// 2FA disabled {
// use crate::{ApiResponse, error::ApiError};
// use actix_web::{HttpResponse, Result, web};
// use service::AppService;
// use service::auth::totp::{
//     Disable2FAParams, Enable2FAResponse, Get2FAStatusResponse, Verify2FAParams,
// };
// use session::Session;
//
// #[utoipa::path(
//     post,
//     path = "/api/auth/2fa/enable",
//     responses(
//         (status = 200, description = "2FA setup initiated", body = Enable2FAResponse),
//         (status = 401, description = "Unauthorized"),
//         (status = 409, description = "2FA already enabled"),
//         (status = 500, description = "Internal server error"),
//         (status = 404, description = "Not found", body = ApiResponse<ApiError>),
//     ),
//     tag = "Auth"
// )]
// pub async fn api_2fa_enable(
//     service: web::Data<AppService>,
//     session: Session,
// ) -> Result<HttpResponse, ApiError> {
//     let resp = service.auth_2fa_enable(&session).await?;
//     Ok(ApiResponse::ok(resp).to_response())
// }
//
// #[utoipa::path(
//     post,
//     path = "/api/auth/2fa/verify",
//     request_body = Verify2FAParams,
//     responses(
//         (status = 200, description = "2FA verified and enabled"),
//         (status = 401, description = "Unauthorized or invalid code"),
//         (status = 400, description = "2FA not set up"),
//         (status = 500, description = "Internal server error"),
//         (status = 404, description = "Not found", body = ApiResponse<ApiError>),
//     ),
//     tag = "Auth"
// )]
// pub async fn api_2fa_verify(
//     service: web::Data<AppService>,
//     session: Session,
//     params: web::Json<Verify2FAParams>,
// ) -> Result<HttpResponse, ApiError> {
//     service
//         .auth_2fa_verify_and_enable(&session, params.into_inner())
//         .await?;
//     Ok(crate::api_success())
// }
//
// #[utoipa::path(
//     post,
//     path = "/api/auth/2fa/disable",
//     request_body = Disable2FAParams,
//     responses(
//         (status = 200, description = "2FA disabled"),
//         (status = 401, description = "Unauthorized"),
//         (status = 400, description = "2FA not enabled or invalid code/password"),
//         (status = 500, description = "Internal server error"),
//         (status = 404, description = "Not found", body = ApiResponse<ApiError>),
//     ),
//     tag = "Auth"
// )]
// pub async fn api_2fa_disable(
//     service: web::Data<AppService>,
//     session: Session,
//     params: web::Json<Disable2FAParams>,
// ) -> Result<HttpResponse, ApiError> {
//     service
//         .auth_2fa_disable(&session, params.into_inner())
//         .await?;
//     Ok(crate::api_success())
// }
//
// #[utoipa::path(
//     post,
//     path = "/api/auth/2fa/status",
//     responses(
//         (status = 200, description = "2FA status", body = Get2FAStatusResponse),
//         (status = 401, description = "Unauthorized"),
//         (status = 500, description = "Internal server error"),
//         (status = 404, description = "Not found", body = ApiResponse<ApiError>),
//     ),
//     tag = "Auth"
// )]
// pub async fn api_2fa_status(
//     service: web::Data<AppService>,
//     session: Session,
// ) -> Result<HttpResponse, ApiError> {
//     let resp = service.auth_2fa_status(&session).await?;
//     Ok(ApiResponse::ok(resp).to_response())
// }
// }