const express = require('express');
const router = express.Router();
const adminController = require('../../controllers/admin/adminController');
const { isLoggedIn, deserializeUser } = require('../../oauth/oauthController');

// 어드민 여부 확인 미들웨어
const isAdmin = (req, res, next) => {
    const userGroup = req.user?.group;
    // 로컬 우회(test_user) 계정의 group이 'dev'일 때도 개발/어드민 권한으로 인정
    if (req.user && (userGroup === 'USER_GROUP_super' || userGroup === 'dev' || userGroup === 'super')) {
        return next();
    }
    return res.status(403).json({ error: "어드민(super) 권한이 필요합니다." });
};

// 모든 어드민 API는 로그인 및 어드민 세션 검증 필수
router.use(isLoggedIn, deserializeUser, isAdmin);

// 1. Projects
router.get('/projects', adminController.getProjects);
router.post('/projects', adminController.createProject);
router.put('/projects/:id', adminController.updateProject);
router.delete('/projects/:id', adminController.deleteProject);

// 2. Permissions
router.get('/permissions/project/:projectId', adminController.getProjectPermissions);
router.post('/permissions/assign', adminController.assignPermissions);
router.put('/permissions/update', adminController.updatePermission);
router.delete('/permissions/remove', adminController.removePermission);

// 3. Banners
router.get('/banners', adminController.getBanners);
router.post('/banners', adminController.createBanner);
router.put('/banners/stop/:id', adminController.stopBanner);

// 4. Users
router.get('/users', adminController.getUsers);
router.get('/users/:id/permissions', adminController.getUserPermissions);
router.post('/users', adminController.createUser);
router.put('/users/:id', adminController.updateUser);
router.delete('/users/:id', adminController.deleteUser);

// 5. Audit Logs
router.get('/audit-logs', adminController.getAuditLogs);

// 6. System Policy
router.get('/system-policy', adminController.getSystemPolicy);
router.post('/system-policy/update', adminController.updateSystemPolicy);
router.get('/system-policy/logs', adminController.getAutoCleanLogs);

// 7. Common Codes
router.get('/common-codes/masters', adminController.getCodeMasters);
router.post('/common-codes/masters', adminController.createCodeMaster);
router.put('/common-codes/masters/:code', adminController.updateCodeMaster);
router.delete('/common-codes/masters/:code', adminController.deleteCodeMaster);

router.get('/common-codes/details/:mainCode', adminController.getCodeDetails);
router.post('/common-codes/details', adminController.createCodeDetail);
router.put('/common-codes/details/:mainCode/:subCode', adminController.updateCodeDetail);
router.delete('/common-codes/details/:mainCode/:subCode', adminController.deleteCodeDetail);

module.exports = router;