diff options
Diffstat (limited to 'cmd/dashboard')
| -rw-r--r-- | cmd/dashboard/main.go | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/cmd/dashboard/main.go b/cmd/dashboard/main.go index ce91e6e..8f87e30 100644 --- a/cmd/dashboard/main.go +++ b/cmd/dashboard/main.go @@ -136,6 +136,9 @@ func main() { // Rate limiter for auth endpoints authRateLimiter := appmiddleware.NewRateLimiter(config.AuthRateLimitRequests, config.AuthRateLimitWindow) + // Rate limiter for agent auth (stricter - 10 requests/minute per IP) + agentAuthRateLimiter := appmiddleware.NewRateLimiter(10, time.Minute) + // Public routes (no auth required) r.Get("/login", authHandlers.HandleLoginPage) r.With(authRateLimiter.Limit).Post("/login", authHandlers.HandleLogin) @@ -148,6 +151,33 @@ func main() { // Conditions page (public - no auth required) r.Get("/conditions", h.HandleConditionsPage) + // Agent API + r.Route("/agent", func(r chi.Router) { + // Public endpoints (no browser auth, but rate limited) + r.With(agentAuthRateLimiter.Limit).Post("/auth/request", h.HandleAgentAuthRequest) + r.Get("/auth/poll", h.HandleAgentAuthPoll) + + // Browser auth required for approve/deny + r.Group(func(r chi.Router) { + r.Use(authHandlers.Middleware().RequireAuth) + r.Post("/auth/approve", h.HandleAgentAuthApprove) + r.Post("/auth/deny", h.HandleAgentAuthDeny) + }) + + // Agent session required for context + r.Group(func(r chi.Router) { + r.Use(h.AgentAuthMiddleware) + r.Get("/context", h.HandleAgentContext) + }) + + // HTML endpoints for browser-only agents (GET requests only) + r.Route("/web", func(r chi.Router) { + r.With(agentAuthRateLimiter.Limit).Get("/request", h.HandleAgentWebRequest) + r.Get("/status", h.HandleAgentWebStatus) + r.Get("/context", h.HandleAgentWebContext) + }) + }) + // Protected routes (auth required) r.Group(func(r chi.Router) { r.Use(authHandlers.Middleware().RequireAuth) @@ -201,6 +231,9 @@ func main() { // Shopping mode (focused single-store view) r.Get("/shopping/mode/{store}", h.HandleShoppingMode) r.Post("/shopping/mode/{store}/toggle", h.HandleShoppingModeToggle) + + // WebSocket for notifications + r.Get("/ws/notifications", h.HandleWebSocket) }) // Start server |