request", handlers.RequestPasswordReset(
|
|
passwordResetService,
|
|
passwordService,
|
|
emailService,
|
|
r.logger,
|
|
))
|
|
passwordGroup.POST("/reset", handlers.ResetPassword(
|
|
passwordResetService,
|
|
passwordService,
|
|
authService,
|
|
sessionService,
|
|
r.logger,
|
|
))
|
|
}
|
|
|
|
// Protected routes (authentification JWT requise)
|
|
protected := authGroup.Group("")
|
|
protected.Use(r.config.AuthMiddleware.RequireAuth()) // Changed to RequireAuth()
|
|
{
|
|
protected.POST("/logout", handlers.Logout(authService, sessionService, r.logger))
|
|
protected.GET("/me", handlers.GetMe())
|
|
}
|
|
}
|
|
}
|
|
// setupUserRoutes configure les routes utilisateur
|
|
func (r *APIRouter) setupUserRoutes(router *gin.RouterGroup) {
|
|
userRepo := repositories.NewGormUserRepository(r.db.GormDB)
|
|
userService := services.NewUserServiceWithDB(userRepo, r.db.GormDB)
|
|
profileHandler := handlers.NewProfileHandler(userService, r.logger)
|
|
|
|
users := router.Group("/users")
|
|
{
|
|
users.GET("/:id", profileHandler.GetProfile)
|
|
users.GET("/by-username/:username", profileHandler.GetProfileByUsername)
|
|
|
|
// Protected routes
|
|
if r.config.AuthMiddleware != nil {
|
|
protected := users.Group("")
|
|
protected.Use(r.config.AuthMiddleware.RequireAuth())
|
|
protected.PUT("/:id", profileHandler.UpdateProfile)
|
|
protected.GET("/:id/completion", profileHandler.GetProfileCompletion)
|
|
}
|
|
}
|
|
}
|
|
|
|
// setupTrackRoutes configure les routes de gestion des tracks
|
|
func (r *APIRouter) setupTrackRoutes(router *gin.RouterGroup) {
|
|
uploadDir := r.config.UploadDir
|
|
if uploadDir == "" {
|
|
uploadDir = "uploads/tracks"
|
|
}
|
|
chunksDir := uploadDir + "/chunks"
|
|
|
|
trackService := trackcore.NewTrackService(r.db.GormDB, r.logger, uploadDir)
|
|
trackUploadService := services.NewTrackUploadService(r.db.GormDB, r.logger)
|
|
chunkService := services.NewTrackChunkService(chunksDir, r.logger)
|
|
likeService := services.NewTrackLikeService(r.db.GormDB, r.logger)
|
|
streamService := services.NewStreamService(r.config.StreamServerURL, r.logger)
|
|
|
|
trackHandler := trackcore.NewTrackHandler(
|
|
trackService,
|
|
trackUploadService,
|
|
chunkService,
|
|
likeService,
|
|
streamService,
|
|
)
|
|
|
|
tracks := router.Group("/tracks")
|
|
{
|
|
// Public routes
|
|
tracks.GET("", trackHandler.ListTracks)
|
|
tracks.GET("/:id", trackHandler.GetTrack)
|
|
tracks.GET("/:id/stats", trackHandler.GetTrackStats)
|
|
tracks.GET("/:id/history", trackHandler.GetTrackHistory)
|
|
tracks.GET("/:id/download", trackHandler.DownloadTrack)
|
|
tracks.GET("/shared/:token", trackHandler.GetSharedTrack)
|
|
|
|
// Protected routes
|
|
if r.config.AuthMiddleware != nil {
|
|
protected := tracks.Group("")
|
|
protected.Use(r.config.AuthMiddleware.RequireAuth())
|
|
|
|
// GO-012: Upload track requires creator/premium/admin role
|
|
uploadGroup := protected.Group("")
|
|
uploadGroup.Use(r.config.AuthMiddleware.RequireContentCreatorRole())
|
|
uploadGroup.POST("", trackHandler.UploadTrack)
|
|
