add jwt auth, fix session handling, clean up middlewares

actix_mvc_app/src/routes/mod.rs

@@ -1,23 +1,23 @@
 use actix_web::web;
 use actix_session::{SessionMiddleware, storage::CookieSessionStore};
-use actix_web::cookie::Key;
 use crate::controllers::home::HomeController;
 use crate::controllers::auth::AuthController;
 use crate::controllers::ticket::TicketController;
 use crate::controllers::calendar::CalendarController;
+use crate::middleware::JwtAuth;
+use crate::SESSION_KEY;
 
 /// Configures all application routes
 pub fn configure_routes(cfg: &mut web::ServiceConfig) {
-    // Generate a random key for cookie encryption
-    let key = Key::generate();
-
-    // Configure session middleware with cookie store
-    let session_middleware = SessionMiddleware::new(
+    // Configure session middleware with the consistent key
+    let session_middleware = SessionMiddleware::builder(
         CookieSessionStore::default(),
-        key.clone()
-    );
-
+        SESSION_KEY.clone()
+    )
+    .cookie_secure(false) // Set to true in production with HTTPS
+    .build();
 
+    // Public routes that don't require authentication
     cfg.service(
         web::scope("")
             .wrap(session_middleware)
@@ -26,7 +26,6 @@ pub fn configure_routes(cfg: &mut web::ServiceConfig) {
             .route("/about", web::get().to(HomeController::about))
             .route("/contact", web::get().to(HomeController::contact))
             .route("/contact", web::post().to(HomeController::submit_contact))
-            .route("/editor", web::get().to(HomeController::editor))
             
             // Auth routes
             .route("/login", web::get().to(AuthController::login_page))
@@ -35,19 +34,29 @@ pub fn configure_routes(cfg: &mut web::ServiceConfig) {
             .route("/register", web::post().to(AuthController::register))
             .route("/logout", web::get().to(AuthController::logout))
             
+            // Protected routes that require authentication
+            // These routes will be protected by the JwtAuth middleware in the main.rs file
+            .route("/editor", web::get().to(HomeController::editor))
+            
             // Ticket routes
             .route("/tickets", web::get().to(TicketController::list_tickets))
             .route("/tickets/new", web::get().to(TicketController::new_ticket))
-            .route("/tickets/new", web::post().to(TicketController::create_ticket))
-            .route("/tickets/my", web::get().to(TicketController::my_tickets))
+            .route("/tickets", web::post().to(TicketController::create_ticket))
             .route("/tickets/{id}", web::get().to(TicketController::show_ticket))
             .route("/tickets/{id}/comment", web::post().to(TicketController::add_comment))
-            .route("/tickets/{id}/status/{status}", web::get().to(TicketController::update_status))
+            .route("/tickets/{id}/status/{status}", web::post().to(TicketController::update_status))
+            .route("/my-tickets", web::get().to(TicketController::my_tickets))
             
             // Calendar routes
             .route("/calendar", web::get().to(CalendarController::calendar))
-            .route("/calendar/new", web::get().to(CalendarController::new_event))
-            .route("/calendar/new", web::post().to(CalendarController::create_event))
-            .route("/calendar/{id}/delete", web::get().to(CalendarController::delete_event))
+            .route("/calendar/events/new", web::get().to(CalendarController::new_event))
+            .route("/calendar/events", web::post().to(CalendarController::create_event))
+            .route("/calendar/events/{id}/delete", web::post().to(CalendarController::delete_event))
+    );
+    
+    // Keep the /protected scope for any future routes that should be under that path
+    cfg.service(
+        web::scope("/protected")
+            .wrap(JwtAuth)  // Apply JWT authentication middleware
     );
 }