import { Router } from 'express';
import { apiKeysController } from './apiKeys.controller.js';
import { authenticate, requireRoles } from '../../shared/middleware/auth.middleware.js';

const router = Router();

// All routes require authentication
router.use(authenticate);

// ============================================================================
// API KEY MANAGEMENT ROUTES
// ============================================================================

/**
 * Create a new API key
 * POST /api/auth/api-keys
 */
router.post('/', (req, res, next) => apiKeysController.create(req, res, next));

/**
 * List API keys (user's own, or all for admins)
 * GET /api/auth/api-keys
 */
router.get('/', (req, res, next) => apiKeysController.list(req, res, next));

/**
 * Get a specific API key
 * GET /api/auth/api-keys/:id
 */
router.get('/:id', (req, res, next) => apiKeysController.getById(req, res, next));

/**
 * Update an API key
 * PATCH /api/auth/api-keys/:id
 */
router.patch('/:id', (req, res, next) => apiKeysController.update(req, res, next));

/**
 * Revoke an API key (soft delete)
 * POST /api/auth/api-keys/:id/revoke
 */
router.post('/:id/revoke', (req, res, next) => apiKeysController.revoke(req, res, next));

/**
 * Delete an API key permanently
 * DELETE /api/auth/api-keys/:id
 */
router.delete('/:id', (req, res, next) => apiKeysController.delete(req, res, next));

/**
 * Regenerate an API key
 * POST /api/auth/api-keys/:id/regenerate
 */
router.post('/:id/regenerate', (req, res, next) => apiKeysController.regenerate(req, res, next));

export default router;