feat: admin routes + better auth routing

internal/user/routes.go

@@ -11,6 +11,8 @@ import (
 	"strings"
 	"time"
 
+	"gitea.local/admin/hspguard/internal/config"
+	imiddleware "gitea.local/admin/hspguard/internal/middleware"
 	"gitea.local/admin/hspguard/internal/repository"
 	"gitea.local/admin/hspguard/internal/storage"
 	"gitea.local/admin/hspguard/internal/util"
@@ -24,18 +26,26 @@ import (
 type UserHandler struct {
 	repo  *repository.Queries
 	minio *storage.FileStorage
+	cfg   *config.AppConfig
 }
 
-func NewUserHandler(repo *repository.Queries, minio *storage.FileStorage) *UserHandler {
+func NewUserHandler(repo *repository.Queries, minio *storage.FileStorage, cfg *config.AppConfig) *UserHandler {
 	return &UserHandler{
-		repo:  repo,
-		minio: minio,
+		repo,
+		minio,
+		cfg,
 	}
 }
 
 func (h *UserHandler) RegisterRoutes(api chi.Router) {
+	api.Group(func(protected chi.Router) {
+		authMiddleware := imiddleware.NewAuthMiddleware(h.cfg)
+		protected.Use(authMiddleware.Runner)
+
+		protected.Put("/avatar", h.uploadAvatar)
+	})
+
 	api.Post("/register", h.register)
-	api.Put("/avatar", h.uploadAvatar)
 	api.Get("/avatar/{avatar}", h.getAvatar)
 }