'use strict';

/**
 * Routes for API key management.
 * Protected by normal JWT checkUser middleware (these are web-UI management endpoints,
 * not the public data-export API which lives under /api/v1/).
 *
 * FE integration notes:
 *   - GET    /api/keys          → list keys (table)
 *   - POST   /api/keys          → create key; display returned `key` field once in a dialog
 *   - DELETE /api/keys/:keyId   → revoke key (confirm dialog before calling)
 *   Admin only: append ?ownerId=<ObjectId> to GET/POST to manage another account's keys.
 */
module.exports = function (app) {
  const router = require('express').Router();
  const ctl = require('../controllers/api_key');

  router.route('/')
    .get(ctl.listKeys)
    .post(ctl.createKey);

  router.route('/:keyId')
    .delete(ctl.deleteKey);

  router.route('/:keyId/revoke')
    .patch(ctl.revokeKey);

  router.route('/:keyId/regenerate')
    .post(ctl.regenerateKey);

  app.use('/api/keys', router);
};