a301_server/routes/routes.go

package routes

import (
	"a301_server/internal/announcement"
	"a301_server/internal/auth"
	"a301_server/internal/bossraid"
	"a301_server/internal/chain"
	"a301_server/internal/download"
	"a301_server/internal/player"
	"a301_server/pkg/middleware"
	"github.com/gofiber/fiber/v2"
	"github.com/gofiber/swagger"
)

func Register(
	app *fiber.App,
	authH *auth.Handler,
	annH *announcement.Handler,
	dlH *download.Handler,
	chainH *chain.Handler,
	brH *bossraid.Handler,
	playerH *player.Handler,
	authLimiter fiber.Handler,
	apiLimiter fiber.Handler,
	healthCheck fiber.Handler,
	readyCheck fiber.Handler,
	chainUserLimiter fiber.Handler,
) {
	// Swagger UI
	app.Get("/swagger/*", swagger.HandlerDefault)

	// Health / Ready (rate limiter 밖)
	app.Get("/health", healthCheck)
	app.Get("/ready", readyCheck)

	// Default 1MB body limit for API routes; upload endpoints are excluded
	apiBodyLimit := middleware.BodyLimit(1*1024*1024, "/api/download/upload")
	api := app.Group("/api", apiLimiter, apiBodyLimit)

	// Auth
	a := api.Group("/auth")
	a.Post("/register", authLimiter, authH.Register)
	a.Post("/login", authLimiter, authH.Login)
	a.Post("/refresh", authLimiter, authH.Refresh)
	a.Post("/logout", middleware.Auth, authH.Logout)
	// /verify moved to internal API (ServerAuth) — see internal section below
	a.Get("/ssafy/login", authH.SSAFYLoginURL)
	a.Post("/ssafy/callback", authLimiter, authH.SSAFYCallback)
	a.Post("/launch-ticket", middleware.Auth, authH.CreateLaunchTicket)
	a.Post("/redeem-ticket", authLimiter, authH.RedeemLaunchTicket)

	// Users (admin only)
	u := api.Group("/users", middleware.Auth, middleware.AdminOnly)
	u.Get("/", authH.GetAllUsers)
	u.Patch("/:id/role", authH.UpdateRole)
	u.Delete("/:id", authH.DeleteUser)

	// Announcements
	ann := api.Group("/announcements")
	ann.Get("/", annH.GetAll)
	ann.Post("/", middleware.Auth, middleware.AdminOnly, annH.Create)
	ann.Put("/:id", middleware.Auth, middleware.AdminOnly, annH.Update)
	ann.Delete("/:id", middleware.Auth, middleware.AdminOnly, annH.Delete)

	// Download
	dl := api.Group("/download")
	dl.Get("/info", dlH.GetInfo)
	dl.Get("/file", dlH.ServeFile)
	dl.Get("/launcher", dlH.ServeLauncher)
	dl.Post("/upload/game", middleware.Auth, middleware.AdminOnly, dlH.Upload)
	dl.Post("/upload/launcher", middleware.Auth, middleware.AdminOnly, dlH.UploadLauncher)

	// Chain - Queries (authenticated)
	ch := api.Group("/chain", middleware.Auth)
	ch.Get("/wallet", chainH.GetWalletInfo)
	ch.Get("/balance", chainH.GetBalance)
	ch.Get("/assets", chainH.GetAssets)
	ch.Get("/asset/:id", chainH.GetAsset)
	ch.Get("/inventory", chainH.GetInventory)
	ch.Get("/market", chainH.GetMarketListings)
	ch.Get("/market/:id", chainH.GetMarketListing)

	// Chain - User Transactions (authenticated, per-user rate limited, idempotency-protected)
	ch.Post("/transfer", chainUserLimiter, middleware.IdempotencyRequired, chainH.Transfer)
	ch.Post("/asset/transfer", chainUserLimiter, middleware.IdempotencyRequired, chainH.TransferAsset)
	ch.Post("/market/list", chainUserLimiter, middleware.IdempotencyRequired, chainH.ListOnMarket)
	ch.Post("/market/buy", chainUserLimiter, middleware.IdempotencyRequired, chainH.BuyFromMarket)
	ch.Post("/market/cancel", chainUserLimiter, middleware.IdempotencyRequired, chainH.CancelListing)
	ch.Post("/inventory/equip", chainUserLimiter, middleware.IdempotencyRequired, chainH.EquipItem)
	ch.Post("/inventory/unequip", chainUserLimiter, middleware.IdempotencyRequired, chainH.UnequipItem)

	// Chain - Admin Transactions (admin only, idempotency-protected)
	chainAdmin := api.Group("/chain/admin", middleware.Auth, middleware.AdminOnly)
	chainAdmin.Post("/mint", middleware.IdempotencyRequired, chainH.MintAsset)
	chainAdmin.Post("/reward", middleware.IdempotencyRequired, chainH.GrantReward)
	chainAdmin.Post("/template", middleware.IdempotencyRequired, chainH.RegisterTemplate)

	// Boss Raid - Client entry (JWT authenticated)
	bossRaid := api.Group("/bossraid", middleware.Auth)
	bossRaid.Post("/entry", brH.RequestEntryAuth)
	bossRaid.Get("/my-entry-token", brH.GetMyEntryToken)

	// Internal - Boss Raid (API key auth)
	br := api.Group("/internal/bossraid", middleware.ServerAuth)
	br.Post("/entry", brH.RequestEntry)
	br.Post("/start", brH.StartRaid)
	br.Post("/complete", middleware.IdempotencyRequired, brH.CompleteRaid)
	br.Post("/fail", brH.FailRaid)
	br.Get("/room", brH.GetRoom)
	br.Post("/validate-entry", brH.ValidateEntryToken)
	br.Post("/register", brH.RegisterServer)
	br.Post("/heartbeat", brH.Heartbeat)
	br.Post("/reset-room", brH.ResetRoom)
	br.Get("/server-status", brH.GetServerStatus)

	// Player Profile (authenticated)
	p := api.Group("/player", middleware.Auth)
	p.Get("/profile", playerH.GetProfile)
	p.Put("/profile", playerH.UpdateProfile)

	// Internal - Auth (API key auth)
	internalAuth := api.Group("/internal/auth", middleware.ServerAuth)
	internalAuth.Post("/verify", authH.VerifyToken)

	// Internal - Player (API key auth)
	internalPlayer := api.Group("/internal/player", middleware.ServerAuth)
	internalPlayer.Get("/profile", playerH.InternalGetProfile)
	internalPlayer.Post("/save", playerH.InternalSaveGameData)

	// Internal - Game server endpoints (API key auth, username-based, idempotency-protected)
	internal := api.Group("/internal/chain", middleware.ServerAuth)
	internal.Post("/reward", middleware.IdempotencyRequired, chainH.InternalGrantReward)
	internal.Post("/mint", middleware.IdempotencyRequired, chainH.InternalMintAsset)
	internal.Get("/balance", chainH.InternalGetBalance)
	internal.Get("/assets", chainH.InternalGetAssets)
	internal.Get("/inventory", chainH.InternalGetInventory)
}