ShopSolution-backend/Webshop.Api/Controllers/Customers/OrdersController.cs

// src/Webshop.Api/Controllers/Customer/OrdersController.cs
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using System;
using System.Collections.Generic;
using System.Security.Claims;
using System.Threading.Tasks;
using Webshop.Application.DTOs.Orders;
using Webshop.Application.Services.Customers;
using Webshop.Application.Services.Customers.Interfaces; // Für IOrderService

namespace Webshop.Api.Controllers.Customer
{
    [ApiController]
    [Route("api/v1/customer/[controller]")]
    [Authorize(Roles = "Customer")]
    public class OrdersController : ControllerBase
    {
        private readonly IOrderService _orderService;

        public OrdersController(IOrderService orderService)
        {
            _orderService = orderService;
        }

        [HttpPost]
        public async Task<IActionResult> CreateOrder([FromBody] CreateOrderDto orderDto)
        {
            if (!ModelState.IsValid) return BadRequest(ModelState);

            var userId = User.FindFirstValue(ClaimTypes.NameIdentifier);
            if (string.IsNullOrEmpty(userId))
            {
                // In einer [Authorize]-Methode sollte das nie passieren, aber zur Sicherheit
                return Unauthorized();
            }

            var (success, createdOrder, errorMessage) = await _orderService.CreateOrderAsync(orderDto, userId);

            if (!success)
            {
                return BadRequest(new { Message = errorMessage });
            }

            // Hier wird GetMyOrderById referenziert, also erstellen wir eine leere Methode dafür
            return CreatedAtAction(nameof(GetMyOrderById), new { id = createdOrder.Id }, createdOrder);
        }

        [HttpGet]
        public async Task<ActionResult<IEnumerable<OrderSummaryDto>>> GetMyOrders()
        {
            var userId = User.FindFirstValue(ClaimTypes.NameIdentifier);
            if (string.IsNullOrEmpty(userId)) return Unauthorized();

            var orders = await _orderService.GetMyOrdersAsync(userId);
            return Ok(orders);
        }

        [HttpGet("{id}")]
        public async Task<ActionResult<OrderDetailDto>> GetMyOrderById(Guid id)
        {
            var userId = User.FindFirstValue(ClaimTypes.NameIdentifier);
            if (string.IsNullOrEmpty(userId)) return Unauthorized();

            var order = await _orderService.GetMyOrderByIdAsync(id, userId);
            if (order == null) return NotFound();

            return Ok(order);
        }
    }
}