internal/routes/routes.go

package routes

import (
	"net/http"

	"github.com/juanatsap/cv-site/internal/chat"
	c "github.com/juanatsap/cv-site/internal/constants"
	"github.com/juanatsap/cv-site/internal/handlers"
	"github.com/juanatsap/cv-site/internal/middleware"
)

// Setup configures all application routes and middleware
func Setup(cvHandler *handlers.CVHandler, healthHandler *handlers.HealthHandler, chatHandler *chat.Handler) http.Handler {
	mux := http.NewServeMux()

	// Shortcut routes for default CV (year-aware) - MUST be before "/" route
	// Pattern: /cv-jamr-{year}-{lang}.pdf (e.g., /cv-jamr-2025-en.pdf)
	mux.HandleFunc("/cv-jamr-", cvHandler.DefaultCVShortcut)

	// API routes (must be before "/" to avoid catch-all)
	mux.HandleFunc("/api/cmd-k", cvHandler.CmdKData) // CMD+K command palette data

	// Chat endpoint with rate limiting (30 requests/hour per IP)
	chatRateLimiter := middleware.NewRateLimiter(c.RateLimitChatRequests, c.RateLimitChatWindow)
	mux.Handle("/api/chat", chatRateLimiter.Middleware(http.HandlerFunc(chatHandler.HandleChat)))
	mux.HandleFunc("/api/chat/warmup", chatHandler.HandleWarmup)  // Pre-load model on chat open
	mux.HandleFunc("/api/chat/status", chatHandler.HandleStatus) // Model readiness check

	// Public routes
	mux.HandleFunc("/", cvHandler.Home)
	mux.HandleFunc("/cv", cvHandler.CVContent)
	mux.HandleFunc("/text", cvHandler.PlainText)       // Plain text version for curl/AI
	mux.HandleFunc("/health", healthHandler.Check)

	// HTMX endpoints for interactive controls
	mux.HandleFunc("/switch-language", cvHandler.SwitchLanguage)
	mux.HandleFunc("/toggle/length", cvHandler.ToggleLength)
	mux.HandleFunc("/toggle/icons", cvHandler.ToggleIcons)
	mux.HandleFunc("/toggle/theme", cvHandler.ToggleTheme)

	// Contact form endpoint with full security chain:
	// BrowserOnly → RateLimiter → Handler
	// This blocks curl/Postman, enforces rate limits, then processes the request
	contactRateLimiter := middleware.NewRateLimiter(c.RateLimitContactRequests, c.RateLimitContactWindow)
	protectedContactHandler := middleware.BrowserOnly(
		contactRateLimiter.Middleware(
			http.HandlerFunc(cvHandler.HandleContact),
		),
	)
	mux.Handle("/api/contact", protectedContactHandler)

	// Protected PDF endpoint with rate limiting (3 requests/minute per IP)
	pdfRateLimiter := middleware.NewRateLimiter(c.RateLimitPDFRequests, c.RateLimitPDFWindow)
	protectedPDFHandler := middleware.OriginChecker(
		pdfRateLimiter.Middleware(
			http.HandlerFunc(cvHandler.ExportPDF),
		),
	)
	mux.Handle("/export/pdf", protectedPDFHandler)

	// Static files with cache control
	staticHandler := http.StripPrefix("/static/", http.FileServer(http.Dir(c.DirStatic)))
	mux.Handle("/static/", middleware.CacheControl(staticHandler))

	// Apply comprehensive middleware chain
	// Order: Recovery → Logger → SecurityHeaders → DynamicCacheControl → Preferences → Mux
	handler := middleware.Recovery(
		middleware.Logger(
			middleware.SecurityHeaders(
				middleware.DynamicCacheControl(
					middleware.PreferencesMiddleware(mux),
				),
			),
		),
	)

	return handler
}
feat: simplify architecture by removing cache layer and centralizing routes 2025-11-12 17:53:24 +00:00			`package routes`

			`import (`
			`"net/http"`

feat: add AI chat widget powered by ADK Go 1.0 2026-04-08 00:20:48 +01:00			`"github.com/juanatsap/cv-site/internal/chat"`
refactor: consolidate lang into constants, rename services to email 2025-12-06 17:05:17 +00:00			`c "github.com/juanatsap/cv-site/internal/constants"`
feat: simplify architecture by removing cache layer and centralizing routes 2025-11-12 17:53:24 +00:00			`"github.com/juanatsap/cv-site/internal/handlers"`
			`"github.com/juanatsap/cv-site/internal/middleware"`
			`)`

			`// Setup configures all application routes and middleware`
feat: add AI chat widget powered by ADK Go 1.0 2026-04-08 00:20:48 +01:00			`func Setup(cvHandler handlers.CVHandler, healthHandler handlers.HealthHandler, chatHandler *chat.Handler) http.Handler {`
feat: simplify architecture by removing cache layer and centralizing routes 2025-11-12 17:53:24 +00:00			`mux := http.NewServeMux()`

feat: Add year-aware PDF shortcut URLs + Default CV modal option 2025-11-20 12:14:53 +00:00			`// Shortcut routes for default CV (year-aware) - MUST be before "/" route`
			`// Pattern: /cv-jamr-{year}-{lang}.pdf (e.g., /cv-jamr-2025-en.pdf)`
			`mux.HandleFunc("/cv-jamr-", cvHandler.DefaultCVShortcut)`

feat: Add CMD+K command palette with ninja-keys integration 2025-12-01 13:03:06 +00:00			`// API routes (must be before "/" to avoid catch-all)`
feat: Ollama adapter + chat rate limiter (30 req/hour) 2026-04-08 14:47:14 +01:00			`mux.HandleFunc("/api/cmd-k", cvHandler.CmdKData) // CMD+K command palette data`

