const router = require('express').Router();
const { authMiddleware, requireRole } = require('../middleware/auth');
const ctrl = require('../controllers/adminController');

router.use(authMiddleware);

/* Features — teachers may read (need to know what's enabled for their classes) */
router.get('/features',                       requireRole('admin', 'teacher'), ctrl.getFeatures);
router.patch('/features',                     requireRole('admin'), ctrl.updateFeatures);
router.get('/free-student-features',          requireRole('admin', 'teacher'), ctrl.getFreeStudentFeatures);
router.patch('/free-student-features',        requireRole('admin'), ctrl.updateFreeStudentFeatures);

/* Everything below is admin-only */
router.use(requireRole('admin'));

router.get('/stats',                  ctrl.getStats);
router.get('/overview',               ctrl.getOverview);
router.get('/search',                 ctrl.globalSearch);
router.get('/users',                  ctrl.getUsers);
router.patch('/users/:id/role',       ctrl.updateRole);
router.get('/users/:id/sessions',     ctrl.getUserSessions);
router.delete('/users/:id/sessions',  ctrl.clearUserSessions);
router.post('/users/:id/sessions/clear', ctrl.clearUserSessions);
router.patch('/users/:id',            ctrl.updateUser);
router.patch('/users/:id/ban',        ctrl.banUser);
router.delete('/users/:id',           ctrl.deleteUser);
router.get('/sessions',               ctrl.getAllSessions);
router.get('/sessions/:id',           ctrl.getSessionDetail);
router.delete('/sessions/:id',        ctrl.deleteSession);

/* Audit log */
router.get('/audit-log',              ctrl.getAuditLog);
router.delete('/audit-log',           ctrl.clearAuditLog);

/* Error log */
router.get('/error-log',              ctrl.getErrorLog);
router.delete('/error-log',           ctrl.clearErrorLog);

/* Security / auth event log */
router.get('/security-log',           ctrl.getSecurityLog);
router.delete('/security-log',        ctrl.clearSecurityLog);

/* System health */
router.get('/health',                 ctrl.getHealth);
router.get('/metrics',                ctrl.getMetrics);

/* Topics CRUD */
router.get('/topics',                 ctrl.getTopics);
router.post('/topics',                ctrl.createTopic);
router.patch('/topics/:id',           ctrl.updateTopic);
router.delete('/topics/:id',          ctrl.deleteTopic);

/* Broadcast notifications */
router.post('/broadcast',             ctrl.broadcast);

module.exports = router;