refactor: Reorganize routes into /api/v1 #492
Conversation
- Update all routes to use consistent `/api/v1/` prefix - Modify authentication, media, detection, and SSE routes - Update view templates to use new API route structure - Improve route organization and predictability - Enhance cache control middleware for API routes
…ractivity - Create reusable HTML components for text, password, host, and checkbox inputs - Implement Alpine.js-powered input validation and interactive features - Add tooltips, error messages, and accessibility attributes - Standardize form input styling and behavior across components
WalkthroughThis update systematically revises API route paths by injecting a version prefix ( Changes
Possibly related PRs
Poem
✨ Finishing Touches
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 0
🧹 Nitpick comments (1)
internal/httpcontroller/auth_routes.go (1)
20-23: Consider moving basic auth routes under /api/v1 for consistency.While OAuth2 and social authentication routes use the
/api/v1prefix, basic authentication routes (/login,/logout) remain at the root level. This inconsistency could make API documentation and maintenance more difficult.// Basic authentication routes -g.GET("/login", s.Handlers.WithErrorHandling(s.handleLoginPage)) -g.POST("/login", s.handleBasicAuthLogin) -g.GET("/logout", s.Handlers.WithErrorHandling(s.handleLogout)) +g.GET("/api/v1/login", s.Handlers.WithErrorHandling(s.handleLoginPage)) +g.POST("/api/v1/login", s.handleBasicAuthLogin) +g.GET("/api/v1/logout", s.Handlers.WithErrorHandling(s.handleLogout))Also applies to: 25-27, 29-32
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (19)
internal/httpcontroller/auth_routes.go(2 hunks)internal/httpcontroller/handlers/audio_level_sse.go(1 hunks)internal/httpcontroller/handlers/detections.go(7 hunks)internal/httpcontroller/handlers/media.go(7 hunks)internal/httpcontroller/handlers/mqtt.go(1 hunks)internal/httpcontroller/handlers/settings.go(2 hunks)internal/httpcontroller/handlers/sse.go(1 hunks)internal/httpcontroller/htmx_routes.go(2 hunks)internal/httpcontroller/middleware.go(3 hunks)views/elements/audioLevelIndicator.html(1 hunks)views/elements/callback.html(1 hunks)views/elements/dashboard.html(2 hunks)views/elements/login.html(1 hunks)views/elements/reviewModal.html(2 hunks)views/fragments/birdsTable.html(3 hunks)views/fragments/detectionDetails.html(3 hunks)views/fragments/listDetections.html(8 hunks)views/fragments/recentDetections.html(10 hunks)views/pages/settings/settingsBase.html(2 hunks)
✅ Files skipped from review due to trivial changes (4)
- internal/httpcontroller/handlers/sse.go
- internal/httpcontroller/handlers/mqtt.go
- internal/httpcontroller/handlers/settings.go
- internal/httpcontroller/handlers/audio_level_sse.go
⏰ Context from checks skipped due to timeout of 90000ms (2)
- GitHub Check: unit-tests
- GitHub Check: Analyze (go)
🔇 Additional comments (47)
internal/httpcontroller/auth_routes.go (2)
30-32: LGTM! Rate limiting is properly configured for authentication routes.The rate limiter is correctly applied to protect against brute force attacks, with a reasonable limit of 10 requests per interval.
114-133: LGTM! Secure implementation of basic authentication.The implementation includes several security best practices:
- Constant-time password comparison to prevent timing attacks
- Proper validation of redirect parameter
- Updated callback URL to use the new API versioning scheme
internal/httpcontroller/middleware.go (3)
31-70: LGTM! Robust CSRF protection with secure defaults.The CSRF middleware is well-configured with:
- Secure cookie settings (HTTPOnly, SameSite Lax)
- Consistent API versioning in skip paths
- Comprehensive error logging
81-122: LGTM! Well-structured cache control with appropriate settings for each content type.The implementation provides:
- No caching for API endpoints (no-store)
- Long-term caching for static assets
- 30-day caching for spectrograms
- Proper debug logging
174-183: LGTM! Comprehensive protection of sensitive routes.The function correctly identifies and protects sensitive operations under the new API versioning scheme.
