namespace IOL.GreatOffice.Api.Endpoints.Internal.PasswordResetRequests;

/// <inheritdoc />
public class IsResetRequestValidRoute : RouteBaseAsync.WithRequest<Guid>.WithActionResult
{
	private readonly ForgotPasswordService _forgotPasswordService;

	/// <inheritdoc />
	public IsResetRequestValidRoute(ForgotPasswordService forgotPasswordService) {
		_forgotPasswordService = forgotPasswordService;
	}

	/// <summary>
	/// Check if a given password reset request is still valid.
	/// </summary>
	/// <param name="id"></param>
	/// <param name="cancellationToken"></param>
	/// <returns></returns>
	[AllowAnonymous]
	[HttpGet("~/_/forgot-password-requests/is-valid")]
	public override async Task<ActionResult> HandleAsync(Guid id, CancellationToken cancellationToken = default) {
		var request = await _forgotPasswordService.GetRequestAsync(id, cancellationToken);
		if (request == default) {
			return NotFound();
		}

		return Ok(request.IsExpired == false);
	}
}