feat: protect required endpoints by oauth

internal/oauth/routes.go

@@ -2,6 +2,7 @@ package oauth
 
 import (
 	"gitea.local/admin/hspguard/internal/config"
+	imiddleware "gitea.local/admin/hspguard/internal/middleware"
 	"gitea.local/admin/hspguard/internal/repository"
 	"github.com/go-chi/chi/v5"
 )
@@ -20,9 +21,13 @@ func NewOAuthHandler(repo *repository.Queries, cfg *config.AppConfig) *OAuthHand
 
 func (h *OAuthHandler) RegisterRoutes(router chi.Router) {
 	router.Route("/oauth", func(r chi.Router) {
-		r.Post("/token", h.tokenEndpoint)
+		r.Group(func(protected chi.Router) {
+			authMiddleware := imiddleware.NewAuthMiddleware(h.cfg)
+			protected.Use(authMiddleware.Runner)
 
-		r.Post("/code", h.getAuthCode)
+			protected.Post("/code", h.getAuthCode)
+		})
 		r.Get("/authorize", h.AuthorizeClient)
+		r.Post("/token", h.tokenEndpoint)
 	})
 }