fix: RequireAuth and RequireSpaceAccess order
All checks were successful
Deploy / build-and-deploy (push) Successful in 2m17s
All checks were successful
Deploy / build-and-deploy (push) Successful in 2m17s
This commit is contained in:
juancwu
parent
a9d012048a
commit
10e084773c
2 changed files with 153 additions and 152 deletions
|
|
@ -10,9 +10,9 @@ import (
|
||||||
|
|
||||||
// RequireSpaceAccess validates that a user is a member of the space they are trying to access.
|
// RequireSpaceAccess validates that a user is a member of the space they are trying to access.
|
||||||
// It expects a URL parameter named "spaceID".
|
// It expects a URL parameter named "spaceID".
|
||||||
func RequireSpaceAccess(spaceService *service.SpaceService) func(http.Handler) http.Handler {
|
func RequireSpaceAccess(spaceService *service.SpaceService) func(http.HandlerFunc) http.HandlerFunc {
|
||||||
return func(next http.Handler) http.Handler {
|
return func(next http.HandlerFunc) http.HandlerFunc {
|
||||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
return func(w http.ResponseWriter, r *http.Request) {
|
||||||
user := ctxkeys.User(r.Context())
|
user := ctxkeys.User(r.Context())
|
||||||
if user == nil {
|
if user == nil {
|
||||||
// This should be caught by RequireAuth first, but as a safeguard.
|
// This should be caught by RequireAuth first, but as a safeguard.
|
||||||
|
|
@ -45,6 +45,6 @@ func RequireSpaceAccess(spaceService *service.SpaceService) func(http.Handler) h
|
||||||
}
|
}
|
||||||
|
|
||||||
next.ServeHTTP(w, r)
|
next.ServeHTTP(w, r)
|
||||||
})
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -60,212 +60,213 @@ func SetupRoutes(a *app.App) http.Handler {
|
||||||
mux.HandleFunc("GET /app/settings", middleware.RequireAuth(settings.SettingsPage))
|
mux.HandleFunc("GET /app/settings", middleware.RequireAuth(settings.SettingsPage))
|
||||||
mux.HandleFunc("POST /app/settings/password", authRateLimiter(middleware.RequireAuth(settings.SetPassword)))
|
mux.HandleFunc("POST /app/settings/password", authRateLimiter(middleware.RequireAuth(settings.SetPassword)))
|
||||||
|
|
||||||
// Space routes
|
// Space routes — wrapping order: Auth(SpaceAccess(handler))
|
||||||
spaceOverviewHandler := middleware.RequireAuth(space.OverviewPage)
|
// Auth runs first (outer), then SpaceAccess (inner), then the handler.
|
||||||
spaceOverviewWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(spaceOverviewHandler)
|
spaceOverviewHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.OverviewPage)
|
||||||
mux.Handle("GET /app/spaces/{spaceID}", spaceOverviewWithAccess)
|
spaceOverviewWithAuth := middleware.RequireAuth(spaceOverviewHandler)
|
||||||
|
mux.HandleFunc("GET /app/spaces/{spaceID}", spaceOverviewWithAuth)
|
||||||
|
|
||||||
reportsPageHandler := middleware.RequireAuth(space.ReportsPage)
|
reportsPageHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.ReportsPage)
|
||||||
reportsPageWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(reportsPageHandler)
|
reportsPageWithAuth := middleware.RequireAuth(reportsPageHandler)
|
||||||
mux.Handle("GET /app/spaces/{spaceID}/reports", reportsPageWithAccess)
|
mux.HandleFunc("GET /app/spaces/{spaceID}/reports", reportsPageWithAuth)
|
||||||
|
|
||||||
listsPageHandler := middleware.RequireAuth(space.ListsPage)
|
listsPageHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.ListsPage)
|
||||||
listsPageWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(listsPageHandler)
|
listsPageWithAuth := middleware.RequireAuth(listsPageHandler)
|
||||||
mux.Handle("GET /app/spaces/{spaceID}/lists", listsPageWithAccess)
