<?php
/**
* Route Configuration
* Define all API routes with middleware and handlers
*/
use App\Controllers\AdminController;
use App\Controllers\AuthController;
use App\Controllers\CartController;
use App\Controllers\CategoryController;
use App\Controllers\OrderController;
use App\Controllers\ProductController;
use App\Controllers\SettingsController;
use App\Controllers\UserController;
use App\Middleware\AdminMiddleware;
use App\Middleware\AuthMiddleware;
use App\Middleware\RateLimitMiddleware;
use App\Middleware\ValidationMiddleware;
return function ($router) {
// Public API Routes (no authentication required)
$router->get('/health', function () {
return ['status' => 'ok', 'timestamp' => time()];
});
// Authentication Routes
$router->post('/auth/register', [AuthController::class, 'register'], [ValidationMiddleware::class]);
$router->post('/auth/login', [AuthController::class, 'login'], [RateLimitMiddleware::class, ValidationMiddleware::class]);
$router->post('/auth/logout', [AuthController::class, 'logout'], [AuthMiddleware::class]);
$router->post('/auth/refresh', [AuthController::class, 'refresh'], [AuthMiddleware::class]);
$router->get('/auth/me', [UserController::class, 'profile'], [AuthMiddleware::class]); // Alias for /user/profile
$router->post('/auth/forgot-password', [AuthController::class, 'forgotPassword'], [RateLimitMiddleware::class, ValidationMiddleware::class]);
$router->post('/auth/reset-password', [AuthController::class, 'resetPassword'], [ValidationMiddleware::class]);
$router->get('/auth/verify-email/{token}', [AuthController::class, 'verifyEmail']);
// Public Product Routes
$router->get('/products', [ProductController::class, 'index']);
$router->get('/products/search', [ProductController::class, 'search']);
$router->get('/products/suggestions', [ProductController::class, 'suggestions']);
$router->get('/products/featured', [ProductController::class, 'featured']);
$router->get('/products/category/{categoryId}', [ProductController::class, 'byCategory']);
$router->get('/products/{id}', [ProductController::class, 'show']);
$router->get('/products/{id}/variants', [ProductController::class, 'variants']);
$router->get('/products/{id}/images', [ProductController::class, 'images']);
$router->get('/products/{id}/related', [ProductController::class, 'related']);
$router->get('/products/{id}/stock', [ProductController::class, 'checkStock']);
// Category Routes (Public Read, Admin Write)
$router->get('/categories', [CategoryController::class, 'index']);
$router->get('/categories/tree', [CategoryController::class, 'tree']);
$router->get('/categories/{id}', [CategoryController::class, 'show']);
$router->get('/categories/{id}/products', [CategoryController::class, 'products']);
// Category Management (Admin Only) - POST methods only
$router->post('/categories', [CategoryController::class, 'store'], [AuthMiddleware::class, AdminMiddleware::class, ValidationMiddleware::class]);
$router->post('/categories/{id}', [CategoryController::class, 'update'], [AuthMiddleware::class, AdminMiddleware::class, ValidationMiddleware::class]); // _method=PUT
$router->post('/categories/{id}/remove', [CategoryController::class, 'destroy'], [AuthMiddleware::class, AdminMiddleware::class]); // _method=DELETE // Guest Cart Routes (session-based)
$router->get('/cart', [CartController::class, 'index']);
$router->post('/cart/items', [CartController::class, 'addItem'], [ValidationMiddleware::class]);
$router->post('/cart/items/{id}', [CartController::class, 'updateItem'], [ValidationMiddleware::class]); // _method=PUT
$router->post('/cart/items/{id}/remove', [CartController::class, 'removeItem']); // _method=DELETE
$router->post('/cart/clear', [CartController::class, 'clear']); // _method=DELETE
$router->get('/cart/summary', [CartController::class, 'summary']);
$router->get('/cart/validate', [CartController::class, 'validate']);
// Order Routes (available for both guests and authenticated users)
