mod common;

use axum::http::StatusCode;
use common::{
  delete_authed,
  get,
  get_authed,
  patch_json_authed,
  post_json,
  post_json_authed,
  put_json_authed,
  response_body,
  setup_app,
  setup_app_with_auth,
};
use tower::ServiceExt;

#[tokio::test]
async fn list_outgoing_shares_empty() {
  let (app, _, _, viewer) = setup_app_with_auth().await;
  let resp = app
    .clone()
    .oneshot(get_authed("/api/v1/shares/outgoing", &viewer))
    .await
    .unwrap();
  assert_eq!(resp.status(), StatusCode::OK);
  let body = response_body(resp).await;
  let shares = body.as_array().expect("array response");
  assert!(shares.is_empty());
}

#[tokio::test]
async fn list_incoming_shares_empty() {
  let (app, _, _, viewer) = setup_app_with_auth().await;
  let resp = app
    .clone()
    .oneshot(get_authed("/api/v1/shares/incoming", &viewer))
    .await
    .unwrap();
  assert_eq!(resp.status(), StatusCode::OK);
}

#[tokio::test]
async fn share_notifications_empty() {
  let (app, _, _, viewer) = setup_app_with_auth().await;
  let resp = app
    .clone()
    .oneshot(get_authed("/api/v1/notifications/shares", &viewer))
    .await
    .unwrap();
  assert_eq!(resp.status(), StatusCode::OK);
}

#[tokio::test]
async fn batch_delete_shares_requires_auth() {
  let (app, ..) = setup_app_with_auth().await;
  let resp = app
    .clone()
    .oneshot(post_json("/api/v1/shares/batch/delete", r#"{"ids":[]}"#))
    .await
    .unwrap();
  assert_eq!(resp.status(), StatusCode::UNAUTHORIZED);
}

#[tokio::test]
async fn batch_delete_shares_requires_editor() {
  let (app, _, _, viewer) = setup_app_with_auth().await;
  let resp = app
    .clone()
    .oneshot(post_json_authed(
      "/api/v1/shares/batch/delete",
      r#"{"ids":[]}"#,
      &viewer,
    ))
    .await
    .unwrap();
  assert_eq!(resp.status(), StatusCode::FORBIDDEN);
}

#[tokio::test]
async fn create_share_requires_editor() {
  let (app, _, _, viewer) = setup_app_with_auth().await;
  let fake_id = uuid::Uuid::now_v7();
  let body = format!(r#"{{"media_id":"{fake_id}","share_type":"link"}}"#);
  let resp = app
    .clone()
    .oneshot(post_json_authed("/api/v1/shares", &body, &viewer))
    .await
    .unwrap();
  assert_eq!(resp.status(), StatusCode::FORBIDDEN);
}

#[tokio::test]
async fn update_share_requires_editor() {
  let (app, _, _, viewer) = setup_app_with_auth().await;
  let fake_id = uuid::Uuid::now_v7();
  let resp = app
    .clone()
    .oneshot(patch_json_authed(
      &format!("/api/v1/shares/{fake_id}"),
      r#"{"permissions":["read"]}"#,
      &viewer,
    ))
    .await
    .unwrap();
  assert_eq!(resp.status(), StatusCode::FORBIDDEN);
}

#[tokio::test]
async fn delete_share_requires_editor() {
  let (app, _, _, viewer) = setup_app_with_auth().await;
  let fake_id = uuid::Uuid::now_v7();
  let resp = app
    .clone()
    .oneshot(delete_authed(&format!("/api/v1/shares/{fake_id}"), &viewer))
    .await
    .unwrap();
  assert_eq!(resp.status(), StatusCode::FORBIDDEN);
}

#[tokio::test]
async fn update_sync_device_requires_editor() {
  let (app, _, _, viewer) = setup_app_with_auth().await;
  let fake_id = uuid::Uuid::now_v7();
  let resp = app
    .clone()
    .oneshot(put_json_authed(
      &format!("/api/v1/sync/devices/{fake_id}"),
      r#"{"name":"renamed"}"#,
      &viewer,
    ))
    .await
    .unwrap();
  assert_eq!(resp.status(), StatusCode::FORBIDDEN);
}

#[tokio::test]
async fn media_list_no_auth() {
  let app = setup_app().await;
  let resp = app.oneshot(get("/api/v1/media")).await.unwrap();
  assert_eq!(resp.status(), StatusCode::OK);
}