// src/Webshop.Api/Controllers/Customer/ProfileController.cs using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using System.Security.Claims; using Webshop.Application.DTOs; // CustomerDto using Webshop.Application.DTOs.Auth; // ChangePasswordRequestDto using Webshop.Application.DTOs.Customers; // UpdateCustomerProfileDto using Webshop.Application.Services; using System.Threading.Tasks; using Webshop.Application.Services.Customers; using System.ComponentModel.DataAnnotations; namespace Webshop.Api.Controllers.Customer { public class ChangeEmailRequestDto { [Required(ErrorMessage = "Neue E-Mail ist erforderlich.")] [EmailAddress(ErrorMessage = "Ungültiges E-Mail-Format.")] public string NewEmail { get; set; } = string.Empty; [Required(ErrorMessage = "Aktuelles Passwort ist erforderlich.")] public string CurrentPassword { get; set; } = string.Empty; } [ApiController] [Route("api/v1/[controller]")] // z.B. /api/v1/customer/profile [Authorize(Roles = "Customer")] public class CustomerController : ControllerBase { private readonly ICustomerService _customerService; public CustomerController(ICustomerService customerService) { _customerService = customerService; } [HttpGet("me")] // /api/v1/customer/profile/me public async Task> GetMyProfile() { var userId = User.FindFirstValue(ClaimTypes.NameIdentifier); if (string.IsNullOrEmpty(userId)) return Unauthorized(new { Message = "Benutzer-ID nicht im Token gefunden." }); var customerProfile = await _customerService.GetMyProfileAsync(userId); if (customerProfile == null) return NotFound(new { Message = "Kundenprofil nicht gefunden. Bitte erstellen Sie es." }); return Ok(customerProfile); } [HttpPost("change-password")] // /api/v1/customer/profile/change-password public async Task ChangePassword([FromBody] ChangePasswordRequestDto request) { if (!ModelState.IsValid) return BadRequest(ModelState); var userId = User.FindFirstValue(ClaimTypes.NameIdentifier); if (string.IsNullOrEmpty(userId)) return Unauthorized(new { Message = "Benutzer-ID nicht im Token gefunden." }); var (success, errorMessage) = await _customerService.ChangePasswordAsync(userId, request); if (!success) return BadRequest(new { Message = errorMessage }); return Ok(new { Message = "Passwort erfolgreich geändert. Bitte melden Sie sich mit dem neuen Passwort an." }); } // << NEUER/AKTUALISIERTER ENDPUNKT FÜR PROFIL-AKTUALISIERUNG >> [HttpPost("update-profile")] // /api/v1/customer/profile/update-profile public async Task UpdateProfile([FromBody] UpdateCustomerDto request) { if (!ModelState.IsValid) return BadRequest(ModelState); var userId = User.FindFirstValue(ClaimTypes.NameIdentifier); if (string.IsNullOrEmpty(userId)) return Unauthorized(new { Message = "Benutzer-ID nicht im Token gefunden." }); var (success, errorMessage) = await _customerService.UpdateMyProfileAsync(userId, request); if (!success) return BadRequest(new { Message = errorMessage }); return Ok(new { Message = "Profil erfolgreich aktualisiert." }); } [HttpPost("change-email-request")] // /api/v1/customer/profile/change-email-request public async Task ChangeEmailRequest([FromBody] ChangeEmailRequestDto request) // DTO erstellen { if (!ModelState.IsValid) return BadRequest(ModelState); var userId = User.FindFirstValue(ClaimTypes.NameIdentifier); if (string.IsNullOrEmpty(userId)) return Unauthorized(new { Message = "Benutzer-ID nicht im Token gefunden." }); var (success, errorMessage) = await _customerService.ChangeEmailAsync(userId, request.NewEmail, request.CurrentPassword); if (!success) return BadRequest(new { Message = errorMessage }); return Ok(new { Message = errorMessage }); // Sendet Info, dass Mail gesendet wurde } } }