const router = require("express").Router();
const controller = require("../controllers/auth.controller");
const User = require("../models/user.model");
const { createRateLimit } = require("../middleware/rate-limit");

const loginRateLimit = createRateLimit({
  keyPrefix: "auth:login",
  windowMs: 15 * 60 * 1000,
  max: 25,
  message: "Too many login attempts. Please try again later.",
});

const registerRateLimit = createRateLimit({
  keyPrefix: "auth:register",
  windowMs: 15 * 60 * 1000,
  max: 10,
  message: "Too many registration attempts. Please try again later.",
});

router.post("/register", registerRateLimit, controller.register);
router.post("/login", loginRateLimit, controller.login);
router.post("/logout", controller.logout);
router.post("/", async (req, res) => {
  res.status(200).json({
    message: "Auth API is running.",
    roles: Object.values(User.ROLES),
  });
});

module.exports = router;