package internal

import (
	"net/http"
	"net/http/httptest"
	"testing"
	"time"

	"github.com/golang-jwt/jwt/v5"
)

func issueSessionCookie(t *testing.T, username, jfToken string) *http.Cookie {
	t.Helper()

	origKey := sessionKey
	sessionKey = []byte("pegasus-test-session-key")
	t.Cleanup(func() {
		sessionKey = origKey
	})

	rr := httptest.NewRecorder()
	if err := SetSession(rr, username, jfToken); err != nil {
		t.Fatalf("SetSession failed: %v", err)
	}

	res := rr.Result()
	defer res.Body.Close()
	cookies := res.Cookies()
	if len(cookies) != 1 {
		t.Fatalf("expected 1 cookie, got %d", len(cookies))
	}
	return cookies[0]
}

func TestCurrentUserValidSession(t *testing.T) {
	cookie := issueSessionCookie(t, "alice", "jf-token-123")
	req := httptest.NewRequest(http.MethodGet, "/api/whoami", nil)
	req.AddCookie(cookie)

	claims, err := CurrentUser(req)
	if err != nil {
		t.Fatalf("CurrentUser returned error: %v", err)
	}
	if claims.Username != "alice" {
		t.Fatalf("unexpected username %q", claims.Username)
	}
	if claims.JFToken != "jf-token-123" {
		t.Fatalf("unexpected jellyfin token %q", claims.JFToken)
	}
	if claims.ExpiresAt == nil || claims.IssuedAt == nil {
		t.Fatalf("expected exp+iat claims to be present")
	}
}

func TestCurrentUserNoCookie(t *testing.T) {
	req := httptest.NewRequest(http.MethodGet, "/", nil)
	_, err := CurrentUser(req)
	if err == nil {
		t.Fatalf("expected unauthorized error when cookie is missing")
	}
}

func TestCurrentUserInvalidSignature(t *testing.T) {
	origKey := sessionKey
	sessionKey = []byte("runtime-key")
	t.Cleanup(func() {
		sessionKey = origKey
	})

	tok := jwt.NewWithClaims(jwt.SigningMethodHS256, Claims{
		Username: "alice",
		JFToken:  "bad-token",
		RegisteredClaims: jwt.RegisteredClaims{
			ExpiresAt: jwt.NewNumericDate(time.Now().Add(time.Hour)),
			IssuedAt:  jwt.NewNumericDate(time.Now()),
		},
	})
	signed, err := tok.SignedString([]byte("different-key"))
	if err != nil {
		t.Fatalf("signing token failed: %v", err)
	}

	req := httptest.NewRequest(http.MethodGet, "/", nil)
	req.AddCookie(&http.Cookie{Name: CookieName, Value: signed})

	_, err = CurrentUser(req)
	if err == nil {
		t.Fatalf("expected signature validation error")
	}
}

func TestCurrentUserMalformedToken(t *testing.T) {
	req := httptest.NewRequest(http.MethodGet, "/", nil)
	req.AddCookie(&http.Cookie{Name: CookieName, Value: "not-a-jwt"})

	_, err := CurrentUser(req)
	if err == nil {
		t.Fatalf("expected parse error for malformed token")
	}
}