add user checks in routes

README.md

@@ -42,47 +42,50 @@ _Resources page of Pangolin dashboard (dark mode) showing multiple resources ava
 
 ### Reverse Proxy Through WireGuard Tunnel
 
--   Expose private resources on your network **without opening ports** (firewall punching).
--   Secure and easy to configure site-to-site connectivity via a custom **user space WireGuard client**, [Newt](https://github.com/fosrl/newt).
--   Built-in support for any WireGuard client.
--   Automated **SSL certificates** (https) via [LetsEncrypt](https://letsencrypt.org/).
--   Support for HTTP/HTTPS and **raw TCP/UDP services**.
--   Load balancing.
+- Expose private resources on your network **without opening ports** (firewall punching).
+- Secure and easy to configure site-to-site connectivity via a custom **user space WireGuard client**, [Newt](https://github.com/fosrl/newt).
+- Built-in support for any WireGuard client.
+- Automated **SSL certificates** (https) via [LetsEncrypt](https://letsencrypt.org/).
+- Support for HTTP/HTTPS and **raw TCP/UDP services**.
+- Load balancing.
 
 ### Identity & Access Management
 
--   Centralized authentication system using platform SSO. **Users will only have to manage one login.**
--   **Define access control rules for IPs, IP ranges, and URL paths per resource.**
--   TOTP with backup codes for two-factor authentication.
--   Create organizations, each with multiple sites, users, and roles.
--   **Role-based access control** to manage resource access permissions.
--   Additional authentication options include:
-    -   Email whitelisting with **one-time passcodes.**
-    -   **Temporary, self-destructing share links.**
-    -   Resource specific pin codes.
-    -   Resource specific passwords.
-- OIDC Support for IDPs like Authentik
+- Centralized authentication system using platform SSO. **Users will only have to manage one login.**
+- **Define access control rules for IPs, IP ranges, and URL paths per resource.**
+- TOTP with backup codes for two-factor authentication.
+- Create organizations, each with multiple sites, users, and roles.
+- **Role-based access control** to manage resource access permissions.
+- Additional authentication options include:
+    - Email whitelisting with **one-time passcodes.**
+    - **Temporary, self-destructing share links.**
+    - Resource specific pin codes.
+    - Resource specific passwords.
+- External identity provider (IdP) support with OAuth2/OIDC, such as Authentik, Keycloak, Okta, and others.
+    - Auto-provision users and roles from your IdP.
 
 ### Simple Dashboard UI
 
--   Manage sites, users, and roles with a clean and intuitive UI.
--   Monitor site usage and connectivity.
--   Light and dark mode options.
--   Mobile friendly.
+- Manage sites, users, and roles with a clean and intuitive UI.
+- Monitor site usage and connectivity.
+- Light and dark mode options.
+- Mobile friendly.
 
 ### Easy Deployment
 
--   Run on any cloud provider or on-premises.
--   **Docker Compose based setup** for simplified deployment.
--   Future-proof installation script for streamlined setup and feature additions.
--   Use any WireGuard client to connect, or use **Newt, our custom user space client** for the best experience.
+- Run on any cloud provider or on-premises.
+- **Docker Compose based setup** for simplified deployment.
+- Future-proof installation script for streamlined setup and feature additions.
+- Use any WireGuard client to connect, or use **Newt, our custom user space client** for the best experience.
 - Use the API to create custom integrations and scripts.
+    - Fine-grained access control to the API via scoped API keys.
+    - Comprehensive Swagger documentation for the API.
 
 ### Modular Design
 
--   Extend functionality with existing [Traefik](https://github.com/traefik/traefik) plugins, such as [CrowdSec](https://plugins.traefik.io/plugins/6335346ca4caa9ddeffda116/crowdsec-bouncer-traefik-plugin) and [Geoblock](github.com/PascalMinder/geoblock).
+- Extend functionality with existing [Traefik](https://github.com/traefik/traefik) plugins, such as [CrowdSec](https://plugins.traefik.io/plugins/6335346ca4caa9ddeffda116/crowdsec-bouncer-traefik-plugin) and [Geoblock](github.com/PascalMinder/geoblock).
     - **Automatically install and configure Crowdsec via Pangolin's installer script.**
--   Attach as many sites to the central server as you wish.
+- Attach as many sites to the central server as you wish.
 
 <img src="public/screenshots/collage.png" alt="Collage"/>
 
@@ -90,8 +93,8 @@ _Resources page of Pangolin dashboard (dark mode) showing multiple resources ava
 
 1. **Deploy the Central Server**:
 
-   - Deploy the Docker Compose stack onto a VPS hosted on a cloud platform like RackNerd, Amazon EC2, DigitalOcean Droplet, or similar. There are many cheap VPS hosting options available to suit your needs.
-   
+    - Deploy the Docker Compose stack onto a VPS hosted on a cloud platform like RackNerd, Amazon EC2, DigitalOcean Droplet, or similar. There are many cheap VPS hosting options available to suit your needs.
+
 > [!TIP]
 > Many of our users have had a great experience with [RackNerd](https://my.racknerd.com/aff.php?aff=13788). Depending on promotions, you can likely get a **VPS with 1 vCPU, 1GB RAM, and ~20GB SSD for just around $12/year**. That's a great deal!
 > We are part of the [RackNerd](https://my.racknerd.com/aff.php?aff=13788) affiliate program, so if you purchase through [our link](https://my.racknerd.com/aff.php?aff=13788), we receive a small commission which helps us maintain the project and keep it free for everyone.
@@ -113,23 +116,21 @@ _Resources page of Pangolin dashboard (dark mode) showing multiple resources ava
 **Use Case Example - Bypassing Port Restrictions in Home Lab**:  
  Imagine private sites where the ISP restricts port forwarding. By connecting these sites to Pangolin via WireGuard, you can securely expose HTTP and HTTPS resources on the private network without any networking complexity.
 
-**Use Case Example - Deploying Services For Your Business**
- You can use Pangolin as an easy way to expose your business applications to your users behind a safe authentication portal you can integrate into your IDP solution. Expose resources on prem and on the cloud.
+**Use Case Example - Deploying Services For Your Business**:
+You can use Pangolin as an easy way to expose your business applications to your users behind a safe authentication portal you can integrate into your IdP solution. Expose resources on prem and on the cloud.
 
 **Use Case Example - IoT Networks**:  
  IoT networks are often fragmented and difficult to manage. By deploying Pangolin on a central server, you can connect all your IoT sites via Newt or another WireGuard client. This creates a simple, secure, and centralized way to access IoT resources without the need for intricate networking setups.
 
-<img src="public/screenshots/resources.png" alt="Resources"/>
-
 _Resources page of Pangolin dashboard (dark mode) showing HTTPS and TCP resources with access control rules._
 
 ## Similar Projects and Inspirations
 
 **Cloudflare Tunnels**:  
-    A similar approach to proxying private resources securely, but Pangolin is a self-hosted alternative, giving you full control over your infrastructure.
+ A similar approach to proxying private resources securely, but Pangolin is a self-hosted alternative, giving you full control over your infrastructure.
 
-**Authentik and Authelia**:  
-    These projects inspired Pangolin’s centralized authentication system for proxies, enabling robust user and role management.
+**Authelia**:  
+ This inspired Pangolin’s centralized authentication system for proxies, enabling robust user and role management.
 
 ## Project Development / Roadmap