import { describe, it, expect, vi, beforeEach } from 'vitest';

const cookieStore = {
  get: vi.fn(),
  set: vi.fn(),
  delete: vi.fn(),
};

vi.mock('next/headers', () => {
  return {
    cookies: () => cookieStore,
  };
});

import { GET as startGet } from '../../../../apps/website/app/auth/iracing/start/route';
import { GET as callbackGet } from '../../../../apps/website/app/auth/iracing/callback/route';
import { POST as logoutPost } from '../../../../apps/website/app/auth/logout/route';

describe('iRacing auth route handlers', () => {
  beforeEach(() => {
    cookieStore.get.mockReset();
    cookieStore.set.mockReset();
    cookieStore.delete.mockReset();
  });

  it('start route redirects to auth URL and sets state cookie', async () => {
    const req = new Request('http://localhost/auth/iracing/start?returnTo=/dashboard');

    const res = await startGet(req);

    expect(res.status).toBe(307);
    const location = res.headers.get('location') ?? '';
    expect(location).toContain('/auth/iracing/callback');
    expect(location).toContain('returnTo=%2Fdashboard');
    expect(location).toMatch(/state=/);

    expect(cookieStore.set).toHaveBeenCalled();
    const [name] = cookieStore.set.mock.calls[0];
    expect(name).toBe('gp_demo_auth_state');
  });

  it('callback route creates session cookie and redirects to returnTo', async () => {
    cookieStore.get.mockImplementation((name: string) => {
      if (name === 'gp_demo_auth_state') {
        return { value: 'valid-state' };
      }
      return undefined;
    });

    const req = new Request(
      'http://localhost/auth/iracing/callback?code=demo-code&state=valid-state&returnTo=/dashboard',
    );

    const res = await callbackGet(req);

    expect(res.status).toBe(307);
    const location = res.headers.get('location');
    expect(location).toBe('http://localhost/dashboard');

    expect(cookieStore.set).toHaveBeenCalled();
    const [sessionName, sessionValue] = cookieStore.set.mock.calls[0];
    expect(sessionName).toBe('gp_demo_session');
    expect(typeof sessionValue).toBe('string');

    expect(cookieStore.delete).toHaveBeenCalledWith('gp_demo_auth_state');
  });

  it('logout route deletes session cookie and redirects home using request origin', async () => {
    const req = new Request('http://example.com/auth/logout', {
      method: 'POST',
    });

    const res = await logoutPost(req);

    expect(res.status).toBe(307);
    const location = res.headers.get('location');
    expect(location).toBe('http://example.com/');

    expect(cookieStore.delete).toHaveBeenCalledWith('gp_demo_session');
  });
});