MediaCollectorLibary/routes/api2.php

<?php

use Psr\Http\Message\ResponseInterface as Response;
use Psr\Http\Message\ServerRequestInterface as Request;
use Slim\Routing\RouteCollectorProxy;
use App\Middleware\ApiAuthMiddleware;
use App\Controllers\Api\MediaController;
use App\Controllers\Api\AuthController;
use App\Services\AuthService;
use App\Services\JwtService;
use App\Controllers\Api\DocsController;

// Get container
$container = $app->getContainer();

// API routes group
$app->group('/api', function (RouteCollectorProxy $group) use ($container) {
    
    $docsController = $this->get(DocsController::class);

    // Public endpoints
    $group->get('/status', function (Request $request, Response $response) {
        $response->getBody()->write(json_encode([
            'status' => 'ok',
            'timestamp' => time(),
            'version' => '1.0.0'
        ]));
        return $response->withHeader('Content-Type', 'application/json');
    });
    $group->get('/doku', [$docsController, 'getOpenApiSpec']);

    $group->get('/docu', [$docsController, 'showDocs']);

    // Auth routes
    $group->group('/auth', function (RouteCollectorProxy $group) use ($container) {
        $authController = $container->get(AuthController::class);
        
        $group->post('/login', [$authController, 'login']);
        $group->post('/register', [$authController, 'register']);
        $group->post('/refresh', [$authController, 'refreshToken']);
        $group->get('/me', [$authController, 'getCurrentUser'])
            ->add(new ApiAuthMiddleware($container->get(AuthService::class)));
    });

    // Protected routes (require authentication)
    $group->group('', function (RouteCollectorProxy $group) use ($container) {
        $mediaController = $container->get(MediaController::class);
        
        // Games
        $group->get('/games', [$mediaController, 'listGames']);
        $group->get('/games/{id:[0-9]+}', [$mediaController, 'getGame']);
        
        // Movies
        $group->get('/movies', [$mediaController, 'listMovies']);
        $group->get('/movies/{id:[0-9]+}', [$mediaController, 'getMovie']);
        
        // TV Shows
        $group->get('/tvshows', [$mediaController, 'listTvShows']);
        $group->get('/tvshows/{id:[0-9]+}', [$mediaController, 'getTvShow']);
        
        // Search
        $group->get('/search', [$mediaController, 'search']);
        
    })->add(new ApiAuthMiddleware($container->get(AuthService::class)));

    // Admin routes (require admin role)
    $group->group('/admin', function (RouteCollectorProxy $group) use ($container) {
        // Add admin-specific routes here
        $group->get('/users', function (Request $request, Response $response) {
            // Admin-only user listing
            $response->getBody()->write(json_encode(['message' => 'Admin access granted']));
            return $response->withHeader('Content-Type', 'application/json');
        });
    })->add(new ApiAuthMiddleware($container->get(AuthService::class)));
});

// Add CORS middleware
$app->add(function (Request $request, $handler) {
    $response = $handler->handle($request);
    return $response
        ->withHeader('Access-Control-Allow-Origin', '*')
        ->withHeader('Access-Control-Allow-Headers', 'X-Requested-With, Content-Type, Accept, Origin, Authorization')
        ->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, PATCH, OPTIONS');
});

// Handle preflight requests
$app->options('/{routes:.+}', function (Request $request, Response $response, $args) {
    return $response;
});