protected.PUT("/:id", trackHandler.UpdateTrack)
|
|
protected.DELETE("/:id", trackHandler.DeleteTrack)
|
|
|
|
// Upload
|
|
protected.GET("/:id/status", trackHandler.GetUploadStatus)
|
|
protected.POST("/initiate", trackHandler.InitiateChunkedUpload)
|
|
protected.POST("/chunk", trackHandler.UploadChunk)
|
|
protected.POST("/complete", trackHandler.CompleteChunkedUpload)
|
|
protected.GET("/quota/:id", trackHandler.GetUploadQuota)
|
|
protected.GET("/resume/:uploadId", trackHandler.ResumeUpload)
|
|
|
|
// Batch operations
|
|
protected.POST("/batch/delete", trackHandler.BatchDeleteTracks)
|
|
protected.POST("/batch/update", trackHandler.BatchUpdateTracks)
|
|
|
|
// Social
|
|
protected.POST("/:id/like", trackHandler.LikeTrack)
|
|
protected.DELETE("/:id/like", trackHandler.UnlikeTrack)
|
|
protected.GET("/:id/likes", trackHandler.GetTrackLikes)
|
|
|
|
// Sharing
|
|
protected.POST("/:id/share", trackHandler.CreateShare)
|
|
protected.DELETE("/share/:id", trackHandler.RevokeShare)
|
|
}
|
|
}
|
|
|
|
// Deprecated /internal routes
|
|
internalDeprecated := router.Group("/internal")
|
|
internalDeprecated.Use(middleware.DeprecationWarning(r.logger))
|
|
{
|
|
internalDeprecated.POST("/tracks/:id/stream-ready", trackHandler.HandleStreamCallback)
|
|
}
|
|
|
|
// New /api/v1/internal routes
|
|
v1Internal := router.Group("/api/v1/internal")
|
|
{
|
|
v1Internal.POST("/tracks/:id/stream-ready", trackHandler.HandleStreamCallback)
|
|
}
|
|
|
|
users := router.Group("/users")
|
|
{
|
|
users.GET("/:id/likes", trackHandler.GetUserLikedTracks)
|
|
}
|
|
}
|
|
|
|
// setupChatRoutes configure les routes de chat
|
|
func (r *APIRouter) setupChatRoutes(router *gin.RouterGroup) {
|
|
chatService := services.NewChatService(r.config.ChatJWTSecret, r.logger)
|
|
userRepo := repositories.NewGormUserRepository(r.db.GormDB)
|
|
userService := services.NewUserServiceWithDB(userRepo, r.db.GormDB)
|
|
|
|
chatHandler := handlers.NewChatHandler(chatService, userService, r.logger)
|
|
|
|
chat := router.Group("/chat")
|
|
{
|
|
if r.config.AuthMiddleware != nil {
|
|
chat.Use(r.config.AuthMiddleware.RequireAuth())
|
|
chat.POST("/token", chatHandler.GetToken)
|
|
}
|
|
}
|
|
}
|
|
|
|
// setupPlaylistRoutes configure les routes pour les playlists
|
|
func (r *APIRouter) setupPlaylistRoutes(router *gin.RouterGroup) {
|
|
playlistRepo := repositories.NewPlaylistRepository(r.db.GormDB)
|
|
playlistTrackRepo := repositories.NewPlaylistTrackRepository(r.db.GormDB)
|
|
playlistCollaboratorRepo := repositories.NewPlaylistCollaboratorRepository(r.db.GormDB)
|
|
userRepo := repositories.NewGormUserRepository(r.db.GormDB)
|
|
|
|
playlistService := services.NewPlaylistService(
|
|
playlistRepo,
|
|
playlistTrackRepo,
|
|
playlistCollaboratorRepo,
|
|
userRepo,
|
|
r.logger,
|
|
)
|
|
|
|
playlistHandler := handlers.NewPlaylistHandler(playlistService, r.db.GormDB, r.logger)
|
|
|
|
// Protected routes for playlists
|
|
playlists := router.Group("/playlists")
|
|
if r.config.AuthMiddleware != nil {
|
|
playlists.Use(r.config.AuthMiddleware.RequireAuth())