$router->post('/orders', [OrderController::class, 'create'], [ValidationMiddleware::class]);
$router->get('/orders/{orderNumber}/track', [OrderController::class, 'track']);
// Payment Routes
$router->get('/payment/methods', [OrderController::class, 'paymentMethods']);
$router->post('/orders/{orderId}/payment/promptpay', [OrderController::class, 'generatePromptPayQR']);
$router->get('/orders/{orderId}/payment/status', [OrderController::class, 'paymentStatus']);
$router->post('/payments/webhook', [OrderController::class, 'paymentWebhook']);
// Protected User Routes (authentication required)
$router->group(['middleware' => [AuthMiddleware::class]], function ($router) {
// User Profile
$router->get('/user/profile', [UserController::class, 'profile']);
$router->post('/user/profile', [UserController::class, 'updateProfile'], [ValidationMiddleware::class]); // _method=PUT
$router->post('/user/change-password', [UserController::class, 'changePassword'], [ValidationMiddleware::class]);
// User Addresses
$router->get('/user/addresses', [UserController::class, 'addresses']);
$router->post('/user/addresses', [UserController::class, 'createAddress'], [ValidationMiddleware::class]);
$router->post('/user/addresses/{id}', [UserController::class, 'updateAddress'], [ValidationMiddleware::class]); // _method=PUT
$router->post('/user/addresses/{id}/delete', [UserController::class, 'deleteAddress']); // _method=DELETE
$router->post('/user/addresses/{id}/default', [UserController::class, 'setDefaultAddress']);
// User Cart (synced with server)
$router->post('/user/cart/sync', [CartController::class, 'syncCart'], [ValidationMiddleware::class]);
// User Orders (authenticated users only)
$router->get('/user/orders', [OrderController::class, 'index']);
$router->get('/user/orders/{id}', [OrderController::class, 'show']);
$router->post('/user/orders/{id}/cancel', [OrderController::class, 'cancel']);
// Wishlist
$router->get('/user/wishlist', [UserController::class, 'wishlist']);
$router->post('/user/wishlist', [UserController::class, 'addToWishlist'], [ValidationMiddleware::class]);
$router->post('/user/wishlist/{productId}/remove', [UserController::class, 'removeFromWishlist']); // _method=DELETE
});
// Admin Routes (admin authentication required)
$router->group(['prefix' => '/admin', 'middleware' => [AuthMiddleware::class, AdminMiddleware::class]], function ($router) {
// Admin Dashboard
$router->get('/dashboard', [AdminController::class, 'dashboard']);
$router->get('/stats', [AdminController::class, 'stats']);
// Admin Product Management
$router->get('/products', [AdminController::class, 'products']);
$router->post('/products', [ProductController::class, 'create'], [ValidationMiddleware::class]);
$router->get('/products/{id}', [AdminController::class, 'showProduct']);
$router->post('/products/{id}', [ProductController::class, 'update'], [ValidationMiddleware::class]); // _method=PUT
$router->post('/products/{id}/delete', [ProductController::class, 'delete']); // _method=DELETE
$router->post('/products/{id}/images', [ProductController::class, 'uploadImages']);
$router->post('/products/{id}/images/{imageId}/delete', [AdminController::class, 'deleteProductImage']); // _method=DELETE
// Admin Product Variants
$router->get('/products/{id}/variants', [AdminController::class, 'productVariants']);
$router->post('/products/{id}/variants', [AdminController::class, 'createVariant'], [ValidationMiddleware::class]);
$router->post('/products/{productId}/variants/{id}', [AdminController::class, 'updateVariant'], [ValidationMiddleware::class]); // _method=PUT
$router->post('/products/{productId}/variants/{id}/delete', [AdminController::class, 'deleteVariant']); // _method=DELETE
// Admin Category Management (old)
$router->get('/admin/categories', [AdminController::class, 'categories']);
$router->post('/admin/categories', [AdminController::class, 'createCategory'], [ValidationMiddleware::class]);
