fix: RequireAuth and RequireSpaceAccess order
All checks were successful
Deploy / build-and-deploy (push) Successful in 2m17s
All checks were successful
Deploy / build-and-deploy (push) Successful in 2m17s
This commit is contained in:
juancwu
parent
a9d012048a
commit
10e084773c
2 changed files with 153 additions and 152 deletions
|
|
@ -10,9 +10,9 @@ import (
|
|||
|
||||
// RequireSpaceAccess validates that a user is a member of the space they are trying to access.
|
||||
// It expects a URL parameter named "spaceID".
|
||||
func RequireSpaceAccess(spaceService *service.SpaceService) func(http.Handler) http.Handler {
|
||||
return func(next http.Handler) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
func RequireSpaceAccess(spaceService *service.SpaceService) func(http.HandlerFunc) http.HandlerFunc {
|
||||
return func(next http.HandlerFunc) http.HandlerFunc {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
user := ctxkeys.User(r.Context())
|
||||
if user == nil {
|
||||
// This should be caught by RequireAuth first, but as a safeguard.
|
||||
|
|
@ -45,6 +45,6 @@ func RequireSpaceAccess(spaceService *service.SpaceService) func(http.Handler) h
|
|||
}
|
||||
|
||||
next.ServeHTTP(w, r)
|
||||
})
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -60,212 +60,213 @@ func SetupRoutes(a *app.App) http.Handler {
|
|||
mux.HandleFunc("GET /app/settings", middleware.RequireAuth(settings.SettingsPage))
|
||||
mux.HandleFunc("POST /app/settings/password", authRateLimiter(middleware.RequireAuth(settings.SetPassword)))
|
||||
|
||||
// Space routes
|
||||
spaceOverviewHandler := middleware.RequireAuth(space.OverviewPage)
|
||||
spaceOverviewWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(spaceOverviewHandler)
|
||||
mux.Handle("GET /app/spaces/{spaceID}", spaceOverviewWithAccess)
|
||||
// Space routes — wrapping order: Auth(SpaceAccess(handler))
|
||||
// Auth runs first (outer), then SpaceAccess (inner), then the handler.
|
||||
spaceOverviewHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.OverviewPage)
|
||||
spaceOverviewWithAuth := middleware.RequireAuth(spaceOverviewHandler)
|
||||
mux.HandleFunc("GET /app/spaces/{spaceID}", spaceOverviewWithAuth)
|
||||
|
||||
reportsPageHandler := middleware.RequireAuth(space.ReportsPage)
|
||||
reportsPageWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(reportsPageHandler)
|
||||
mux.Handle("GET /app/spaces/{spaceID}/reports", reportsPageWithAccess)
|
||||
reportsPageHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.ReportsPage)
|
||||
reportsPageWithAuth := middleware.RequireAuth(reportsPageHandler)
|
||||
mux.HandleFunc("GET /app/spaces/{spaceID}/reports", reportsPageWithAuth)
|
||||
|
||||
listsPageHandler := middleware.RequireAuth(space.ListsPage)
|
||||
listsPageWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(listsPageHandler)
|
||||
mux.Handle("GET /app/spaces/{spaceID}/lists", listsPageWithAccess)
|
||||
listsPageHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.ListsPage)
|
||||
listsPageWithAuth := middleware.RequireAuth(listsPageHandler)
|
||||
mux.HandleFunc("GET /app/spaces/{spaceID}/lists", listsPageWithAuth)
|
||||
|
||||
createListHandler := middleware.RequireAuth(space.CreateList)
|
||||
createListWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(createListHandler)
|
||||
mux.Handle("POST /app/spaces/{spaceID}/lists", crudLimiter(createListWithAccess))
|
||||
createListHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.CreateList)
|
||||
createListWithAuth := middleware.RequireAuth(createListHandler)
|
||||
mux.Handle("POST /app/spaces/{spaceID}/lists", crudLimiter(createListWithAuth))
|
||||
|
||||
listPageHandler := middleware.RequireAuth(space.ListPage)
|
||||
listPageWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(listPageHandler)
|
||||
mux.Handle("GET /app/spaces/{spaceID}/lists/{listID}", listPageWithAccess)
|
||||
listPageHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.ListPage)
|
||||
listPageWithAuth := middleware.RequireAuth(listPageHandler)
|
