const router = require('express').Router();
const rateLimit = require('../middleware/rateLimit');
const { authMiddleware, requireRole, parentAuth } = require('../middleware/auth');
const ctrl = require('../controllers/parentController');

/* ── Rate limits ───────────────────────────────────────────────────── */
const authLimiter   = rateLimit({ windowMs: 60_000, max: 5,  message: 'Слишком много попыток, подождите минуту' });
const parentLimiter = rateLimit({ windowMs: 60_000, max: 30, message: 'Слишком много запросов' });

/* ── Public: token exchange ────────────────────────────────────────── */
router.post('/auth', authLimiter, ctrl.exchangeToken);

/* ── Student-side: manage parent links ─────────────────────────────── */
router.get('/my-links',     authMiddleware, requireRole('student', 'free_student'), ctrl.getMyLinks);
router.post('/links',       authMiddleware, requireRole('student', 'free_student'), ctrl.createLink);
router.patch('/links/:id',  authMiddleware, requireRole('student', 'free_student'), ctrl.updateLink);
router.delete('/links/:id', authMiddleware, requireRole('student', 'free_student'), ctrl.deleteLink);

/* ── Parent-side: read-only dashboard (rate-limited) ───────────────── */
router.use(parentAuth, parentLimiter);
router.get('/dashboard',              ctrl.getDashboard);
router.get('/history',                ctrl.getHistory);
router.get('/notifications',          ctrl.getNotifications);
router.patch('/notifications/:id/read', ctrl.markRead);

module.exports = router;