const express = require('express');
const router = express.Router();
const { handlerLogin, setHandlerPassword, generateInviteToken, updateHandlerSelf, getHandlerSelf } = require('../controllers/handlerController');
const { authenticateToken } = require('../middleware/auth');
const { authenticateHandler } = require('../middleware/handlerAuth');
const { inviteLimiter } = require('../middleware/rateLimiter');
const { authLimiter } = require('../middleware/rateLimiter');

// Public
router.post('/login', authLimiter, handlerLogin);
router.post('/set-password', inviteLimiter, setHandlerPassword);

// Admin only — generate a one-time invite token so a handler can set their password
router.post('/:id/invite-token', authenticateToken, generateInviteToken);

// Authenticated handler only
router.get('/me', authenticateHandler, getHandlerSelf);
router.put('/me', authenticateHandler, updateHandlerSelf);

module.exports = router;