nsfwapp/backend/routes.go

// backend\routes.go

package main

import (
	"fmt"
	"net/http"
)

// routes.go (package main)
func registerRoutes(mux *http.ServeMux, auth *AuthManager) *ModelStore {
	// --------------------------
	// 1) Public Auth Endpoints
	// --------------------------
	mux.HandleFunc("/api/auth/login", authLoginHandler(auth))
	mux.HandleFunc("/api/auth/logout", authLogoutHandler(auth))
	mux.HandleFunc("/api/auth/me", authMeHandler(auth))

	// 2FA (Authenticator/TOTP)
	mux.HandleFunc("/api/auth/2fa/setup", auth2FASetupHandler(auth))
	mux.HandleFunc("/api/auth/2fa/enable", auth2FAEnableHandler(auth))
	// mux.HandleFunc("/api/auth/2fa/disable", auth2FADisableHandler(auth))

	// --------------------------
	// 2) Protected API Mux
	// --------------------------
	api := http.NewServeMux()

	api.HandleFunc("/api/cookies", cookiesHandler)

	api.HandleFunc("/api/record/done/stream", handleDoneStream)
	api.HandleFunc("/api/perf/stream", perfStreamHandler)
	api.HandleFunc("/api/status/disk", diskStatusHandler)

	api.HandleFunc("/api/autostart/state", autostartStateHandler)
	api.HandleFunc("/api/autostart/state/stream", autostartStateStreamHandler)
	api.HandleFunc("/api/autostart/pause", autostartPauseQuickHandler)
	api.HandleFunc("/api/autostart/resume", autostartResumeHandler)

	api.HandleFunc("/api/settings", recordSettingsHandler)
	api.HandleFunc("/api/settings/browse", settingsBrowse)
	api.HandleFunc("/api/settings/cleanup", settingsCleanupHandler)

	api.HandleFunc("/api/record", startRecordingFromRequest)
	api.HandleFunc("/api/record/status", recordStatus)
	api.HandleFunc("/api/record/stop", recordStop)
	api.HandleFunc("/api/preview", recordPreview)
	api.HandleFunc("/api/preview-scrubber/", recordPreviewScrubberFrame)
	api.HandleFunc("/api/preview-sprite/", recordPreviewSprite)
	api.HandleFunc("/api/record/list", recordList)
	api.HandleFunc("/api/record/stream", recordStream)
	api.HandleFunc("/api/record/done/meta", recordDoneMeta)
	api.HandleFunc("/api/record/video", recordVideo)
	api.HandleFunc("/api/record/done", recordDoneList)
	api.HandleFunc("/api/record/delete", recordDeleteVideo)
	api.HandleFunc("/api/record/toggle-hot", recordToggleHot)
	api.HandleFunc("/api/record/keep", recordKeepVideo)
	api.HandleFunc("/api/record/unkeep", recordUnkeepVideo)
	api.HandleFunc("/api/record/restore", recordRestoreVideo)

	api.HandleFunc("/api/chaturbate/online", chaturbateOnlineHandler)
	api.HandleFunc("/api/chaturbate/biocontext", chaturbateBioContextHandler)

	api.HandleFunc("/api/generated/teaser", generatedTeaser)
	api.HandleFunc("/api/generated/cover", generatedCover)
	api.HandleFunc("/api/generated/coverinfo/list", generatedCoverInfoList)

	// Tasks
	api.HandleFunc("/api/tasks/generate-assets", tasksGenerateAssets)

	api.HandleFunc("/api/tasks/assets/stream", assetsStream)

	// --------------------------
	// 3) ModelStore
	// --------------------------
	modelsPath, _ := resolvePathRelativeToApp("data/models_store.db")
	fmt.Println("📦 Models DB:", modelsPath)

	store := NewModelStore(modelsPath)
	if err := store.Load(); err != nil {
		fmt.Println("⚠️ models load:", err)
	}

	setCoverModelStore(store)
	RegisterModelAPI(api, store)
	setChaturbateOnlineModelStore(store)

	// --------------------------
	// 4) Mount Protected API
	// --------------------------
	// /api/auth/* ist schon public am root mux und gewinnt als längeres Pattern.
	mux.Handle("/api/", requireAuth(auth, api, false))

	// --------------------------
	// 5) Mount Protected SPA (/)
	// --------------------------
	frontend, ok := makeFrontendHandler()
	if ok && frontend != nil {
		// allowPaths: login + assets müssen öffentlich sein, sonst Redirect-Loop
		mux.Handle("/", requireAuth(auth, frontend, true,
			"/login",
			"/assets/",
			"/favicon.ico",
			"/manifest.webmanifest",
			"/robots.txt",
			"/service-worker.js",
		))
	}

	return store
}