const express = require('express');
const { success, error: errorResponse } = require('../response-helpers');

/**
 * Credentials routes factory
 * @param {Object} deps - Explicit dependencies
 * @param {Object} deps.credentialManager - Credential storage manager
 * @param {Function} deps.asyncHandler - Async route handler wrapper
 * @returns {express.Router}
 */
module.exports = function({ credentialManager, asyncHandler }) {
  const router = express.Router();

  // List all stored credentials (keys only, no values)
  router.get('/credentials/list', asyncHandler(async (req, res) => {
    const keys = await credentialManager.list();
    success(res, { credentials: keys, count: keys.length });
  }, 'credentials-list'));

  // Rotate encryption key — re-encrypts all stored credentials
  router.post('/credentials/rotate-key', asyncHandler(async (req, res) => {
    const rotateSuccess = await credentialManager.rotateEncryptionKey();
    if (rotateSuccess) {
      success(res, { message: 'Encryption key rotated, all credentials re-encrypted' });
    } else {
      // Error handled by middleware
    }
  }, 'credentials-rotate'));

  return router;
};