|
mux.HandleFunc("GET /app/spaces/{spaceID}/lists", listsPageWithAuth)
|
||||||
|
|
||||||
createListHandler := middleware.RequireAuth(space.CreateList)
|
createListHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.CreateList)
|
||||||
createListWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(createListHandler)
|
createListWithAuth := middleware.RequireAuth(createListHandler)
|
||||||
mux.Handle("POST /app/spaces/{spaceID}/lists", crudLimiter(createListWithAccess))
|
mux.Handle("POST /app/spaces/{spaceID}/lists", crudLimiter(createListWithAuth))
|
||||||
|
|
||||||
listPageHandler := middleware.RequireAuth(space.ListPage)
|
listPageHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.ListPage)
|
||||||
listPageWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(listPageHandler)
|
listPageWithAuth := middleware.RequireAuth(listPageHandler)
|
||||||
mux.Handle("GET /app/spaces/{spaceID}/lists/{listID}", listPageWithAccess)
|
mux.HandleFunc("GET /app/spaces/{spaceID}/lists/{listID}", listPageWithAuth)
|
||||||
|
|
||||||
updateListHandler := middleware.RequireAuth(space.UpdateList)
|
updateListHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.UpdateList)
|
||||||
updateListWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(updateListHandler)
|
updateListWithAuth := middleware.RequireAuth(updateListHandler)
|
||||||
mux.Handle("PATCH /app/spaces/{spaceID}/lists/{listID}", crudLimiter(updateListWithAccess))
|
mux.Handle("PATCH /app/spaces/{spaceID}/lists/{listID}", crudLimiter(updateListWithAuth))
|
||||||
|
|
||||||
deleteListHandler := middleware.RequireAuth(space.DeleteList)
|
deleteListHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.DeleteList)
|
||||||
deleteListWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(deleteListHandler)
|
deleteListWithAuth := middleware.RequireAuth(deleteListHandler)
|
||||||
mux.Handle("DELETE /app/spaces/{spaceID}/lists/{listID}", crudLimiter(deleteListWithAccess))
|
mux.Handle("DELETE /app/spaces/{spaceID}/lists/{listID}", crudLimiter(deleteListWithAuth))
|
||||||
|
|
||||||
addItemHandler := middleware.RequireAuth(space.AddItemToList)
|
addItemHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.AddItemToList)
|
||||||
addItemWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(addItemHandler)
|
addItemWithAuth := middleware.RequireAuth(addItemHandler)
|
||||||
mux.Handle("POST /app/spaces/{spaceID}/lists/{listID}/items", crudLimiter(addItemWithAccess))
|
mux.Handle("POST /app/spaces/{spaceID}/lists/{listID}/items", crudLimiter(addItemWithAuth))
|
||||||
|
|
||||||
toggleItemHandler := middleware.RequireAuth(space.ToggleItem)
|
toggleItemHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.ToggleItem)
|
||||||
toggleItemWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(toggleItemHandler)
|
toggleItemWithAuth := middleware.RequireAuth(toggleItemHandler)
|
||||||
mux.Handle("PATCH /app/spaces/{spaceID}/lists/{listID}/items/{itemID}", crudLimiter(toggleItemWithAccess))
|
mux.Handle("PATCH /app/spaces/{spaceID}/lists/{listID}/items/{itemID}", crudLimiter(toggleItemWithAuth))
|
||||||
|
|
||||||
deleteItemHandler := middleware.RequireAuth(space.DeleteItem)
|
deleteItemHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.DeleteItem)
|
||||||
deleteItemWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(deleteItemHandler)
|
deleteItemWithAuth := middleware.RequireAuth(deleteItemHandler)
|
||||||
mux.Handle("DELETE /app/spaces/{spaceID}/lists/{listID}/items/{itemID}", crudLimiter(deleteItemWithAccess))
|
mux.Handle("DELETE /app/spaces/{spaceID}/lists/{listID}/items/{itemID}", crudLimiter(deleteItemWithAuth))
