get('/health', function () { return ['status' => 'ok', 'timestamp' => time()]; }); // Authentication Routes $router->post('/auth/register', [AuthController::class, 'register'], [ValidationMiddleware::class]); $router->post('/auth/login', [AuthController::class, 'login'], [RateLimitMiddleware::class, ValidationMiddleware::class]); $router->post('/auth/logout', [AuthController::class, 'logout'], [AuthMiddleware::class]); $router->post('/auth/refresh', [AuthController::class, 'refresh'], [AuthMiddleware::class]); $router->get('/auth/me', [UserController::class, 'profile'], [AuthMiddleware::class]); // Alias for /user/profile $router->post('/auth/forgot-password', [AuthController::class, 'forgotPassword'], [RateLimitMiddleware::class, ValidationMiddleware::class]); $router->post('/auth/reset-password', [AuthController::class, 'resetPassword'], [ValidationMiddleware::class]); $router->get('/auth/verify-email/{token}', [AuthController::class, 'verifyEmail']); // Public Product Routes $router->get('/products', [ProductController::class, 'index']); $router->get('/products/search', [ProductController::class, 'search']); $router->get('/products/suggestions', [ProductController::class, 'suggestions']); $router->get('/products/featured', [ProductController::class, 'featured']); $router->get('/products/category/{categoryId}', [ProductController::class, 'byCategory']); $router->get('/products/{id}', [ProductController::class, 'show']); $router->get('/products/{id}/variants', [ProductController::class, 'variants']); $router->get('/products/{id}/images', [ProductController::class, 'images']); $router->get('/products/{id}/related', [ProductController::class, 'related']); $router->get('/products/{id}/stock', [ProductController::class, 'checkStock']); // Category Routes (Public Read, Admin Write) $router->get('/categories', [CategoryController::class, 'index']); $router->get('/categories/tree', [CategoryController::class, 'tree']); $router->get('/categories/{id}', [CategoryController::class, 'show']); $router->get('/categories/{id}/products', [CategoryController::class, 'products']); // Category Management (Admin Only) - POST methods only $router->post('/categories', [CategoryController::class, 'store'], [AuthMiddleware::class, AdminMiddleware::class, ValidationMiddleware::class]); $router->post('/categories/{id}', [CategoryController::class, 'update'], [AuthMiddleware::class, AdminMiddleware::class, ValidationMiddleware::class]); // _method=PUT $router->post('/categories/{id}/remove', [CategoryController::class, 'destroy'], [AuthMiddleware::class, AdminMiddleware::class]); // _method=DELETE // Guest Cart Routes (session-based) $router->get('/cart', [CartController::class, 'index']); $router->post('/cart/items', [CartController::class, 'addItem'], [ValidationMiddleware::class]); $router->post('/cart/items/{id}', [CartController::class, 'updateItem'], [ValidationMiddleware::class]); // _method=PUT $router->post('/cart/items/{id}/remove', [CartController::class, 'removeItem']); // _method=DELETE $router->post('/cart/clear', [CartController::class, 'clear']); // _method=DELETE $router->get('/cart/summary', [CartController::class, 'summary']); $router->get('/cart/validate', [CartController::class, 'validate']); // Order Routes (available for both guests and authenticated users) $router->post('/orders', [OrderController::class, 'create'], [ValidationMiddleware::class]); $router->get('/orders/{orderNumber}/track', [OrderController::class, 'track']); // Payment Routes $router->get('/payment/methods', [OrderController::class, 'paymentMethods']); $router->post('/orders/{orderId}/payment/promptpay', [OrderController::class, 'generatePromptPayQR']); $router->get('/orders/{orderId}/payment/status', [OrderController::class, 'paymentStatus']); $router->post('/payments/webhook', [OrderController::class, 'paymentWebhook']); // Protected User Routes (authentication required) $router->group(['middleware' => [AuthMiddleware::class]], function ($router) { // User Profile $router->get('/user/profile', [UserController::class, 'profile']); $router->post('/user/profile', [UserController::class, 'updateProfile'], [ValidationMiddleware::class]); // _method=PUT $router->post('/user/change-password', [UserController::class, 'changePassword'], [ValidationMiddleware::class]); // User Addresses $router->get('/user/addresses', [UserController::class, 'addresses']); $router->post('/user/addresses', [UserController::class, 'createAddress'], [ValidationMiddleware::class]); $router->post('/user/addresses/{id}', [UserController::class, 'updateAddress'], [ValidationMiddleware::class]); // _method=PUT $router->post('/user/addresses/{id}/delete', [UserController::class, 'deleteAddress']); // _method=DELETE $router->post('/user/addresses/{id}/default', [UserController::class, 'setDefaultAddress']); // User Cart (synced with server) $router->post('/user/cart/sync', [CartController::class, 'syncCart'], [ValidationMiddleware::class]); // User Orders (authenticated users only) $router->get('/user/orders', [OrderController::class, 'index']); $router->get('/user/orders/{id}', [OrderController::class, 'show']); $router->post('/user/orders/{id}/cancel', [OrderController::class, 'cancel']); // Wishlist $router->get('/user/wishlist', [UserController::class, 'wishlist']); $router->post('/user/wishlist', [UserController::class, 'addToWishlist'], [ValidationMiddleware::class]); $router->post('/user/wishlist/{productId}/remove', [UserController::class, 'removeFromWishlist']); // _method=DELETE }); // Admin Routes (admin authentication required) $router->group(['prefix' => '/admin', 