||||
mux.HandleFunc("GET /app/spaces/{spaceID}/lists/{listID}", listPageWithAuth)
|
||||
|
||||
updateListHandler := middleware.RequireAuth(space.UpdateList)
|
||||
updateListWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(updateListHandler)
|
||||
mux.Handle("PATCH /app/spaces/{spaceID}/lists/{listID}", crudLimiter(updateListWithAccess))
|
||||
updateListHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.UpdateList)
|
||||
updateListWithAuth := middleware.RequireAuth(updateListHandler)
|
||||
mux.Handle("PATCH /app/spaces/{spaceID}/lists/{listID}", crudLimiter(updateListWithAuth))
|
||||
|
||||
deleteListHandler := middleware.RequireAuth(space.DeleteList)
|
||||
deleteListWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(deleteListHandler)
|
||||
mux.Handle("DELETE /app/spaces/{spaceID}/lists/{listID}", crudLimiter(deleteListWithAccess))
|
||||
deleteListHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.DeleteList)
|
||||
deleteListWithAuth := middleware.RequireAuth(deleteListHandler)
|
||||
mux.Handle("DELETE /app/spaces/{spaceID}/lists/{listID}", crudLimiter(deleteListWithAuth))
|
||||
|
||||
addItemHandler := middleware.RequireAuth(space.AddItemToList)
|
||||
addItemWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(addItemHandler)
|
||||
mux.Handle("POST /app/spaces/{spaceID}/lists/{listID}/items", crudLimiter(addItemWithAccess))
|
||||
addItemHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.AddItemToList)
|
||||
addItemWithAuth := middleware.RequireAuth(addItemHandler)
|
||||
mux.Handle("POST /app/spaces/{spaceID}/lists/{listID}/items", crudLimiter(addItemWithAuth))
|
||||
|
||||
toggleItemHandler := middleware.RequireAuth(space.ToggleItem)
|
||||
toggleItemWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(toggleItemHandler)
|
||||
mux.Handle("PATCH /app/spaces/{spaceID}/lists/{listID}/items/{itemID}", crudLimiter(toggleItemWithAccess))
|
||||
toggleItemHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.ToggleItem)
|
||||
toggleItemWithAuth := middleware.RequireAuth(toggleItemHandler)
|
||||
mux.Handle("PATCH /app/spaces/{spaceID}/lists/{listID}/items/{itemID}", crudLimiter(toggleItemWithAuth))
|
||||
|
||||
deleteItemHandler := middleware.RequireAuth(space.DeleteItem)
|
||||
deleteItemWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(deleteItemHandler)
|
||||
mux.Handle("DELETE /app/spaces/{spaceID}/lists/{listID}/items/{itemID}", crudLimiter(deleteItemWithAccess))
|
||||
deleteItemHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.DeleteItem)
|
||||
deleteItemWithAuth := middleware.RequireAuth(deleteItemHandler)
|
||||
mux.Handle("DELETE /app/spaces/{spaceID}/lists/{listID}/items/{itemID}", crudLimiter(deleteItemWithAuth))
|
||||
|
||||
// Tag routes
|
||||
tagsPageHandler := middleware.RequireAuth(space.TagsPage)
|
||||
tagsPageWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(tagsPageHandler)
|
||||
mux.Handle("GET /app/spaces/{spaceID}/tags", tagsPageWithAccess)
|
||||
tagsPageHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.TagsPage)
|
||||
tagsPageWithAuth := middleware.RequireAuth(tagsPageHandler)
|
||||
mux.HandleFunc("GET /app/spaces/{spaceID}/tags", tagsPageWithAuth)
|
||||
|
||||
createTagHandler := middleware.RequireAuth(space.CreateTag)
|
||||
createTagWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(createTagHandler)
|
||||
mux.Handle("POST /app/spaces/{spaceID}/tags", crudLimiter(createTagWithAccess))
|
||||
createTagHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.CreateTag)
|
||||
createTagWithAuth := middleware.RequireAuth(createTagHandler)
|
||||
mux.Handle("POST /app/spaces/{spaceID}/tags", crudLimiter(createTagWithAuth))
|
||||
|
||||
deleteTagHandler := middleware.RequireAuth(space.DeleteTag)
|
||||
deleteTagWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(deleteTagHandler)
|
||||
mux.Handle("DELETE /app/spaces/{spaceID}/tags/{tagID}", crudLimiter(deleteTagWithAccess))
|
||||
deleteTagHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.DeleteTag)
|
||||
