package api

import (
	"os"

	"github.com/gin-gonic/gin"
	"github.com/stef/pkiapi/internal/auth"
	"github.com/stef/pkiapi/internal/storage"
)

// RegisterRoutesWithStore enregistre les routes avec un store personnalisé
func RegisterRoutesWithStore(router *gin.Engine, caStore storage.CertificateStore, certStore storage.CertificateStore) {
	// Initialiser les stores
	InitCAStore(caStore)
	InitCertificateStore(certStore)

	// Initialiser le JWT manager
	secretKey := os.Getenv("JWT_SECRET_KEY")
	if secretKey == "" {
		secretKey = "your-secret-key-change-in-prod"
	}
	jwtManager := auth.NewJWTManager(secretKey)

	// Endpoints publics
	router.POST("/api/v1/login", Login)

	// Group pour l'API v1 avec authentification
	v1 := router.Group("/api/v1")
	v1.Use(auth.AuthMiddleware(jwtManager))
	{
		// Endpoints CA
		v1.GET("/ca", ListCAs)
		v1.POST("/ca", CreateCA)
		v1.GET("/ca/:id", GetCA)
		v1.POST("/ca/sign", SignSubCA)

		// Endpoints Certificats
		v1.GET("/certificates", ListCertificates)
		v1.POST("/certificates", CreateCertificate)
		v1.POST("/certificates/sign", SignCertificateWithCA)
		v1.GET("/certificates/:id", GetCertificate)
		v1.POST("/revoke", RevokeCertificate)

		// Endpoints Export Certificats
		v1.GET("/certificates/:id/export/pem", ExportCertificatePEM)
		v1.GET("/certificates/:id/export/der", ExportCertificateDER)
		v1.GET("/certificates/:id/export/pem-with-key", ExportCertificateWithPrivateKeyPEM)
		v1.GET("/certificates/:id/export/chain", ExportCertificateChain)

		// Endpoints CRL
		v1.GET("/crl", GetCRL)
	}
}

// RegisterRoutes enregistre les routes avec un store mémoire (compatibilité)
func RegisterRoutes(router *gin.Engine) {
	store := storage.NewMemoryStore()
	RegisterRoutesWithStore(router, store, store)
}