			`// Chat endpoint with rate limiting (30 requests/hour per IP)`
			`chatRateLimiter := middleware.NewRateLimiter(c.RateLimitChatRequests, c.RateLimitChatWindow)`
			`mux.Handle("/api/chat", chatRateLimiter.Middleware(http.HandlerFunc(chatHandler.HandleChat)))`
feat: chat UX overhaul — GLM local model, icons, layout modes, instant bubbles 2026-04-09 10:54:23 +01:00			`mux.HandleFunc("/api/chat/warmup", chatHandler.HandleWarmup) // Pre-load model on chat open`
			`mux.HandleFunc("/api/chat/status", chatHandler.HandleStatus) // Model readiness check`
feat: Add CMD+K command palette with ninja-keys integration 2025-12-01 13:03:06 +00:00
feat: simplify architecture by removing cache layer and centralizing routes 2025-11-12 17:53:24 +00:00			`// Public routes`
			`mux.HandleFunc("/", cvHandler.Home)`
			`mux.HandleFunc("/cv", cvHandler.CVContent)`
feat: Add CMD+K command palette with ninja-keys integration 2025-12-01 13:03:06 +00:00			`mux.HandleFunc("/text", cvHandler.PlainText) // Plain text version for curl/AI`
feat: simplify architecture by removing cache layer and centralizing routes 2025-11-12 17:53:24 +00:00			`mux.HandleFunc("/health", healthHandler.Check)`

phase ii and phase iii 2025-11-12 18:55:06 +00:00			`// HTMX endpoints for interactive controls`
more htmx 2025-11-14 21:38:09 +00:00			`mux.HandleFunc("/switch-language", cvHandler.SwitchLanguage)`
phase ii and phase iii 2025-11-12 18:55:06 +00:00			`mux.HandleFunc("/toggle/length", cvHandler.ToggleLength)`
feat: enhance shortcuts modal and complete logos-to-icons rename 2025-11-15 18:42:35 +00:00			`mux.HandleFunc("/toggle/icons", cvHandler.ToggleIcons)`
phase ii and phase iii 2025-11-12 18:55:06 +00:00			`mux.HandleFunc("/toggle/theme", cvHandler.ToggleTheme)`

feat: Add secure contact form with comprehensive security features 2025-11-30 14:31:58 +00:00			`// Contact form endpoint with full security chain:`
			`// BrowserOnly → RateLimiter → Handler`
			`// This blocks curl/Postman, enforces rate limits, then processes the request`
refactor: consolidate lang into constants, rename services to email 2025-12-06 17:05:17 +00:00			`contactRateLimiter := middleware.NewRateLimiter(c.RateLimitContactRequests, c.RateLimitContactWindow)`
feat: Add secure contact form with comprehensive security features 2025-11-30 14:31:58 +00:00			`protectedContactHandler := middleware.BrowserOnly(`
			`contactRateLimiter.Middleware(`
			`http.HandlerFunc(cvHandler.HandleContact),`
			`),`
feat: Add plain text CV endpoint and contact form with security 2025-11-30 13:47:49 +00:00			`)`
			`mux.Handle("/api/contact", protectedContactHandler)`

feat: simplify architecture by removing cache layer and centralizing routes 2025-11-12 17:53:24 +00:00			`// Protected PDF endpoint with rate limiting (3 requests/minute per IP)`
refactor: consolidate lang into constants, rename services to email 2025-12-06 17:05:17 +00:00			`pdfRateLimiter := middleware.NewRateLimiter(c.RateLimitPDFRequests, c.RateLimitPDFWindow)`
feat: simplify architecture by removing cache layer and centralizing routes 2025-11-12 17:53:24 +00:00			`protectedPDFHandler := middleware.OriginChecker(`
			`pdfRateLimiter.Middleware(`
			`http.HandlerFunc(cvHandler.ExportPDF),`
			`),`
			`)`
			`mux.Handle("/export/pdf", protectedPDFHandler)`

			`// Static files with cache control`
refactor: consolidate lang into constants, rename services to email 2025-12-06 17:05:17 +00:00			`staticHandler := http.StripPrefix("/static/", http.FileServer(http.Dir(c.DirStatic)))`
feat: simplify architecture by removing cache layer and centralizing routes 2025-11-12 17:53:24 +00:00			`mux.Handle("/static/", middleware.CacheControl(staticHandler))`

			`// Apply comprehensive middleware chain`
feat: comprehensive WCAG 2.1 AA accessibility audit 2025-12-02 10:46:53 +00:00			`// Order: Recovery → Logger → SecurityHeaders → DynamicCacheControl → Preferences → Mux`
feat: simplify architecture by removing cache layer and centralizing routes 2025-11-12 17:53:24 +00:00			`handler := middleware.Recovery(`
			`middleware.Logger(`
refactor: Integrate PreferencesMiddleware and update handlers 2025-11-20 17:56:47 +00:00			`middleware.SecurityHeaders(`
feat: comprehensive WCAG 2.1 AA accessibility audit 2025-12-02 10:46:53 +00:00			`middleware.DynamicCacheControl(`
			`middleware.PreferencesMiddleware(mux),`
			`),`
refactor: Integrate PreferencesMiddleware and update handlers 2025-11-20 17:56:47 +00:00			`),`
feat: simplify architecture by removing cache layer and centralizing routes 2025-11-12 17:53:24 +00:00			`),`
			`)`

			`return handler`
			`}`