|
||||||
|
|
||||||
// Tag routes
|
// Tag routes
|
||||||
tagsPageHandler := middleware.RequireAuth(space.TagsPage)
|
tagsPageHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.TagsPage)
|
||||||
tagsPageWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(tagsPageHandler)
|
tagsPageWithAuth := middleware.RequireAuth(tagsPageHandler)
|
||||||
mux.Handle("GET /app/spaces/{spaceID}/tags", tagsPageWithAccess)
|
mux.HandleFunc("GET /app/spaces/{spaceID}/tags", tagsPageWithAuth)
|
||||||
|
|
||||||
createTagHandler := middleware.RequireAuth(space.CreateTag)
|
createTagHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.CreateTag)
|
||||||
createTagWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(createTagHandler)
|
createTagWithAuth := middleware.RequireAuth(createTagHandler)
|
||||||
mux.Handle("POST /app/spaces/{spaceID}/tags", crudLimiter(createTagWithAccess))
|
mux.Handle("POST /app/spaces/{spaceID}/tags", crudLimiter(createTagWithAuth))
|
||||||
|
|
||||||
deleteTagHandler := middleware.RequireAuth(space.DeleteTag)
|
deleteTagHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.DeleteTag)
|
||||||
deleteTagWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(deleteTagHandler)
|
deleteTagWithAuth := middleware.RequireAuth(deleteTagHandler)
|
||||||
mux.Handle("DELETE /app/spaces/{spaceID}/tags/{tagID}", crudLimiter(deleteTagWithAccess))
|
mux.Handle("DELETE /app/spaces/{spaceID}/tags/{tagID}", crudLimiter(deleteTagWithAuth))
|
||||||
|
|
||||||
// Expense routes
|
// Expense routes
|
||||||
expensesPageHandler := middleware.RequireAuth(space.ExpensesPage)
|
expensesPageHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.ExpensesPage)
|
||||||
expensesPageWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(expensesPageHandler)
|
expensesPageWithAuth := middleware.RequireAuth(expensesPageHandler)
|
||||||
mux.Handle("GET /app/spaces/{spaceID}/expenses", expensesPageWithAccess)
|
mux.HandleFunc("GET /app/spaces/{spaceID}/expenses", expensesPageWithAuth)
|
||||||
|
|
||||||
createExpenseHandler := middleware.RequireAuth(space.CreateExpense)
|
createExpenseHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.CreateExpense)
|
||||||
createExpenseWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(createExpenseHandler)
|
createExpenseWithAuth := middleware.RequireAuth(createExpenseHandler)
|
||||||
mux.Handle("POST /app/spaces/{spaceID}/expenses", crudLimiter(createExpenseWithAccess))
|
mux.Handle("POST /app/spaces/{spaceID}/expenses", crudLimiter(createExpenseWithAuth))
|
||||||
|
|
||||||
updateExpenseHandler := middleware.RequireAuth(space.UpdateExpense)
|
updateExpenseHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.UpdateExpense)
|
||||||
updateExpenseWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(updateExpenseHandler)
|
updateExpenseWithAuth := middleware.RequireAuth(updateExpenseHandler)
|
||||||
mux.Handle("PATCH /app/spaces/{spaceID}/expenses/{expenseID}", crudLimiter(updateExpenseWithAccess))
|
mux.Handle("PATCH /app/spaces/{spaceID}/expenses/{expenseID}", crudLimiter(updateExpenseWithAuth))
|
||||||
|
|
||||||
deleteExpenseHandler := middleware.RequireAuth(space.DeleteExpense)
|
deleteExpenseHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.DeleteExpense)
|
||||||
deleteExpenseWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(deleteExpenseHandler)
|
deleteExpenseWithAuth := middleware.RequireAuth(deleteExpenseHandler)
|
||||||
mux.Handle("DELETE /app/spaces/{spaceID}/expenses/{expenseID}", crudLimiter(deleteExpenseWithAccess))
|
