CentralBackend/routes/postRoutes.js

const express = require('express');
const router = express.Router();

const authMiddleware = require('../middleware/authMiddleware');

// Controllers used by POST routes
const LoginController = require('../controller/login/LoginController');
const EmailVerificationController = require('../controller/auth/EmailVerificationController');
const PasswordResetController = require('../controller/password-reset/PasswordResetController');
const ReferralTokenController = require('../controller/referral/ReferralTokenController');
const ReferralRegistrationController = require('../controller/referral/ReferralRegistrationController');
const PermissionController = require('../controller/permissions/PermissionController');
const DocumentTemplateController = require('../controller/documentTemplate/DocumentTemplateController');
const PersonalRegisterController = require('../controller/register/PersonalRegisterController');
const CompanyRegisterController = require('../controller/register/CompanyRegisterController');
const PersonalDocumentController = require('../controller/documents/PersonalDocumentController');
const CompanyDocumentController = require('../controller/documents/CompanyDocumentController');
const ContractUploadController = require('../controller/documents/ContractUploadController');
const CoffeeController = require('../controller/admin/CoffeeController');
const PersonalProfileController = require('../controller/profile/PersonalProfileController');
const CompanyProfileController = require('../controller/profile/CompanyProfileController');
const AdminUserController = require('../controller/admin/AdminUserController');
const CompanyStampController = require('../controller/companyStamp/CompanyStampController'); // <-- added
const MatrixController = require('../controller/matrix/MatrixController'); // Matrix admin operations
const PoolController = require('../controller/pool/PoolController');
const TaxController = require('../controller/tax/taxController');

const multer = require('multer');
const upload = multer({ storage: multer.memoryStorage() });

console.log('🛣️ Setting up POST routes');

// auth POSTs (moved from routes/auth.js)
router.post('/login', LoginController.login);
router.post('/refresh', LoginController.refresh);
router.post('/logout', LoginController.logout);
router.post('/send-verification-email', authMiddleware, EmailVerificationController.sendVerificationEmail);
router.post('/verify-email-code', authMiddleware, EmailVerificationController.verifyEmailCode);

// Password reset POSTs (moved)
router.post(
  '/request-password-reset',
  PasswordResetController.requestPasswordReset
);
router.post('/reset-password', PasswordResetController.resetPassword);

// Referral POSTs (moved from routes/referral.js)
router.post('/referral/create', authMiddleware, ReferralTokenController.create);
router.post('/referral/deactivate', authMiddleware, ReferralTokenController.deactivate);
router.post('/register/personal-referral', ReferralRegistrationController.registerPersonalReferral);
router.post('/register/company-referral', ReferralRegistrationController.registerCompanyReferral);

// Permissions POST (moved from routes/permissions.js)
router.post('/permissions', authMiddleware, PermissionController.create);

// Document templates upload & signature generation POSTs (moved)
router.post('/document-templates', authMiddleware, upload.single('file'), DocumentTemplateController.uploadTemplate);
router.post('/document-templates/:id/generate-pdf-with-signature', authMiddleware, DocumentTemplateController.generatePdfWithSignature);

// Document uploads (moved from routes/documents.js)
router.post('/upload/personal-id', authMiddleware, upload.fields([{ name: 'front', maxCount: 1 }, { name: 'back', maxCount: 1 }]), PersonalDocumentController.uploadPersonalId);
router.post('/upload/company-id', authMiddleware, upload.fields([{ name: 'front', maxCount: 1 }, { name: 'back', maxCount: 1 }]), CompanyDocumentController.uploadCompanyId);
router.post('/upload/contract/personal', authMiddleware, upload.single('contract'), ContractUploadController.uploadPersonalContract);
router.post('/upload/contract/company', authMiddleware, upload.single('contract'), ContractUploadController.uploadCompanyContract);

// Profile completion POSTs (moved from routes/profile.js)
router.post('/profile/personal/complete', authMiddleware, PersonalProfileController.completeProfile);
router.post('/profile/company/complete', authMiddleware, CompanyProfileController.completeProfile);

// Admin POSTs (moved from routes/admin.js)
router.post('/admin/verify-user/:id', authMiddleware, AdminUserController.verifyUser);
router.post('/admin/send-password-reset/:userId', authMiddleware, async (req, res) => {
  const userId = req.params.userId;
  // require here to avoid circular/top-level ordering issues
  const UnitOfWork = require('../database/UnitOfWork');
  const PersonalUserRepository = require('../repositories/user/personal/PersonalUserRepository');
  const CompanyUserRepository = require('../repositories/user/company/CompanyUserRepository');

  const uow = new UnitOfWork();
  let user = null;
  try {
    await uow.start();
    const personalRepo = new PersonalUserRepository(uow);
    const companyRepo = new CompanyUserRepository(uow);
    user = await personalRepo.findById(userId);
    if (!user) user = await companyRepo.findById(userId);
    if (!user) {
      await uow.rollback();
      return res.status(404).json({ success: false, message: 'User not found.' });
    }
    const email = user.email;
    await uow.commit();

    // forward to PasswordResetController using same interface as original route
    req.body = { email };
    return PasswordResetController.requestPasswordReset(req, res);
  } catch (err) {
    try { await uow.rollback(); } catch (_) {}
    console.error('[ADMIN SEND PASSWORD RESET] Error:', err);
    return res.status(500).json({ success: false, message: 'Internal server error.' });
  }
});

// Helper middleware for company-stamp routes
function adminOnly(req, res, next) {
  if (!req.user || !['admin','super_admin'].includes(req.user.role)) {
    return res.status(403).json({ error: 'Admin role required' });
  }
  next();
}

// NEW: ensure service sees a "company" user_type for admin users
function forceCompanyForAdmin(req, res, next) {
  if (req.user && ['admin','super_admin'].includes(req.user.role) && req.user.user_type !== 'company') {
    req.user.user_type = 'company'; // mimic company to satisfy service checks
  }
  next();
}

// Company-stamp POST
router.post('/company-stamps', authMiddleware, adminOnly, forceCompanyForAdmin, CompanyStampController.upload);
// Admin: create coffee product (supports multipart file 'picture')
router.post('/admin/coffee', authMiddleware, adminOnly, upload.single('picture'), CoffeeController.create);
// NEW: add user into matrix
router.post('/admin/matrix/add-user', authMiddleware, adminOnly, MatrixController.addUser); // already added
// NEW: remove matrix user and create vacancy
router.post('/admin/matrix/remove-user', authMiddleware, adminOnly, MatrixController.removeUser);
// NEW: assign user to vacancy
router.post('/admin/matrix/assign-vacancy', authMiddleware, adminOnly, MatrixController.assignVacancy);
// NEW: Admin create pool
router.post('/admin/pools', authMiddleware, adminOnly, PoolController.create);
// NEW: import VAT rates CSV
router.post('/tax/vat-rates/import', authMiddleware, adminOnly, upload.single('file'), TaxController.importVatRatesCsv);

// Existing registration handlers (keep)
router.post('/register/personal', (req, res) => {
  console.log('🔗 POST /register/personal route accessed');
  PersonalRegisterController.register(req, res);
});
router.post('/register/company', (req, res) => {
  console.log('🔗 POST /register/company route accessed');
  CompanyRegisterController.register(req, res);
});

console.log('✅ POST routes configured successfully');

module.exports = router;