105 lines
4.4 KiB
PHP
105 lines
4.4 KiB
PHP
<?php
|
|
|
|
/** @var App\Core\App $app */
|
|
$app = require_once __DIR__ . '/../bootstrap/app.php';
|
|
|
|
use App\Controllers\HomeController;
|
|
use App\Controllers\AuthController;
|
|
use App\Controllers\Admin\DashboardController;
|
|
use App\Controllers\Admin\OrganizationsController;
|
|
use App\Controllers\Admin\OpportunitiesController;
|
|
use App\Controllers\Admin\ContactsController;
|
|
use App\Controllers\Admin\SourcesController;
|
|
use App\Controllers\Admin\SettingsController;
|
|
use App\Middleware\SecurityHeaders;
|
|
use App\Middleware\RateLimit;
|
|
use App\Middleware\CsrfProtection;
|
|
use App\Middleware\Authenticate;
|
|
|
|
// Register Global Web Middlewares on Route groups
|
|
$app->router->group([
|
|
'middleware' => [SecurityHeaders::class]
|
|
], function($router) {
|
|
|
|
// Public index redirection
|
|
$router->get('/', [HomeController::class, 'index']);
|
|
|
|
// Auth routes throttled via Rate Limiter
|
|
$router->group([
|
|
'middleware' => [RateLimit::class]
|
|
], function($r) {
|
|
$r->get('/login', [AuthController::class, 'showLogin']);
|
|
$r->post('/login', [AuthController::class, 'login']);
|
|
$r->get('/register', [AuthController::class, 'showRegister']);
|
|
$r->post('/register', [AuthController::class, 'register']);
|
|
});
|
|
|
|
// Protected Admin routes requiring Session Auth & CSRF tokens
|
|
$router->group([
|
|
'prefix' => '/admin',
|
|
'middleware' => [Authenticate::class, CsrfProtection::class]
|
|
], function($r) {
|
|
// Dashboard
|
|
$r->get('/dashboard', [DashboardController::class, 'index']);
|
|
|
|
// Organizations CRUD
|
|
$r->get('/organizations', [OrganizationsController::class, 'index']);
|
|
$r->get('/organizations/create', [OrganizationsController::class, 'create']);
|
|
$r->post('/organizations/store', [OrganizationsController::class, 'store']);
|
|
$r->get('/organizations/{id}', [OrganizationsController::class, 'show']);
|
|
$r->get('/organizations/{id}/edit', [OrganizationsController::class, 'edit']);
|
|
$r->post('/organizations/{id}/update', [OrganizationsController::class, 'store']);
|
|
$r->get('/organizations/{id}/delete', [OrganizationsController::class, 'delete']);
|
|
|
|
// Opportunities
|
|
$r->get('/opportunities', [OpportunitiesController::class, 'index']);
|
|
$r->get('/opportunities/{id}', [OpportunitiesController::class, 'show']);
|
|
|
|
// Contacts CRUD
|
|
$r->get('/contacts', [ContactsController::class, 'index']);
|
|
$r->get('/contacts/create', [ContactsController::class, 'create']);
|
|
$r->post('/contacts/store', [ContactsController::class, 'store']);
|
|
$r->get('/contacts/{id}', [ContactsController::class, 'show']);
|
|
$r->get('/contacts/{id}/edit', [ContactsController::class, 'edit']);
|
|
$r->post('/contacts/{id}/update', [ContactsController::class, 'store']);
|
|
$r->get('/contacts/{id}/delete', [ContactsController::class, 'delete']);
|
|
$r->post('/contacts/{id}/interaction', [ContactsController::class, 'addInteraction']);
|
|
|
|
// Sources
|
|
$r->get('/sources', [SourcesController::class, 'index']);
|
|
$r->get('/sources/create', [SourcesController::class, 'create']);
|
|
$r->post('/sources/store', [SourcesController::class, 'store']);
|
|
$r->get('/sources/{id}/edit', [SourcesController::class, 'edit']);
|
|
$r->post('/sources/{id}/update', [SourcesController::class, 'store']);
|
|
$r->get('/sources/{id}/delete', [SourcesController::class, 'delete']);
|
|
$r->get('/sources/{id}/run', [SourcesController::class, 'run']);
|
|
|
|
// Settings
|
|
$r->get('/settings', [SettingsController::class, 'index']);
|
|
$r->post('/settings/save', [SettingsController::class, 'save']);
|
|
$r->post('/settings/test-telegram', [SettingsController::class, 'testTelegram']);
|
|
});
|
|
|
|
// Logout endpoint
|
|
$router->get('/logout', [AuthController::class, 'logout']);
|
|
|
|
// Language switch (no middleware needed for GET, but needs session)
|
|
$router->group([
|
|
'prefix' => '/admin',
|
|
'middleware' => [Authenticate::class]
|
|
], function($r) {
|
|
$r->get('/lang/{lang}', [SettingsController::class, 'switchLang']);
|
|
});
|
|
});
|
|
|
|
// API Routes (no CSRF, uses JWT)
|
|
$app->router->group([
|
|
'prefix' => '/api',
|
|
'middleware' => [RateLimit::class, Authenticate::class]
|
|
], function($r) {
|
|
$r->get('/organizations', [OrganizationsController::class, 'index']);
|
|
$r->get('/opportunities', [OpportunitiesController::class, 'index']);
|
|
});
|
|
|
|
$app->run();
|