use provisioning_server::{
    api::{auth::*, create_router, AppState},
    auth::{JwtAuth, RbacSystem},
    executor::{AsyncTaskManager, NushellExecutor},
};
use std::sync::Arc;

#[tokio::test]
async fn test_health_endpoint() {
    let app_state = create_test_app_state();
    let auth_state = create_test_auth_state();
    let app = create_router(app_state, auth_state);

    let response = axum_test::TestServer::new(app)
        .unwrap()
        .get("/health")
        .await;

    assert_eq!(response.status(), 200);
    let json: serde_json::Value = response.json();
    assert_eq!(json["status"], "healthy");
}

#[tokio::test]
async fn test_login_success() {
    let app_state = create_test_app_state();
    let auth_state = create_test_auth_state();
    let app = create_router(app_state, auth_state);

    let response = axum_test::TestServer::new(app)
        .unwrap()
        .post("/v1/auth/login")
        .json(&serde_json::json!({
            "username": "admin",
            "password": "admin123"
        }))
        .await;

    assert_eq!(response.status(), 200);
    let json: serde_json::Value = response.json();
    assert!(json["token"].is_string());
    assert!(json["refresh_token"].is_string());
}

#[tokio::test]
async fn test_login_failure() {
    let app_state = create_test_app_state();
    let auth_state = create_test_auth_state();
    let app = create_router(app_state, auth_state);

    let response = axum_test::TestServer::new(app)
        .unwrap()
        .post("/v1/auth/login")
        .json(&serde_json::json!({
            "username": "admin",
            "password": "wrongpassword"
        }))
        .await;

    assert_eq!(response.status(), 401);
}

#[tokio::test]
async fn test_unauthorized_access() {
    let app_state = create_test_app_state();
    let auth_state = create_test_auth_state();
    let app = create_router(app_state, auth_state);

    let response = axum_test::TestServer::new(app)
        .unwrap()
        .get("/v1/servers")
        .await;

    assert_eq!(response.status(), 401);
}

fn create_test_app_state() -> Arc<AppState> {
    let executor = NushellExecutor::new("/usr/bin/provisioning".to_string(), 300);
    let task_manager = AsyncTaskManager::new();
    let rbac = RbacSystem::new();

    Arc::new(AppState {
        executor,
        task_manager,
        rbac,
    })
}

fn create_test_auth_state() -> Arc<AuthState> {
    let jwt_auth = JwtAuth::new("test-secret".to_string(), 1, 24);
    let user_store = UserStore::new();

    Arc::new(AuthState {
        jwt_auth,
        user_store,
    })
}