package auth

import (
	"ResendIt/internal/api/middleware"
	"ResendIt/internal/config"
	"time"

	"github.com/gin-gonic/gin"
)

type ConfigService interface {
	GetIntDefault(key string, def int) int
}

func RegisterRoutes(r *gin.RouterGroup, h *Handler, cfg ConfigService) {
	auth := r.Group("/auth")

	// Stricter rate limit on login to reduce brute-force / log spam.
	auth.POST("/login", middleware.RateLimitByIPDynamic(
		func() int {
			return cfg.GetIntDefault(config.KeyRateLimitLoginPerMinute, config.DefaultRateLimitLoginPerMinute)
		},
		time.Minute,
		func() int {
			return cfg.GetIntDefault(config.KeyRateLimitLoginBurst, config.DefaultRateLimitLoginBurst)
		},
		15*time.Minute,
	), h.Login)

	protected := auth.Group("/")
	protected.Use(middleware.AuthMiddleware())

	protected.GET("/me", h.Me)

	admin := protected.Group("/")
	admin.Use(middleware.RequireRole("admin"))

	admin.GET("/admin-check", h.AdminCheck)
}