package api

import (
	"gitea.zjmud.com/phyer/rbac/controllers"
	"gitea.zjmud.com/phyer/rbac/middleware"
	"github.com/gin-gonic/gin"
)

func SetupRouter(db *gorm.DB, redisClient *redis.Client) *gin.Engine {
	router := gin.Default()

	// Initialize controllers
	authController := controllers.NewAuthController(db, redisClient)
	rbacController := controllers.NewRBACController(db, redisClient)
	userController := controllers.NewUserController(db, redisClient)

	// Public routes - No authentication required
	authGroup := router.Group("/auth")
	{
		authGroup.POST("/login", authController.Login)
		authGroup.POST("/register", authController.Register)
	}

	// Protected routes - Require JWT authentication
	apiGroup := router.Group("/api")
	apiGroup.Use(middleware.AuthMiddleware())
	{
		// User management routes
		userGroup := apiGroup.Group("/users")
		{
			userGroup.GET("", userController.GetUsers)
			userGroup.GET("/:id", userController.GetUserByID)
		}

		// RBAC administration routes with additional authorization
		rbacGroup := apiGroup.Group("/rbac")
		rbacGroup.Use(middleware.RBACMiddleware())
		{
			rbacGroup.POST("/roles", rbacController.CreateRole)
			rbacGroup.POST("/permissions", rbacController.CreatePermission)
			rbacGroup.POST("/resources", rbacController.CreateResource)
			rbacGroup.POST("/resource-groups", rbacController.CreateResourceGroup)
			rbacGroup.POST("/actions", rbacController.CreateAction)
			rbacGroup.POST("/assignments", rbacController.AssignRoleToUser)
		}
	}

	return router
}