deleteTagWithAuth := middleware.RequireAuth(deleteTagHandler)
|
||||
mux.Handle("DELETE /app/spaces/{spaceID}/tags/{tagID}", crudLimiter(deleteTagWithAuth))
|
||||
|
||||
// Expense routes
|
||||
expensesPageHandler := middleware.RequireAuth(space.ExpensesPage)
|
||||
expensesPageWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(expensesPageHandler)
|
||||
mux.Handle("GET /app/spaces/{spaceID}/expenses", expensesPageWithAccess)
|
||||
expensesPageHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.ExpensesPage)
|
||||
expensesPageWithAuth := middleware.RequireAuth(expensesPageHandler)
|
||||
mux.HandleFunc("GET /app/spaces/{spaceID}/expenses", expensesPageWithAuth)
|
||||
|
||||
createExpenseHandler := middleware.RequireAuth(space.CreateExpense)
|
||||
createExpenseWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(createExpenseHandler)
|
||||
mux.Handle("POST /app/spaces/{spaceID}/expenses", crudLimiter(createExpenseWithAccess))
|
||||
createExpenseHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.CreateExpense)
|
||||
createExpenseWithAuth := middleware.RequireAuth(createExpenseHandler)
|
||||
mux.Handle("POST /app/spaces/{spaceID}/expenses", crudLimiter(createExpenseWithAuth))
|
||||
|
||||
updateExpenseHandler := middleware.RequireAuth(space.UpdateExpense)
|
||||
updateExpenseWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(updateExpenseHandler)
|
||||
mux.Handle("PATCH /app/spaces/{spaceID}/expenses/{expenseID}", crudLimiter(updateExpenseWithAccess))
|
||||
updateExpenseHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.UpdateExpense)
|
||||
updateExpenseWithAuth := middleware.RequireAuth(updateExpenseHandler)
|
||||
mux.Handle("PATCH /app/spaces/{spaceID}/expenses/{expenseID}", crudLimiter(updateExpenseWithAuth))
|
||||
|
||||
deleteExpenseHandler := middleware.RequireAuth(space.DeleteExpense)
|
||||
deleteExpenseWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(deleteExpenseHandler)
|
||||
mux.Handle("DELETE /app/spaces/{spaceID}/expenses/{expenseID}", crudLimiter(deleteExpenseWithAccess))
|
||||
deleteExpenseHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.DeleteExpense)
|
||||
deleteExpenseWithAuth := middleware.RequireAuth(deleteExpenseHandler)
|
||||
mux.Handle("DELETE /app/spaces/{spaceID}/expenses/{expenseID}", crudLimiter(deleteExpenseWithAuth))
|
||||
|
||||
// Money Account routes
|
||||
accountsPageHandler := middleware.RequireAuth(space.AccountsPage)
|
||||
accountsPageWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(accountsPageHandler)
|
||||
mux.Handle("GET /app/spaces/{spaceID}/accounts", accountsPageWithAccess)
|
||||
accountsPageHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.AccountsPage)
|
||||
accountsPageWithAuth := middleware.RequireAuth(accountsPageHandler)
|
||||
mux.HandleFunc("GET /app/spaces/{spaceID}/accounts", accountsPageWithAuth)
|
||||
|
||||
createAccountHandler := middleware.RequireAuth(space.CreateAccount)
|
||||
createAccountWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(createAccountHandler)
|
||||
mux.Handle("POST /app/spaces/{spaceID}/accounts", crudLimiter(createAccountWithAccess))
|
||||
createAccountHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.CreateAccount)
|
||||
createAccountWithAuth := middleware.RequireAuth(createAccountHandler)
|
||||
mux.Handle("POST /app/spaces/{spaceID}/accounts", crudLimiter(createAccountWithAuth))
|
||||
|
||||
updateAccountHandler := middleware.RequireAuth(space.UpdateAccount)
|
||||
updateAccountWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(updateAccountHandler)
|
||||
mux.Handle("PATCH /app/spaces/{spaceID}/accounts/{accountID}", crudLimiter(updateAccountWithAccess))
|
||||
updateAccountHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.UpdateAccount)
|
||||
updateAccountWithAuth := middleware.RequireAuth(updateAccountHandler)
|
||||
mux.Handle("PATCH /app/spaces/{spaceID}/accounts/{accountID}", crudLimiter(updateAccountWithAuth))
|
||||
|
||||
deleteAccountHandler := middleware.RequireAuth(space.DeleteAccount)
|
||||
deleteAccountWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(deleteAccountHandler)
|
||||
mux.Handle("DELETE /app/spaces/{spaceID}/accounts/{accountID}", crudLimiter(deleteAccountWithAccess))
|
||||
deleteAccountHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.DeleteAccount)
|
||||
deleteAccountWithAuth := middleware.RequireAuth(deleteAccountHandler)
|
||||
mux.Handle("DELETE /app/spaces/{spaceID}/accounts/{accountID}", crudLimiter(deleteAccountWithAuth))
|
||||
|
||||
createTransferHandler := middleware.RequireAuth(space.CreateTransfer)
|
||||
createTransferWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(createTransferHandler)
|
||||
mux.Handle("POST /app/spaces/{spaceID}/accounts/{accountID}/transfers", crudLimiter(createTransferWithAccess))
|
||||
createTransferHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.CreateTransfer)
|
||||
createTransferWithAuth := middleware.RequireAuth(createTransferHandler)
|
||||
mux.Handle("POST /app/spaces/{spaceID}/accounts/{accountID}/transfers", crudLimiter(createTransferWithAuth))
|
||||
|
||||
deleteTransferHandler := middleware.RequireAuth(space.DeleteTransfer)
|
||||
deleteTransferWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(deleteTransferHandler)
|
||||
mux.Handle("DELETE /app/spaces/{spaceID}/accounts/{accountID}/transfers/{transferID}", crudLimiter(deleteTransferWithAccess))
|
||||
deleteTransferHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.DeleteTransfer)
|
||||
deleteTransferWithAuth := middleware.RequireAuth(deleteTransferHandler)
|
||||
mux.Handle("DELETE /app/spaces/{spaceID}/accounts/{accountID}/transfers/{transferID}", crudLimiter(deleteTransferWithAuth))
|
||||
|
||||
// Payment Method routes
|
||||
methodsPageHandler := middleware.RequireAuth(space.PaymentMethodsPage)
|
||||
methodsPageWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(methodsPageHandler)
|
||||
mux.Handle("GET /app/spaces/{spaceID}/payment-methods", methodsPageWithAccess)
|
||||
methodsPageHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.PaymentMethodsPage)
|
||||
methodsPageWithAuth := middleware.RequireAuth(methodsPageHandler)
|
||||
mux.HandleFunc("GET /app/spaces/{spaceID}/payment-methods", methodsPageWithAuth)
|
||||
|
||||
createMethodHandler := middleware.RequireAuth(space.CreatePaymentMethod)
|
||||
createMethodWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(createMethodHandler)
|
||||
mux.Handle("POST /app/spaces/{spaceID}/payment-methods", crudLimiter(createMethodWithAccess))
|
||||
createMethodHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.CreatePaymentMethod)
|
||||
createMethodWithAuth := middleware.RequireAuth(createMethodHandler)
|
||||
mux.Handle("POST /app/spaces/{spaceID}/payment-methods", crudLimiter(createMethodWithAuth))
|
||||
|
||||
updateMethodHandler := middleware.RequireAuth(space.UpdatePaymentMethod)
|
||||
updateMethodWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(updateMethodHandler)
|
||||
mux.Handle("PATCH /app/spaces/{spaceID}/payment-methods/{methodID}", crudLimiter(updateMethodWithAccess))
|
||||
updateMethodHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.UpdatePaymentMethod)
|
||||
updateMethodWithAuth := middleware.RequireAuth(updateMethodHandler)
|
||||
mux.Handle("PATCH /app/spaces/{spaceID}/payment-methods/{methodID}", crudLimiter(updateMethodWithAuth))
|
||||
|
||||
deleteMethodHandler := middleware.RequireAuth(space.DeletePaymentMethod)
|
||||
deleteMethodWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(deleteMethodHandler)
|
||||
mux.Handle("DELETE /app/spaces/{spaceID}/payment-methods/{methodID}", crudLimiter(deleteMethodWithAccess))
|
||||
deleteMethodHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.DeletePaymentMethod)
|
||||
deleteMethodWithAuth := middleware.RequireAuth(deleteMethodHandler)
|
||||
mux.Handle("DELETE /app/spaces/{spaceID}/payment-methods/{methodID}", crudLimiter(deleteMethodWithAuth))
|
||||
|
||||
// Recurring expense routes
|
||||
recurringPageHandler := middleware.RequireAuth(space.RecurringExpensesPage)
