8f6e956fde
- New /audit page with completeness scoring engine
- Weighted scoring by sourcing type (purchased vs manufactured)
- Batch DB queries for items+properties, BOM existence, project codes
- API endpoints: GET /api/audit/completeness, GET /api/audit/completeness/{pn}
- Audit UI: tier summary bar, filterable table, split-panel inline editing
- Create item form now shows category-specific property fields on category select
- Properties collected and submitted with item creation
203 lines
6.8 KiB
Go
203 lines
6.8 KiB
Go
package api
|
|
|
|
import (
|
|
"net/http"
|
|
|
|
"github.com/go-chi/chi/v5"
|
|
"github.com/go-chi/chi/v5/middleware"
|
|
"github.com/go-chi/cors"
|
|
"github.com/kindredsystems/silo/internal/auth"
|
|
"github.com/rs/zerolog"
|
|
)
|
|
|
|
// NewRouter creates a new chi router with all routes registered.
|
|
func NewRouter(server *Server, logger zerolog.Logger) http.Handler {
|
|
r := chi.NewRouter()
|
|
|
|
// Base middleware stack
|
|
r.Use(middleware.RequestID)
|
|
r.Use(middleware.RealIP)
|
|
r.Use(RequestLogger(logger))
|
|
r.Use(Recoverer(logger))
|
|
|
|
// CORS: configurable origins, locked down when auth is enabled
|
|
corsOrigins := []string{"*"}
|
|
corsCredentials := false
|
|
if server.authConfig != nil && server.authConfig.Enabled {
|
|
if len(server.authConfig.CORS.AllowedOrigins) > 0 {
|
|
corsOrigins = server.authConfig.CORS.AllowedOrigins
|
|
}
|
|
corsCredentials = true
|
|
}
|
|
r.Use(cors.Handler(cors.Options{
|
|
AllowedOrigins: corsOrigins,
|
|
AllowedMethods: []string{"GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"},
|
|
AllowedHeaders: []string{"Accept", "Authorization", "Content-Type", "X-CSRF-Token", "X-Request-ID"},
|
|
ExposedHeaders: []string{"Link", "X-Request-ID"},
|
|
AllowCredentials: corsCredentials,
|
|
MaxAge: 300,
|
|
}))
|
|
|
|
// Session middleware (must come before auth middleware)
|
|
if server.sessions != nil {
|
|
r.Use(server.sessions.LoadAndSave)
|
|
}
|
|
|
|
// Web handler for HTML pages
|
|
webHandler, err := NewWebHandler(logger, server)
|
|
if err != nil {
|
|
logger.Fatal().Err(err).Msg("failed to create web handler")
|
|
}
|
|
|
|
// Health endpoints (no auth)
|
|
r.Get("/health", server.HandleHealth)
|
|
r.Get("/ready", server.HandleReady)
|
|
|
|
// Auth endpoints (no auth required)
|
|
r.Get("/login", server.HandleLoginPage)
|
|
r.Post("/login", server.HandleLogin)
|
|
r.Post("/logout", server.HandleLogout)
|
|
r.Get("/auth/oidc", server.HandleOIDCLogin)
|
|
r.Get("/auth/callback", server.HandleOIDCCallback)
|
|
|
|
// Web UI routes (require auth + CSRF)
|
|
r.Group(func(r chi.Router) {
|
|
r.Use(server.RequireAuth)
|
|
r.Use(server.CSRFProtect)
|
|
|
|
r.Get("/", webHandler.HandleIndex)
|
|
r.Get("/projects", webHandler.HandleProjectsPage)
|
|
r.Get("/schemas", webHandler.HandleSchemasPage)
|
|
r.Get("/audit", webHandler.HandleAuditPage)
|
|
r.Get("/settings", server.HandleSettingsPage)
|
|
r.Post("/settings/tokens", server.HandleCreateTokenWeb)
|
|
r.Post("/settings/tokens/{id}/revoke", server.HandleRevokeTokenWeb)
|
|
})
|
|
|
|
// API routes (require auth, no CSRF — token auth instead)
|
|
r.Route("/api", func(r chi.Router) {
|
|
r.Use(server.RequireAuth)
|
|
|
|
// Auth endpoints
|
|
r.Get("/auth/me", server.HandleGetCurrentUser)
|
|
r.Route("/auth/tokens", func(r chi.Router) {
|
|
r.Get("/", server.HandleListTokens)
|
|
r.Post("/", server.HandleCreateToken)
|
|
r.Delete("/{id}", server.HandleRevokeToken)
|
|
})
|
|
|
|
// Schemas (read: viewer, write: editor)
|
|
r.Route("/schemas", func(r chi.Router) {
|
|
r.Get("/", server.HandleListSchemas)
|
|
r.Get("/{name}", server.HandleGetSchema)
|
|
r.Get("/{name}/properties", server.HandleGetPropertySchema)
|
|
|
|
r.Group(func(r chi.Router) {
|
|
r.Use(server.RequireRole(auth.RoleEditor))
|
|
r.Route("/{name}/segments/{segment}/values", func(r chi.Router) {
|
|
r.Post("/", server.HandleAddSchemaValue)
