package auth

import (
	"testing"
	"time"
)

func TestGenerateAccessToken(t *testing.T) {
	jm := NewJWTManager("test-secret", 15*time.Minute, 720*time.Hour)

	token, err := jm.GenerateAccessToken("user-123", "free")
	if err != nil {
		t.Fatalf("unexpected error: %v", err)
	}
	if token == "" {
		t.Fatal("expected non-empty token")
	}
}

func TestValidateAccessToken_Valid(t *testing.T) {
	jm := NewJWTManager("test-secret", 15*time.Minute, 720*time.Hour)

	token, _ := jm.GenerateAccessToken("user-123", "free")
	claims, err := jm.ValidateAccessToken(token)
	if err != nil {
		t.Fatalf("unexpected error: %v", err)
	}
	if claims.UserID != "user-123" {
		t.Errorf("expected user_id 'user-123', got %q", claims.UserID)
	}
	if claims.Plan != "free" {
		t.Errorf("expected plan 'free', got %q", claims.Plan)
	}
}

func TestValidateAccessToken_Expired(t *testing.T) {
	jm := NewJWTManager("test-secret", -1*time.Second, 720*time.Hour)

	token, _ := jm.GenerateAccessToken("user-123", "free")
	_, err := jm.ValidateAccessToken(token)
	if err == nil {
		t.Fatal("expected error for expired token")
	}
}

func TestValidateAccessToken_WrongSecret(t *testing.T) {
	jm1 := NewJWTManager("secret-1", 15*time.Minute, 720*time.Hour)
	jm2 := NewJWTManager("secret-2", 15*time.Minute, 720*time.Hour)

	token, _ := jm1.GenerateAccessToken("user-123", "free")
	_, err := jm2.ValidateAccessToken(token)
	if err == nil {
		t.Fatal("expected error for wrong secret")
	}
}

func TestValidateAccessToken_InvalidToken(t *testing.T) {
	jm := NewJWTManager("test-secret", 15*time.Minute, 720*time.Hour)

	_, err := jm.ValidateAccessToken("invalid-token")
	if err == nil {
		t.Fatal("expected error for invalid token")
	}
}

func TestGenerateRefreshToken(t *testing.T) {
	jm := NewJWTManager("test-secret", 15*time.Minute, 720*time.Hour)

	token, expiresAt := jm.GenerateRefreshToken()
	if token == "" {
		t.Fatal("expected non-empty refresh token")
	}
	if expiresAt.Before(time.Now()) {
		t.Fatal("expected future expiration time")
	}
}

func TestGenerateRefreshToken_Unique(t *testing.T) {
	jm := NewJWTManager("test-secret", 15*time.Minute, 720*time.Hour)

	token1, _ := jm.GenerateRefreshToken()
	token2, _ := jm.GenerateRefreshToken()
	if token1 == token2 {
		t.Fatal("expected unique refresh tokens")
	}
}