src/Meezi.API/Controllers/BillingController.cs

using FluentValidation;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Meezi.API.Models.Billing;
using Meezi.API.Services;
using Meezi.Core.Interfaces;
using Meezi.Shared;

namespace Meezi.API.Controllers;

[ApiController]
public class BillingController : ControllerBase
{
    private readonly IBillingService _billing;
    private readonly IValidator<SubscribeRequest> _subscribeValidator;

    public BillingController(IBillingService billing, IValidator<SubscribeRequest> subscribeValidator)
    {
        _billing = billing;
        _subscribeValidator = subscribeValidator;
    }

    [Authorize]
    [HttpPost("api/billing/subscribe")]
    public async Task<IActionResult> Subscribe(
        [FromBody] SubscribeRequest request,
        ITenantContext tenant,
        CancellationToken ct)
    {
        if (string.IsNullOrEmpty(tenant.CafeId))
            return Unauthorized();
        if (tenant.Role != Core.Enums.EmployeeRole.Owner)
        {
            return StatusCode(403, new ApiResponse<object>(false, null,
                new ApiError("OWNER_REQUIRED", "Only the cafe owner can manage subscription billing.")));
        }

        var validation = await _subscribeValidator.ValidateAsync(request, ct);
        if (!validation.IsValid)
        {
            var first = validation.Errors.First();
            return BadRequest(new ApiResponse<object>(false, null, new ApiError("VALIDATION_ERROR", first.ErrorMessage, first.PropertyName)));
        }

        var (data, code, message) = await _billing.InitiateSubscriptionAsync(tenant.CafeId, request, ct);
        if (data is null)
            return BadRequest(new ApiResponse<object>(false, null, new ApiError(code ?? "ERROR", message ?? "Failed.")));

        return Ok(new ApiResponse<SubscribeResponse>(true, data));
    }

    [AllowAnonymous]
    [HttpGet("api/billing/verify")]
    public async Task<IActionResult> Verify(
        [FromQuery] string Authority,
        [FromQuery] string? Status,
        CancellationToken ct)
    {
        var result = await _billing.VerifyZarinPalAsync(Authority, Status, ct);
        return Redirect(result.RedirectUrl);
    }

    [AllowAnonymous]
    [HttpGet("api/billing/verify/snapppay")]
    public async Task<IActionResult> VerifySnappPay(
        [FromQuery] string? paymentToken,
        [FromQuery] string? state,
        CancellationToken ct)
    {
        var result = await _billing.VerifySnappPayAsync(paymentToken, state, ct);
        return Redirect(result.RedirectUrl);
    }

    [AllowAnonymous]
    [HttpGet("api/billing/verify/tara")]
    public async Task<IActionResult> VerifyTara(
        [FromQuery] string? traceNumber,
        [FromQuery] string? status,
        CancellationToken ct)
    {
        var result = await _billing.VerifyTaraAsync(traceNumber, status, ct);
        return Redirect(result.RedirectUrl);
    }

    [Authorize]
    [HttpGet("api/billing/payment-methods")]
    public async Task<IActionResult> PaymentMethods(CancellationToken ct)
    {
        var methods = await _billing.GetPaymentMethodsAsync(ct);
        return Ok(new ApiResponse<IReadOnlyList<PaymentMethodDto>>(true, methods));
    }

    [Authorize]
    [HttpGet("api/billing/status")]
    public async Task<IActionResult> Status(ITenantContext tenant, CancellationToken ct)
    {
        if (string.IsNullOrEmpty(tenant.CafeId) || tenant.PlanTier is null)
            return Unauthorized();

        var data = await _billing.GetStatusAsync(tenant.CafeId, tenant.PlanTier.Value, ct);
        if (data is null)
            return NotFound(new ApiResponse<object>(false, null, new ApiError("NOT_FOUND", "Cafe not found.")));

        return Ok(new ApiResponse<BillingStatusDto>(true, data));
    }

    [Authorize]
    [HttpDelete("api/billing/queued/{paymentId}")]
    public async Task<IActionResult> CancelQueued(string paymentId, ITenantContext tenant, CancellationToken ct)
    {
        if (string.IsNullOrEmpty(tenant.CafeId))
            return Unauthorized();
        if (tenant.Role != Core.Enums.EmployeeRole.Owner)
            return StatusCode(403, new ApiResponse<object>(false, null,
                new ApiError("OWNER_REQUIRED", "Only the cafe owner can manage subscription billing.")));

        var (ok, code, message) = await _billing.CancelQueuedAsync(tenant.CafeId, paymentId, ct);
        if (!ok)
        {
            return code == "NOT_FOUND"
                ? NotFound(new ApiResponse<object>(false, null, new ApiError(code, message ?? "Not found.")))
                : BadRequest(new ApiResponse<object>(false, null, new ApiError(code ?? "ERROR", message ?? "Failed.")));
        }

        return Ok(new ApiResponse<object>(true, new { id = paymentId }));
    }
}
feat(api): .NET 10 multi-tenant REST API 2026-05-27 21:33:48 +03:30			`using FluentValidation;`
			`using Microsoft.AspNetCore.Authorization;`
			`using Microsoft.AspNetCore.Mvc;`
			`using Meezi.API.Models.Billing;`
			`using Meezi.API.Services;`
			`using Meezi.Core.Interfaces;`
			`using Meezi.Shared;`

