pib-service-api 0.13.1

// SPDX-FileCopyrightText: Politik im Blick developers
// SPDX-FileCopyrightText: Wolfgang Silbermayr <wolfgang@silbermayr.at>
//
// SPDX-License-Identifier: AGPL-3.0-or-later OR EUPL-1.2

use std::sync::Arc;

use axum::{Router, http::Method, routing::get};
use http::header::{
    ACCEPT_ENCODING, AUTHORIZATION, CONNECTION, CONTENT_LENGTH, CONTENT_TYPE, DNT, HOST, ORIGIN,
    REFERER,
};
use pib_service_facade::Service;
use tower_http::{
    auth::AsyncRequireAuthorizationLayer,
    cors::{AllowOrigin, CorsLayer},
};

use crate::Auth;

mod body;
mod config;
mod me;
mod root;

pub(super) async fn router(auth: Auth, service: Arc<dyn Service>) -> Router {
    let cors = CorsLayer::new()
        .allow_methods([
            Method::GET,
            Method::POST,
            Method::PUT,
            Method::DELETE,
            Method::PATCH,
        ])
        .allow_headers([
            AUTHORIZATION,
            CONTENT_TYPE,
            ACCEPT_ENCODING,
            CONTENT_LENGTH,
            ORIGIN,
            REFERER,
            CONNECTION,
            DNT,
            HOST,
        ])
        .allow_origin(AllowOrigin::mirror_request());

    let public = Router::new()
        .route("/", get(root::get))
        .route("/config", get(config::get));
    let private = Router::new()
        .route(
            "/me/profile",
            get(me::profile::get).patch(me::profile::patch),
        )
        .route("/body", get(body::get).post(body::post))
        .route("/body/{body_id}", get(body::by_body_id::get))
        .route(
            "/body/{body_id}/meeting",
            get(body::by_body_id::meeting::get).post(body::by_body_id::meeting::post),
        )
        .route(
            "/body/{body_id}/meeting/{meeting_id}",
            get(body::by_body_id::meeting::by_meeting_id::get),
        )
        .layer(AsyncRequireAuthorizationLayer::new(auth));
    Router::new()
        .merge(public)
        .merge(private)
        .layer(cors)
        .with_state(service)
}