// routes/paymentRoutes.js
const express = require('express');
const paytmController = require('../controllers/payment/paytmController');
const { protect, authorize } = require('../middleware/auth');

const router = express.Router();

// ======================
// PAYTM PAYMENT ROUTES
// ======================

/**
 * @desc    Initiate Paytm Payment
 * @route   POST /api/payments/paytm/initiate
 * @access  Private
 */
router.post('/paytm/initiate', protect, paytmController.initiatePayment);

/**
 * @desc    Paytm Payment Callback (Called by Paytm after payment)
 * @route   POST /api/payments/paytm/callback
 * @access  Public (No auth - Paytm calls this)
 */
router.post('/paytm/callback', paytmController.paymentCallback);

/**
 * @desc    Check Payment Status
 * @route   GET /api/payments/paytm/status/:orderId
 * @access  Private
 */
router.get('/paytm/status/:orderId', protect, paytmController.checkPaymentStatus);

/**
 * @desc    Get Payment Details
 * @route   GET /api/payments/paytm/:orderId
 * @access  Private
 */
router.get('/paytm/:orderId', protect, paytmController.getPaymentDetails);

/**
 * @desc    Process Refund (Admin only)
 * @route   POST /api/payments/paytm/refund
 * @access  Private/Admin
 */
router.post(
  '/paytm/refund',
  protect,
  authorize('ADMIN', 'SUPER_ADMIN'),
  paytmController.processRefund
);

module.exports = router;