using Gateway.Security;
using Gateway.Services;
using Microsoft.AspNetCore.Mvc;
using System.Text.Json;

namespace Gateway.Controllers;

[ApiController]
[Route("api/execution")]
public sealed class ExecutionController : ControllerBase
{
    private readonly ExecutionService _svc;
    private readonly ClientContext _client;

    public ExecutionController(ExecutionService svc, ClientContext client)
    {
        _svc = svc;
        _client = client;
    }

    [HttpPost("request")]
    public async Task<IActionResult> Execute([FromBody] JsonElement body)
    {
        // SECURITY: Require authenticated session
        if (!_client.IsAuthenticated)
            return Unauthorized(new { ok = false, error = "Authentication required" });

        if (body.ValueKind == JsonValueKind.Undefined || body.ValueKind == JsonValueKind.Null)
            return BadRequest(new { ok = false, error = "Missing request body" });

        var resp = await _svc.ExecuteAsync(body, HttpContext.RequestAborted);
        return Content(resp, "application/json");
    }
}