const express = require('express');
const router = express.Router();
const controller = require('../controller/user.controller');
const {
    authMiddleware,
    adminMiddleware,
    validateRegistrationInput,
    validateLoginInput,
    rateLimitMiddleware,
    checkUserExists,
    validatePasswordResetToken,
    checkTwoFactorEnabled
} = require('../middleware/user.middleware');

// Public routes
router.post('/register', validateRegistrationInput, controller.register);
router.post('/login', validateLoginInput, rateLimitMiddleware, controller.login);
router.post('/request-password-reset', rateLimitMiddleware, controller.requestPasswordReset);
router.post('/reset-password', validatePasswordResetToken, controller.resetPassword);

// Protected routes (require authentication)
router.get('/profile', authMiddleware, controller.getProfile);
router.put('/profile', authMiddleware, controller.updateProfile);
router.put('/change-password', authMiddleware, controller.changePassword);
router.post('/enable-2fa', authMiddleware, controller.enableTwoFactor);
router.post('/disable-2fa', authMiddleware, checkTwoFactorEnabled, controller.disableTwoFactor);
router.delete('/account', authMiddleware, controller.deleteAccount);

// Admin routes
router.get('/admin/users', authMiddleware, adminMiddleware, controller.getAllUsers);
router.get('/admin/users/:id', authMiddleware, adminMiddleware, checkUserExists, controller.getUserById);
router.put('/admin/users/:id', authMiddleware, adminMiddleware, checkUserExists, controller.updateUser);
router.delete('/admin/users/:id', authMiddleware, adminMiddleware, checkUserExists, controller.deleteUser);

module.exports = router;