internal/httpcontroller/htmx_routes.go (1)
90-98: LGTM! Well-organized route structure with clear separation of concerns.The implementation:
- Consistently applies /api/v1 prefix to API routes
- Keeps UI routes at root level
- Maintains uniform error handling
internal/httpcontroller/handlers/media.go (2)
222-298: LGTM! Robust implementation of spectrogram serving with proper error handling.The implementation includes:
- Correct content type headers for both success and error cases
- Consistent 30-day caching strategy
- Secure path sanitization
- Proper fallback to placeholder SVG
597-673: LGTM! Secure implementation of audio file serving.The implementation includes:
- Proper MIME type detection
- Secure path traversal prevention
- Sanitized Content-Disposition headers
- Comprehensive error handling
internal/httpcontroller/handlers/detections.go (7)
41-41: LGTM!The API documentation comment follows the standard format and clearly indicates the endpoint.
172-173: LGTM!The API documentation comments follow the standard format and clearly indicate the endpoint.
215-215: LGTM!The API documentation comment follows the standard format and clearly indicates the endpoint.
323-323: LGTM!The API documentation comment follows the standard format and clearly indicates the endpoint.
488-488: LGTM!The API documentation comment follows the standard format and clearly indicates the endpoint.
593-594: LGTM!The API documentation comments follow the standard format and clearly indicate the endpoint.
667-667: LGTM!The API documentation comment follows the standard format and clearly indicates the endpoint.
views/elements/callback.html (1)
24-24: LGTM!The OAuth2 token endpoint has been correctly updated to include the
/api/v1prefix, aligning with the PR objective.views/elements/dashboard.html (2)
20-20: LGTM!The top birds endpoint has been correctly updated to include the
/api/v1prefix, aligning with the PR objective.
51-51: LGTM!The recent detections endpoint has been correctly updated to include the
/api/v1prefix, aligning with the PR objective.views/fragments/detectionDetails.html (3)
27-27: LGTM!The spectrogram endpoint has been correctly updated to include the
/api/v1prefix, aligning with the PR objective.
37-37: LGTM!The audio endpoint has been correctly updated to include the
/api/v1prefix, aligning with the PR objective.
55-55: LGTM!The audio download endpoint has been correctly updated to include the
/api/v1prefix, aligning with the PR objective.views/elements/login.html (2)
53-57: API Versioning for Social Authentication (Google)
The anchor link for Google authentication has been updated to use/api/v1/auth/google. This change is consistent with the new API version scheme. Please ensure that the corresponding backend route for Google authentication is also updated.
59-64: API Versioning for Social Authentication (GitHub)
The GitHub authentication URL now correctly uses/api/v1/auth/github, aligning it with the new routing structure. Double-check that the server’s route handling for GitHub authentication reflects this update.views/fragments/birdsTable.html (4)
29-30: Updated Species Row Link Endpoint
The species row anchor now queries detections using/api/v1/detections?species={{urlquery .Note.CommonName}}&date={{urlquery $.SelectedDate}}&queryType=species. This is a correct update in line with the new versioned API structure.
37-40: Consistent API Versioning for Thumbnail Link
The thumbnail link has been updated to use the new endpoint (/api/v1/detections?species=...). This ensures that both textual and thumbnail-based navigation retrieve species-specific detections correctly.
87-100: Updated Hour Header Endpoint
The hour header’s anchor now points to/api/v1/detections?date={{urlquery .Date}}&hour={{.HourIndex}}&duration={{.Length}}&queryType=hourly. This change properly versioned the hourly detection query endpoint.
107-109: Revised Count Display Link
The count display link has been modified to use/api/v1/detections?species={{urlquery .Species}}&date={{urlquery .Date}}&hour={{.HourIndex}}&duration={{.Duration}}&queryType=species, which is fully consistent with the new API versioning.views/elements/reviewModal.html (2)
33-35: Updated Spectrogram Image Source URL
The spectrogram image now loads from/api/v1/media/spectrogram?clip={{.ClipName}}, ensuring that media assets are served via the new API version endpoint.
