import { ExpressController, authGuard, forbidQueryFieldGuard, tenantGuard } from "@erp/core/api";

import { CreateCustomerInvoiceRequestDTO } from "../../../../common/dto";
import { CreateCustomerInvoiceUseCase } from "../../../application";

export class CreateCustomerInvoiceController extends ExpressController {
  public constructor(
    private readonly useCase: CreateCustomerInvoiceUseCase
    /* private readonly presenter: any */
  ) {
    super();
    // 🔐 Reutiliza guards de auth/tenant y prohíbe 'companyId' en query
    this.useGuards(authGuard(), tenantGuard(), forbidQueryFieldGuard("companyId"));
  }

  protected async executeImpl() {
    const tenantId = this.getTenantId()!; // garantizado por tenantGuard
    const dto = this.req.body as CreateCustomerInvoiceRequestDTO;

    /*
      // Inyectar empresa del usuario autenticado (ownership)
      dto.customerCompanyId = user.companyId;
    */

    const result = await this.useCase.execute({ tenantId, dto });

    return result.match(
      (data) => this.created(data),
      (err) => this.handleError(err)
    );
  }
}