soul-yongping/soul-api/internal/router/router.go

package router

import (
	"soul-api/internal/config"
	"soul-api/internal/handler"
	"soul-api/internal/middleware"

	"github.com/gin-contrib/cors"
	"github.com/gin-gonic/gin"
)

// Setup 创建并配置 Gin 引擎，路径与 app/api 一致
func Setup(cfg *config.Config) *gin.Engine {
	gin.SetMode(cfg.Mode)
	r := gin.New()
	r.Use(gin.Recovery())
	r.Use(gin.Logger())
	_ = r.SetTrustedProxies(cfg.TrustedProxies)

	r.Use(middleware.Secure())
	r.Use(cors.New(cors.Config{
		AllowOrigins:     cfg.CORSOrigins,
		AllowMethods:     []string{"GET", "POST", "PUT", "DELETE", "OPTIONS"},
		AllowHeaders:     []string{"Origin", "Content-Type", "Authorization"},
		AllowCredentials: true,
		MaxAge:           86400,
	}))
	rateLimiter := middleware.NewRateLimiter(100, 200)
	r.Use(rateLimiter.Middleware())

	r.Static("/uploads", "./uploads")

	api := r.Group("/api")
	{
		// ----- 管理端 -----
		api.GET("/admin", handler.AdminCheck)
		api.POST("/admin", handler.AdminLogin)
		api.POST("/admin/logout", handler.AdminLogout)

		admin := api.Group("/admin")
		admin.Use(middleware.AdminAuth())
		{
			admin.GET("/chapters", handler.AdminChaptersList)
			admin.POST("/chapters", handler.AdminChaptersAction)
			admin.PUT("/chapters", handler.AdminChaptersAction)
			admin.DELETE("/chapters", handler.AdminChaptersAction)
			admin.GET("/content", handler.AdminContent)
			admin.POST("/content", handler.AdminContent)
			admin.PUT("/content", handler.AdminContent)
			admin.DELETE("/content", handler.AdminContent)
			admin.GET("/dashboard/overview", handler.AdminDashboardOverview)
		admin.GET("/distribution/overview", handler.AdminDistributionOverview)
			admin.GET("/payment", handler.AdminPayment)
			admin.POST("/payment", handler.AdminPayment)
			admin.PUT("/payment", handler.AdminPayment)
			admin.DELETE("/payment", handler.AdminPayment)
			admin.GET("/referral", handler.AdminReferral)
			admin.POST("/referral", handler.AdminReferral)
			admin.PUT("/referral", handler.AdminReferral)
			admin.DELETE("/referral", handler.AdminReferral)
			admin.GET("/withdrawals", handler.AdminWithdrawalsList)
			admin.PUT("/withdrawals", handler.AdminWithdrawalsAction)
			admin.POST("/withdrawals/sync", handler.AdminWithdrawalsSync)
			admin.GET("/withdraw-test", handler.AdminWithdrawTest)
			admin.POST("/withdraw-test", handler.AdminWithdrawTest)
			admin.GET("/settings", handler.AdminSettingsGet)
			admin.POST("/settings", handler.AdminSettingsPost)
			admin.GET("/referral-settings", handler.AdminReferralSettingsGet)
			admin.POST("/referral-settings", handler.AdminReferralSettingsPost)
			admin.GET("/author-settings", handler.AdminAuthorSettingsGet)
			admin.POST("/author-settings", handler.AdminAuthorSettingsPost)
			admin.PUT("/orders/refund", handler.AdminOrderRefund)
			admin.GET("/users", handler.AdminUsersList)
			admin.POST("/users", handler.AdminUsersAction)
			admin.PUT("/users", handler.AdminUsersAction)
			admin.DELETE("/users", handler.AdminUsersAction)
		}

		// ----- 鉴权 -----
		api.POST("/auth/login", handler.AuthLogin)
		api.POST("/auth/reset-password", handler.AuthResetPassword)

		// ----- 书籍/章节 -----
		api.GET("/book/all-chapters", handler.BookAllChapters)
		api.GET("/book/chapter/:id", handler.BookChapterByID)
		api.GET("/book/chapter/by-mid/:mid", handler.BookChapterByMID)
		api.GET("/book/chapters", handler.BookChapters)
		api.POST("/book/chapters", handler.BookChapters)
		api.PUT("/book/chapters", handler.BookChapters)
		api.DELETE("/book/chapters", handler.BookChapters)
		api.GET("/book/hot", handler.BookHot)
		api.GET("/book/recommended", handler.BookRecommended)
		api.GET("/book/latest-chapters", handler.BookLatestChapters)
		api.GET("/book/search", handler.BookSearch)
		api.GET("/book/stats", handler.BookStats)
		api.GET("/book/sync", handler.BookSync)
		api.POST("/book/sync", handler.BookSync)