'middleware' => [AuthMiddleware::class, AdminMiddleware::class]], function ($router) { // Admin Dashboard $router->get('/dashboard', [AdminController::class, 'dashboard']); $router->get('/stats', [AdminController::class, 'stats']); // Admin Product Management $router->get('/products', [AdminController::class, 'products']); $router->post('/products', [ProductController::class, 'create'], [ValidationMiddleware::class]); $router->get('/products/{id}', [AdminController::class, 'showProduct']); $router->post('/products/{id}', [ProductController::class, 'update'], [ValidationMiddleware::class]); // _method=PUT $router->post('/products/{id}/delete', [ProductController::class, 'delete']); // _method=DELETE $router->post('/products/{id}/images', [ProductController::class, 'uploadImages']); $router->post('/products/{id}/images/{imageId}/delete', [AdminController::class, 'deleteProductImage']); // _method=DELETE // Admin Product Variants $router->get('/products/{id}/variants', [AdminController::class, 'productVariants']); $router->post('/products/{id}/variants', [AdminController::class, 'createVariant'], [ValidationMiddleware::class]); $router->post('/products/{productId}/variants/{id}', [AdminController::class, 'updateVariant'], [ValidationMiddleware::class]); // _method=PUT $router->post('/products/{productId}/variants/{id}/delete', [AdminController::class, 'deleteVariant']); // _method=DELETE // Admin Category Management (old) $router->get('/admin/categories', [AdminController::class, 'categories']); $router->post('/admin/categories', [AdminController::class, 'createCategory'], [ValidationMiddleware::class]); $router->post('/admin/categories/{id}', [AdminController::class, 'updateCategory'], [ValidationMiddleware::class]); // _method=PUT $router->post('/admin/categories/{id}/delete', [AdminController::class, 'deleteCategory']); // _method=DELETE // Admin Order Management $router->get('/orders', [AdminController::class, 'orders']); $router->get('/orders/{id}', [AdminController::class, 'showOrder']); $router->post('/orders/{id}/status', [AdminController::class, 'updateOrderStatus'], [ValidationMiddleware::class]); // _method=PUT $router->post('/orders/{id}/refund', [AdminController::class, 'refundOrder'], [ValidationMiddleware::class]); $router->get('/orders/{id}/invoice', [AdminController::class, 'generateInvoice']); // Admin User Management $router->get('/users', [AdminController::class, 'users']); $router->get('/customers', [AdminController::class, 'customers']); $router->get('/users/{id}', [AdminController::class, 'showUser']); $router->post('/users/{id}', [AdminController::class, 'updateUser'], [ValidationMiddleware::class]); // _method=PUT $router->post('/users/{id}/suspend', [AdminController::class, 'suspendUser']); $router->post('/users/{id}/activate', [AdminController::class, 'activateUser']); // Admin Inventory Management $router->get('/inventory', [AdminController::class, 'inventory']); $router->post('/inventory/{productId}/stock', [AdminController::class, 'updateStock'], [ValidationMiddleware::class]); $router->post('/inventory/bulk-update', [AdminController::class, 'bulkUpdateInventory'], [ValidationMiddleware::class]); $router->get('/inventory/alerts', [AdminController::class, 'inventoryAlerts']); $router->post('/inventory/adjust', [AdminController::class, 'adjustInventory'], [ValidationMiddleware::class]); $router->get('/inventory/low-stock', [AdminController::class, 'lowStock']); $router->get('/inventory/reports', [AdminController::class, 'inventoryReports']); // Admin Analytics and Reporting $router->get('/analytics/sales', [AdminController::class, 'salesAnalytics']); $router->get('/analytics/customers', [AdminController::class, 'customerAnalytics']); $router->get('/analytics/inventory', [AdminController::class, 'inventoryAnalytics']); $router->post('/reports/sales', [AdminController::class, 'generateSalesReport'], [ValidationMiddleware::class]); // Admin Reports $router->get('/reports/sales', [AdminController::class, 'salesReports']); $router->get('/reports/customers', [AdminController::class, 'customerReports']); $router->get('/reports/products', [AdminController::class, 'productReports']); $router->get('/reports/export/{type}', [AdminController::class, 'exportReport']); // Admin Settings $router->get('/settings', [SettingsController::class, 'getSettings']); $router->post('/settings', [SettingsController::class, 'updateSettings'], [ValidationMiddleware::class]); // _method=PUT $router->post('/settings/reset', [SettingsController::class, 'resetSettings']); // _method=DELETE $router->get('/settings/export', [SettingsController::class, 'exportSettings']); $router->post('/settings/import', [SettingsController::class, 'importSettings'], [ValidationMiddleware::class]); // Admin Logs $router->get('/logs', [AdminController::class, 'logs']); $router->get('/logs/audit', [AdminController::class, 'auditLogs']); $router->get('/logs/errors', [AdminController::class, 'errorLogs']); }); // File Upload Routes $router->post('/upload/image', [ProductController::class, 'uploadImage'], [AuthMiddleware::class, AdminMiddleware::class]); $router->post('/upload/image/{filename}/delete', [ProductController::class, 'deleteImage'], [AuthMiddleware::class, AdminMiddleware::class]); // _method=DELETE // Utility Routes $router->get('/config/public', function () { $config = require __DIR__.'/app.php'; return [ 'app_name' => $config['app_name'], 'currency' => $config['default_currency'], 'tax_rate' => $config['tax_rate'], 'shipping_cost' => $config['shipping_cost'], 'free_shipping_threshold' => $config['free_shipping_threshold'] ]; }); };