fix: complete restoration of core_handlers.go with HttpOnly and missing methods

backend/internal/api/handlers/core_handlers.go

@@ -216,9 +216,9 @@ func (h *CoreHandlers) CreateUser(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("Content-Type", "application/json")
 	w.WriteHeader(http.StatusCreated)
 	json.NewEncoder(w).Encode(resp)
-	}
+}
 
-	func (h *CoreHandlers) ListUsers(w http.ResponseWriter, r *http.Request) {
+func (h *CoreHandlers) ListUsers(w http.ResponseWriter, r *http.Request) {
 	users, err := h.listUsersUC.Execute(r.Context(), "", 1, 100)
 	if err != nil {
 		http.Error(w, err.Error(), http.StatusInternalServerError)
@@ -392,6 +392,171 @@ func (h *CoreHandlers) UpdateMyPassword(w http.ResponseWriter, r *http.Request)
 	w.WriteHeader(http.StatusNoContent)
 }
 
+func (h *CoreHandlers) CreateTicket(w http.ResponseWriter, r *http.Request) {
+	userIDVal := r.Context().Value(middleware.ContextUserID)
+	userID, ok := userIDVal.(string)
+	if !ok || userID == "" {
+		http.Error(w, "Unauthorized: User ID missing", http.StatusUnauthorized)
+		return
+	}
+
+	var req dto.CreateTicketRequest
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		http.Error(w, "Invalid Request", http.StatusBadRequest)
+		return
+	}
+
+	ticket, err := h.ticketService.CreateTicket(r.Context(), userID, req.Subject, req.Category, req.Priority)
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+
+	if req.Message != "" {
+		_, _ = h.ticketService.AddMessage(r.Context(), ticket.ID, userID, req.Message, false)
+	}
+
+	w.WriteHeader(http.StatusCreated)
+	w.Header().Set("Content-Type", "application/json")
+	json.NewEncoder(w).Encode(ticket)
+}
+
+func (h *CoreHandlers) ListTickets(w http.ResponseWriter, r *http.Request) {
+	userIDVal := r.Context().Value(middleware.ContextUserID)
+	userID, ok := userIDVal.(string)
+	if !ok || userID == "" {
+		http.Error(w, "Unauthorized: User ID missing", http.StatusUnauthorized)
+		return
+	}
+
+	tickets, err := h.ticketService.ListTickets(r.Context(), userID)
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	json.NewEncoder(w).Encode(tickets)
+}
+
+func (h *CoreHandlers) GetTicket(w http.ResponseWriter, r *http.Request) {
+	userIDVal := r.Context().Value(middleware.ContextUserID)
+	userID, ok := userIDVal.(string)
+	if !ok || userID == "" {
+		http.Error(w, "Unauthorized: User ID missing", http.StatusUnauthorized)
+		return
+	}
+
+	id := r.PathValue("id")
+	ticket, messages, err := h.ticketService.GetTicket(r.Context(), id, userID, true)
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusNotFound)
+		return
+	}
+
+	resp := dto.TicketDetailsResponse{
+		Ticket:   *ticket,
+		Messages: messages,
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	json.NewEncoder(w).Encode(resp)
+}
+
+func (h *CoreHandlers) AddMessage(w http.ResponseWriter, r *http.Request) {
+	userIDVal := r.Context().Value(middleware.ContextUserID)
+	userID, ok := userIDVal.(string)
+	if !ok || userID == "" {
+		http.Error(w, "Unauthorized: User ID missing", http.StatusUnauthorized)
+		return
+	}
+
+	id := r.PathValue("id")
+	var req dto.MessageRequest
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		http.Error(w, "Invalid Request", http.StatusBadRequest)
+		return
+	}
+
+	msg, err := h.ticketService.AddMessage(r.Context(), id, userID, req.Message, true)
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+
+	w.WriteHeader(http.StatusCreated)
+	w.Header().Set("Content-Type", "application/json")
+	json.NewEncoder(w).Encode(msg)
+}
+
+func (h *CoreHandlers) UpdateTicket(w http.ResponseWriter, r *http.Request) {
+	userIDVal := r.Context().Value(middleware.ContextUserID)
+	userID, ok := userIDVal.(string)
+	if !ok || userID == "" {
+		http.Error(w, "Unauthorized: User ID missing", http.StatusUnauthorized)
+		return
+	}
+
+	id := r.PathValue("id")
+	var req struct {
+		Status   *string `json:"status"`
+		Priority *string `json:"priority"`
+	}
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		http.Error(w, "Invalid Request", http.StatusBadRequest)
+		return
+	}
+
+	ticket, err := h.ticketService.UpdateTicket(r.Context(), id, userID, req.Status, req.Priority, true)
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	json.NewEncoder(w).Encode(ticket)
+}
+
+func (h *CoreHandlers) CloseTicket(w http.ResponseWriter, r *http.Request) {
+	userIDVal := r.Context().Value(middleware.ContextUserID)
+	userID, ok := userIDVal.(string)
+	if !ok || userID == "" {
+		http.Error(w, "Unauthorized: User ID missing", http.StatusUnauthorized)
+		return
+	}
+
+	id := r.PathValue("id")
+	ticket, err := h.ticketService.CloseTicket(r.Context(), id, userID, true)
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	json.NewEncoder(w).Encode(ticket)
+}
+
+func (h *CoreHandlers) DeleteTicket(w http.ResponseWriter, r *http.Request) {
+	id := r.PathValue("id")
+	if err := h.ticketService.DeleteTicket(r.Context(), id); err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+	w.WriteHeader(http.StatusNoContent)
+}
+
+func (h *CoreHandlers) ListAllTickets(w http.ResponseWriter, r *http.Request) {
+	status := r.URL.Query().Get("status")
+	tickets, err := h.ticketService.ListAllTickets(r.Context(), status)
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+
+	w.Header().Set("Content-Type", "application/json")
+	json.NewEncoder(w).Encode(tickets)
+}
+
 func extractClientIP(r *http.Request) *string {
 	if forwarded := r.Header.Get("X-Forwarded-For"); forwarded != "" {
 		parts := strings.Split(forwarded, ",")