/**
 * Risk Assessment Routes
 * API endpoints for risk questionnaire and assessments
 */

import { Router, RequestHandler } from 'express';
import * as riskController from './controllers/risk.controller';
import { requireAuth } from '../../core/guards/auth.guard';

const router = Router();

// Type cast helper for authenticated routes
// eslint-disable-next-line @typescript-eslint/no-unsafe-function-type
const authHandler = (fn: Function): RequestHandler => fn as RequestHandler;

// ============================================================================
// Public Routes
// ============================================================================

/**
 * GET /api/v1/risk/questions
 * Get all risk questionnaire questions
 */
router.get('/questions', riskController.getQuestions);

/**
 * GET /api/v1/risk/statistics
 * Get risk profile statistics (public aggregate data)
 */
router.get('/statistics', riskController.getStatistics);

// ============================================================================
// Authenticated Routes
// All routes below require authentication via JWT token
// ============================================================================

/**
 * GET /api/v1/risk/assessment
 * Get current user's most recent risk assessment
 */
router.get('/assessment', requireAuth, authHandler(riskController.getCurrentUserAssessment));

/**
 * GET /api/v1/risk/assessment/valid
 * Check if current user has a valid (non-expired) assessment
 */
router.get('/assessment/valid', requireAuth, authHandler(riskController.checkValidAssessment));

/**
 * GET /api/v1/risk/assessment/history
 * Get assessment history for current user
 */
router.get('/assessment/history', requireAuth, authHandler(riskController.getAssessmentHistory));

/**
 * POST /api/v1/risk/assessment
 * Submit risk questionnaire responses
 * Body: {
 *   responses: [{ questionId: string, answer: string }],
 *   completionTimeSeconds?: number
 * }
 */
router.post('/assessment', requireAuth, authHandler(riskController.submitAssessment));

/**
 * GET /api/v1/risk/assessment/:userId
 * Get risk assessment for specific user (admin only)
 * Note: Should be protected with admin guard in production
 */
router.get('/assessment/:userId', requireAuth, authHandler(riskController.getUserAssessment));

export { router as riskRouter };