|
|
{
|
|
playlists.GET("", playlistHandler.GetPlaylists)
|
|
playlists.POST("", playlistHandler.CreatePlaylist)
|
|
playlists.GET("/:id", playlistHandler.GetPlaylist)
|
|
playlists.PUT("/:id", playlistHandler.UpdatePlaylist)
|
|
playlists.DELETE("/:id", playlistHandler.DeletePlaylist)
|
|
|
|
// Playlist Tracks
|
|
playlists.POST("/:id/tracks", playlistHandler.AddTrack)
|
|
playlists.DELETE("/:id/tracks/:track_id", playlistHandler.RemoveTrack)
|
|
playlists.PUT("/:id/tracks/reorder", playlistHandler.ReorderTracks)
|
|
}
|
|
}
|
|
}
|
|
|
|
// setupWebhookRoutes configure les routes pour les webhooks
|
|
func (r *APIRouter) setupWebhookRoutes(router *gin.RouterGroup) {
|
|
webhookService := services.NewWebhookService(r.db.GormDB, r.logger, r.config.JWTSecret)
|
|
|
|
webhookWorker := workers.NewWebhookWorker(
|
|
r.db.GormDB,
|
|
webhookService,
|
|
r.logger,
|
|
100, // Queue size
|
|
5, // Workers
|
|
3, // Max retries
|
|
)
|
|
|
|
// Start worker in background
|
|
go webhookWorker.Start(context.Background())
|
|
|
|
webhookHandler := handlers.NewWebhookHandler(webhookService, webhookWorker, r.logger)
|
|
|
|
webhooks := router.Group("/webhooks")
|
|
if r.config.AuthMiddleware != nil {
|
|
webhooks.Use(r.config.AuthMiddleware.RequireAuth())
|
|
}
|
|
{
|
|
webhooks.POST("", webhookHandler.RegisterWebhook())
|
|
webhooks.GET("", webhookHandler.ListWebhooks())
|
|
webhooks.DELETE("/:id", webhookHandler.DeleteWebhook())
|
|
webhooks.GET("/stats", webhookHandler.GetWebhookStats())
|
|
webhooks.POST("/:id/test", webhookHandler.TestWebhook())
|
|
}
|
|
}
|
|
|
|
// setupCorePublicRoutes configure les routes publiques core (health, metrics, upload info)
|
|
func (r *APIRouter) setupCorePublicRoutes(router *gin.Engine) {
|
|
// Middleware for deprecated routes
|
|
deprecated := router.Group("/")
|
|
deprecated.Use(middleware.DeprecationWarning(r.logger))
|
|
|
|
// Health check handlers
|
|
var healthCheckHandler gin.HandlerFunc
|
|
var livenessHandler gin.HandlerFunc
|
|
var readinessHandler gin.HandlerFunc
|
|
|
|
if r.db != nil && r.db.GormDB != nil {
|
|
var redisClient interface{}
|
|
if r.config != nil {
|
|
redisClient = r.config.RedisClient
|
|
}
|
|
var rabbitMQEventBus interface{}
|
|
if r.config != nil {
|
|
rabbitMQEventBus = r.config.RabbitMQEventBus
|
|
}
|
|
healthHandler := handlers.NewHealthHandler(r.db.GormDB, r.logger, redisClient, rabbitMQEventBus)
|
|
healthCheckHandler = healthHandler.Check
|
|
livenessHandler = healthHandler.Liveness
|
|
readinessHandler = healthHandler.Readiness
|
|
} else {
|
|
healthCheckHandler = handlers.SimpleHealthCheck
|
|
livenessHandler = handlers.SimpleHealthCheck
|
|
readinessHandler = handlers.SimpleHealthCheck
|
|
}
|
|
|
|
// Deprecated Public Core Routes
|
|
deprecated.GET("/health", healthCheckHandler)
|
|
deprecated.GET("/healthz", livenessHandler)
|
|
deprecated.GET("/readyz", readinessHandler)
|
|
deprecated.GET("/metrics", handlers.PrometheusMetrics())
|
|
if r.config != nil && r.config.ErrorMetrics != nil {
|
|
