import { render, screen, waitFor } from '@testing-library/react';
import userEvent from '@testing-library/user-event';
import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest';
import { AuthProvider, useAuth } from './AuthContext';
import { fetchMe } from '../api/me';
import { signIn as apiSignIn } from '../lib/api';
import { clearToken, getToken, setToken } from '../lib/auth-storage';

// Mock the network layer so no real requests are made.
vi.mock('../lib/api', () => ({
  signIn: vi.fn(),
}));
vi.mock('../api/me', () => ({
  fetchMe: vi.fn(),
}));

const mockedSignIn = vi.mocked(apiSignIn);
const mockedFetchMe = vi.mocked(fetchMe);

// A tiny harness that exposes the auth context's state + signIn.
function Harness() {
  const { isAuthed, signIn } = useAuth();
  return (
    <div>
      <span data-testid="authed">{String(isAuthed)}</span>
      <button
        type="button"
        onClick={() => {
          signIn('user@solelog.local', 'pw').catch((err) => {
            const el = document.getElementById('err');
            if (el) el.textContent = err instanceof Error ? err.message : String(err);
          });
        }}
      >
        go
      </button>
      <span id="err" />
    </div>
  );
}

function renderHarness() {
  return render(
    <AuthProvider>
      <Harness />
    </AuthProvider>
  );
}

describe('AuthContext admin gate', () => {
  beforeEach(() => {
    mockedSignIn.mockReset();
    mockedFetchMe.mockReset();
    // signIn stores a token (mirror the real lib/api behaviour).
    mockedSignIn.mockImplementation(async () => {
      setToken('tok');
    });
  });

  afterEach(() => {
    clearToken();
    vi.clearAllMocks();
  });

  it('signs in an admin: isAuthed becomes true, token kept', async () => {
    mockedFetchMe.mockResolvedValue({
      user: { id: 'a1', email: 'admin@solelog.local', name: 'Admin', role: 'admin' },
    });
    const user = userEvent.setup();
    renderHarness();
    expect(screen.getByTestId('authed')).toHaveTextContent('false');

    await user.click(screen.getByRole('button', { name: 'go' }));

    await waitFor(() => expect(screen.getByTestId('authed')).toHaveTextContent('true'));
    expect(getToken()).toBe('tok');
  });

  it('rejects a worker: throws not-admin, clears the token, stays unauthed', async () => {
    mockedFetchMe.mockResolvedValue({
      user: { id: 'w1', email: 'worker@solelog.local', name: 'Werker', role: 'worker' },
    });
    const user = userEvent.setup();
    renderHarness();

    await user.click(screen.getByRole('button', { name: 'go' }));

    await waitFor(() => expect(document.getElementById('err')).toHaveTextContent('not-admin'));
    expect(getToken()).toBeNull();
    expect(screen.getByTestId('authed')).toHaveTextContent('false');
  });
});