erp-mecanicas-diesel-backend-v2/src/modules/auth/mfa.controller.ts

import { Request, Response, NextFunction } from 'express';
import { MfaService } from './services/mfa.service';
import { AuthRequest } from '../../shared/types/index';

export const mfaController = {
  /**
   * Initialize MFA setup
   */
  async setup(req: AuthRequest, res: Response, next: NextFunction) {
    try {
      const userId = req.user!.userId; // Assuming req.user is populated by auth middleware
      const result = await MfaService.setupMfa(userId);
      
      res.json({
        success: true,
        data: result,
      });
    } catch (error) {
      next(error);
    }
  },

  /**
   * Verify MFA setup and enable
   */
  async verifySetup(req: AuthRequest, res: Response, next: NextFunction) {
    try {
      const userId = req.user!.userId;
      const { secret, code } = req.body;

      if (!secret || !code) {
        throw new Error('Secret and code are required');
      }

      const result = await MfaService.verifyMfaSetup(userId, secret, code);
      
      res.json({
        success: true,
        message: result.message,
        data: { backupCodes: result.backupCodes },
      });
    } catch (error) {
      next(error);
    }
  },

  /**
   * Disable MFA
   */
  async disable(req: AuthRequest, res: Response, next: NextFunction) {
    try {
      const userId = req.user!.userId;
      const { code, password } = req.body;

      if (!code) {
         throw new Error('Verification code is required');
      }

      const result = await MfaService.disableMfa(userId, code, password);
      
      res.json({
        success: true,
        message: result.message,
      });
    } catch (error) {
      next(error);
    }
  },

  /**
   * Get MFA status
   */
  async getStatus(req: AuthRequest, res: Response, next: NextFunction) {
    try {
      const userId = req.user!.userId;
      const result = await MfaService.getMfaStatus(userId);
      
      res.json({
        success: true,
        data: result,
      });
    } catch (error) {
      next(error);
    }
  },

  /**
   * Regenerate backup codes
   */
  async regenerateBackupCodes(req: AuthRequest, res: Response, next: NextFunction) {
    try {
      const userId = req.user!.userId;
      const { code, password } = req.body;

      if (!code) {
         throw new Error('Verification code is required');
      }

      const result = await MfaService.regenerateBackupCodes(userId, code, password);
      
      res.json({
        success: true,
        message: result.message,
        data: { backupCodes: result.backupCodes },
      });
    } catch (error) {
      next(error);
    }
  },
};