package auth

import (
	"net/http"
	"net/http/httptest"
	"testing"
)

const testSecret = "test-secret-that-is-at-least-32-chars-long"

func TestSignAndVerify(t *testing.T) {
	token := "abc123-gitea-token"
	signed := sign(token, testSecret)

	got, err := verify(signed, testSecret)
	if err != nil {
		t.Fatalf("verify failed: %v", err)
	}
	if got != token {
		t.Errorf("got %q, want %q", got, token)
	}
}

func TestVerify_InvalidSignature(t *testing.T) {
	token := "abc123-gitea-token"
	signed := sign(token, testSecret)

	_, err := verify(signed, "wrong-secret-that-is-at-least-32-chars")
	if err != ErrInvalidSignature {
		t.Errorf("expected ErrInvalidSignature, got %v", err)
	}
}

func TestVerify_MalformedCookie(t *testing.T) {
	_, err := verify("no-dot-separator", testSecret)
	if err != ErrMalformedCookie {
		t.Errorf("expected ErrMalformedCookie, got %v", err)
	}
}

func TestSetAndGetToken(t *testing.T) {
	token := "my-gitea-api-token"

	// Create a response recorder to capture the Set-Cookie header.
	w := httptest.NewRecorder()
	SetTokenCookie(w, token, testSecret, false)

	// Extract the cookie from the response.
	resp := w.Result()
	cookies := resp.Cookies()
	if len(cookies) == 0 {
		t.Fatal("expected a cookie to be set")
	}

	// Create a new request with the cookie.
	req := httptest.NewRequest(http.MethodGet, "/", nil)
	req.AddCookie(cookies[0])

	got, err := GetToken(req, testSecret)
	if err != nil {
		t.Fatalf("GetToken failed: %v", err)
	}
	if got != token {
		t.Errorf("got %q, want %q", got, token)
	}
}

func TestGetToken_NoCookie(t *testing.T) {
	req := httptest.NewRequest(http.MethodGet, "/", nil)

	_, err := GetToken(req, testSecret)
	if err == nil {
		t.Fatal("expected error for missing cookie")
	}
}

func TestClearTokenCookie(t *testing.T) {
	w := httptest.NewRecorder()
	ClearTokenCookie(w, false)

	resp := w.Result()
	cookies := resp.Cookies()
	if len(cookies) == 0 {
		t.Fatal("expected a cookie to be set")
	}
	if cookies[0].MaxAge != -1 {
		t.Errorf("MaxAge = %d, want -1", cookies[0].MaxAge)
	}
}