$router->post('/admin/categories/{id}', [AdminController::class, 'updateCategory'], [ValidationMiddleware::class]); // _method=PUT
$router->post('/admin/categories/{id}/delete', [AdminController::class, 'deleteCategory']); // _method=DELETE
// Admin Order Management
$router->get('/orders', [AdminController::class, 'orders']);
$router->get('/orders/{id}', [AdminController::class, 'showOrder']);
$router->post('/orders/{id}/status', [AdminController::class, 'updateOrderStatus'], [ValidationMiddleware::class]); // _method=PUT
$router->post('/orders/{id}/refund', [AdminController::class, 'refundOrder'], [ValidationMiddleware::class]);
$router->get('/orders/{id}/invoice', [AdminController::class, 'generateInvoice']);
// Admin User Management
$router->get('/users', [AdminController::class, 'users']);
$router->get('/customers', [AdminController::class, 'customers']);
$router->get('/users/{id}', [AdminController::class, 'showUser']);
$router->post('/users/{id}', [AdminController::class, 'updateUser'], [ValidationMiddleware::class]); // _method=PUT
$router->post('/users/{id}/suspend', [AdminController::class, 'suspendUser']);
$router->post('/users/{id}/activate', [AdminController::class, 'activateUser']);
// Admin Inventory Management
$router->get('/inventory', [AdminController::class, 'inventory']);
$router->post('/inventory/{productId}/stock', [AdminController::class, 'updateStock'], [ValidationMiddleware::class]);
$router->post('/inventory/bulk-update', [AdminController::class, 'bulkUpdateInventory'], [ValidationMiddleware::class]);
$router->get('/inventory/alerts', [AdminController::class, 'inventoryAlerts']);
$router->post('/inventory/adjust', [AdminController::class, 'adjustInventory'], [ValidationMiddleware::class]);
$router->get('/inventory/low-stock', [AdminController::class, 'lowStock']);
$router->get('/inventory/reports', [AdminController::class, 'inventoryReports']);
// Admin Analytics and Reporting
$router->get('/analytics/sales', [AdminController::class, 'salesAnalytics']);
$router->get('/analytics/customers', [AdminController::class, 'customerAnalytics']);
$router->get('/analytics/inventory', [AdminController::class, 'inventoryAnalytics']);
$router->post('/reports/sales', [AdminController::class, 'generateSalesReport'], [ValidationMiddleware::class]);
// Admin Reports
$router->get('/reports/sales', [AdminController::class, 'salesReports']);
$router->get('/reports/customers', [AdminController::class, 'customerReports']);
$router->get('/reports/products', [AdminController::class, 'productReports']);
$router->get('/reports/export/{type}', [AdminController::class, 'exportReport']);
// Admin Settings
$router->get('/settings', [SettingsController::class, 'getSettings']);
$router->post('/settings', [SettingsController::class, 'updateSettings'], [ValidationMiddleware::class]); // _method=PUT
$router->post('/settings/reset', [SettingsController::class, 'resetSettings']); // _method=DELETE
$router->get('/settings/export', [SettingsController::class, 'exportSettings']);
$router->post('/settings/import', [SettingsController::class, 'importSettings'], [ValidationMiddleware::class]);
// Admin Logs
$router->get('/logs', [AdminController::class, 'logs']);
$router->get('/logs/audit', [AdminController::class, 'auditLogs']);
$router->get('/logs/errors', [AdminController::class, 'errorLogs']);
});
// File Upload Routes
$router->post('/upload/image', [ProductController::class, 'uploadImage'], [AuthMiddleware::class, AdminMiddleware::class]);
$router->post('/upload/image/{filename}/delete', [ProductController::class, 'deleteImage'], [AuthMiddleware::class, AdminMiddleware::class]); // _method=DELETE
// Utility Routes
$router->get('/config/public', function () {
$config = require __DIR__.'/app.php';
return [
'app_name' => $config['app_name'],
'currency' => $config['default_currency'],
'tax_rate' => $config['tax_rate'],
'shipping_cost' => $config['shipping_cost'],
'free_shipping_threshold' => $config['free_shipping_threshold']
];
});
};