|
||||
recurringPageWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(recurringPageHandler)
|
||||
mux.Handle("GET /app/spaces/{spaceID}/recurring", recurringPageWithAccess)
|
||||
recurringPageHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.RecurringExpensesPage)
|
||||
recurringPageWithAuth := middleware.RequireAuth(recurringPageHandler)
|
||||
mux.HandleFunc("GET /app/spaces/{spaceID}/recurring", recurringPageWithAuth)
|
||||
|
||||
createRecurringHandler := middleware.RequireAuth(space.CreateRecurringExpense)
|
||||
createRecurringWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(createRecurringHandler)
|
||||
mux.Handle("POST /app/spaces/{spaceID}/recurring", crudLimiter(createRecurringWithAccess))
|
||||
createRecurringHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.CreateRecurringExpense)
|
||||
createRecurringWithAuth := middleware.RequireAuth(createRecurringHandler)
|
||||
mux.Handle("POST /app/spaces/{spaceID}/recurring", crudLimiter(createRecurringWithAuth))
|
||||
|
||||
updateRecurringHandler := middleware.RequireAuth(space.UpdateRecurringExpense)
|
||||
updateRecurringWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(updateRecurringHandler)
|
||||
mux.Handle("PATCH /app/spaces/{spaceID}/recurring/{recurringID}", crudLimiter(updateRecurringWithAccess))
|
||||
updateRecurringHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.UpdateRecurringExpense)
|
||||
updateRecurringWithAuth := middleware.RequireAuth(updateRecurringHandler)
|
||||
mux.Handle("PATCH /app/spaces/{spaceID}/recurring/{recurringID}", crudLimiter(updateRecurringWithAuth))
|
||||
|
||||
deleteRecurringHandler := middleware.RequireAuth(space.DeleteRecurringExpense)
|
||||
deleteRecurringWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(deleteRecurringHandler)
|
||||
mux.Handle("DELETE /app/spaces/{spaceID}/recurring/{recurringID}", crudLimiter(deleteRecurringWithAccess))
|
||||
deleteRecurringHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.DeleteRecurringExpense)
|
||||
deleteRecurringWithAuth := middleware.RequireAuth(deleteRecurringHandler)
|
||||
mux.Handle("DELETE /app/spaces/{spaceID}/recurring/{recurringID}", crudLimiter(deleteRecurringWithAuth))
|
||||
|
||||
toggleRecurringHandler := middleware.RequireAuth(space.ToggleRecurringExpense)
|
||||
toggleRecurringWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(toggleRecurringHandler)
|
||||
mux.Handle("POST /app/spaces/{spaceID}/recurring/{recurringID}/toggle", crudLimiter(toggleRecurringWithAccess))
|
||||
toggleRecurringHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.ToggleRecurringExpense)
|
||||
toggleRecurringWithAuth := middleware.RequireAuth(toggleRecurringHandler)
|
||||
mux.Handle("POST /app/spaces/{spaceID}/recurring/{recurringID}/toggle", crudLimiter(toggleRecurringWithAuth))
|
||||
|
||||
// Budget routes
|
||||
budgetsPageHandler := middleware.RequireAuth(space.BudgetsPage)
|
||||
budgetsPageWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(budgetsPageHandler)
|
||||
mux.Handle("GET /app/spaces/{spaceID}/budgets", budgetsPageWithAccess)
|
||||
budgetsPageHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.BudgetsPage)
|
||||
budgetsPageWithAuth := middleware.RequireAuth(budgetsPageHandler)
|
||||
mux.HandleFunc("GET /app/spaces/{spaceID}/budgets", budgetsPageWithAuth)
|
||||
|
||||
createBudgetHandler := middleware.RequireAuth(space.CreateBudget)
|
||||
createBudgetWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(createBudgetHandler)
|
||||
mux.Handle("POST /app/spaces/{spaceID}/budgets", crudLimiter(createBudgetWithAccess))
|
||||
createBudgetHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.CreateBudget)
|
||||
createBudgetWithAuth := middleware.RequireAuth(createBudgetHandler)
|
||||
mux.Handle("POST /app/spaces/{spaceID}/budgets", crudLimiter(createBudgetWithAuth))
|
||||
|
||||
updateBudgetHandler := middleware.RequireAuth(space.UpdateBudget)
|
||||
updateBudgetWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(updateBudgetHandler)
|
||||
