Separate admin protected endpoints from non-admin endpoints

backend/main.go

@@ -71,33 +71,34 @@ func main() {
 	store := handlers.Store{DB: db, SpotifyAuth: spotifyAuth, SpotifyClient: spotifyClient, ClaudeClient: claudeClient, Auth: auth, Notes: notes}
 
 	protected := r.Group("/", store.AuthMiddlewear)
+	admin := r.Group("/", store.AuthMiddlewear, store.AdminMiddleware)
 
 	// FAVORITES
 	r.GET("/favorites", store.GetFavorites)
-	protected.POST("/favorites", store.CreateFavorite)
+	admin.POST("/favorites", store.CreateFavorite)
 
 	// ROWING
 	r.GET("/rowing", store.GetRowing)
-	protected.POST("/rowing", store.CreateRowing)
+	admin.POST("/rowing", store.CreateRowing)
 
 	// ACTIVITIES
 	r.GET("/activity", store.GetActivity)
-	protected.POST("/activity", store.CreateActivity)
+	admin.POST("/activity", store.CreateActivity)
 
 	// POSTS
 	r.GET("/posts", store.GetPosts)
-	protected.POST("/posts", store.CreatePost)
+	admin.POST("/posts", store.CreatePost)
 	r.GET("/posts/:id", store.GetPost)
-	protected.PUT("/posts/:id", store.UpdatePost)
-	protected.DELETE("/posts/:id", store.DeletePost)
+	admin.PUT("/posts/:id", store.UpdatePost)
+	admin.DELETE("/posts/:id", store.DeletePost)
 
 	// USERS
 	r.GET("/user/:id", store.GetUser)
-	protected.PUT("/user/:id", store.UpdateUser)
-	protected.DELETE("/user/:id", store.DeleteUser)
+	admin.PUT("/user/:id", store.UpdateUser)
+	admin.DELETE("/user/:id", store.DeleteUser)
 	r.GET("/user", store.GetUsers)
-	protected.POST("/user", store.CreateUser)
-	protected.PATCH("/user/:id/admin", store.SetUserAdmin)
+	admin.POST("/user", store.CreateUser)
+	admin.PATCH("/user/:id/admin", store.SetUserAdmin)
 
 	// AUTH
 	r.POST("/auth/login", store.Login)