stack/apps/api/src/fleet-settings/fleet-settings.controller.ts

import {
  Body,
  Controller,
  Delete,
  Get,
  HttpCode,
  HttpStatus,
  Param,
  Patch,
  Post,
  Put,
  UseGuards,
} from "@nestjs/common";
import type { AuthUser } from "@mosaic/shared";
import { CurrentUser } from "../auth/decorators/current-user.decorator";
import { AdminGuard } from "../auth/guards/admin.guard";
import { AuthGuard } from "../auth/guards/auth.guard";
import {
  CreateProviderDto,
  ResetPasswordDto,
  UpdateAgentConfigDto,
  UpdateOidcDto,
  UpdateProviderDto,
} from "./fleet-settings.dto";
import { FleetSettingsService } from "./fleet-settings.service";

@Controller("fleet-settings")
@UseGuards(AuthGuard)
export class FleetSettingsController {
  constructor(private readonly fleetSettingsService: FleetSettingsService) {}

  // --- Provider endpoints (user-scoped) ---
  // GET    /api/fleet-settings/providers — list user's providers
  @Get("providers")
  async listProviders(@CurrentUser() user: AuthUser) {
    return this.fleetSettingsService.listProviders(user.id);
  }

  // GET    /api/fleet-settings/providers/:id — get single provider
  @Get("providers/:id")
  async getProvider(@CurrentUser() user: AuthUser, @Param("id") id: string) {
    return this.fleetSettingsService.getProvider(user.id, id);
  }

  // POST   /api/fleet-settings/providers — create provider
  @Post("providers")
  async createProvider(@CurrentUser() user: AuthUser, @Body() dto: CreateProviderDto) {
    return this.fleetSettingsService.createProvider(user.id, dto);
  }

  // PATCH  /api/fleet-settings/providers/:id — update provider
  @Patch("providers/:id")
  @HttpCode(HttpStatus.NO_CONTENT)
  async updateProvider(
    @CurrentUser() user: AuthUser,
    @Param("id") id: string,
    @Body() dto: UpdateProviderDto
  ) {
    await this.fleetSettingsService.updateProvider(user.id, id, dto);
  }

  // DELETE /api/fleet-settings/providers/:id — delete provider
  @Delete("providers/:id")
  @HttpCode(HttpStatus.NO_CONTENT)
  async deleteProvider(@CurrentUser() user: AuthUser, @Param("id") id: string) {
    await this.fleetSettingsService.deleteProvider(user.id, id);
  }

  // --- Agent config endpoints (user-scoped) ---
  // GET    /api/fleet-settings/agent-config — get user's agent config
  @Get("agent-config")
  async getAgentConfig(@CurrentUser() user: AuthUser) {
    return this.fleetSettingsService.getAgentConfig(user.id);
  }

  // PATCH  /api/fleet-settings/agent-config — update user's agent config
  @Patch("agent-config")
  @HttpCode(HttpStatus.NO_CONTENT)
  async updateAgentConfig(@CurrentUser() user: AuthUser, @Body() dto: UpdateAgentConfigDto) {
    await this.fleetSettingsService.updateAgentConfig(user.id, dto);
  }

  // --- OIDC endpoints (admin only — use AdminGuard) ---
  // GET    /api/fleet-settings/oidc — get OIDC config
  @Get("oidc")
  @UseGuards(AdminGuard)
  async getOidcConfig() {
    return this.fleetSettingsService.getOidcConfig();
  }

  // PUT    /api/fleet-settings/oidc — update OIDC config
  @Put("oidc")
  @UseGuards(AdminGuard)
  @HttpCode(HttpStatus.NO_CONTENT)
  async updateOidcConfig(@Body() dto: UpdateOidcDto) {
    await this.fleetSettingsService.updateOidcConfig(dto);
  }

  // DELETE /api/fleet-settings/oidc — remove OIDC config
  @Delete("oidc")
  @UseGuards(AdminGuard)
  @HttpCode(HttpStatus.NO_CONTENT)
  async deleteOidcConfig() {
    await this.fleetSettingsService.deleteOidcConfig();
  }

  // --- Breakglass endpoints (admin only) ---
  // POST   /api/fleet-settings/breakglass/reset-password — reset admin password
  @Post("breakglass/reset-password")
  @UseGuards(AdminGuard)
  @HttpCode(HttpStatus.NO_CONTENT)
  async resetBreakglassPassword(@Body() dto: ResetPasswordDto) {
    await this.fleetSettingsService.resetBreakglassPassword(dto.username, dto.newPassword);
  }
}