import { describe, it, expect } from 'vitest';
import { createApp } from '../src/app';
import { authToken } from './helpers';

describe('auth', () => {
  it('signs in an admin-created user, returning a bearer token', async () => {
    const app = createApp();
    const token = await authToken(app, 'worker@example.com');
    expect(token).toBeTruthy();
  });

  it('rejects public sign-up (admin creates users)', async () => {
    const app = createApp();
    const res = await app.request('/api/auth/sign-up/email', {
      method: 'POST',
      headers: { 'content-type': 'application/json' },
      body: JSON.stringify({
        email: 'should-not-exist@example.com',
        password: 'sterk-wachtwoord-123',
        name: 'Nope',
      }),
    });
    expect(res.status).toBeGreaterThanOrEqual(400);
  });
});