using Microsoft.AspNetCore.Mvc; using Webshop.Application.DTOs.Auth; using Webshop.Application.DTOs.Email; using Webshop.Application.Services.Auth; using Microsoft.AspNetCore.Authorization; using System.ComponentModel.DataAnnotations; using Webshop.Application.Services.Customers; namespace Webshop.Api.Controllers.Auth // Beachten Sie den Namespace { [ApiController] [Route("api/v1/[controller]")] // z.B. /api/v1/auth public class AuthController : ControllerBase { private readonly IAuthService _authService; private readonly ICustomerService _customerService; public AuthController(IAuthService authService, ICustomerService customerService) { _authService = authService; _customerService = customerService; } [HttpPost("register")] [AllowAnonymous] public async Task Register([FromBody] RegisterRequestDto request) { if (!ModelState.IsValid) return BadRequest(ModelState); var result = await _authService.RegisterUserAsync(request); // Wenn Registrierung erfolgreich, aber E-Mail-Bestätigung aussteht, sollte der Token leer sein if (result.IsAuthSuccessful && string.IsNullOrEmpty(result.Token)) { return Ok(new { Message = result.ErrorMessage, Email = result.Email }); // Sende Status und Info, dass Mail gesendet } if (!result.IsAuthSuccessful) return BadRequest(new { Message = result.ErrorMessage }); return Ok(result); } [HttpPost("login/customer")] // /api/v1/auth/login/customer (für Kunden-Login) [AllowAnonymous] public async Task LoginCustomer([FromBody] LoginRequestDto request) { if (!ModelState.IsValid) return BadRequest(ModelState); var result = await _authService.LoginUserAsync(request); if (!result.IsAuthSuccessful) return Unauthorized(new { Message = result.ErrorMessage }); return Ok(result); } [HttpPost("login/admin")] // /api/v1/auth/login/admin (für Admin-Dashboard Login) [AllowAnonymous] public async Task LoginAdmin([FromBody] LoginRequestDto request) { if (!ModelState.IsValid) return BadRequest(ModelState); var result = await _authService.LoginAdminAsync(request); if (!result.IsAuthSuccessful) return Unauthorized(new { Message = result.ErrorMessage }); return Ok(result); } [HttpGet("confirm-email")] // Für Registrierungsbestätigung [AllowAnonymous] public async Task ConfirmEmail([FromQuery] string userId, [FromQuery] string token) { var (success, errorMessage) = await _authService.ConfirmEmailAsync(userId, token); if (!success) return BadRequest(new { Message = errorMessage }); return Ok(new { Message = "E-Mail-Adresse erfolgreich bestätigt. Sie können sich jetzt anmelden!" }); } [HttpPost("resend-email-confirmation")] [AllowAnonymous] public async Task ResendEmailConfirmation([FromBody] ResendEmailConfirmationRequestDto request) { if (string.IsNullOrEmpty(request.Email)) return BadRequest(new { Message = "E-Mail ist erforderlich." }); var (success, errorMessage) = await _authService.ResendEmailConfirmationAsync(request.Email); if (!success) return BadRequest(new { Message = errorMessage }); return Ok(new { Message = errorMessage }); } [HttpGet("change-email-confirm")] // Für E-Mail-Änderungsbestätigung [AllowAnonymous] public async Task ConfirmEmailChange([FromQuery] string userId, [FromQuery] string newEmail, [FromQuery] string token) { var (success, errorMessage) = await _customerService.ConfirmEmailChangeAsync(userId, newEmail, token); // << Jetzt korrekt >> if (!success) return BadRequest(new { Message = errorMessage }); return Ok(new { Message = "Ihre E-Mail-Adresse wurde erfolgreich geändert und bestätigt!" }); } } }