|
|
r.Put("/{code}", server.HandleUpdateSchemaValue)
|
|
r.Delete("/{code}", server.HandleDeleteSchemaValue)
|
|
})
|
|
})
|
|
})
|
|
|
|
// Projects (read: viewer, write: editor)
|
|
r.Route("/projects", func(r chi.Router) {
|
|
r.Get("/", server.HandleListProjects)
|
|
r.Get("/{code}", server.HandleGetProject)
|
|
r.Get("/{code}/items", server.HandleGetProjectItems)
|
|
r.Get("/{code}/sheet.ods", server.HandleProjectSheetODS)
|
|
|
|
r.Group(func(r chi.Router) {
|
|
r.Use(server.RequireRole(auth.RoleEditor))
|
|
r.Post("/", server.HandleCreateProject)
|
|
r.Put("/{code}", server.HandleUpdateProject)
|
|
r.Delete("/{code}", server.HandleDeleteProject)
|
|
})
|
|
})
|
|
|
|
// Items (read: viewer, write: editor)
|
|
r.Route("/items", func(r chi.Router) {
|
|
r.Get("/", server.HandleListItems)
|
|
r.Get("/search", server.HandleFuzzySearch)
|
|
r.Get("/export.csv", server.HandleExportCSV)
|
|
r.Get("/template.csv", server.HandleCSVTemplate)
|
|
r.Get("/export.ods", server.HandleExportODS)
|
|
r.Get("/template.ods", server.HandleODSTemplate)
|
|
|
|
r.Group(func(r chi.Router) {
|
|
r.Use(server.RequireRole(auth.RoleEditor))
|
|
r.Post("/", server.HandleCreateItem)
|
|
r.Post("/import", server.HandleImportCSV)
|
|
r.Post("/import.ods", server.HandleImportODS)
|
|
})
|
|
|
|
r.Route("/{partNumber}", func(r chi.Router) {
|
|
r.Get("/", server.HandleGetItem)
|
|
r.Get("/projects", server.HandleGetItemProjects)
|
|
r.Get("/revisions", server.HandleListRevisions)
|
|
r.Get("/revisions/compare", server.HandleCompareRevisions)
|
|
r.Get("/revisions/{revision}", server.HandleGetRevision)
|
|
r.Get("/file", server.HandleDownloadLatestFile)
|
|
r.Get("/file/{revision}", server.HandleDownloadFile)
|
|
r.Get("/bom", server.HandleGetBOM)
|
|
r.Get("/bom/expanded", server.HandleGetExpandedBOM)
|
|
r.Get("/bom/where-used", server.HandleGetWhereUsed)
|
|
r.Get("/bom/export.csv", server.HandleExportBOMCSV)
|
|
r.Get("/bom/export.ods", server.HandleExportBOMODS)
|
|
|
|
r.Group(func(r chi.Router) {
|
|
r.Use(server.RequireRole(auth.RoleEditor))
|
|
r.Put("/", server.HandleUpdateItem)
|
|
r.Delete("/", server.HandleDeleteItem)
|
|
r.Post("/projects", server.HandleAddItemProjects)
|
|
r.Delete("/projects/{code}", server.HandleRemoveItemProject)
|
|
r.Post("/revisions", server.HandleCreateRevision)
|
|
r.Patch("/revisions/{revision}", server.HandleUpdateRevision)
|
|
r.Post("/revisions/{revision}/rollback", server.HandleRollbackRevision)
|
|
r.Post("/file", server.HandleUploadFile)
|
|
r.Post("/bom", server.HandleAddBOMEntry)
|
|
r.Post("/bom/import", server.HandleImportBOMCSV)
|
|
r.Put("/bom/{childPartNumber}", server.HandleUpdateBOMEntry)
|
|
r.Delete("/bom/{childPartNumber}", server.HandleDeleteBOMEntry)
|
|
})
|
|
})
|
|
})
|
|
|
|
// Audit (read-only, viewer role)
|
|
r.Route("/audit", func(r chi.Router) {
|
|
r.Get("/completeness", server.HandleAuditCompleteness)
|
|
r.Get("/completeness/{partNumber}", server.HandleAuditItemDetail)
|
|
})
|
|
|
|
// Integrations (read: viewer, write: editor)
|
|
r.Route("/integrations/odoo", func(r chi.Router) {
|
|
r.Get("/config", server.HandleGetOdooConfig)
|
|
r.Get("/sync-log", server.HandleGetOdooSyncLog)
|
|
|
|
r.Group(func(r chi.Router) {
|
|
r.Use(server.RequireRole(auth.RoleEditor))
|
|
r.Put("/config", server.HandleUpdateOdooConfig)
|
|
r.Post("/test-connection", server.HandleTestOdooConnection)
|
|
r.Post("/sync/push/{partNumber}", server.HandleOdooPush)
|
|
r.Post("/sync/pull/{odooId}", server.HandleOdooPull)
|
|
})
|
|
})
|
|
|
|
// Sheets (editor)
|
|
r.Group(func(r chi.Router) {
|
|
r.Use(server.RequireRole(auth.RoleEditor))
|
|
r.Post("/sheets/diff", server.HandleSheetDiff)
|
|
})
|
|
|
|
// Part number generation (editor)
|
|
r.Group(func(r chi.Router) {
|
|
r.Use(server.RequireRole(auth.RoleEditor))
|
|
r.Post("/generate-part-number", server.HandleGeneratePartNumber)
|
|
})
|
|
})
|
|
|
|
return r
|
|
}
|