import { describe, it, expect, beforeEach, afterEach } from 'vitest';
import { createTestApp, type TestContext, loginAs, buildMultipart } from '../helpers/setup.ts';
import { createUser } from '../../src/db/users.ts';
import { hashPassword } from '../../src/services/auth.ts';

async function setup() {
  const ctx = createTestApp();
  const hash = await hashPassword('secret');
  createUser(ctx.db, { username: 'alice', passwordHash: hash });
  return ctx;
}

describe('GET /', () => {
  let ctx: TestContext;

  beforeEach(async () => { ctx = await setup(); });
  afterEach(async () => { await ctx.app.close(); ctx.cleanup(); });

  it('shows login page when unauthenticated', async () => {
    const res = await ctx.app.inject({ method: 'GET', url: '/' });
    expect(res.statusCode).toBe(200);
    expect(res.headers['content-type']).toMatch(/text\/html/);
    expect(res.body).toContain('Sign in');
  });

  it('redirects to /upload when authenticated', async () => {
    const token = await loginAs(ctx.app, 'alice', 'secret');
    const res = await ctx.app.inject({ method: 'GET', url: '/', cookies: { token } });
    expect(res.statusCode).toBe(302);
    expect(res.headers['location']).toBe('/upload');
  });
});

describe('POST /login (page)', () => {
  let ctx: TestContext;

  beforeEach(async () => { ctx = await setup(); });
  afterEach(async () => { await ctx.app.close(); ctx.cleanup(); });

  it('redirects to /upload on valid credentials', async () => {
    const res = await ctx.app.inject({
      method: 'POST',
      url: '/login',
      headers: { 'content-type': 'application/x-www-form-urlencoded' },
      payload: 'username=alice&password=secret',
    });
    expect(res.statusCode).toBe(302);
    expect(res.headers['location']).toBe('/upload');
    expect(res.headers['set-cookie']).toMatch(/token=/);
  });

  it('shows login page with error on invalid credentials', async () => {
    const res = await ctx.app.inject({
      method: 'POST',
      url: '/login',
      headers: { 'content-type': 'application/x-www-form-urlencoded' },
      payload: 'username=alice&password=wrong',
    });
    expect(res.statusCode).toBe(200);
    expect(res.body).toContain('Invalid');
  });
});

describe('GET /upload + POST /upload', () => {
  let ctx: TestContext;
  let token: string;

  beforeEach(async () => {
    ctx = await setup();
    token = await loginAs(ctx.app, 'alice', 'secret');
  });
  afterEach(async () => { await ctx.app.close(); ctx.cleanup(); });

  it('shows upload form', async () => {
    const res = await ctx.app.inject({ method: 'GET', url: '/upload', cookies: { token } });
    expect(res.statusCode).toBe(200);
    expect(res.body).toContain('Upload');
  });

  it('redirects to / when not authenticated', async () => {
    const res = await ctx.app.inject({ method: 'GET', url: '/upload' });
    expect(res.statusCode).toBe(302);
    expect(res.headers['location']).toBe('/');
  });

  it('shows result page after upload', async () => {
    const res = await ctx.app.inject({
      method: 'POST',
      url: '/upload',
      cookies: { token },
      ...buildMultipart({ file: { filename: 'doc.txt', contentType: 'text/plain', data: Buffer.from('content') } }),
    });
    expect(res.statusCode).toBe(200);
    expect(res.body).toContain('doc.txt');
    expect(res.body).toContain('/f/');
  });
});

describe('GET /f/:id and GET /f/:id/raw', () => {
  let ctx: TestContext;
  let fileId: string;

  beforeEach(async () => {
    ctx = await setup();
    const token = await loginAs(ctx.app, 'alice', 'secret');
    const uploadRes = await ctx.app.inject({
      method: 'POST',
      url: '/upload',
      cookies: { token },
      ...buildMultipart({ file: { filename: 'hello.txt', contentType: 'text/plain', data: Buffer.from('hello!') } }),
    });
    // Extract file id from response body
    const match = uploadRes.body.match(/\/f\/([^/"]+)/);
    fileId = match?.[1] ?? '';
  });
  afterEach(async () => { await ctx.app.close(); ctx.cleanup(); });

  it('shows file view page', async () => {
    const res = await ctx.app.inject({ method: 'GET', url: `/f/${fileId}` });
    expect(res.statusCode).toBe(200);
    expect(res.body).toContain('hello.txt');
  });

  it('serves raw file', async () => {
    const res = await ctx.app.inject({ method: 'GET', url: `/f/${fileId}/raw` });
    expect(res.statusCode).toBe(200);
    expect(res.body).toBe('hello!');
  });

  it('returns 404 for unknown file', async () => {
    const res = await ctx.app.inject({ method: 'GET', url: '/f/doesnotexist' });
    expect(res.statusCode).toBe(404);
  });
});

describe('GET /f/:id — image inline', () => {
  let ctx: TestContext;
  let fileId: string;

  beforeEach(async () => {
    ctx = await setup();
    const token = await loginAs(ctx.app, 'alice', 'secret');
    const uploadRes = await ctx.app.inject({
      method: 'POST',
      url: '/upload',
      cookies: { token },
      ...buildMultipart({ file: { filename: 'photo.png', contentType: 'image/png', data: Buffer.from('fakepng') } }),
    });
    const match = uploadRes.body.match(/\/f\/([^/"]+)/);
    fileId = match?.[1] ?? '';
  });
  afterEach(async () => { await ctx.app.close(); ctx.cleanup(); });

  it('shows <img> tag for image files', async () => {
    const res = await ctx.app.inject({ method: 'GET', url: `/f/${fileId}` });
    expect(res.statusCode).toBe(200);
    expect(res.body).toContain('<img');
  });
});

describe('GET /files — copy link', () => {
  let ctx: TestContext;
  let token: string;

  beforeEach(async () => {
    ctx = await setup();
    token = await loginAs(ctx.app, 'alice', 'secret');
    await ctx.app.inject({
      method: 'POST',
      url: '/upload',
      cookies: { token },
      ...buildMultipart({ file: { filename: 'test.txt', contentType: 'text/plain', data: Buffer.from('hi') } }),
    });
  });
  afterEach(async () => { await ctx.app.close(); ctx.cleanup(); });

  it('shows Copy link button for each file', async () => {
    const res = await ctx.app.inject({ method: 'GET', url: '/files', cookies: { token } });
    expect(res.statusCode).toBe(200);
    expect(res.body).toContain('Copy link');
  });
});

describe('POST /files/:id/delete', () => {
  let ctx: TestContext;
  let token: string;
  let fileId: string;

  beforeEach(async () => {
    ctx = await setup();
    token = await loginAs(ctx.app, 'alice', 'secret');
    const uploadRes = await ctx.app.inject({
      method: 'POST',
      url: '/upload',
      cookies: { token },
      ...buildMultipart({ file: { filename: 'del.txt', contentType: 'text/plain', data: Buffer.from('bye') } }),
    });
    const match = uploadRes.body.match(/\/f\/([^/"]+)/);
    fileId = match?.[1] ?? '';
  });
  afterEach(async () => { await ctx.app.close(); ctx.cleanup(); });

  it('deletes and redirects to /files', async () => {
    const res = await ctx.app.inject({
      method: 'POST',
      url: `/files/${fileId}/delete`,
      cookies: { token },
    });
    expect(res.statusCode).toBe(302);
    expect(res.headers['location']).toBe('/files');
  });
});