const router = require("express").Router();
const auth = require("../middleware/auth");
const requireRole = require("../middleware/rbac");
const usersController = require("../controllers/users.controller");
const { ROLES } = require("../models/user.model");
const { createRateLimit } = require("../middleware/rate-limit");

const userExistsRateLimit = createRateLimit({
  keyPrefix: "users:exists",
  windowMs: 15 * 60 * 1000,
  max: 60,
  message: "Too many availability checks. Please try again later.",
});

router.get("/exists", userExistsRateLimit, usersController.checkIfUserExists);
if (process.env.NODE_ENV !== "production") {
  router.get("/test", usersController.test);
}

// Current user profile routes (authenticated)
router.get("/me", auth, usersController.getCurrentUser);
router.patch("/me", auth, usersController.updateCurrentUser);
router.post("/me/change-password", auth, usersController.changePassword);

module.exports = router;