emly/api-golang
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
api-golang/internal/routes/v1/admin.go
Flavio Fois 576ce0b1b5
All checks were successful
Build & Publish Docker Image / build-and-push (push) Successful in 43s
Details
add v2 API routes for admin and bug report management with rate limiting
2026-03-23 21:29:50 +01:00

45 lines
1.3 KiB
Go
Raw Permalink Blame History

package v1
import (
apimw "emly-api-go/internal/middleware"
"time"
"emly-api-go/internal/handlers"
"github.com/go-chi/chi/v5"
"github.com/go-chi/httprate"
"github.com/jmoiron/sqlx"
)
func registerAdmin(r chi.Router, db *sqlx.DB) {
r.Route("/admin", func(r chi.Router) {
// Auth — public, handles its own credential checks.
// Only /login is rate-limited: it is the only endpoint vulnerable to
// brute-force. /validate and /logout require a 256-bit session token
// and are called frequently by authenticated clients, so no limit is
// applied there.
r.Route("/auth", func(r chi.Router) {
r.Group(func(r chi.Router) {
r.Use(httprate.LimitByIP(30, time.Minute))
r.Post("/login", handlers.LoginUser(db))
})
r.Get("/validate", handlers.ValidateSession(db))
r.Post("/logout", handlers.LogoutSession(db))
})
// User management — protected via Admin Key
r.Route("/users", func(r chi.Router) {
r.Use(httprate.LimitByIP(30, time.Minute))
r.Use(apimw.AdminKeyAuth(db))
r.Get("/", handlers.ListUsers(db))
r.Post("/", handlers.CreateUser(db))
r.Get("/{id}", handlers.GetUserByID(db))
r.Patch("/{id}", handlers.UpdateUser(db))
r.Post("/{id}/reset-password", handlers.ResetPassword(db))
r.Delete("/{id}", handlers.DeleteUser(db))
})
})
}
Reference in New Issue View Git Blame Copy Permalink