mux.Handle("DELETE /app/spaces/{spaceID}/expenses/{expenseID}", crudLimiter(deleteExpenseWithAuth))
|
||||||
|
|
||||||
// Money Account routes
|
// Money Account routes
|
||||||
accountsPageHandler := middleware.RequireAuth(space.AccountsPage)
|
accountsPageHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.AccountsPage)
|
||||||
accountsPageWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(accountsPageHandler)
|
accountsPageWithAuth := middleware.RequireAuth(accountsPageHandler)
|
||||||
mux.Handle("GET /app/spaces/{spaceID}/accounts", accountsPageWithAccess)
|
mux.HandleFunc("GET /app/spaces/{spaceID}/accounts", accountsPageWithAuth)
|
||||||
|
|
||||||
createAccountHandler := middleware.RequireAuth(space.CreateAccount)
|
createAccountHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.CreateAccount)
|
||||||
createAccountWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(createAccountHandler)
|
createAccountWithAuth := middleware.RequireAuth(createAccountHandler)
|
||||||
mux.Handle("POST /app/spaces/{spaceID}/accounts", crudLimiter(createAccountWithAccess))
|
mux.Handle("POST /app/spaces/{spaceID}/accounts", crudLimiter(createAccountWithAuth))
|
||||||
|
|
||||||
updateAccountHandler := middleware.RequireAuth(space.UpdateAccount)
|
updateAccountHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.UpdateAccount)
|
||||||
updateAccountWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(updateAccountHandler)
|
updateAccountWithAuth := middleware.RequireAuth(updateAccountHandler)
|
||||||
mux.Handle("PATCH /app/spaces/{spaceID}/accounts/{accountID}", crudLimiter(updateAccountWithAccess))
|
mux.Handle("PATCH /app/spaces/{spaceID}/accounts/{accountID}", crudLimiter(updateAccountWithAuth))
|
||||||
|
|
||||||
deleteAccountHandler := middleware.RequireAuth(space.DeleteAccount)
|
deleteAccountHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.DeleteAccount)
|
||||||
deleteAccountWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(deleteAccountHandler)
|
deleteAccountWithAuth := middleware.RequireAuth(deleteAccountHandler)
|
||||||
mux.Handle("DELETE /app/spaces/{spaceID}/accounts/{accountID}", crudLimiter(deleteAccountWithAccess))
|
mux.Handle("DELETE /app/spaces/{spaceID}/accounts/{accountID}", crudLimiter(deleteAccountWithAuth))
|
||||||
|
|
||||||
createTransferHandler := middleware.RequireAuth(space.CreateTransfer)
|
createTransferHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.CreateTransfer)
|
||||||
createTransferWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(createTransferHandler)
|
createTransferWithAuth := middleware.RequireAuth(createTransferHandler)
|
||||||
mux.Handle("POST /app/spaces/{spaceID}/accounts/{accountID}/transfers", crudLimiter(createTransferWithAccess))
|
mux.Handle("POST /app/spaces/{spaceID}/accounts/{accountID}/transfers", crudLimiter(createTransferWithAuth))
|
||||||
|
|
||||||
deleteTransferHandler := middleware.RequireAuth(space.DeleteTransfer)
|
deleteTransferHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.DeleteTransfer)
|
||||||
deleteTransferWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(deleteTransferHandler)
|
deleteTransferWithAuth := middleware.RequireAuth(deleteTransferHandler)
|
||||||
mux.Handle("DELETE /app/spaces/{spaceID}/accounts/{accountID}/transfers/{transferID}", crudLimiter(deleteTransferWithAccess))
|
mux.Handle("DELETE /app/spaces/{spaceID}/accounts/{accountID}/transfers/{transferID}", crudLimiter(deleteTransferWithAuth))
|
||||||
|
|
||||||
// Payment Method routes
|
// Payment Method routes
|
||||||
methodsPageHandler := middleware.RequireAuth(space.PaymentMethodsPage)
|
methodsPageHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.PaymentMethodsPage)
|
||||||
methodsPageWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(methodsPageHandler)
|
methodsPageWithAuth := middleware.RequireAuth(methodsPageHandler)
|
||||||
mux.Handle("GET /app/spaces/{spaceID}/payment-methods", methodsPageWithAccess)
|
mux.HandleFunc("GET /app/spaces/{spaceID}/payment-methods", methodsPageWithAuth)
|
||||||
|
|
||||||
createMethodHandler := middleware.RequireAuth(space.CreatePaymentMethod)
|
createMethodHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.CreatePaymentMethod)
|
||||||
createMethodWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(createMethodHandler)
|
createMethodWithAuth := middleware.RequireAuth(createMethodHandler)
|
||||||
mux.Handle("POST /app/spaces/{spaceID}/payment-methods", crudLimiter(createMethodWithAccess))
|
mux.Handle("POST /app/spaces/{spaceID}/payment-methods", crudLimiter(createMethodWithAuth))
|
||||||
|
|
||||||
updateMethodHandler := middleware.RequireAuth(space.UpdatePaymentMethod)
|
updateMethodHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.UpdatePaymentMethod)
|
||||||
updateMethodWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(updateMethodHandler)
|
updateMethodWithAuth := middleware.RequireAuth(updateMethodHandler)
|
||||||
mux.Handle("PATCH /app/spaces/{spaceID}/payment-methods/{methodID}", crudLimiter(updateMethodWithAccess))
|
mux.Handle("PATCH /app/spaces/{spaceID}/payment-methods/{methodID}", crudLimiter(updateMethodWithAuth))
|
||||||
|
|
||||||
deleteMethodHandler := middleware.RequireAuth(space.DeletePaymentMethod)
|
deleteMethodHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.DeletePaymentMethod)
|
||||||
deleteMethodWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(deleteMethodHandler)
|
deleteMethodWithAuth := middleware.RequireAuth(deleteMethodHandler)
|
||||||
mux.Handle("DELETE /app/spaces/{spaceID}/payment-methods/{methodID}", crudLimiter(deleteMethodWithAccess))
|
mux.Handle("DELETE /app/spaces/{spaceID}/payment-methods/{methodID}", crudLimiter(deleteMethodWithAuth))
|
||||||
|
|
||||||
// Recurring expense routes
|
// Recurring expense routes
|
||||||
recurringPageHandler := middleware.RequireAuth(space.RecurringExpensesPage)
|
recurringPageHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.RecurringExpensesPage)
|
||||||
recurringPageWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(recurringPageHandler)
|
recurringPageWithAuth := middleware.RequireAuth(recurringPageHandler)
|
||||||
mux.Handle("GET /app/spaces/{spaceID}/recurring", recurringPageWithAccess)
|
mux.HandleFunc("GET /app/spaces/{spaceID}/recurring", recurringPageWithAuth)
|
||||||
|
|
||||||
createRecurringHandler := middleware.RequireAuth(space.CreateRecurringExpense)
|
createRecurringHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.CreateRecurringExpense)
|
||||||
createRecurringWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(createRecurringHandler)
|
createRecurringWithAuth := middleware.RequireAuth(createRecurringHandler)
|
||||||
mux.Handle("POST /app/spaces/{spaceID}/recurring", crudLimiter(createRecurringWithAccess))
|
mux.Handle("POST /app/spaces/{spaceID}/recurring", crudLimiter(createRecurringWithAuth))
|
||||||
|
|
||||||
updateRecurringHandler := middleware.RequireAuth(space.UpdateRecurringExpense)
|
updateRecurringHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.UpdateRecurringExpense)
|
||||||
updateRecurringWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(updateRecurringHandler)
|
updateRecurringWithAuth := middleware.RequireAuth(updateRecurringHandler)
|
||||||
mux.Handle("PATCH /app/spaces/{spaceID}/recurring/{recurringID}", crudLimiter(updateRecurringWithAccess))
|
mux.Handle("PATCH /app/spaces/{spaceID}/recurring/{recurringID}", crudLimiter(updateRecurringWithAuth))
|
||||||
|
|
||||||
deleteRecurringHandler := middleware.RequireAuth(space.DeleteRecurringExpense)
|
deleteRecurringHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.DeleteRecurringExpense)
|
||||||
deleteRecurringWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(deleteRecurringHandler)
|
deleteRecurringWithAuth := middleware.RequireAuth(deleteRecurringHandler)
|
||||||
mux.Handle("DELETE /app/spaces/{spaceID}/recurring/{recurringID}", crudLimiter(deleteRecurringWithAccess))
|
mux.Handle("DELETE /app/spaces/{spaceID}/recurring/{recurringID}", crudLimiter(deleteRecurringWithAuth))
|
||||||
|
|
||||||
toggleRecurringHandler := middleware.RequireAuth(space.ToggleRecurringExpense)
|
toggleRecurringHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.ToggleRecurringExpense)
|
||||||
toggleRecurringWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(toggleRecurringHandler)
|
toggleRecurringWithAuth := middleware.RequireAuth(toggleRecurringHandler)
|
||||||
mux.Handle("POST /app/spaces/{spaceID}/recurring/{recurringID}/toggle", crudLimiter(toggleRecurringWithAccess))
|
mux.Handle("POST /app/spaces/{spaceID}/recurring/{recurringID}/toggle", crudLimiter(toggleRecurringWithAuth))
|
||||||
|
|
||||||
// Budget routes
|
// Budget routes
|
||||||
budgetsPageHandler := middleware.RequireAuth(space.BudgetsPage)
|
budgetsPageHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.BudgetsPage)
|
||||||
budgetsPageWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(budgetsPageHandler)
|
budgetsPageWithAuth := middleware.RequireAuth(budgetsPageHandler)
|
||||||
mux.Handle("GET /app/spaces/{spaceID}/budgets", budgetsPageWithAccess)
|
mux.HandleFunc("GET /app/spaces/{spaceID}/budgets", budgetsPageWithAuth)
|
||||||
|
|
||||||
createBudgetHandler := middleware.RequireAuth(space.CreateBudget)
|
createBudgetHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.CreateBudget)
|
||||||
createBudgetWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(createBudgetHandler)
|
createBudgetWithAuth := middleware.RequireAuth(createBudgetHandler)
|
||||||
mux.Handle("POST /app/spaces/{spaceID}/budgets", crudLimiter(createBudgetWithAccess))
|
mux.Handle("POST /app/spaces/{spaceID}/budgets", crudLimiter(createBudgetWithAuth))
|
||||||
|
|
||||||
updateBudgetHandler := middleware.RequireAuth(space.UpdateBudget)
|
updateBudgetHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.UpdateBudget)
|
||||||
updateBudgetWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(updateBudgetHandler)
|
updateBudgetWithAuth := middleware.RequireAuth(updateBudgetHandler)
|
||||||
mux.Handle("PATCH /app/spaces/{spaceID}/budgets/{budgetID}", crudLimiter(updateBudgetWithAccess))
|
mux.Handle("PATCH /app/spaces/{spaceID}/budgets/{budgetID}", crudLimiter(updateBudgetWithAuth))
|
||||||
|
|
||||||
deleteBudgetHandler := middleware.RequireAuth(space.DeleteBudget)
|
deleteBudgetHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.DeleteBudget)
|
||||||
deleteBudgetWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(deleteBudgetHandler)
|
deleteBudgetWithAuth := middleware.RequireAuth(deleteBudgetHandler)
|
||||||
mux.Handle("DELETE /app/spaces/{spaceID}/budgets/{budgetID}", crudLimiter(deleteBudgetWithAccess))
|
mux.Handle("DELETE /app/spaces/{spaceID}/budgets/{budgetID}", crudLimiter(deleteBudgetWithAuth))
|
||||||
|
|
||||||
budgetsListHandler := middleware.RequireAuth(space.GetBudgetsList)
