Update api for auth

backend/internal/api/routes.go

@@ -1,14 +1,30 @@
 package api
 
 import (
+	"novamd/internal/auth"
 	"novamd/internal/db"
 	"novamd/internal/filesystem"
+	"novamd/internal/models"
 
 	"github.com/go-chi/chi/v5"
 )
 
-func SetupRoutes(r chi.Router, db *db.DB, fs *filesystem.FileSystem) {
-	r.Route("/", func(r chi.Router) {
+func SetupRoutes(r chi.Router, db *db.DB, fs *filesystem.FileSystem, authMiddleware *auth.Middleware, sessionService *auth.SessionService) {
+	// Public routes (no authentication required)
+	r.Group(func(r chi.Router) {
+		r.Post("/auth/login", Login(sessionService, db))
+		r.Post("/auth/refresh", RefreshToken(sessionService))
+	})
+
+	// Protected routes (authentication required)
+	r.Group(func(r chi.Router) {
+		// Apply authentication middleware to all routes in this group
+		r.Use(authMiddleware.Authenticate)
+
+		// Auth routes
+		r.Post("/auth/logout", Logout(sessionService))
+		r.Get("/auth/me", GetCurrentUser(db))
+
 		// User routes
 		r.Route("/users/{userId}", func(r chi.Router) {
 			r.Get("/", GetUser(db))
@@ -30,12 +46,11 @@ func SetupRoutes(r chi.Router, db *db.DB, fs *filesystem.FileSystem) {
 						r.Get("/", ListFiles(fs))
 						r.Get("/last", GetLastOpenedFile(db))
 						r.Put("/last", UpdateLastOpenedFile(db, fs))
-						r.Get("/lookup", LookupFileByName(fs)) // Moved here
+						r.Get("/lookup", LookupFileByName(fs))
 
 						r.Post("/*", SaveFile(fs))
 						r.Get("/*", GetFileContent(fs))
 						r.Delete("/*", DeleteFile(fs))
-
 					})
 
 					// Git routes
@@ -46,5 +61,11 @@ func SetupRoutes(r chi.Router, db *db.DB, fs *filesystem.FileSystem) {
 				})
 			})
 		})
+
+		// Admin-only routes
+		r.Group(func(r chi.Router) {
+			r.Use(authMiddleware.RequireRole(string(models.RoleAdmin)))
+			// Admin-only endpoints
+		})
 	})
 }