From 74a0e5980f4a8e94965e94154646feb298adad6f Mon Sep 17 00:00:00 2001
From: Yisroel Baum <yisroel.d.baum@gmail.com>
Date: Fri, 24 Apr 2026 13:28:58 +0300
Subject: [PATCH] wire auth routes and middleware groups

---
 bootstrap/app.php | 55 +++++++++++++++++++++++++++++++++++++----------
 1 file changed, 44 insertions(+), 11 deletions(-)

diff --git a/bootstrap/app.php b/bootstrap/app.php
index 1ceeb8e..c05dc0f 100644
--- a/bootstrap/app.php
+++ b/bootstrap/app.php
@@ -3,6 +3,10 @@
 use Psr\Http\Message\ResponseInterface as Response;
 use Psr\Http\Message\ServerRequestInterface as Request;
 use DI\Bridge\Slim\Bridge;
+use Slim\Routing\RouteCollectorProxy;
+use App\Auth\AdminMiddleware;
+use App\Auth\AuthController;
+use App\Auth\AuthMiddleware;
 use App\View\ViewController;
 use App\Text\TextController;
 use App\Node\NodeController;
@@ -14,19 +18,48 @@ $app = Bridge::create($container);
 // change first param to false for production
 $app->addErrorMiddleware(true, true, true);
 
-$app->get('/home', [ViewController::class, 'home']);
-$app->get('/admin', [ViewController::class, 'admin']);
-$app->get('/admin/texts', [ViewController::class, 'texts']);
-$app->get('/admin/texts/{textId}', [ViewController::class, 'text']);
+// Public routes (no auth required)
+$app->get('/login', [ViewController::class, 'login']);
+$app->get('/register', [ViewController::class, 'register']);
+$app->post('/api/auth/login', [AuthController::class, 'login']);
+$app->post('/api/auth/register', [AuthController::class, 'register']);
 
-$app->get('/api/texts', [TextController::class, 'getTexts']);
-$app->get('/api/texts/{textId}', [TextController::class, 'getText']);
-$app->post('/api/texts', [TextController::class, 'createText']);
+// Authenticated routes (any logged-in user)
+$app->group('', function (RouteCollectorProxy $group) {
+    $group->get('/home', [ViewController::class, 'home']);
 
-$app->get('/api/nodes/{textId}', [NodeController::class, 'getNodesOfText']);
-$app->post('/api/nodes/bulk', [NodeController::class, 'bulkCreateNodes']);
-$app->post('/api/nodes', [NodeController::class, 'createNode']);
+    $group->post('/api/auth/logout', [AuthController::class, 'logout']);
+    $group->get('/api/auth/me', [AuthController::class, 'me']);
 
-$app->post('/api/plans', [PlanController::class, 'createPlan']);
+    $group->get('/api/texts', [TextController::class, 'getTexts']);
+    $group->get(
+        '/api/texts/{textId}',
+        [TextController::class, 'getText']
+    );
+
+    $group->get(
+        '/api/nodes/{textId}',
+        [NodeController::class, 'getNodesOfText']
+    );
+
+    $group->post('/api/plans', [PlanController::class, 'createPlan']);
+})->add(AuthMiddleware::class);
+
+// Admin-only routes
+$app->group('', function (RouteCollectorProxy $group) {
+    $group->get('/admin', [ViewController::class, 'admin']);
+    $group->get('/admin/texts', [ViewController::class, 'texts']);
+    $group->get(
+        '/admin/texts/{textId}',
+        [ViewController::class, 'text']
+    );
+
+    $group->post('/api/texts', [TextController::class, 'createText']);
+    $group->post(
+        '/api/nodes/bulk',
+        [NodeController::class, 'bulkCreateNodes']
+    );
+    $group->post('/api/nodes', [NodeController::class, 'createNode']);
+})->add(AdminMiddleware::class)->add(AuthMiddleware::class);
 
 return $app;