Routes (HTTP URLs)

Path: hono-backend/src/routes/

Routes are waiters: they take HTTP requests, check input, call services, return JSON.

All route files

File	Mounted at	Audience
`auth.route.ts`	`/api/v1/auth`	Everyone logging in
`user.route.ts`	`/api/v1/users`	Logged-in students
`admin.route.ts`	`/api/v1/admin`	Staff (large file)
`practice-pyq-public.routes.ts`	`/api/v1/practice-pyq`, `/practice-yt`	Student practice
`practice-pyq-admin.routes.ts`	(inside admin)	PYQ bank editing
`current-affairs-public.routes.ts`	`/api/v1/current-affairs`	CA reader
`current-affairs-admin.routes.ts`	(inside admin)	CA editor
`marketing-admin.routes.ts`	`/api/v1/admin/marketing` (nested)	Sponsors and coupon deals
`admin-rate-limits.routes.ts`	`/api/v1/admin/rate-limits`	Dynamic rate-limit policies (super admin)
`notification.route.ts`	`/users`, `/admin/notifications`, `/internal/notifications`	Push prefs + worker
`timestamps.route.ts`	`/api/v1`	Video timestamps

Typical route file pattern


export const myRouter = new Hono() // typed with HonoEnv in real code
myRouter.use('*', authMiddleware)
myRouter.post('/thing', async (c) => {
  const body = schema.parse(await c.req.json())
  const result = await someService.doThing(c.get('userId'), body)
  return c.json(result)
})

Rules

Validate with Zod (validators/ or inline schemas).
Authorize in service or with permission checks — not “trust the client”.
Return DTOs — don’t leak Mongoose internals.
Keep files from becoming 2000-line monsters — extract services.

Deep dives

Auth routes
User routes
Admin routes
Practice PYQ
Current affairs
Notifications
Timestamps
Marketing (sponsors / deals)
Rate limiting (admin) — policy editor + monitoring