feat: implement redirector api

server/jwt.go

@@ -73,22 +73,17 @@ func audienceContains(audience jwt.ClaimStrings, token string) bool {
 // will try to generate new access token and refresh token.
 func JWTMiddleware(server *Server, next echo.HandlerFunc, secret string) echo.HandlerFunc {
 	return func(c echo.Context) error {
-		path := c.Request().URL.Path
+		path := c.Path()
 		method := c.Request().Method
 
 		if server.defaultAuthSkipper(c) {
 			return next(c)
 		}
 
-		// Skip validation for server status endpoints.
-		if hasPrefixes(path, "/api/ping", "/api/v1/idp", "/api/user/:id") && method == http.MethodGet {
-			return next(c)
-		}
-
 		token := findAccessToken(c)
 		if token == "" {
 			// When the request is not authenticated, we allow the user to access the shortcut endpoints for those public shortcuts.
-			if hasPrefixes(path, "/api/status", "/api/shortcut") && method == http.MethodGet {
+			if hasPrefixes(path, "/api/v1/status", "/o/*") && method == http.MethodGet {
 				return next(c)
 			}
 			return echo.NewHTTPError(http.StatusUnauthorized, "Missing access token")

server/server.go

@@ -60,13 +60,13 @@ func NewServer(profile *profile.Profile, store *store.Store) (*Server, error) {
 	}
 	e.Use(session.Middleware(sessions.NewCookieStore([]byte(secret))))
 
+	apiGroup := e.Group("")
 	// Register API v1 routes.
 	apiV1Service := apiv1.NewAPIV1Service(profile, store)
-	apiV1Group := e.Group("/api/v1")
-	apiV1Group.Use(func(next echo.HandlerFunc) echo.HandlerFunc {
+	apiGroup.Use(func(next echo.HandlerFunc) echo.HandlerFunc {
 		return JWTMiddleware(s, next, string(secret))
 	})
-	apiV1Service.Start(apiV1Group, secret)
+	apiV1Service.Start(apiGroup, secret)
 
 	return s, nil
 }