|
budgetsListHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.GetBudgetsList)
|
||||||
budgetsListWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(budgetsListHandler)
|
budgetsListWithAuth := middleware.RequireAuth(budgetsListHandler)
|
||||||
mux.Handle("GET /app/spaces/{spaceID}/components/budgets", budgetsListWithAccess)
|
mux.HandleFunc("GET /app/spaces/{spaceID}/components/budgets", budgetsListWithAuth)
|
||||||
|
|
||||||
// Report routes
|
// Report routes
|
||||||
reportChartsHandler := middleware.RequireAuth(space.GetReportCharts)
|
reportChartsHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.GetReportCharts)
|
||||||
reportChartsWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(reportChartsHandler)
|
reportChartsWithAuth := middleware.RequireAuth(reportChartsHandler)
|
||||||
mux.Handle("GET /app/spaces/{spaceID}/components/report-charts", reportChartsWithAccess)
|
mux.HandleFunc("GET /app/spaces/{spaceID}/components/report-charts", reportChartsWithAuth)
|
||||||
|
|
||||||
// Component routes (HTMX updates)
|
// Component routes (HTMX updates)
|
||||||
balanceCardHandler := middleware.RequireAuth(space.GetBalanceCard)
|
balanceCardHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.GetBalanceCard)
|
||||||
balanceCardWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(balanceCardHandler)
|
balanceCardWithAuth := middleware.RequireAuth(balanceCardHandler)
|
||||||
mux.Handle("GET /app/spaces/{spaceID}/components/balance", balanceCardWithAccess)
|
mux.HandleFunc("GET /app/spaces/{spaceID}/components/balance", balanceCardWithAuth)
|
||||||
|
|
||||||
expensesListHandler := middleware.RequireAuth(space.GetExpensesList)
|
expensesListHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.GetExpensesList)
|
||||||
expensesListWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(expensesListHandler)
|
expensesListWithAuth := middleware.RequireAuth(expensesListHandler)
|
||||||
mux.Handle("GET /app/spaces/{spaceID}/components/expenses", expensesListWithAccess)
|
mux.HandleFunc("GET /app/spaces/{spaceID}/components/expenses", expensesListWithAuth)
|
||||||
|
|
||||||
shoppingListItemsHandler := middleware.RequireAuth(space.GetShoppingListItems)
|
shoppingListItemsHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.GetShoppingListItems)
|
||||||
shoppingListItemsWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(shoppingListItemsHandler)
|
shoppingListItemsWithAuth := middleware.RequireAuth(shoppingListItemsHandler)
|
||||||
mux.Handle("GET /app/spaces/{spaceID}/lists/{listID}/items", shoppingListItemsWithAccess)
|
mux.HandleFunc("GET /app/spaces/{spaceID}/lists/{listID}/items", shoppingListItemsWithAuth)
|
||||||
|
|
||||||
cardItemsHandler := middleware.RequireAuth(space.GetListCardItems)
|
cardItemsHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.GetListCardItems)
|
||||||
cardItemsWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(cardItemsHandler)
|
cardItemsWithAuth := middleware.RequireAuth(cardItemsHandler)
|
||||||
mux.Handle("GET /app/spaces/{spaceID}/lists/{listID}/card-items", cardItemsWithAccess)
|
mux.HandleFunc("GET /app/spaces/{spaceID}/lists/{listID}/card-items", cardItemsWithAuth)
|
||||||
|
|
||||||
listsComponentHandler := middleware.RequireAuth(space.GetLists)
|
listsComponentHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.GetLists)
|
||||||
listsComponentWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(listsComponentHandler)
|
listsComponentWithAuth := middleware.RequireAuth(listsComponentHandler)
|
||||||
mux.Handle("GET /app/spaces/{spaceID}/components/lists", listsComponentWithAccess)
