wire auth routes and middleware groups

2026-04-24 13:28:58 +03:00 · 2026-04-24 13:28:58 +03:00 · 74a0e5980f
commit 74a0e5980f
parent 5f207f7fcb
1 changed files with 44 additions and 11 deletions
--- a/bootstrap/app.php
+++ b/bootstrap/app.php
@ -3,6 +3,10 @@
 use Psr\Http\Message\ResponseInterface as Response;
 use Psr\Http\Message\ServerRequestInterface as Request;
 use DI\Bridge\Slim\Bridge;
+use Slim\Routing\RouteCollectorProxy;
+use App\Auth\AdminMiddleware;
+use App\Auth\AuthController;
+use App\Auth\AuthMiddleware;
 use App\View\ViewController;
 use App\Text\TextController;
 use App\Node\NodeController;
@ -14,19 +18,48 @@ $app = Bridge::create($container);
 // change first param to false for production
 $app->addErrorMiddleware(true, true, true);

-$app->get('/home', [ViewController::class, 'home']);
-$app->get('/admin', [ViewController::class, 'admin']);
-$app->get('/admin/texts', [ViewController::class, 'texts']);
-$app->get('/admin/texts/{textId}', [ViewController::class, 'text']);
+// Public routes (no auth required)
+$app->get('/login', [ViewController::class, 'login']);
+$app->get('/register', [ViewController::class, 'register']);
+$app->post('/api/auth/login', [AuthController::class, 'login']);
+$app->post('/api/auth/register', [AuthController::class, 'register']);

-$app->get('/api/texts', [TextController::class, 'getTexts']);
-$app->get('/api/texts/{textId}', [TextController::class, 'getText']);
-$app->post('/api/texts', [TextController::class, 'createText']);
+// Authenticated routes (any logged-in user)
+$app->group('', function (RouteCollectorProxy $group) {
+    $group->get('/home', [ViewController::class, 'home']);

-$app->get('/api/nodes/{textId}', [NodeController::class, 'getNodesOfText']);
-$app->post('/api/nodes/bulk', [NodeController::class, 'bulkCreateNodes']);
-$app->post('/api/nodes', [NodeController::class, 'createNode']);
+    $group->post('/api/auth/logout', [AuthController::class, 'logout']);
+    $group->get('/api/auth/me', [AuthController::class, 'me']);

-$app->post('/api/plans', [PlanController::class, 'createPlan']);
+    $group->get('/api/texts', [TextController::class, 'getTexts']);
+    $group->get(
+        '/api/texts/{textId}',
+        [TextController::class, 'getText']
+    );
+
+    $group->get(
+        '/api/nodes/{textId}',
+        [NodeController::class, 'getNodesOfText']
+    );
+
+    $group->post('/api/plans', [PlanController::class, 'createPlan']);
+})->add(AuthMiddleware::class);
+
+// Admin-only routes
+$app->group('', function (RouteCollectorProxy $group) {
+    $group->get('/admin', [ViewController::class, 'admin']);
+    $group->get('/admin/texts', [ViewController::class, 'texts']);
+    $group->get(
+        '/admin/texts/{textId}',
+        [ViewController::class, 'text']
+    );
+
+    $group->post('/api/texts', [TextController::class, 'createText']);
+    $group->post(
+        '/api/nodes/bulk',
+        [NodeController::class, 'bulkCreateNodes']
+    );
+    $group->post('/api/nodes', [NodeController::class, 'createNode']);
+})->add(AdminMiddleware::class)->add(AuthMiddleware::class);

 return $app;