deprecated.GET("/metrics/aggregated", handlers.AggregatedMetrics(r.config.ErrorMetrics))
|
|
}
|
|
deprecated.GET("/system/metrics", handlers.SystemMetrics)
|
|
|
|
// New /api/v1 Public Core Routes
|
|
v1Public := router.Group("/api/v1")
|
|
{
|
|
v1Public.GET("/health", healthCheckHandler)
|
|
v1Public.GET("/healthz", livenessHandler)
|
|
v1Public.GET("/readyz", readinessHandler)
|
|
|
|
// Status endpoint (comprehensive health check)
|
|
if r.db != nil && r.db.GormDB != nil {
|
|
var redisClient interface{}
|
|
if r.config != nil {
|
|
redisClient = r.config.RedisClient
|
|
}
|
|
chatServerURL := ""
|
|
streamServerURL := ""
|
|
if r.config != nil {
|
|
chatServerURL = r.config.ChatServerURL
|
|
streamServerURL = r.config.StreamServerURL
|
|
}
|
|
// Get build info from environment or defaults
|
|
getEnv := func(key, defaultValue string) string {
|
|
if value := os.Getenv(key); value != "" {
|
|
return value
|
|
}
|
|
return defaultValue
|
|
}
|
|
version := getEnv("APP_VERSION", "v1.0.0")
|
|
gitCommit := getEnv("GIT_COMMIT", "unknown")
|
|
buildTime := getEnv("BUILD_TIME", "")
|
|
environment := ""
|
|
if r.config != nil {
|
|
environment = r.config.Env
|
|
}
|
|
statusHandler := handlers.NewStatusHandler(
|
|
r.db.GormDB,
|
|
r.logger,
|
|
redisClient,
|
|
chatServerURL,
|
|
streamServerURL,
|
|
version,
|
|
gitCommit,
|
|
buildTime,
|
|
environment,
|
|
)
|
|
v1Public.GET("/status", statusHandler.GetStatus)
|
|
}
|
|
|
|
v1Public.GET("/metrics", handlers.PrometheusMetrics())
|
|
if r.config != nil && r.config.ErrorMetrics != nil {
|
|
v1Public.GET("/metrics/aggregated", handlers.AggregatedMetrics(r.config.ErrorMetrics))
|
|
}
|
|
v1Public.GET("/system/metrics", handlers.SystemMetrics)
|
|
|
|
// Upload info endpoints (public, already in /api/v1)
|
|
if r.db != nil && r.db.GormDB != nil {
|
|
uploadConfig := services.DefaultUploadConfig()
|
|
uploadValidator, err := services.NewUploadValidator(uploadConfig, r.logger)
|
|
if err == nil {
|
|
auditService := services.NewAuditService(r.db, r.logger)
|
|
uploadHandler := handlers.NewUploadHandler(uploadValidator, auditService, r.logger)
|
|
v1Public.GET("/upload/limits", uploadHandler.GetUploadLimits())
|
|
v1Public.GET("/upload/validate-type", uploadHandler.ValidateFileType())
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
// setupCoreProtectedRoutes configure les routes protégées core (sessions, uploads, audit, admin, conversations)
|
|
func (r *APIRouter) setupCoreProtectedRoutes(v1 *gin.RouterGroup) {
|
|
if r.db == nil || r.db.GormDB == nil || r.config == nil {
|
|
return
|
|
}
|
|
|
|
// Middleware d'authentification pour routes protégées
|
|
protected := v1.Group("/")
|
|
if r.config.AuthMiddleware != nil {
|
|
protected.Use(r.config.AuthMiddleware.RequireAuth())
|
|
}
|
|
|
|
// Services nécessaires
|
|
sessionService := services.NewSessionService(r.db, r.logger)
|
|
uploadConfig := services.DefaultUploadConfig()
|
|
uploadValidator, err := services.NewUploadValidator(uploadConfig, r.logger)
|
|
if err != nil {
|
|
r.logger.Error("Failed to create upload validator", zap.Error(err))
