const express = require('express');
const router = express.Router();
const locationsController = require('../controllers/locationsController');
const { strictLimiter, conditionalTempLimiter } = require('../middleware/rateLimiter');
const { requireAuth, requireDeletePermission } = require('../middleware/auth');

// Get all locations (apply stricter rate limiting for temp users)
router.get('/', conditionalTempLimiter, locationsController.getAll);

// Get single location (apply stricter rate limiting for temp users)
router.get('/:id', conditionalTempLimiter, locationsController.getById);

// Create location (requires authentication)
router.post('/', requireAuth, strictLimiter, locationsController.create);

// Update location (requires authentication)
router.put('/:id', requireAuth, strictLimiter, locationsController.update);

// Delete location (requires authentication and delete permission)
router.delete('/:id', requireAuth, requireDeletePermission, strictLimiter, locationsController.delete);

module.exports = router;