			`namespace Meezi.API.Controllers;`

			`[ApiController]`
			`public class BillingController : ControllerBase`
			`{`
			`private readonly IBillingService _billing;`
			`private readonly IValidator<SubscribeRequest> _subscribeValidator;`

			`public BillingController(IBillingService billing, IValidator<SubscribeRequest> subscribeValidator)`
			`{`
			`_billing = billing;`
			`_subscribeValidator = subscribeValidator;`
			`}`

			`[Authorize]`
			`[HttpPost("api/billing/subscribe")]`
			`public async Task<IActionResult> Subscribe(`
			`[FromBody] SubscribeRequest request,`
			`ITenantContext tenant,`
			`CancellationToken ct)`
			`{`
			`if (string.IsNullOrEmpty(tenant.CafeId))`
			`return Unauthorized();`
			`if (tenant.Role != Core.Enums.EmployeeRole.Owner)`
			`{`
			`return StatusCode(403, new ApiResponse<object>(false, null,`
			`new ApiError("OWNER_REQUIRED", "Only the cafe owner can manage subscription billing.")));`
			`}`

			`var validation = await _subscribeValidator.ValidateAsync(request, ct);`
			`if (!validation.IsValid)`
			`{`
			`var first = validation.Errors.First();`
			`return BadRequest(new ApiResponse<object>(false, null, new ApiError("VALIDATION_ERROR", first.ErrorMessage, first.PropertyName)));`
			`}`

			`var (data, code, message) = await _billing.InitiateSubscriptionAsync(tenant.CafeId, request, ct);`
			`if (data is null)`
			`return BadRequest(new ApiResponse<object>(false, null, new ApiError(code ?? "ERROR", message ?? "Failed.")));`

			`return Ok(new ApiResponse<SubscribeResponse>(true, data));`
			`}`

			`[AllowAnonymous]`
			`[HttpGet("api/billing/verify")]`
			`public async Task<IActionResult> Verify(`
			`[FromQuery] string Authority,`
			`[FromQuery] string? Status,`
			`CancellationToken ct)`
			`{`
			`var result = await _billing.VerifyZarinPalAsync(Authority, Status, ct);`
			`return Redirect(result.RedirectUrl);`
			`}`

			`[AllowAnonymous]`
			`[HttpGet("api/billing/verify/snapppay")]`
			`public async Task<IActionResult> VerifySnappPay(`
			`[FromQuery] string? paymentToken,`
			`[FromQuery] string? state,`
			`CancellationToken ct)`
			`{`
			`var result = await _billing.VerifySnappPayAsync(paymentToken, state, ct);`
			`return Redirect(result.RedirectUrl);`
			`}`

			`[AllowAnonymous]`
			`[HttpGet("api/billing/verify/tara")]`
			`public async Task<IActionResult> VerifyTara(`
			`[FromQuery] string? traceNumber,`
			`[FromQuery] string? status,`
			`CancellationToken ct)`
			`{`
			`var result = await _billing.VerifyTaraAsync(traceNumber, status, ct);`
			`return Redirect(result.RedirectUrl);`
			`}`

			`[Authorize]`
			`[HttpGet("api/billing/payment-methods")]`
			`public async Task<IActionResult> PaymentMethods(CancellationToken ct)`
			`{`
			`var methods = await _billing.GetPaymentMethodsAsync(ct);`
			`return Ok(new ApiResponse<IReadOnlyList<PaymentMethodDto>>(true, methods));`
			`}`

			`[Authorize]`
			`[HttpGet("api/billing/status")]`
			`public async Task<IActionResult> Status(ITenantContext tenant, CancellationToken ct)`
			`{`
			`if (string.IsNullOrEmpty(tenant.CafeId) \|\| tenant.PlanTier is null)`
			`return Unauthorized();`

			`var data = await _billing.GetStatusAsync(tenant.CafeId, tenant.PlanTier.Value, ct);`
			`if (data is null)`
			`return NotFound(new ApiResponse<object>(false, null, new ApiError("NOT_FOUND", "Cafe not found.")));`

			`return Ok(new ApiResponse<BillingStatusDto>(true, data));`
			`}`
feat(billing): queue subscriptions bought while active + cancel queued 2026-06-02 16:44:32 +03:30
			`[Authorize]`
			`[HttpDelete("api/billing/queued/{paymentId}")]`
			`public async Task<IActionResult> CancelQueued(string paymentId, ITenantContext tenant, CancellationToken ct)`
			`{`
			`if (string.IsNullOrEmpty(tenant.CafeId))`
			`return Unauthorized();`
			`if (tenant.Role != Core.Enums.EmployeeRole.Owner)`
			`return StatusCode(403, new ApiResponse<object>(false, null,`
			`new ApiError("OWNER_REQUIRED", "Only the cafe owner can manage subscription billing.")));`

			`var (ok, code, message) = await _billing.CancelQueuedAsync(tenant.CafeId, paymentId, ct);`
			`if (!ok)`
			`{`
			`return code == "NOT_FOUND"`
			`? NotFound(new ApiResponse<object>(false, null, new ApiError(code, message ?? "Not found.")))`
			`: BadRequest(new ApiResponse<object>(false, null, new ApiError(code ?? "ERROR", message ?? "Failed.")));`
			`}`

			`return Ok(new ApiResponse<object>(true, new { id = paymentId }));`
			`}`
feat(api): .NET 10 multi-tenant REST API 2026-05-27 21:33:48 +03:30			`}`