mux.Handle("PATCH /app/spaces/{spaceID}/budgets/{budgetID}", crudLimiter(updateBudgetWithAccess))
|
||||
updateBudgetHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.UpdateBudget)
|
||||
updateBudgetWithAuth := middleware.RequireAuth(updateBudgetHandler)
|
||||
mux.Handle("PATCH /app/spaces/{spaceID}/budgets/{budgetID}", crudLimiter(updateBudgetWithAuth))
|
||||
|
||||
deleteBudgetHandler := middleware.RequireAuth(space.DeleteBudget)
|
||||
deleteBudgetWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(deleteBudgetHandler)
|
||||
mux.Handle("DELETE /app/spaces/{spaceID}/budgets/{budgetID}", crudLimiter(deleteBudgetWithAccess))
|
||||
deleteBudgetHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.DeleteBudget)
|
||||
deleteBudgetWithAuth := middleware.RequireAuth(deleteBudgetHandler)
|
||||
mux.Handle("DELETE /app/spaces/{spaceID}/budgets/{budgetID}", crudLimiter(deleteBudgetWithAuth))
|
||||
|
||||
budgetsListHandler := middleware.RequireAuth(space.GetBudgetsList)
|
||||
budgetsListWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(budgetsListHandler)
|
||||
mux.Handle("GET /app/spaces/{spaceID}/components/budgets", budgetsListWithAccess)
|
||||
budgetsListHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.GetBudgetsList)
|
||||
budgetsListWithAuth := middleware.RequireAuth(budgetsListHandler)
|
||||
mux.HandleFunc("GET /app/spaces/{spaceID}/components/budgets", budgetsListWithAuth)
|
||||
|
||||
// Report routes
|
||||
reportChartsHandler := middleware.RequireAuth(space.GetReportCharts)
|
||||
reportChartsWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(reportChartsHandler)
|
||||
mux.Handle("GET /app/spaces/{spaceID}/components/report-charts", reportChartsWithAccess)
|
||||
reportChartsHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.GetReportCharts)
|
||||
reportChartsWithAuth := middleware.RequireAuth(reportChartsHandler)
|
||||
mux.HandleFunc("GET /app/spaces/{spaceID}/components/report-charts", reportChartsWithAuth)
|
||||
|
||||
// Component routes (HTMX updates)
|
||||
balanceCardHandler := middleware.RequireAuth(space.GetBalanceCard)
|
||||
balanceCardWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(balanceCardHandler)
|
||||
mux.Handle("GET /app/spaces/{spaceID}/components/balance", balanceCardWithAccess)
|
||||
balanceCardHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.GetBalanceCard)
|
||||
balanceCardWithAuth := middleware.RequireAuth(balanceCardHandler)
|
||||
mux.HandleFunc("GET /app/spaces/{spaceID}/components/balance", balanceCardWithAuth)
|
||||
|
||||
expensesListHandler := middleware.RequireAuth(space.GetExpensesList)
|
||||
expensesListWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(expensesListHandler)
|
||||
mux.Handle("GET /app/spaces/{spaceID}/components/expenses", expensesListWithAccess)
|
||||
expensesListHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.GetExpensesList)
|
||||
expensesListWithAuth := middleware.RequireAuth(expensesListHandler)
|
||||
mux.HandleFunc("GET /app/spaces/{spaceID}/components/expenses", expensesListWithAuth)
|
||||
|
||||
shoppingListItemsHandler := middleware.RequireAuth(space.GetShoppingListItems)
|
||||
shoppingListItemsWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(shoppingListItemsHandler)
|
||||
mux.Handle("GET /app/spaces/{spaceID}/lists/{listID}/items", shoppingListItemsWithAccess)
|
||||
shoppingListItemsHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.GetShoppingListItems)
|
||||
shoppingListItemsWithAuth := middleware.RequireAuth(shoppingListItemsHandler)
|
||||
mux.HandleFunc("GET /app/spaces/{spaceID}/lists/{listID}/items", shoppingListItemsWithAuth)
|
||||
|
||||
cardItemsHandler := middleware.RequireAuth(space.GetListCardItems)
|
||||
cardItemsWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(cardItemsHandler)
|
||||
mux.Handle("GET /app/spaces/{spaceID}/lists/{listID}/card-items", cardItemsWithAccess)
|
||||
cardItemsHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.GetListCardItems)
|
||||
cardItemsWithAuth := middleware.RequireAuth(cardItemsHandler)
