using Microsoft.AspNetCore.Mvc;
using LogisticsApp.Server.Services;
using LogisticsApp.Server.DTOs;

namespace LogisticsApp.Server.Controllers
{
    [ApiController]
    [Route("api/[controller]")]
    public class AuthController : ControllerBase
    {
        private readonly IAuthService _authService;

        public AuthController(IAuthService authService)
        {
            _authService = authService;
        }

        [HttpPost("login")]
        public async Task<ActionResult<ApiResponse<LoginResponse>>> Login(LoginRequest request)
        {

            if (string.IsNullOrEmpty(request.Username) || string.IsNullOrEmpty(request.Password))
            {
                return BadRequest(new ApiResponse<string>(false, "Username and password are required"));
            }

            var result = await _authService.LoginAsync(request);

            if (result == null)
            {
                return Unauthorized(new ApiResponse<string>(false, "Invalid username or password"));
            }

            Response.Cookies.Append("auth_token", result.Token, new CookieOptions
            {
                HttpOnly = false,
                Secure = false,
                SameSite = SameSiteMode.Strict,
                Expires = result.Expires
            });

            return Ok(new ApiResponse<LoginResponse>(true, "Login successful", result));
        }

        [HttpPost("logout")]
        public ActionResult<ApiResponse<string>> Logout()
        {
            Response.Cookies.Delete("auth_token");
            return Ok(new ApiResponse<string>(true, "Logout successful"));
        }
    }
}