add authentication method

internal/httpapp/routes.go

@@ -1,6 +1,10 @@
 package httpapp
 
-import "net/http"
+import (
+	"net/http"
+
+	"gitea.avt.data-center.id/othman.suseno/atlas/internal/models"
+)
 
 func (a *App) routes() {
 	// Static files
@@ -85,7 +89,7 @@ func (a *App) routes() {
 	))
 	a.mux.HandleFunc("/api/v1/jobs/", a.handleJobOps)
 
-	// Authentication & Authorization
+	// Authentication & Authorization (public endpoints)
 	a.mux.HandleFunc("/api/v1/auth/login", methodHandler(
 		nil,
 		func(w http.ResponseWriter, r *http.Request) { a.handleLogin(w, r) },
@@ -96,12 +100,17 @@ func (a *App) routes() {
 		func(w http.ResponseWriter, r *http.Request) { a.handleLogout(w, r) },
 		nil, nil, nil,
 	))
+
+	// User Management (requires authentication, admin-only for create/update/delete)
 	a.mux.HandleFunc("/api/v1/users", methodHandler(
 		func(w http.ResponseWriter, r *http.Request) { a.handleListUsers(w, r) },
-		func(w http.ResponseWriter, r *http.Request) { a.handleCreateUser(w, r) },
+		func(w http.ResponseWriter, r *http.Request) {
+			adminRole := models.RoleAdministrator
+			a.requireRole(adminRole)(http.HandlerFunc(a.handleCreateUser)).ServeHTTP(w, r)
+		},
 		nil, nil, nil,
 	))
-	a.mux.HandleFunc("/api/v1/users/", a.handleUserOps)
+	a.mux.HandleFunc("/api/v1/users/", a.handleUserOpsWithAuth)
 
 	// Audit Logs
 	a.mux.HandleFunc("/api/v1/audit", a.handleListAuditLogs)