|
||||
mux.HandleFunc("GET /app/spaces/{spaceID}/lists/{listID}/card-items", cardItemsWithAuth)
|
||||
|
||||
listsComponentHandler := middleware.RequireAuth(space.GetLists)
|
||||
listsComponentWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(listsComponentHandler)
|
||||
mux.Handle("GET /app/spaces/{spaceID}/components/lists", listsComponentWithAccess)
|
||||
listsComponentHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.GetLists)
|
||||
listsComponentWithAuth := middleware.RequireAuth(listsComponentHandler)
|
||||
mux.HandleFunc("GET /app/spaces/{spaceID}/components/lists", listsComponentWithAuth)
|
||||
|
||||
// Settings routes
|
||||
settingsPageHandler := middleware.RequireAuth(space.SettingsPage)
|
||||
settingsPageWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(settingsPageHandler)
|
||||
mux.Handle("GET /app/spaces/{spaceID}/settings", settingsPageWithAccess)
|
||||
settingsPageHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.SettingsPage)
|
||||
settingsPageWithAuth := middleware.RequireAuth(settingsPageHandler)
|
||||
mux.HandleFunc("GET /app/spaces/{spaceID}/settings", settingsPageWithAuth)
|
||||
|
||||
updateSpaceNameHandler := middleware.RequireAuth(space.UpdateSpaceName)
|
||||
updateSpaceNameWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(updateSpaceNameHandler)
|
||||
mux.Handle("PATCH /app/spaces/{spaceID}/settings/name", crudLimiter(updateSpaceNameWithAccess))
|
||||
updateSpaceNameHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.UpdateSpaceName)
|
||||
updateSpaceNameWithAuth := middleware.RequireAuth(updateSpaceNameHandler)
|
||||
mux.Handle("PATCH /app/spaces/{spaceID}/settings/name", crudLimiter(updateSpaceNameWithAuth))
|
||||
|
||||
removeMemberHandler := middleware.RequireAuth(space.RemoveMember)
|
||||
removeMemberWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(removeMemberHandler)
|
||||
mux.Handle("DELETE /app/spaces/{spaceID}/members/{userID}", crudLimiter(removeMemberWithAccess))
|
||||
removeMemberHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.RemoveMember)
|
||||
removeMemberWithAuth := middleware.RequireAuth(removeMemberHandler)
|
||||
mux.Handle("DELETE /app/spaces/{spaceID}/members/{userID}", crudLimiter(removeMemberWithAuth))
|
||||
|
||||
cancelInviteHandler := middleware.RequireAuth(space.CancelInvite)
|
||||
cancelInviteWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(cancelInviteHandler)
|
||||
mux.Handle("DELETE /app/spaces/{spaceID}/invites/{token}", crudLimiter(cancelInviteWithAccess))
|
||||
cancelInviteHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.CancelInvite)
|
||||
cancelInviteWithAuth := middleware.RequireAuth(cancelInviteHandler)
|
||||
mux.Handle("DELETE /app/spaces/{spaceID}/invites/{token}", crudLimiter(cancelInviteWithAuth))
|
||||
|
||||
getPendingInvitesHandler := middleware.RequireAuth(space.GetPendingInvites)
|
||||
getPendingInvitesWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(getPendingInvitesHandler)
|
||||
mux.Handle("GET /app/spaces/{spaceID}/settings/invites", getPendingInvitesWithAccess)
|
||||
getPendingInvitesHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.GetPendingInvites)
|
||||
getPendingInvitesWithAuth := middleware.RequireAuth(getPendingInvitesHandler)
|
||||
mux.HandleFunc("GET /app/spaces/{spaceID}/settings/invites", getPendingInvitesWithAuth)
|
||||
|
||||
// Invite routes
|
||||
createInviteHandler := middleware.RequireAuth(space.CreateInvite)
|
||||
createInviteWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(createInviteHandler)
|
||||
mux.Handle("POST /app/spaces/{spaceID}/invites", crudLimiter(createInviteWithAccess))
|
||||
createInviteHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.CreateInvite)
|
||||
createInviteWithAuth := middleware.RequireAuth(createInviteHandler)
|
||||
mux.Handle("POST /app/spaces/{spaceID}/invites", crudLimiter(createInviteWithAuth))
|
||||
|
||||
mux.HandleFunc("GET /join/{token}", space.JoinSpace)
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue