package api import ( "net/http" "time" "dns.froth.zone/pomme/internal" "github.com/go-chi/chi/v5" "github.com/go-chi/httprate" "github.com/go-chi/jwtauth/v5" "github.com/go-chi/render" ) // API subroute handler. func API() http.Handler { api := chi.NewRouter() // Protected routes api.Group(func(api chi.Router) { api.Use(httprate.Limit( 10, // requests 10*time.Second, // per duration httprate.WithKeyFuncs(httprate.KeyByIP, httprate.KeyByEndpoint), httprate.WithLimitHandler(func(w http.ResponseWriter, r *http.Request) { w.Header().Set("Content-Type", "application/json") w.WriteHeader(http.StatusTooManyRequests) resp := internal.Response{ Message: "API rate limit exceded", } render.JSON(w, r, resp) }), )) api.Use(jwtauth.Verifier(tokenAuth)) api.Use(jwtauth.Authenticator) api.With(setDBMiddleware).Post("/upload", ReceiveFile) }) // Open routes api.Group(func(api chi.Router) { api.Use(httprate.Limit( 5, // requests 5*time.Second, // per duration httprate.WithKeyFuncs(httprate.KeyByIP, httprate.KeyByEndpoint), httprate.WithLimitHandler(func(w http.ResponseWriter, r *http.Request) { w.Header().Set("Content-Type", "application/json") w.WriteHeader(http.StatusTooManyRequests) resp := internal.Response{ Message: "API rate limit exceded", } render.JSON(w, r, resp) }), )) api.With(setDBMiddleware).Post("/create", NewUser) api.With(setDBMiddleware).Post("/login", Login) api.Post("/logout", Logout) }) return api }