feat: admin routes + better auth routing

internal/auth/routes.go

@@ -8,6 +8,7 @@ import (
 	"time"
 
 	"gitea.local/admin/hspguard/internal/config"
+	imiddleware "gitea.local/admin/hspguard/internal/middleware"
 	"gitea.local/admin/hspguard/internal/repository"
 	"gitea.local/admin/hspguard/internal/types"
 	"gitea.local/admin/hspguard/internal/util"
@@ -34,7 +35,7 @@ func (h *AuthHandler) signTokens(user *repository.User) (string, string, error)
 		},
 	}
 
-	accessToken, err := SignJwtToken(accessClaims, h.cfg.Jwt.PrivateKey)
+	accessToken, err := util.SignJwtToken(accessClaims, h.cfg.Jwt.PrivateKey)
 	if err != nil {
 		return "", "", err
 	}
@@ -50,7 +51,7 @@ func (h *AuthHandler) signTokens(user *repository.User) (string, string, error)
 		},
 	}
 
-	refreshToken, err := SignJwtToken(refreshClaims, h.cfg.Jwt.PrivateKey)
+	refreshToken, err := util.SignJwtToken(refreshClaims, h.cfg.Jwt.PrivateKey)
 	if err != nil {
 		return "", "", err
 	}
@@ -66,9 +67,17 @@ func NewAuthHandler(repo *repository.Queries, cfg *config.AppConfig) *AuthHandle
 }
 
 func (h *AuthHandler) RegisterRoutes(api chi.Router) {
-	api.Get("/auth/profile", h.getProfile)
-	api.Post("/auth/login", h.login)
-	api.Post("/auth/refresh", h.refreshToken)
+	api.Route("/auth", func(r chi.Router) {
+		r.Group(func(protected chi.Router) {
+			authMiddleware := imiddleware.NewAuthMiddleware(h.cfg)
+			protected.Use(authMiddleware.Runner)
+
+			protected.Get("/profile", h.getProfile)
+		})
+
+		r.Post("/login", h.login)
+		r.Post("/refresh", h.refreshToken)
+	})
 }
 
 func (h *AuthHandler) refreshToken(w http.ResponseWriter, r *http.Request) {
@@ -85,7 +94,7 @@ func (h *AuthHandler) refreshToken(w http.ResponseWriter, r *http.Request) {
 	}
 
 	tokenStr := parts[1]
-	token, userClaims, err := VerifyToken(tokenStr, h.cfg.Jwt.PublicKey)
+	token, userClaims, err := util.VerifyToken(tokenStr, h.cfg.Jwt.PublicKey)
 	if err != nil || !token.Valid {
 		http.Error(w, fmt.Sprintf("invalid token: %v", err), http.StatusUnauthorized)
 		return