using System.Security.Claims;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;

namespace OAuthServer.Controllers;

[ApiController]
[Route("")]
public class ExternalController : ControllerBase {
    private readonly ILogger<ExternalController> _logger;

    public ExternalController(ILogger<ExternalController> logger) {
        _logger = logger;
    }

    [HttpPost]
    [Authorize(Policy = "External")]
    [Route("points")]
    public ActionResult PostPoints(int points) {
        var id = HttpContext.User.Claims.FirstOrDefault(c => c.Type == ClaimTypes.NameIdentifier);
        if (id == null) {
            return BadRequest();
        }

        _logger.LogInformation("User {} got {} points", id.Value, points);
        return Ok();
    }
    
    [HttpGet]
    [Authorize(Policy = "External")]
    [Route("user")]
    public ActionResult GetUser() {
        return Ok(new {UserId = 1});
    }
}