package auth

import (
	"context"
	"local/dndex/storage"
	"local/dndex/storage/entity"
	"net/http"
	"net/http/httptest"
	"os"
	"strings"
	"testing"

	"github.com/google/uuid"
)

func TestVerify(t *testing.T) {
	os.Args = os.Args[:1]
	os.Setenv("AUTH", "true")
	defer os.Unsetenv("AUTH")

	fresh := func() (storage.RateLimitedGraph, *httptest.ResponseRecorder, *http.Request, Token, string) {
		g := storage.NewRateLimitedGraph()
		token := Token{
			Token:     uuid.New().String(),
			Namespace: uuid.New().String(),
		}
		obf, _ := token.Obfuscate()
		one := entity.One{
			ID:    token.Token,
			Title: obf,
		}
		if err := g.Insert(context.TODO(), token.Namespace+"."+AuthKey, one); err != nil {
			t.Fatal(err)
		}
		return g,
			httptest.NewRecorder(),
			httptest.NewRequest(http.MethodGet, "/", nil),
			token,
			obf
	}

	t.Run("no auth", func(t *testing.T) {
		g, w, r, _, _ := fresh()
		err := Verify(g, w, r)
		if err == nil {
			t.Fatal(err)
		}
		if !strings.Contains(err.Error(), "auth not found") {
			t.Fatal(err)
		}
	})

	t.Run("ok auth", func(t *testing.T) {
		g, w, r, _, obf := fresh()
		r.AddCookie(&http.Cookie{
			Name:  AuthKey,
			Value: obf,
		})
		err := Verify(g, w, r)
		if err != nil {
			t.Fatal(err)
		}
	})

	t.Run("no ns auth", func(t *testing.T) {
		g, w, r, token, _ := fresh()
		token.Namespace = ""
		obf, err := token.Obfuscate()
		if err != nil {
			t.Fatal(err)
		}
		r.AddCookie(&http.Cookie{
			Name:  AuthKey,
			Value: obf,
		})
		err = Verify(g, w, r)
		if err == nil {
			t.Fatal(err)
		}
	})

	t.Run("wrong ns auth", func(t *testing.T) {
		g, w, r, token, _ := fresh()
		token.Namespace = uuid.New().String()
		obf, err := token.Obfuscate()
		if err != nil {
			t.Fatal(err)
		}
		r.AddCookie(&http.Cookie{
			Name:  AuthKey,
			Value: obf,
		})
		err = Verify(g, w, r)
		if err == nil {
			t.Fatal(err)
		}
	})

	t.Run("expired auth", func(t *testing.T) {
		t.Logf("not impl")
	})

	t.Run("bad auth", func(t *testing.T) {
		g, w, r, token, _ := fresh()
		token.Token = uuid.New().String()
		obf, err := token.Obfuscate()
		if err != nil {
			t.Fatal(err)
		}
		r.AddCookie(&http.Cookie{
			Name:  AuthKey,
			Value: obf,
		})
		err = Verify(g, w, r)
		if err == nil {
			t.Fatal(err)
		}
	})

	t.Run("public not ok", func(t *testing.T) {
		g, w, r, _, _ := fresh()
		if err := g.Insert(context.TODO(), "public", entity.One{ID: UserKey}); err != nil {
			t.Fatal(err)
		}
		err := Verify(g, w, r)
		if err == nil {
			t.Fatal(err)
		}
	})

	t.Run("public ok", func(t *testing.T) {
		g, w, r, token, _ := fresh()
		if err := g.Insert(context.TODO(), token.Namespace, entity.One{ID: UserKey}); err != nil {
			t.Fatal(err)
		}
		token.Token = "gibberish-but-public-ns-so-its-ok"
		obf, _ := token.Obfuscate()
		r.AddCookie(&http.Cookie{
			Name:  AuthKey,
			Value: obf,
		})
		err := Verify(g, w, r)
		if err != nil {
			t.Fatal(err)
		}
	})
}