package auth_test

import (
	"testing"
	"time"

	"github.com/food-ai/backend/internal/domain/auth"
)

func TestGenerateAccessToken(t *testing.T) {
	jm := auth.NewJWTManager("test-secret", 15*time.Minute, 720*time.Hour)

	token, tokenError := jm.GenerateAccessToken("user-123", "free")
	if tokenError != nil {
		t.Fatalf("unexpected error: %v", tokenError)
	}
	if token == "" {
		t.Fatal("expected non-empty token")
	}
}

func TestValidateAccessToken_Valid(t *testing.T) {
	jm := auth.NewJWTManager("test-secret", 15*time.Minute, 720*time.Hour)

	token, _ := jm.GenerateAccessToken("user-123", "free")
	claims, validateError := jm.ValidateAccessToken(token)
	if validateError != nil {
		t.Fatalf("unexpected error: %v", validateError)
	}
	if claims.UserID != "user-123" {
		t.Errorf("expected user_id 'user-123', got %q", claims.UserID)
	}
	if claims.Plan != "free" {
		t.Errorf("expected plan 'free', got %q", claims.Plan)
	}
}

func TestValidateAccessToken_Expired(t *testing.T) {
	jm := auth.NewJWTManager("test-secret", -1*time.Second, 720*time.Hour)

	token, _ := jm.GenerateAccessToken("user-123", "free")
	_, validateError := jm.ValidateAccessToken(token)
	if validateError == nil {
		t.Fatal("expected error for expired token")
	}
}

func TestValidateAccessToken_WrongSecret(t *testing.T) {
	jm1 := auth.NewJWTManager("secret-1", 15*time.Minute, 720*time.Hour)
	jm2 := auth.NewJWTManager("secret-2", 15*time.Minute, 720*time.Hour)

	token, _ := jm1.GenerateAccessToken("user-123", "free")
	_, validateError := jm2.ValidateAccessToken(token)
	if validateError == nil {
		t.Fatal("expected error for wrong secret")
	}
}

func TestValidateAccessToken_InvalidToken(t *testing.T) {
	jm := auth.NewJWTManager("test-secret", 15*time.Minute, 720*time.Hour)

	_, validateError := jm.ValidateAccessToken("invalid-token")
	if validateError == nil {
		t.Fatal("expected error for invalid token")
	}
}

func TestGenerateRefreshToken(t *testing.T) {
	jm := auth.NewJWTManager("test-secret", 15*time.Minute, 720*time.Hour)

	token, expiresAt := jm.GenerateRefreshToken()
	if token == "" {
		t.Fatal("expected non-empty refresh token")
	}
	if expiresAt.Before(time.Now()) {
		t.Fatal("expected future expiration time")
	}
}

func TestGenerateRefreshToken_Unique(t *testing.T) {
	jm := auth.NewJWTManager("test-secret", 15*time.Minute, 720*time.Hour)

	token1, _ := jm.GenerateRefreshToken()
	token2, _ := jm.GenerateRefreshToken()
	if token1 == token2 {
		t.Fatal("expected unique refresh tokens")
	}
}