import { ExpressController, errorMapper } from "@erp/core/api";
import { CreateCustomerCommandDTO } from "../../../../../common/dto";
import { CreateCustomerUseCase } from "../../../../application";

export class CreateCustomerController extends ExpressController {
  public constructor(private readonly createCustomer: CreateCustomerUseCase) {
    super();
    // 🔐 Reutiliza guards de auth/tenant y prohíbe 'companyId' en query
    this.useGuards(authGuard(), tenantGuard(), forbidQueryFieldGuard("companyId"));
  }

  protected async executeImpl() {
    const dto = this.req.body as CreateCustomerCommandDTO;
    /*
      const user = this.req.user; // asumimos middleware authenticateJWT inyecta user

      if (!user || !user.companyId) {
        this.unauthorized(res, "Unauthorized: user or company not found");
        return;
      }

      // Inyectar empresa del usuario autenticado (ownership)
      dto.customerCompanyId = user.companyId;
    */

    const result = await this.createCustomer.execute(dto);

    if (result.isFailure) {
      console.log(result.error);
      const apiError = errorMapper.toApiError(result.error);
      return this.handleApiError(apiError);
    }

    return this.created(result.data);
  }
}