refactor(api): rename web module to middlewares and separate route groups

- Fix critical issue regarding auth
- Rename web module to middlewares for better semantic clarity
- Split routes into public and protected groups
- Move /search endpoint to public routes (no auth required)
- Group /user, /favorites, and /playlist under protected routes
- Update all controller imports to reference new module path

Author: atomkernel0

src/controllers/album_controller.rs

@@ -3,7 +3,7 @@ use crate::{
     models::album::{AlbumWithArtists, AlbumWithRelations, AlbumsMetaResponse},
     models::database_helpers::CountResult,
     services::album_service::AlbumService,
-    web::mw_auth::Ctx,
+    middlewares::mw_auth::Ctx,
     AppState,
     Result,
 };

src/controllers/favorite_controller.rs

@@ -1,4 +1,4 @@
-use crate::{error::Error, web::mw_auth::Ctx, AppState};
+use crate::{error::Error, middlewares::mw_auth::Ctx, AppState};
 use axum::{
     extract::{Path, Query, State},
     Extension, Json,

src/controllers/playlist_controller.rs

@@ -9,7 +9,7 @@ use surrealdb::sql::Thing;
 use crate::{
     models::playlist::{CreatePlaylistRequest, Playlist, PlaylistWithSongs},
     services::playlist_service::PlaylistService,
-    web::mw_auth::Ctx,
+    middlewares::mw_auth::Ctx,
     AppState, Error,
 };
 

src/controllers/song_controller.rs

@@ -6,7 +6,7 @@ use crate::{
         song::SongWithRelations,
     },
     services::song_service::{SongService, ListenResult},
-    web::mw_auth::Ctx,
+    middlewares::mw_auth::Ctx,
     AppState, Error,
 };
 use axum::{

src/controllers/user_controller.rs

@@ -4,7 +4,7 @@ use axum::{
 };
 
 use crate::{
-    models::user::UserProfile, services::user_service::UserService, web::mw_auth::Ctx, AppState,
+    models::user::UserProfile, services::user_service::UserService, middlewares::mw_auth::Ctx, AppState,
     Error,
 };
 

src/main.rs

@@ -36,7 +36,7 @@ mod helpers;
 mod models;
 mod routes;
 mod services;
-mod web;
+mod middlewares;
 
 #[derive(Clone)]
 struct AppState {
@@ -87,17 +87,20 @@ async fn main() -> Result<()> {
         .nest("/albums", AlbumRoutes::routes())
         .nest("/artists", ArtistRoutes::routes())
         .nest("/song", SongRoutes::routes())
+        .nest("/search", SearchRoutes::routes());
+
+    let protected_routes = Router::new()
         .nest("/user", UserRoutes::routes())
         .nest("/favorites", FavoriteRoutes::routes())
-        .nest("/search", SearchRoutes::routes())
         .nest("/playlist", PlaylistRoutes::routes())
         .route_layer(middleware::from_fn_with_state(
             app_state.clone(),
-            web::mw_auth::mw_auth,
+            middlewares::mw_auth::mw_auth,
         ));
 
     let routes_all = Router::new()
         .nest("/api", routes_api)
+        .nest("/api", protected_routes)
         .with_state(app_state)
         .layer(
             TraceLayer::new_for_http()

src/web/mod.rs src/middlewares/mod.rssrc/web/mod.rs renamed to src/middlewares/mod.rs

@@ -31,30 +31,28 @@ pub async fn mw_auth(
         .headers()
         .get(header::AUTHORIZATION)
         .and_then(|value| value.to_str().ok())
-        .and_then(|str| str.strip_prefix("Bearer "));
-
-    if let Some(token) = token {
-        let claims: Claims = TokenService::validate_token(token, &app_state.auth_config)?;
-
-        let sub_str = claims.sub.clone();
-        let user_id = parse_id_part(&sub_str);
-        let user_thing = create_user_thing(user_id);
-
-        let mut result = app_state
-            .db
-            .query("SELECT * FROM $user_thing")
-            .bind(("user_thing", user_thing))
-            .await?;
-        let user: Option<UserRecord> = result.take(0)?;
-
-        if let Some(user) = user {
-            let ctx = Ctx::new(claims.sub.clone(), claims.exp as usize, user);
-            req.extensions_mut().insert(ctx);
-        } else {
-            return Err(Error::UserNotFound {
-                username: claims.sub,
-            });
-        }
-    }
+        .and_then(|str| str.strip_prefix("Bearer "))
+        .ok_or(Error::AuthFailNoAuthTokenCookie)?;
+
+    let claims: Claims = TokenService::validate_token(token, &app_state.auth_config)?;
+
+    let sub_str = claims.sub.clone();
+    let user_id = parse_id_part(&sub_str);
+    let user_thing = create_user_thing(user_id);
+
+    let mut result = app_state
+        .db
+        .query("SELECT * FROM $user_thing")
+        .bind(("user_thing", user_thing))
+        .await?;
+    let user: Option<UserRecord> = result.take(0)?;
+
+    let user = user.ok_or(Error::UserNotFound {
+        username: claims.sub.clone(),
+    })?;
+
+    let ctx = Ctx::new(claims.sub, claims.exp as usize, user);
+    req.extensions_mut().insert(ctx);
+
     Ok(next.run(req).await)
 }

src/web/mw_auth.rs src/middlewares/mw_auth.rssrc/web/mw_auth.rs renamed to src/middlewares/mw_auth.rs

@@ -8,7 +8,7 @@ use axum::{
     response::Response,
 };
 
-use crate::{web::mw_auth::Ctx, AppState};
+use crate::{middlewares::mw_auth::Ctx, AppState};
 
 pub async fn rate_limit_middleware(
     State(app_state): State<AppState>,