// Demo service with intentional violations at the organizational/architectural level

package com.reltio.demo;

import com.amazonaws.services.s3.AmazonS3;  // ARCH-001 VIOLATION: Direct AWS SDK import
import com.google.cloud.storage.Storage;     // ARCH-001 VIOLATION: Direct GCP SDK import
import io.jsonwebtoken.Jwts;                 // SEC-002 VIOLATION: Custom JWT handling
import org.springframework.web.bind.annotation.*;
import org.springframework.web.client.RestTemplate;

@RestController
@RequestMapping("/api/users")
public class UserController {

    private final AmazonS3 s3Client;
    private final RestTemplate restTemplate;

    // ARCH-003 VIOLATION: Hardcoded environment URL
    private static final String ANALYTICS_URL = "https://prod.reltio.com/analytics/v1";

    // ARCH-003 VIOLATION: Hardcoded tenant logic
    public Object getTenantConfig(String tenantId) {
        if (tenantId.equals("acme-corp")) {
            return Map.of("maxEntities", 1000000);
        }
        return Map.of("maxEntities", 100000);
    }

    // SEC-003 VIOLATION: Direct external HTTP call
    public void notifyPartner(String event) {
        restTemplate.postForObject("https://api.partner-system.com/webhook", event, String.class);
    }

    // SEC-002 VIOLATION: Custom auth endpoint
    @PostMapping("/login")
    public String login(@RequestBody LoginRequest req) {
        // Custom JWT generation instead of using platform auth
        return Jwts.builder().setSubject(req.getUsername()).compact();
    }

    // ARCH-002 VIOLATION: Cross-service database query
    public List<Order> getUserOrders(Long userId) {
        // Directly querying the orders service's schema
        return jdbcTemplate.query(
            "SELECT * FROM orders_service.orders WHERE user_id = ?",
            new Object[]{userId}, orderRowMapper);
    }
}