AdPlatform-Server/MetaApi/Controllers/InternalController.cs

using Microsoft.AspNetCore.Mvc;
using MetaApi.Models;
using MetaApi.Security;
using MetaApi.Services;

namespace MetaApi.Controllers;

/// <summary>
/// Internal API endpoint called by Gateway.
/// Protected by X-Internal-Key header validation.
/// </summary>
[ApiController]
[Route("internal")]
public sealed class InternalController : ControllerBase
{
    private readonly MetaMarketingService _metaAds;
    private readonly ILogger<InternalController> _logger;

    public InternalController(MetaMarketingService metaAds, ILogger<InternalController> logger)
    {
        _metaAds = metaAds;
        _logger = logger;
    }

    /// <summary>
    /// Health check - no auth required.
    /// </summary>
    [HttpGet("health")]
    public IActionResult Health()
    {
        _logger.LogDebug("[InternalController] Health check");
        return Ok(new
        {
            ok = true,
            service = "MetaApi",
            timestamp = DateTimeOffset.UtcNow
        });
    }

    /// <summary>
    /// Main execution endpoint - Gateway calls this.
    /// Protected by InternalAuthFilter.
    /// </summary>
    [ServiceFilter(typeof(InternalAuthFilter))]
    [HttpPost("execute")]
    public async Task<IActionResult> Execute([FromBody] ProviderRequest request, CancellationToken ct)
    {
        _logger.LogInformation(
            "[InternalController] Execute called | Operation={Operation} RequestId={RequestId}",
            request?.Operation, request?.RequestId);

        if (request == null)
        {
            return BadRequest(ProviderResponse.Fail(null, "VALIDATION", "Request body is required"));
        }

        if (string.IsNullOrWhiteSpace(request.Operation))
        {
            return BadRequest(ProviderResponse.Fail(request.RequestId, "VALIDATION", "Operation is required"));
        }

        var result = await _metaAds.ExecuteAsync(request, ct);

        if (result.Ok)
        {
            return Ok(result);
        }
        else
        {
            var statusCode = result.Error?.Code switch
            {
                "VALIDATION" => 400,
                "NOT_FOUND" => 404,
                "UNAUTHORIZED" => 401,
                "FORBIDDEN" => 403,
                "RATE_LIMITED" => 429,
                _ => 400
            };

            return StatusCode(statusCode, result);
        }
    }
}