		// ----- CKB -----
		api.POST("/ckb/join", handler.CKBJoin)
		api.POST("/ckb/match", handler.CKBMatch)
		api.GET("/ckb/sync", handler.CKBSync)
		api.POST("/ckb/sync", handler.CKBSync)

		// ----- 配置 -----
		api.GET("/config", handler.GetConfig)
		// 小程序用：GET /api/db/config 返回 freeChapters、prices（不鉴权，先于 db 组匹配）
		api.GET("/db/config", handler.GetPublicDBConfig)

		// ----- 内容 -----
		api.GET("/content", handler.ContentGet)

		// ----- 定时任务 -----
		api.GET("/cron/sync-orders", handler.CronSyncOrders)
		api.POST("/cron/sync-orders", handler.CronSyncOrders)
		api.GET("/cron/unbind-expired", handler.CronUnbindExpired)
		api.POST("/cron/unbind-expired", handler.CronUnbindExpired)

		// ----- 数据库（管理端） -----
		db := api.Group("/db")
		db.Use(middleware.AdminAuth())
		{
			db.GET("/book", handler.DBBookAction)
			db.POST("/book", handler.DBBookAction)
			db.PUT("/book", handler.DBBookAction)
			db.DELETE("/book", handler.DBBookDelete)
			db.GET("/chapters", handler.DBChapters)
			db.POST("/chapters", handler.DBChapters)
			db.GET("/config/full", handler.DBConfigGet) // 管理端拉全量配置；GET /api/db/config 已用于公开接口 GetPublicDBConfig
			db.POST("/config", handler.DBConfigPost)
			db.DELETE("/config", handler.DBConfigDelete)
			db.GET("/distribution", handler.DBDistribution)
			db.GET("/init", handler.DBInitGet)
			db.POST("/init", handler.DBInit)
			db.GET("/migrate", handler.DBMigrateGet)
			db.POST("/migrate", handler.DBMigratePost)
			db.GET("/users", handler.DBUsersList)
			db.POST("/users", handler.DBUsersAction)
			db.PUT("/users", handler.DBUsersAction)
			db.DELETE("/users", handler.DBUsersDelete)
			db.GET("/users/referrals", handler.DBUsersReferrals)
			db.GET("/vip-roles", handler.DBVipRolesList)
			db.POST("/vip-roles", handler.DBVipRolesAction)
			db.PUT("/vip-roles", handler.DBVipRolesAction)
			db.DELETE("/vip-roles", handler.DBVipRolesAction)
			db.GET("/match-records", handler.DBMatchRecordsList)
			db.GET("/mentors", handler.DBMentorsList)
			db.POST("/mentors", handler.DBMentorsAction)
			db.PUT("/mentors", handler.DBMentorsAction)
			db.DELETE("/mentors", handler.DBMentorsAction)
			db.GET("/mentor-consultations", handler.DBMentorConsultationsList)
			// 用户旅程规则
			db.GET("/user-rules", handler.DBUserRulesList)
			db.POST("/user-rules", handler.DBUserRulesAction)
			db.PUT("/user-rules", handler.DBUserRulesAction)
			db.DELETE("/user-rules", handler.DBUserRulesAction)
			// RFM 估值
			db.GET("/users/rfm", handler.DBUsersRFM)
			db.GET("/users/rfm-single", handler.DBUserRFMSingle)
		}

		// ----- 分销 -----
		api.GET("/distribution", handler.DistributionGet)
		api.POST("/distribution", handler.DistributionGet)
		api.PUT("/distribution", handler.DistributionGet)
		api.GET("/distribution/auto-withdraw-config", handler.DistributionAutoWithdrawConfig)
		api.POST("/distribution/auto-withdraw-config", handler.DistributionAutoWithdrawConfig)
		api.DELETE("/distribution/auto-withdraw-config", handler.DistributionAutoWithdrawConfig)
		api.GET("/distribution/messages", handler.DistributionMessages)
		api.POST("/distribution/messages", handler.DistributionMessages)

		// ----- 文档生成 -----
		api.POST("/documentation/generate", handler.DocGenerate)