|
|
return
|
|
}
|
|
auditService := services.NewAuditService(r.db, r.logger)
|
|
|
|
// Handlers
|
|
sessionHandler := handlers.NewSessionHandler(sessionService, auditService, r.logger)
|
|
uploadHandler := handlers.NewUploadHandler(uploadValidator, auditService, r.logger)
|
|
auditHandler := handlers.NewAuditHandler(auditService, r.logger)
|
|
|
|
// Routes de session
|
|
sessions := protected.Group("/sessions")
|
|
{
|
|
sessions.POST("/logout", sessionHandler.Logout())
|
|
sessions.POST("/logout-all", sessionHandler.LogoutAll())
|
|
sessions.GET("/", sessionHandler.GetSessions())
|
|
sessions.DELETE("/:session_id", sessionHandler.RevokeSession())
|
|
sessions.GET("/stats", sessionHandler.GetSessionStats())
|
|
sessions.POST("/refresh", sessionHandler.RefreshSession())
|
|
}
|
|
|
|
// Routes d'upload avec rate limiting spécifique
|
|
uploads := protected.Group("/uploads")
|
|
{
|
|
if r.config.RedisClient != nil {
|
|
uploads.Use(middleware.UploadRateLimit(r.config.RedisClient))
|
|
}
|
|
uploads.POST("/", uploadHandler.UploadFile())
|
|
uploads.POST("/batch", uploadHandler.BatchUpload())
|
|
uploads.GET("/:id/status", uploadHandler.GetUploadStatus())
|
|
uploads.GET("/:id/progress", uploadHandler.UploadProgress())
|
|
uploads.DELETE("/:id", uploadHandler.DeleteUpload())
|
|
uploads.GET("/stats", uploadHandler.GetUploadStats())
|
|
}
|
|
|
|
// Routes d'audit
|
|
audit := protected.Group("/audit")
|
|
{
|
|
audit.GET("/logs", auditHandler.SearchLogs())
|
|
audit.GET("/stats", auditHandler.GetStats())
|
|
audit.GET("/activity", auditHandler.GetUserActivity())
|
|
audit.GET("/suspicious", auditHandler.DetectSuspiciousActivity())
|
|
audit.GET("/ip/:ip", auditHandler.GetIPActivity())
|
|
audit.GET("/logs/:id", auditHandler.GetAuditLog())
|
|
audit.POST("/cleanup", auditHandler.CleanupOldLogs())
|
|
}
|
|
|
|
// Routes de conversations (chat rooms)
|
|
roomRepo := repositories.NewRoomRepository(r.db.GormDB)
|
|
messageRepo := repositories.NewChatMessageRepository(r.db.GormDB) // New
|
|
roomService := services.NewRoomService(roomRepo, messageRepo, r.logger) // Updated constructor
|
|
roomHandler := handlers.NewRoomHandler(roomService, r.logger)
|
|
|
|
conversations := protected.Group("/conversations")
|
|
{
|
|
conversations.GET("", roomHandler.GetUserRooms)
|
|
conversations.POST("", roomHandler.CreateRoom)
|
|
conversations.GET("/:id", roomHandler.GetRoom)
|
|
conversations.POST("/:id/members", roomHandler.AddMember)
|
|
conversations.GET("/:id/history", roomHandler.GetRoomHistory)
|
|
}
|
|
|
|
// Routes administrateur (avec authentification + permissions admin)
|
|
admin := v1.Group("/admin")
|
|
{
|
|
if r.config.AuthMiddleware != nil {
|
|
admin.Use(r.config.AuthMiddleware.RequireAuth())
|
|
admin.Use(r.config.AuthMiddleware.RequireAdmin())
|
|
}
|
|
|
|
// Audit logs (disponibles)
|
|
admin.GET("/audit/logs", auditHandler.SearchLogs())
|
|
admin.GET("/audit/stats", auditHandler.GetStats())
|
|
admin.GET("/audit/suspicious", auditHandler.DetectSuspiciousActivity())
|
|
}
|
|
} |