package app

import (
	"io"
	"log/slog"
	"net/http"
	"net/http/httptest"
	"strings"
	"testing"
	"time"

	"git.warky.dev/wdevs/amcs/internal/auth"
	"git.warky.dev/wdevs/amcs/internal/buildinfo"
	"git.warky.dev/wdevs/amcs/internal/config"
)

func TestRenderHomePageHidesOAuthLinkWhenDisabled(t *testing.T) {
	tracker := auth.NewAccessTracker()
	page := renderHomePage(buildinfo.Info{Version: "v1.2.3", BuildDate: "2026-04-04", Commit: "abc123"}, tracker, false, time.Date(2026, 4, 4, 12, 0, 0, 0, time.UTC))

	if strings.Contains(page, "/oauth-authorization-server") {
		t.Fatal("page unexpectedly contains OAuth link")
	}
	if !strings.Contains(page, "Connected users") {
		t.Fatal("page missing Connected users stat")
	}
}

func TestRenderHomePageShowsTrackedAccess(t *testing.T) {
	tracker := auth.NewAccessTracker()
	now := time.Date(2026, 4, 4, 12, 0, 0, 0, time.UTC)
	tracker.Record("client-a", "/files", "127.0.0.1:1234", "tester", now)

	page := renderHomePage(buildinfo.Info{Version: "v1.2.3"}, tracker, true, now)

	for _, needle := range []string{"client-a", "/files", "1</span>", "/oauth-authorization-server"} {
		if !strings.Contains(page, needle) {
			t.Fatalf("page missing %q", needle)
		}
	}
}

func TestHomeHandlerAllowsHead(t *testing.T) {
	handler := homeHandler(buildinfo.Info{Version: "v1"}, auth.NewAccessTracker(), false)
	req := httptest.NewRequest(http.MethodHead, "/", nil)
	rec := httptest.NewRecorder()

	handler.ServeHTTP(rec, req)

	if rec.Code != http.StatusOK {
		t.Fatalf("status = %d, want %d", rec.Code, http.StatusOK)
	}
	if body := rec.Body.String(); body != "" {
		t.Fatalf("body = %q, want empty for HEAD", body)
	}
}

func TestMiddlewareRecordsAuthenticatedAccess(t *testing.T) {
	keyring, err := auth.NewKeyring([]config.APIKey{{ID: "client-a", Value: "secret"}})
	if err != nil {
		t.Fatalf("NewKeyring() error = %v", err)
	}
	tracker := auth.NewAccessTracker()
	logger := slog.New(slog.NewTextHandler(io.Discard, nil))
	handler := auth.Middleware(config.AuthConfig{HeaderName: "x-brain-key"}, keyring, nil, nil, tracker, logger)(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		w.WriteHeader(http.StatusNoContent)
	}))

	req := httptest.NewRequest(http.MethodGet, "/files", nil)
	req.Header.Set("x-brain-key", "secret")
	rec := httptest.NewRecorder()
	handler.ServeHTTP(rec, req)

	if rec.Code != http.StatusNoContent {
		t.Fatalf("status = %d, want %d", rec.Code, http.StatusNoContent)
	}
	snap := tracker.Snapshot()
	if len(snap) != 1 {
		t.Fatalf("len(snapshot) = %d, want 1", len(snap))
	}
	if snap[0].KeyID != "client-a" || snap[0].LastPath != "/files" {
		t.Fatalf("snapshot[0] = %+v, want keyID client-a and path /files", snap[0])
	}
}