import { Router } from 'express';
import { userController } from '../controllers/user.controller';
import { authenticate, hasRole, hasPermission } from '../middlewares/auth.middleware';
import { validate } from '../middlewares/validation.middleware';
import { userValidators } from '../validators/user.validator';
import authConfig from '../../config/auth';
import { authLimiter } from '../middlewares/rate-limiter.middleware';

// Create router
const router = Router();

// Public routes
router.post(
  '/login',
  authLimiter,
  validate(userValidators.login),
  userController.login.bind(userController)
);

router.post(
  '/refresh-token',
  authLimiter,
  validate(userValidators.refreshToken),
  userController.refreshToken.bind(userController)
);

router.post(
  '/password-reset/request',
  authLimiter,
  validate(userValidators.requestPasswordReset),
  userController.requestPasswordReset.bind(userController)
);

router.post(
  '/password-reset/confirm',
  authLimiter,
  validate(userValidators.confirmPasswordReset),
  userController.confirmPasswordReset.bind(userController)
);

// Protected routes - User profile
router.get(
  '/profile',
  authenticate,
  userController.getUserProfile.bind(userController)
);

router.put(
  '/profile',
  authenticate,
  validate(userValidators.updateProfile),
  userController.updateUserProfile.bind(userController)
);

// Protected routes - User management (admin only)
router.get(
  '/',
  authenticate,
  hasPermission([authConfig.permissions.readUser]),
  userController.getAllUsers.bind(userController)
);

router.get(
  '/:id',
  authenticate,
  hasPermission([authConfig.permissions.readUser]),
  userController.getUserById.bind(userController)
);

router.post(
  '/',
  authenticate,
  hasPermission([authConfig.permissions.createUser]),
  validate(userValidators.createUser),
  userController.createUser.bind(userController)
);

router.put(
  '/:id',
  authenticate,
  hasPermission([authConfig.permissions.updateUser]),
  validate(userValidators.updateUser),
  userController.updateUser.bind(userController)
);

router.delete(
  '/:id',
  authenticate,
  hasPermission([authConfig.permissions.deleteUser]),
  userController.deleteUser.bind(userController)
);

// Password management
router.put(
  '/:id/password',
  authenticate,
  validate(userValidators.changePassword),
  userController.changePassword.bind(userController)
);

// Role management
router.put(
  '/:id/roles',
  authenticate,
  hasRole([authConfig.roles.admin]),
  validate(userValidators.updateRoles),
  userController.updateUserRoles.bind(userController)
);

// Account activation/deactivation
router.patch(
  '/:id/activate',
  authenticate,
  hasPermission([authConfig.permissions.updateUser]),
  userController.activateUser.bind(userController)
);

router.patch(
  '/:id/deactivate',
  authenticate,
  hasPermission([authConfig.permissions.updateUser]),
  userController.deactivateUser.bind(userController)
);

export default router;