using Microsoft.AspNetCore.Mvc;

namespace Nexus.Api.Controllers;

[ApiController]
[Route("api/v1/security")]
public class SecurityController(IConfiguration config) : ControllerBase
{
    [HttpGet("status")]
    public IResult GetStatus()
    {
        var jwtIssuer = config["Jwt:Issuer"] ?? "nexus";
        var jwtAudience = config["Jwt:Audience"] ?? "nexus-web";
        var refreshDays = config.GetValue<int>("Jwt:RefreshTokenExpirationDays", 7);
        var accessTokenMinutes = config.GetValue<int>("Jwt:AccessTokenExpirationMinutes", 30);

        return Results.Ok(new
        {
            authMethod = "JWT + PBKDF2",
            tokenConfig = new { refreshTokenDays = refreshDays, accessTokenMinutes },
            rateLimit = "5 login attempts per minute per IP",
            passwordPolicy = "Minimum 10 characters",
            cookieConfig = new { httpOnly = true, secure = true, sameSite = "Strict" },
            twoFactorEnabled = false,
            passkeyEnabled = false,
            checkedAt = DateTimeOffset.UtcNow
        });
    }
}