first commit

services/csharp/example/Controllers/TodoController.cs

@@ -0,0 +1,39 @@
+using MediatR;
+using Microsoft.AspNetCore.Mvc;
+using SequenceAuth.Example.Domain;
+using SequenceAuth.Example.Features.Todos;
+
+namespace SequenceAuth.Example.Controllers;
+
+public class TodoController(IMediator mediator) : ApiControllerBase
+{
+    public record CreateTodoRequest(string Title);
+    
+    [HttpPost]
+    public async Task<IActionResult> Create([FromBody] CreateTodoRequest request)
+    {
+        var result = await mediator.Send(new CreateTodoCommand(UserId, request.Title));
+        return Ok(result);
+    }
+
+    [HttpGet]
+    public async Task<IActionResult> List([FromQuery] TodoStatus? status)
+    {
+        var result = await mediator.Send(new GetTodosQuery(UserId, status));
+        return Ok(result);
+    }
+
+    [HttpPut("{id}")]
+    public async Task<IActionResult> ChangeStatus(Guid id, [FromQuery] TodoStatus status)
+    {
+        var result = await mediator.Send(new ChangeTodoStatusCommand(id, UserId, status));
+        
+        return result.Outcome switch
+        {
+            ChangeTodoStatusOutcome.Success => Ok(result.Item),
+            ChangeTodoStatusOutcome.NotFound => NotFound(),
+            ChangeTodoStatusOutcome.Unauthorized => StatusCode(403), // No identity claims for Forbid() without auth scheme
+            _ => StatusCode(500)
+        };
+    }
+}