using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;

namespace FakeNTLMServer.Controllers;

[ApiController]
[Route("[controller]")]
public class AuthController : ControllerBase
{
    [Authorize]
    [HttpGet("me")]
    public IActionResult GetMe()
    {
        var identity = User.Identity;
        return Ok(new
        {
            identity?.Name,
            identity?.AuthenticationType,
            identity?.IsAuthenticated,
            Claims = User.Claims.Select(claim => new { claim.Type, claim.Value })
        });
    }

    /// <summary>
    /// NTLM/Negotiate login endpoint.
    /// Triggers the NTLM handshake (401 → challenge → response) and returns authenticated user info.
    /// </summary>
    [Authorize]
    [HttpGet("login")]
    public IActionResult Login()
    {
        var identity = User.Identity;

        if (identity is null || !identity.IsAuthenticated)
            return Unauthorized(new { Message = "NTLM authentication failed." });

        return Ok(new
        {
            Message = "NTLM authentication successful.",
            identity.Name,
            identity.AuthenticationType,
            identity.IsAuthenticated,
            Claims = User.Claims.Select(claim => new { claim.Type, claim.Value })
        });
    }

    [Authorize]
    [HttpGet("status")]
    public IActionResult Status()
    {
        return Ok(new
        {
            User.Identity?.Name,
            User.Identity?.AuthenticationType
        });
    }
}