package com.xuqm.tenant.controller;

import com.xuqm.common.model.ApiResponse;
import com.xuqm.tenant.entity.AppEntity;
import com.xuqm.tenant.service.SdkAppProvisioningService;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestHeader;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import java.util.Map;

@RestController
@RequestMapping("/api/internal/sdk")
public class InternalSdkController {

    private final SdkAppProvisioningService provisioningService;

    @Value("${sdk.internal-token:xuqm-internal-token}")
    private String internalToken;

    public InternalSdkController(SdkAppProvisioningService provisioningService) {
        this.provisioningService = provisioningService;
    }

    @GetMapping("/apps/{appId}/secret")
    public ResponseEntity<ApiResponse<Map<String, String>>> getAppSecret(
            @PathVariable String appId,
            @RequestHeader(value = "X-Internal-Token", required = false) String token) {
        if (token == null || !internalToken.equals(token)) {
            return ResponseEntity.status(403)
                    .body(ApiResponse.error(403, "Forbidden"));
        }
        AppEntity app = provisioningService.resolveApp(appId);
        return ResponseEntity.ok(ApiResponse.success(Map.of(
                "appId", app.getAppKey(),
                "appSecret", app.getAppSecret()
        )));
    }
}