package router import ( "cockpit/internal/api" "cockpit/internal/auth" "cockpit/internal/config" "cockpit/internal/middleware" "github.com/gin-contrib/cors" "github.com/gin-gonic/gin" "gorm.io/gorm" ) func New(cfg *config.Config, db *gorm.DB) *gin.Engine { r := gin.New() r.Use(gin.Recovery()) // CORS r.Use(cors.New(cors.Config{ AllowOrigins: cfg.CORS.AllowOrigins, AllowMethods: []string{"GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"}, AllowHeaders: []string{"Authorization", "Content-Type", "X-Request-Id"}, ExposeHeaders: []string{"Content-Disposition"}, AllowCredentials: true, })) authSvc := auth.NewService(cfg, db) apiHandler := api.NewHandler(cfg, db, authSvc) apiGroup := r.Group("/api") { apiGroup.POST("/auth/login", apiHandler.AuthLogin) apiGroup.POST("/auth/refresh", apiHandler.AuthRefresh) apiGroup.POST("/auth/logout", apiHandler.AuthLogout) } protected := apiGroup.Group("") protected.Use(middleware.AuthRequired(authSvc)) { protected.GET("/me", apiHandler.Me) // dictionaries protected.GET("/customers", middleware.RequirePerm("dict:read"), apiHandler.CustomerList) protected.POST("/customers", middleware.RequirePerm("dict:write"), apiHandler.CustomerCreate) protected.PATCH("/customers/:id", middleware.RequirePerm("dict:write"), apiHandler.CustomerUpdate) protected.DELETE("/customers/:id", middleware.RequirePerm("dict:write"), apiHandler.CustomerDelete) protected.GET("/statuses", middleware.RequirePerm("dict:read"), apiHandler.StatusList) protected.POST("/statuses", middleware.RequirePerm("dict:write"), apiHandler.StatusCreate) protected.PATCH("/statuses/:id", middleware.RequirePerm("dict:write"), apiHandler.StatusUpdate) protected.DELETE("/statuses/:id", middleware.RequirePerm("dict:write"), apiHandler.StatusDelete) // orders protected.GET("/orders", middleware.RequirePerm("orders:read"), apiHandler.OrderList) protected.GET("/orders/:id", middleware.RequirePerm("orders:read"), apiHandler.OrderGet) protected.POST("/orders", middleware.RequirePerm("orders:write"), apiHandler.OrderCreate) protected.PATCH("/orders/:id", middleware.RequirePerm("orders:write"), apiHandler.OrderUpdate) protected.DELETE("/orders/:id", middleware.RequirePerm("orders:write"), apiHandler.OrderDelete) // import protected.GET("/import/templates/orders.xlsx", middleware.RequirePerm("import:preview"), apiHandler.ImportOrdersTemplate) protected.POST("/import/orders/preview", middleware.RequirePerm("import:preview"), apiHandler.ImportOrdersPreview) protected.POST("/import/orders/commit", middleware.RequirePerm("import:commit"), apiHandler.ImportOrdersCommit) protected.POST("/import/orders/json", middleware.RequirePerm("import:commit"), apiHandler.ImportOrdersJSON) protected.GET("/import/jobs", middleware.RequirePerm("import:preview"), apiHandler.ImportJobs) protected.GET("/import/jobs/:id", middleware.RequirePerm("import:preview"), apiHandler.ImportJobGet) protected.GET("/import/jobs/:id/errors", middleware.RequirePerm("import:preview"), apiHandler.ImportJobErrors) // overview protected.GET("/overview/kpis", middleware.RequirePerm("overview:view"), apiHandler.OverviewKPIs) protected.GET("/overview/monthly-trend", middleware.RequirePerm("overview:view"), apiHandler.OverviewMonthlyTrend) protected.GET("/overview/by-customer", middleware.RequirePerm("overview:view"), apiHandler.OverviewByCustomer) protected.GET("/overview/topn", middleware.RequirePerm("overview:view"), apiHandler.OverviewTopN) protected.GET("/overview/status-distribution", middleware.RequirePerm("overview:view"), apiHandler.OverviewStatusDistribution) } return r }