package routes import ( "a301_server/internal/announcement" "a301_server/internal/auth" "a301_server/internal/bossraid" "a301_server/internal/chain" "a301_server/internal/download" "a301_server/internal/player" "a301_server/pkg/middleware" "github.com/gofiber/fiber/v2" "github.com/gofiber/swagger" ) func Register( app *fiber.App, authH *auth.Handler, annH *announcement.Handler, dlH *download.Handler, chainH *chain.Handler, brH *bossraid.Handler, playerH *player.Handler, authLimiter fiber.Handler, apiLimiter fiber.Handler, healthCheck fiber.Handler, readyCheck fiber.Handler, chainUserLimiter fiber.Handler, ) { // Swagger UI app.Get("/swagger/*", swagger.HandlerDefault) // Health / Ready (rate limiter 밖) app.Get("/health", healthCheck) app.Get("/ready", readyCheck) // Default 1MB body limit for API routes; upload endpoints are excluded apiBodyLimit := middleware.BodyLimit(1*1024*1024, "/api/download/upload") api := app.Group("/api", apiLimiter, apiBodyLimit) // Auth a := api.Group("/auth") a.Post("/register", authLimiter, authH.Register) a.Post("/login", authLimiter, authH.Login) a.Post("/refresh", authLimiter, authH.Refresh) a.Post("/logout", middleware.Auth, authH.Logout) // /verify moved to internal API (ServerAuth) — see internal section below a.Get("/ssafy/login", authH.SSAFYLoginURL) a.Post("/ssafy/callback", authLimiter, authH.SSAFYCallback) a.Post("/launch-ticket", middleware.Auth, authH.CreateLaunchTicket) a.Post("/redeem-ticket", authLimiter, authH.RedeemLaunchTicket) // Users (admin only) u := api.Group("/users", middleware.Auth, middleware.AdminOnly) u.Get("/", authH.GetAllUsers) u.Patch("/:id/role", authH.UpdateRole) u.Delete("/:id", authH.DeleteUser) // Announcements ann := api.Group("/announcements") ann.Get("/", annH.GetAll) ann.Post("/", middleware.Auth, middleware.AdminOnly, annH.Create) ann.Put("/:id", middleware.Auth, middleware.AdminOnly, annH.Update) ann.Delete("/:id", middleware.Auth, middleware.AdminOnly, annH.Delete) // Download dl := api.Group("/download") dl.Get("/info", dlH.GetInfo) dl.Get("/file", dlH.ServeFile) dl.Get("/launcher", dlH.ServeLauncher) dl.Post("/upload/game", middleware.Auth, middleware.AdminOnly, dlH.Upload) dl.Post("/upload/launcher", middleware.Auth, middleware.AdminOnly, dlH.UploadLauncher) // Chain - Queries (authenticated) ch := api.Group("/chain", middleware.Auth) ch.Get("/wallet", chainH.GetWalletInfo) ch.Get("/balance", chainH.GetBalance) ch.Get("/assets", chainH.GetAssets) ch.Get("/asset/:id", chainH.GetAsset) ch.Get("/inventory", chainH.GetInventory) ch.Get("/market", chainH.GetMarketListings) ch.Get("/market/:id", chainH.GetMarketListing) // Chain - User Transactions (authenticated, per-user rate limited, idempotency-protected) ch.Post("/transfer", chainUserLimiter, middleware.IdempotencyRequired, chainH.Transfer) ch.Post("/asset/transfer", chainUserLimiter, middleware.IdempotencyRequired, chainH.TransferAsset) ch.Post("/market/list", chainUserLimiter, middleware.IdempotencyRequired, chainH.ListOnMarket) ch.Post("/market/buy", chainUserLimiter, middleware.IdempotencyRequired, chainH.BuyFromMarket) ch.Post("/market/cancel", chainUserLimiter, middleware.IdempotencyRequired, chainH.CancelListing) ch.Post("/inventory/equip", chainUserLimiter, middleware.IdempotencyRequired, chainH.EquipItem) ch.Post("/inventory/unequip", chainUserLimiter, middleware.IdempotencyRequired, chainH.UnequipItem) // Chain - Admin Transactions (admin only, idempotency-protected) chainAdmin := api.Group("/chain/admin", middleware.Auth, middleware.AdminOnly) chainAdmin.Post("/mint", middleware.IdempotencyRequired, chainH.MintAsset) chainAdmin.Post("/reward", middleware.IdempotencyRequired, chainH.GrantReward) chainAdmin.Post("/template", middleware.IdempotencyRequired, chainH.RegisterTemplate) // Boss Raid - Client entry (JWT authenticated) bossRaid := api.Group("/bossraid", middleware.Auth) bossRaid.Post("/entry", brH.RequestEntryAuth) bossRaid.Get("/my-entry-token", brH.GetMyEntryToken) // Player Profile (authenticated) p := api.Group("/player", middleware.Auth) p.Get("/profile", playerH.GetProfile) p.Put("/profile", playerH.UpdateProfile) // ── Internal API (Rate Limit 제외, API Key 인증만) ────────────── internalApi := app.Group("/api/internal", apiBodyLimit, middleware.ServerAuth) // Internal - Boss Raid br := internalApi.Group("/bossraid") br.Post("/entry", brH.RequestEntry) br.Post("/start", brH.StartRaid) br.Post("/complete", middleware.IdempotencyRequired, brH.CompleteRaid) br.Post("/fail", brH.FailRaid) br.Get("/room", brH.GetRoom) br.Post("/validate-entry", brH.ValidateEntryToken) br.Post("/register", brH.RegisterServer) br.Post("/heartbeat", brH.Heartbeat) br.Post("/reset-room", brH.ResetRoom) br.Get("/server-status", brH.GetServerStatus) // Internal - Auth internalAuth := internalApi.Group("/auth") internalAuth.Post("/verify", authH.VerifyToken) // Internal - Player internalPlayer := internalApi.Group("/player") internalPlayer.Get("/profile", playerH.InternalGetProfile) internalPlayer.Post("/save", playerH.InternalSaveGameData) // Internal - Chain internalChain := internalApi.Group("/chain") internalChain.Post("/reward", middleware.IdempotencyRequired, chainH.InternalGrantReward) internalChain.Post("/mint", middleware.IdempotencyRequired, chainH.InternalMintAsset) internalChain.Get("/balance", chainH.InternalGetBalance) internalChain.Get("/assets", chainH.InternalGetAssets) internalChain.Get("/inventory", chainH.InternalGetInventory) }