package auth

import (
	"ResendIt/internal/api/middleware"
	"time"

	"github.com/gin-gonic/gin"
)

func RegisterRoutes(r *gin.RouterGroup, h *Handler) {
	auth := r.Group("/auth")

	// Stricter rate limit on login to reduce brute-force / log spam.
	// 5 attempts per minute per IP, burst 10.
	auth.POST("/login", middleware.RateLimitByIP(5, time.Minute, 10, 15*time.Minute), h.Login)

	protected := auth.Group("/")
	protected.Use(middleware.AuthMiddleware())

	protected.GET("/me", h.Me)

	admin := protected.Group("/")
	admin.Use(middleware.RequireRole("admin"))

	admin.GET("/admin-check", h.AdminCheck)
}