// contactRoutes.js
module.exports = (contactController, securityMw) => {
    const express = require('express');
    const router = express.Router();
    const rateLimit = require('express-rate-limit');
    const { body, validationResult } = require('express-validator');

    // Configure rate limiting to prevent spam
    const apiLimiter = rateLimit({
        windowMs: 15 * 60 * 1000, // 15 minutes
        max: 5,
        message: "Too many requests from this IP, please try again after 15 minutes."
    });

    router.post('/submit-form',
        apiLimiter,
        securityMw.formSecurityCheck,
        [
            // Sanitize and validate form data
            body('firstName').trim().escape(),
            body('lastName').trim().escape(),
            body('email').isEmail().normalizeEmail(),
            body('organization').trim().escape(),
            body('phone').trim(),
            body('message').trim().escape(),
        ],
        // Handle validation results
        (req, res, next) => {
            const errors = validationResult(req);
            if (!errors.isEmpty()) {
                console.error('Validation failed:', errors.array());
                return res.status(400).json({ success: false, message: 'Invalid form data.' });
            }
            next();
        },
        contactController.submitForm
    );

    return router;
};