package io.visus.demos.kotlinapi.controller import io.swagger.v3.oas.annotations.Operation import io.swagger.v3.oas.annotations.media.Content import io.swagger.v3.oas.annotations.media.Schema import io.swagger.v3.oas.annotations.responses.ApiResponse import io.swagger.v3.oas.annotations.responses.ApiResponses import io.swagger.v3.oas.annotations.security.SecurityRequirement import io.swagger.v3.oas.annotations.tags.Tag import io.visus.demos.kotlinapi.api.ApiVersion import io.visus.demos.kotlinapi.api.contracts.ErrorResponse import io.visus.demos.kotlinapi.api.contracts.RegisterRequest import io.visus.demos.kotlinapi.api.contracts.RegisterResponse import io.visus.demos.kotlinapi.domain.service.AuthService import jakarta.validation.Valid import org.springframework.http.MediaType import org.springframework.http.ResponseEntity import org.springframework.security.access.prepost.PreAuthorize import org.springframework.web.bind.annotation.PostMapping import org.springframework.web.bind.annotation.RequestBody import org.springframework.web.bind.annotation.RestController /** Admin-only endpoints. All routes require `ROLE_ADMIN`. */ @RestController @ApiVersion(version = 1) @Tag(name = "Admin", description = "Endpoints for admin operations") class AdminController( private val authService: AuthService, ) { @PostMapping("/admin/users", produces = [MediaType.APPLICATION_JSON_VALUE]) @PreAuthorize("hasRole('ROLE_ADMIN')") @Operation( summary = "Register new user", description = "Creates a new user account (Admin only)", security = [SecurityRequirement(name = "bearerAuth")], ) @ApiResponses( value = [ ApiResponse( responseCode = "201", description = "User successfully registered", content = [Content(schema = Schema(implementation = RegisterResponse::class))], ), ApiResponse( responseCode = "400", description = "Invalid request payload", content = [Content(schema = Schema(implementation = ErrorResponse::class))], ), ApiResponse( responseCode = "403", description = "Forbidden, admin role required", content = [Content(schema = Schema(implementation = ErrorResponse::class))], ), ], ) suspend fun register( @Valid @RequestBody request: RegisterRequest, ): ResponseEntity { val user = authService.register(request.email, request.password) return ResponseEntity.status(201).body(user) } }