const express = require('express');
const router  = express.Router();
const secrets = require('../secrets');
const audit   = require('../audit');
const { requireAuth } = require('../auth');

router.use(requireAuth);

// GET /api/secrets — all secrets with live status
router.get('/', (req, res) => {
  res.json(secrets.getStatus());
});

// POST /api/secrets
router.post('/', (req, res) => {
  const { name, type, expires_at } = req.body;
  if (!name)       return res.status(400).json({ error: 'Name is required' });
  if (!expires_at) return res.status(400).json({ error: 'Expiry date is required' });
  try {
    const secret = secrets.create(req.body);
    audit.logSecret(req.user, 'add', secret);
    res.status(201).json({ ...secret, daysLeft: null, status: 'ok' });
  } catch (err) {
    res.status(500).json({ error: err.message });
  }
});

// PUT /api/secrets/:id
router.put('/:id', (req, res) => {
  try {
    const prev   = secrets.getById(req.params.id);
    const secret = secrets.update(req.params.id, req.body);
    audit.logSecret(req.user, 'update', secret, prev);
    res.json(secret);
  } catch (err) {
    res.status(404).json({ error: err.message });
  }
});

// DELETE /api/secrets/:id
router.delete('/:id', (req, res) => {
  try {
    const secret = secrets.getById(req.params.id);
    secrets.remove(req.params.id);
    audit.logSecret(req.user, 'delete', secret);
    res.json({ success: true });
  } catch (err) {
    res.status(404).json({ error: err.message });
  }
});

module.exports = router;