const express = require('express');
const router = express.Router();
const orderController = require('../controllers/orderController');
const authMiddleware = require('../middlewares/auth');
const roleCheck = require('../middlewares/roleCheck');
const validate = require('../middlewares/validation');
const { createOrderSchema } = require('../utils/validators');

// Todas las rutas requieren autenticación
router.use(authMiddleware);

// Rutas de cliente
router.get('/my-orders', orderController.getMyOrders);
router.post('/', validate(createOrderSchema), orderController.createOrder);
router.get('/:id', orderController.getOrder);
router.get('/number/:orderNumber', orderController.getOrderByNumber);
router.post('/:id/cancel', orderController.cancelOrder);

// Rutas de admin
router.get('/', roleCheck('admin'), orderController.listOrders);
router.put('/:id/status', roleCheck('admin'), orderController.updateOrderStatus);

module.exports = router;