		// ----- 找伙伴 -----
		api.GET("/match/config", handler.MatchConfigGet)
		api.POST("/match/config", handler.MatchConfigPost)
		api.POST("/match/users", handler.MatchUsers)

		// ----- 菜单 -----
		api.GET("/menu", handler.MenuGet)

		// ----- 订单 -----
		api.GET("/orders", handler.OrdersList)

		// ----- 支付 -----
		api.POST("/payment/alipay/notify", handler.PaymentAlipayNotify)
		api.POST("/payment/callback", handler.PaymentCallback)
		api.POST("/payment/create-order", handler.PaymentCreateOrder)
		api.GET("/payment/methods", handler.PaymentMethods)
		api.GET("/payment/query", handler.PaymentQuery)
		api.GET("/payment/status/:orderSn", handler.PaymentStatusOrderSn)
		api.POST("/payment/verify", handler.PaymentVerify)
		api.POST("/payment/wechat/notify", handler.PaymentWechatNotify)
		api.GET("/payment/wechat/transfer/notify", handler.PaymentWechatTransferNotify)
		api.POST("/payment/wechat/transfer/notify", handler.PaymentWechatTransferNotify)

		// ----- 推荐 -----
		api.POST("/referral/bind", handler.ReferralBind)
		api.GET("/referral/data", handler.ReferralData)
		api.POST("/referral/visit", handler.ReferralVisit)

		// ----- 搜索 -----
		api.GET("/search", handler.SearchGet)

		// ----- 同步 -----
		api.GET("/sync", handler.SyncGet)
		api.POST("/sync", handler.SyncPost)
		api.PUT("/sync", handler.SyncPut)

		// ----- 上传 -----
		api.POST("/upload", handler.UploadPost)
		api.DELETE("/upload", handler.UploadDelete)

		// ----- 用户 -----
		api.GET("/user/addresses", handler.UserAddressesGet)
		api.POST("/user/addresses", handler.UserAddressesPost)
		api.GET("/user/addresses/:id", handler.UserAddressesByID)
		api.PUT("/user/addresses/:id", handler.UserAddressesByID)
		api.DELETE("/user/addresses/:id", handler.UserAddressesByID)
		api.GET("/user/check-purchased", handler.UserCheckPurchased)
		api.GET("/user/profile", handler.UserProfileGet)
		api.POST("/user/profile", handler.UserProfilePost)
		api.GET("/user/purchase-status", handler.UserPurchaseStatus)
		api.GET("/user/reading-progress", handler.UserReadingProgressGet)
		api.POST("/user/reading-progress", handler.UserReadingProgressPost)
		api.GET("/user/track", handler.UserTrackGet)
		api.POST("/user/track", handler.UserTrackPost)
		api.POST("/user/update", handler.UserUpdate)

		// ----- 微信登录 -----
		api.POST("/wechat/login", handler.WechatLogin)
		api.POST("/wechat/phone-login", handler.WechatPhoneLogin)