|
mux.HandleFunc("GET /app/spaces/{spaceID}/components/lists", listsComponentWithAuth)
|
||||||
|
|
||||||
// Settings routes
|
// Settings routes
|
||||||
settingsPageHandler := middleware.RequireAuth(space.SettingsPage)
|
settingsPageHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.SettingsPage)
|
||||||
settingsPageWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(settingsPageHandler)
|
settingsPageWithAuth := middleware.RequireAuth(settingsPageHandler)
|
||||||
mux.Handle("GET /app/spaces/{spaceID}/settings", settingsPageWithAccess)
|
mux.HandleFunc("GET /app/spaces/{spaceID}/settings", settingsPageWithAuth)
|
||||||
|
|
||||||
updateSpaceNameHandler := middleware.RequireAuth(space.UpdateSpaceName)
|
updateSpaceNameHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.UpdateSpaceName)
|
||||||
updateSpaceNameWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(updateSpaceNameHandler)
|
updateSpaceNameWithAuth := middleware.RequireAuth(updateSpaceNameHandler)
|
||||||
mux.Handle("PATCH /app/spaces/{spaceID}/settings/name", crudLimiter(updateSpaceNameWithAccess))
|
mux.Handle("PATCH /app/spaces/{spaceID}/settings/name", crudLimiter(updateSpaceNameWithAuth))
|
||||||
|
|
||||||
removeMemberHandler := middleware.RequireAuth(space.RemoveMember)
|
removeMemberHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.RemoveMember)
|
||||||
removeMemberWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(removeMemberHandler)
|
removeMemberWithAuth := middleware.RequireAuth(removeMemberHandler)
|
||||||
mux.Handle("DELETE /app/spaces/{spaceID}/members/{userID}", crudLimiter(removeMemberWithAccess))
|
mux.Handle("DELETE /app/spaces/{spaceID}/members/{userID}", crudLimiter(removeMemberWithAuth))
|
||||||
|
|
||||||
cancelInviteHandler := middleware.RequireAuth(space.CancelInvite)
|
cancelInviteHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.CancelInvite)
|
||||||
cancelInviteWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(cancelInviteHandler)
|
cancelInviteWithAuth := middleware.RequireAuth(cancelInviteHandler)
|
||||||
mux.Handle("DELETE /app/spaces/{spaceID}/invites/{token}", crudLimiter(cancelInviteWithAccess))
|
mux.Handle("DELETE /app/spaces/{spaceID}/invites/{token}", crudLimiter(cancelInviteWithAuth))
|
||||||
|
|
||||||
getPendingInvitesHandler := middleware.RequireAuth(space.GetPendingInvites)
|
getPendingInvitesHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.GetPendingInvites)
|
||||||
getPendingInvitesWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(getPendingInvitesHandler)
|
getPendingInvitesWithAuth := middleware.RequireAuth(getPendingInvitesHandler)
|
||||||
mux.Handle("GET /app/spaces/{spaceID}/settings/invites", getPendingInvitesWithAccess)
|
mux.HandleFunc("GET /app/spaces/{spaceID}/settings/invites", getPendingInvitesWithAuth)
|
||||||
|
|
||||||
// Invite routes
|
// Invite routes
|
||||||
createInviteHandler := middleware.RequireAuth(space.CreateInvite)
|
createInviteHandler := middleware.RequireSpaceAccess(a.SpaceService)(space.CreateInvite)
|
||||||
createInviteWithAccess := middleware.RequireSpaceAccess(a.SpaceService)(createInviteHandler)
|
createInviteWithAuth := middleware.RequireAuth(createInviteHandler)
|
||||||
mux.Handle("POST /app/spaces/{spaceID}/invites", crudLimiter(createInviteWithAccess))
|
mux.Handle("POST /app/spaces/{spaceID}/invites", crudLimiter(createInviteWithAuth))
|
||||||
|
|
||||||
mux.HandleFunc("GET /join/{token}", space.JoinSpace)
|
mux.HandleFunc("GET /join/{token}", space.JoinSpace)
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue