using System.Runtime.CompilerServices;
using System.Security.Claims;

namespace Clarity.Server.Endpoints
{
    public static class DebugEndpoints
    {
        public static IEndpointRouteBuilder MapDebugEndpoints(this IEndpointRouteBuilder app)
        {
            var api = app.MapGroup("/api").RequireAuthorization();

            api.MapGet("debug/claims", (ClaimsPrincipal user) =>
            {
                var sub = user.FindFirstValue(ClaimTypes.NameIdentifier) ?? user.FindFirstValue("sub");

                return Results.Ok(new
                {
                    Subject = sub,
                    Username = user.FindFirstValue("preferred_username"),
                    Email = user.FindFirstValue(ClaimTypes.Email) ?? user.FindFirstValue("email"),
                    IsAuthenticated = user.Identity?.IsAuthenticated,
                    AllClaims = user.Claims.Select(c => new { c.Type, c.Value })
                });
            });

            // Sanity check - no auth required, confirms API is reachable
            api.MapGet("auth/ping", () => Results.Ok(new { Status = "ok", Time = DateTimeOffset.UtcNow }))
               .AllowAnonymous();

            return app;
        }
    }
}