package server import ( "music-server/cmd/web" "music-server/internal/logging" "music-server/internal/server/middleware" "net/http" "sort" "strings" "github.com/a-h/templ" "github.com/labstack/echo/v5" echoMiddleware "github.com/labstack/echo/v5/middleware" echoSwagger "github.com/swaggo/echo-swagger/v2" "go.uber.org/zap" ) // @Title MusicServer API // @version 1.0 // @description API for the MusicServer application // @termsOfService http://sanplex.xyz/terms/ // @contact.name Sebastian Olsson // @contact.email zarnor91@gmail.com // @license.name MIT // @license.url http://opensource.org/licenses/MIT // @host localhost:8080 // @BasePath / func (s *Server) RegisterRoutes() http.Handler { e := echo.New() // Serve OpenAPI spec at /openapi e.GET("/openapi", echo.WrapHandler(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { w.Header().Set("Content-Type", "application/json") http.ServeFile(w, r, "cmd/docs/swagger.json") }))) e.Use(logging.RequestLogger()) e.Use(echoMiddleware.Recover()) e.Use(echoMiddleware.CORSWithConfig(echoMiddleware.CORSConfig{ AllowOrigins: []string{"https://*", "http://*"}, AllowMethods: []string{"GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH"}, AllowHeaders: []string{"Accept", "Authorization", "Content-Type", "X-CSRF-Token"}, AllowCredentials: true, MaxAge: 300, })) fileServer := http.FileServer(http.FS(web.Assets)) e.GET("/assets/*", echo.WrapHandler(fileServer)) e.GET("/search", echo.WrapHandler(templ.Handler(web.HelloForm()))) e.POST("/find", echo.WrapHandler(http.HandlerFunc(web.FindGameWebHandler))) e.Static("/", "/frontend") // Swagger UI e.GET("/swagger/*", echoSwagger.WrapHandler) health := NewHealthHandler() e.GET("/health", health.HealthCheck) version := NewVersionHandler() e.GET("/version", version.GetLatestVersion) e.GET("/version/history", version.GetVersionHistory) character := NewCharacterHandler() e.GET("/character", character.GetCharacter) e.GET("/characters", character.GetCharacterList) download := NewDownloadHandler() e.GET("/download", download.checkLatest) e.GET("/download/list", download.listAssetsOfLatest) e.GET("/download/windows", download.downloadLatestWindows) e.GET("/download/linux", download.downloadLatestLinux) sync := NewSyncHandler() syncGroup := e.Group("/sync") syncGroup.GET("", sync.SyncGamesNewOnlyChanges) syncGroup.GET("/progress", sync.SyncProgress) syncGroup.GET("/new", sync.SyncGamesNewOnlyChanges) syncGroup.GET("/full", sync.SyncGamesNewFull) syncGroup.GET("/new/full", sync.SyncGamesNewFull) syncGroup.GET("/quick", sync.SyncGamesNewOnlyChanges) syncGroup.GET("/reset", sync.ResetGames) music := NewMusicHandler() musicGroup := e.Group("/music") musicGroup.GET("", music.GetSong) musicGroup.GET("/soundTest", music.GetSoundCheckSong) musicGroup.GET("/reset", music.ResetMusic) musicGroup.GET("/rand", music.GetRandomSong) musicGroup.GET("/rand/low", music.GetRandomSongLowChance) musicGroup.GET("/rand/classic", music.GetRandomSongClassic) musicGroup.GET("/info", music.GetSongInfo) musicGroup.GET("/list", music.GetPlayedSongs) musicGroup.GET("/next", music.GetNextSong) musicGroup.GET("/previous", music.GetPreviousSong) musicGroup.GET("/all", music.GetAllGamesRandom) musicGroup.GET("/all/order", music.GetAllGames) musicGroup.GET("/all/random", music.GetAllGamesRandom) musicGroup.PUT("/played", music.PutPlayed) musicGroup.GET("/addQue", music.AddLatestToQue) musicGroup.GET("/addPlayed", music.AddLatestPlayed) // ============================================ // API v1 Routes with Token Authentication // ============================================ // Create /api/v1 group apiV1 := e.Group("/api/v1") // Public endpoints - no token required apiV1.POST("/token", func(c *echo.Context) error { return s.tokenHandler.CreateTokenHandler(c) }) apiV1.DELETE("/token", func(c *echo.Context) error { return s.tokenHandler.DeleteTokenHandler(c) }) apiV1.POST("/token/cleanup", func(c *echo.Context) error { return s.tokenHandler.CleanupExpiredSessionsHandler(c) }) // Protected endpoints - require valid token // Create token auth middleware with pool access tokenAuthMiddleware := middleware.TokenAuthMiddleware(s.db.Pool) // Protected group with token authentication - will be used by VGMQ and Statistics API _ = apiV1.Group("", tokenAuthMiddleware) // Note: Future protected endpoints (VGMQ, Statistics) will be added here routes := e.Router().Routes() sort.Slice(routes, func(i, j int) bool { return routes[i].Path < routes[j].Path }) for _, r := range routes { if (r.Method == "GET" || r.Method == "POST" || r.Method == "PUT" || r.Method == "DELETE") && !strings.Contains(r.Name, "github") { logging.GetLogger().Debug("Registered route", zap.String("method", r.Method), zap.String("path", r.Path)) } } return e }