		// ----- 小程序组（所有小程序端接口统一在 /api/miniprogram 下） -----
		miniprogram := api.Group("/miniprogram")
		{
			miniprogram.GET("/config", handler.GetPublicDBConfig)
			miniprogram.POST("/login", handler.MiniprogramLogin)
			miniprogram.POST("/phone-login", handler.WechatPhoneLogin)
			miniprogram.POST("/phone", handler.MiniprogramPhone)
			miniprogram.GET("/pay", handler.MiniprogramPay)
			miniprogram.POST("/pay", handler.MiniprogramPay)
			miniprogram.POST("/pay/notify", handler.MiniprogramPayNotify) // 微信支付回调，URL 需在商户平台配置
			miniprogram.POST("/qrcode", handler.MiniprogramQrcode)
			miniprogram.GET("/qrcode/image", handler.MiniprogramQrcodeImage)
			miniprogram.GET("/book/all-chapters", handler.BookAllChapters)
			miniprogram.GET("/book/chapter/:id", handler.BookChapterByID)
			miniprogram.GET("/book/chapter/by-mid/:mid", handler.BookChapterByMID)
			miniprogram.GET("/book/hot", handler.BookHot)
			miniprogram.GET("/book/recommended", handler.BookRecommended)
			miniprogram.GET("/book/latest-chapters", handler.BookLatestChapters)
			miniprogram.GET("/book/search", handler.BookSearch)
			miniprogram.GET("/book/stats", handler.BookStats)
			miniprogram.POST("/referral/visit", handler.ReferralVisit)
			miniprogram.POST("/referral/bind", handler.ReferralBind)
			miniprogram.GET("/referral/data", handler.ReferralData)
			miniprogram.GET("/earnings", handler.MyEarnings)
			miniprogram.GET("/match/config", handler.MatchConfigGet)
			miniprogram.POST("/match/users", handler.MatchUsers)
			miniprogram.POST("/ckb/join", handler.CKBJoin)
			miniprogram.POST("/ckb/match", handler.CKBMatch)
			miniprogram.POST("/ckb/lead", handler.CKBLead)
			miniprogram.POST("/upload", handler.UploadPost)
			miniprogram.DELETE("/upload", handler.UploadDelete)
			miniprogram.GET("/user/addresses", handler.UserAddressesGet)
			miniprogram.POST("/user/addresses", handler.UserAddressesPost)
			miniprogram.GET("/user/addresses/:id", handler.UserAddressesByID)
			miniprogram.PUT("/user/addresses/:id", handler.UserAddressesByID)
			miniprogram.DELETE("/user/addresses/:id", handler.UserAddressesByID)
			miniprogram.GET("/user/check-purchased", handler.UserCheckPurchased)
			miniprogram.GET("/user/profile", handler.UserProfileGet)
			miniprogram.POST("/user/profile", handler.UserProfilePost)
			miniprogram.GET("/user/purchase-status", handler.UserPurchaseStatus)
			miniprogram.GET("/user/dashboard-stats", handler.UserDashboardStatsGet)
			miniprogram.GET("/user/reading-progress", handler.UserReadingProgressGet)
			miniprogram.POST("/user/reading-progress", handler.UserReadingProgressPost)
			miniprogram.POST("/user/update", handler.UserUpdate)
			miniprogram.POST("/withdraw", handler.WithdrawPost)
			miniprogram.GET("/withdraw/records", handler.WithdrawRecords)
			miniprogram.GET("/withdraw/pending-confirm", handler.WithdrawPendingConfirm)
			miniprogram.POST("/withdraw/confirm-received", handler.WithdrawConfirmReceived)
			miniprogram.GET("/withdraw/confirm-info", handler.WithdrawConfirmInfo)
			// VIP 接口（小程序专用，按使用方区分路径）
			miniprogram.GET("/vip/status", handler.VipStatus)
			miniprogram.GET("/vip/profile", handler.VipProfileGet)
			miniprogram.POST("/vip/profile", handler.VipProfilePost)
			miniprogram.GET("/vip/members", handler.VipMembers)
			// 用户列表/单个（首页超级个体、会员详情回退）
			miniprogram.GET("/users", handler.MiniprogramUsers)
			miniprogram.GET("/orders", handler.MiniprogramOrders)
			// 导师（stitch_soul）
			miniprogram.GET("/mentors", handler.MiniprogramMentorsList)
			miniprogram.GET("/mentors/:id", handler.MiniprogramMentorsDetail)
			miniprogram.POST("/mentors/:id/book", handler.MiniprogramMentorsBook)
			miniprogram.GET("/about/author", handler.MiniprogramAboutAuthor)
		}

		// ----- 提现 -----
		api.POST("/withdraw", handler.WithdrawPost)
		api.GET("/withdraw/records", handler.WithdrawRecords)
		api.GET("/withdraw/pending-confirm", handler.WithdrawPendingConfirm)
		// 提现测试（固定用户 1 元，无需 admin 鉴权，仅用于脚本/本地调试）
		api.GET("/withdraw-test", handler.AdminWithdrawTest)
		api.POST("/withdraw-test", handler.AdminWithdrawTest)

		// ----- 提现 V3（独立实现，依文档 提现功能完整技术文档.md） -----
		api.POST("/v3/withdraw/initiate", handler.WithdrawV3Initiate)
		api.POST("/v3/withdraw/notify", handler.WithdrawV3Notify)
		api.POST("/v3/withdraw/query", handler.WithdrawV3Query)
	}

	// 根路径不返回任何页面（仅 204）
	r.GET("/", func(c *gin.Context) {
		c.Status(204)
	})

	// 健康检查：返回状态与版本号（版本号从 .env 的 APP_VERSION 读取，打包/上传前写入）
	r.GET("/health", func(c *gin.Context) {
		c.JSON(200, gin.H{
			"status":  "ok",
			"version": cfg.Version,
		})
	})

	return r
}