using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using System.Security.Claims;
using System.Threading.Tasks;
using Webshop.Application.DTOs.Customers;
using Webshop.Application.Services.Customers.Interfaces;

namespace Webshop.Api.Controllers.Customers
{
    [ApiController]
    [Route("api/v1/customer/profile")] // Eindeutige Route für das Profil
    [Authorize(Roles = "Customer")] // Nur für eingeloggte Kunden!
    public class ProfileController : ControllerBase
    {
        private readonly ICustomerService _customerService;

        public ProfileController(ICustomerService customerService)
        {
            _customerService = customerService;
        }

        // Hilfsmethode, um die ID des eingeloggten Benutzers aus dem Token zu holen
        private string GetUserId() => User.FindFirstValue(ClaimTypes.NameIdentifier)!;

        [HttpGet("me")] // GET /api/v1/customer/profile/me
        public async Task<ActionResult<CustomerDto>> GetMyProfile()
        {
            var userId = GetUserId();
            var profile = await _customerService.GetMyProfileAsync(userId);

            if (profile == null)
            {
                return NotFound("Kundenprofil nicht gefunden.");
            }
            return Ok(profile);
        }

        [HttpPut("me")] // PUT /api/v1/customer/profile/me
        public async Task<IActionResult> UpdateMyProfile([FromBody] UpdateCustomerProfileDto profileDto)
        {
            var userId = GetUserId();
            var success = await _customerService.UpdateMyProfileAsync(userId, profileDto);

            if (!success)
            {
                return NotFound("Kundenprofil nicht gefunden.");
            }
            return NoContent(); // Standardantwort für ein erfolgreiches Update
        }
    }
}