import { Router } from 'express';
import type Database from 'better-sqlite3';
import type { SemanticCache } from '../services/semantic-cache.js';
import type { ProxyManager } from '../services/proxy-manager.js';
import type { SessionManager } from '../services/session-manager.js';
import type { UserManager } from '../services/user-manager.js';
import type { MetricsSnapshotter } from '../services/metrics-snapshotter.js';
import { cookieAuthMiddleware } from '../middleware/cookie-auth.js';
import { csrfMiddleware } from '../middleware/csrf.js';
import { authRoutes } from './auth.routes.js';
import { overviewRoutes } from './overview.routes.js';
import { documentsRoutes } from './documents.routes.js';
import { auditRoutes } from './audit.routes.js';
import { metricsRoutes } from './metrics.routes.js';
import { cacheRoutes } from './cache.routes.js';
import { configRoutes } from './config.routes.js';
import { proxyRoutes } from './proxy.routes.js';
import { systemRoutes } from './system.routes.js';
export interface ApiDeps {
db: Database.Database;
cache: SemanticCache;
proxyManager: ProxyManager;
sessionManager: SessionManager;
userManager: UserManager;
snapshotter: MetricsSnapshotter;
}
export function apiRouter(deps: ApiDeps): Router {
const router = Router();
// Cookie auth + CSRF for all /api/* routes (login is skipped in the middleware)
router.use(cookieAuthMiddleware(deps.sessionManager));
router.use(csrfMiddleware);
// Auth routes (login is public via middleware skip, /me and /logout require session)
router.use('/auth', authRoutes(deps.userManager, deps.sessionManager));
// Protected routes
router.use('/overview', overviewRoutes(deps.db, deps.cache));
router.use('/documents', documentsRoutes(deps.db));
router.use('/audit', auditRoutes(deps.db));
router.use('/metrics', metricsRoutes(deps.snapshotter));
router.use('/cache', cacheRoutes(deps.cache));
router.use('/config', configRoutes());
router.use('/proxy', proxyRoutes(deps.proxyManager));
router.use('/system', systemRoutes(deps.db));
return router;
}
