package auth

import (
	"database/sql"
	"testing"
	"time"

	"github.com/domagojzecevic/cammonitor/internal/db"
)

func TestStoreAuthenticateHappyPathAndWrongPassword(t *testing.T) {
	database := openTestDB(t)
	store := NewStore(database)

	if err := store.CreateUser("alice", "secret", false); err != nil {
		t.Fatalf("create user: %v", err)
	}

	user, err := store.Authenticate("alice", "secret")
	if err != nil {
		t.Fatalf("authenticate valid user: %v", err)
	}
	if user.Username != "alice" {
		t.Fatalf("expected alice, got %q", user.Username)
	}
	if user.IsAdmin {
		t.Fatal("expected regular user")
	}

	if _, err := store.Authenticate("alice", "wrong"); err == nil {
		t.Fatal("expected wrong password to fail")
	}
}

func TestStoreExpiredSessionIsRejected(t *testing.T) {
	database := openTestDB(t)
	store := NewStore(database)

	if err := store.CreateUser("alice", "secret", false); err != nil {
		t.Fatalf("create user: %v", err)
	}

	user, err := store.Authenticate("alice", "secret")
	if err != nil {
		t.Fatalf("authenticate: %v", err)
	}

	token, err := store.CreateSession(user.ID, -time.Minute)
	if err != nil {
		t.Fatalf("create session: %v", err)
	}

	if _, err := store.GetSession(token); err == nil {
		t.Fatal("expected expired session to fail")
	}
}

func TestEnsureAdminCreatesFirstRunAdminOnlyWhenEmpty(t *testing.T) {
	database := openTestDB(t)
	store := NewStore(database)

	if err := store.EnsureAdmin("admin", "secret"); err != nil {
		t.Fatalf("ensure admin: %v", err)
	}

	users, err := store.ListUsers()
	if err != nil {
		t.Fatalf("list users: %v", err)
	}
	if len(users) != 1 || users[0].Username != "admin" || !users[0].IsAdmin {
		t.Fatalf("unexpected users after bootstrap: %#v", users)
	}

	if err := store.EnsureAdmin("other", "secret"); err != nil {
		t.Fatalf("ensure admin second run: %v", err)
	}

	users, err = store.ListUsers()
	if err != nil {
		t.Fatalf("list users second run: %v", err)
	}
	if len(users) != 1 {
		t.Fatalf("expected no second bootstrap user, got %d", len(users))
	}
}

func openTestDB(t *testing.T) *sql.DB {
	t.Helper()

	database, err := db.Open(t.TempDir() + "/test.db")
	if err != nil {
		t.Fatalf("open database: %v", err)
	}
	t.Cleanup(func() {
		if err := database.Close(); err != nil {
			t.Fatalf("close database: %v", err)
		}
	})

	return database
}