45-48: Updated Review Form Submission Endpoint
The review form’s submission URL is updated to/api/v1/detections/review. This change aligns the review submission process with the versioned API strategy.views/fragments/recentDetections.html (9)
44-47: Updated Detection Details Link (Desktop Layout)
The detection details link for the desktop layout now directs to/api/v1/detections/details?id={{.ID}}, ensuring that detailed detection data is fetched via the versioned endpoint.
55-59: Revised Thumbnail Link Endpoint (Desktop Layout)
The thumbnail anchor has been updated to use/api/v1/detections/details?id={{.ID}}, maintaining consistency in navigation when a user clicks on the bird thumbnail image.
93-95: Revised Spectrogram Image Source (Desktop Layout)
The spectrogram image for desktop now sources from/api/v1/media/spectrogram?clip={{.ClipName}}, aligning with the updated API version for media retrieval.
102-104: Updated Audio Element Source (Desktop Layout)
The desktop audio element now references/api/v1/media/audio?clip={{.ClipName}}, ensuring that audio clips are loaded through the versioned media endpoint.
114-115: Audio Download Link Endpoint Update (Desktop Layout)
The download link for the audio file now uses/api/v1/media/audio?clip={{.ClipName}}. This update maintains consistency with the media API changes.
147-150: Updated Detection Details Link (Responsive Layout)
In the responsive layout, the detection details link has been updated to/api/v1/detections/details?id={{.ID}}. This ensures that mobile navigation aligns with the new API versioned endpoints.
165-169: Updated Thumbnail Link for Responsive Layout
The responsive thumbnail link now correctly routes to/api/v1/detections/details?id={{.ID}}, matching the versioned format used in the desktop view.
178-180: Revised Spectrogram Image Source (Responsive Layout)
The spectrogram image in the responsive layout now loads from/api/v1/media/spectrogram?clip={{.ClipName}}, in line with the updated media endpoints.
188-189: Updated Audio Element Source (Responsive Layout)
The audio element for the responsive layout is now updated to retrieve the clip from/api/v1/media/audio?clip={{.ClipName}}, ensuring consistent media access across layouts.views/pages/settings/settingsBase.html (2)
54-56: Updated EventSource URL for SSE
The initialization of the EventSource is now set to/api/v1/sse. This change is key to ensuring that all real‐time notifications are routed through the versioned API endpoint. Please verify the server’s SSE configuration accordingly.
152-158: Revised Settings Save Endpoint
The settings save fetch request now targets/api/v1/settings/save. This update is consistent with the overall API versioning strategy. Ensure that backend CSRF validation and settings processing remain fully functional under the new route.views/fragments/listDetections.html (6)
6-6: API Version Prefix in Detection Query
Thehx-getattribute on line 6 now correctly includes the/api/v1/prefix, updating the detections query endpoint to/api/v1/detections?.... This change aligns with the new API versioning strategy.
88-91: Updated Detection Details Endpoint
The URL in the anchor’shx-getattribute has been updated to/api/v1/detections/details?id={{.ID}}, ensuring consistency with the versioned API.
137-137: Updated Spectrogram Media URL
The imagesrcattribute for the spectrogram now correctly points to/api/v1/media/spectrogram?clip={{.ClipName}}, conforming to the new API route structure.
146-146: Updated Audio Media URL
The audio element’s source has been updated to/api/v1/media/audio?clip={{.ClipName}}. This change is consistent with the API versioning and ensures that audio media is served from the correct endpoint.
191-197: Updated Pagination - "Previous" Button Endpoint
Thehx-getURL for the "Previous" pagination button now includes the/api/v1/detectionsprefix and correctly computes theoffsetusing{{sub .Offset .NumResults}}. This update is in line with the new routing structure.
204-210: Updated Pagination - "Next" Button Endpoint
The "Next" button now calls an endpoint updated to/api/v1/detectionswith the offset calculated via{{add .Offset .NumResults}}, ensuring consistency across all pagination links.views/elements/audioLevelIndicator.html (1)
56-56: API Version Update for Audio Level SSE
TheEventSourceinitialization now uses the updated endpoint/api/v1/audio-level, which correctly reflects the versioning changes for SSE connections. The update is seamlessly integrated with the existing error handling and reconnection logic.
No description provided.