/**
 * A2A Delegation routes for SentryAgent.ai AgentIdP.
 * All three delegation endpoints require Bearer token authentication.
 */

import { Router, RequestHandler } from 'express';
import { DelegationController } from '../controllers/DelegationController.js';
import { asyncHandler } from '../utils/asyncHandler.js';

/**
 * Creates and returns the Express router for A2A delegation endpoints.
 *
 * Routes:
 *   POST   /oauth2/token/delegate              — create a delegation chain
 *   POST   /oauth2/token/verify-delegation     — verify a delegation token
 *   DELETE /oauth2/token/delegate/:chainId     — revoke a delegation chain
 *
 * All routes are protected by the JWT authentication middleware.
 *
 * @param controller - The delegation controller instance.
 * @param authMiddleware - The JWT authentication middleware.
 * @returns Configured Express router.
 */
export function createDelegationRouter(
  controller: DelegationController,
  authMiddleware: RequestHandler,
): Router {
  const router = Router();

  // POST /oauth2/token/delegate — authenticated; creates a delegation chain
  router.post(
    '/oauth2/token/delegate',
    authMiddleware,
    asyncHandler(controller.createDelegation.bind(controller)),
  );

  // POST /oauth2/token/verify-delegation — authenticated; verifies a delegation token
  router.post(
    '/oauth2/token/verify-delegation',
    authMiddleware,
    asyncHandler(controller.verifyDelegation.bind(controller)),
  );

  // DELETE /oauth2/token/delegate/:chainId — authenticated; revokes a delegation chain
  router.delete(
    '/oauth2/token/delegate/:chainId',
    authMiddleware,
    asyncHandler(controller.revokeDelegation.bind(controller)),
  );

  return router;
}