package auth

import (
	"context"
	"fmt"
	"io/ioutil"
	"net/http"
	"testing"
	"time"

	"cdr.dev/slog"
	"forge.cadoles.com/arcad/edge/pkg/app"
	edgeHTTP "forge.cadoles.com/arcad/edge/pkg/http"
	"forge.cadoles.com/arcad/edge/pkg/module"
	"github.com/golang-jwt/jwt"
	"github.com/pkg/errors"
	"gitlab.com/wpetit/goweb/logger"
)

func TestAuthModule(t *testing.T) {
	t.Parallel()

	logger.SetLevel(slog.LevelDebug)

	keyFunc, secret := getKeyFunc()

	server := app.NewServer(
		module.ConsoleModuleFactory(),
		ModuleFactory(
			WithJWT(keyFunc),
		),
	)

	data, err := ioutil.ReadFile("testdata/auth.js")
	if err != nil {
		t.Fatal(err)
	}

	if err := server.Load("testdata/auth.js", string(data)); err != nil {
		t.Fatal(err)
	}

	if err := server.Start(); err != nil {
		t.Fatalf("%+v", errors.WithStack(err))
	}

	defer server.Stop()

	req, err := http.NewRequest("GET", "/foo", nil)
	if err != nil {
		t.Fatalf("%+v", errors.WithStack(err))
	}

	token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
		"sub": "jdoe",
		"nbf": time.Now().UTC().Unix(),
	})

	rawToken, err := token.SignedString(secret)
	if err != nil {
		t.Fatalf("%+v", errors.WithStack(err))
	}

	req.Header.Add("Authorization", "Bearer "+rawToken)

	ctx := context.WithValue(context.Background(), edgeHTTP.ContextKeyOriginRequest, req)

	if _, err := server.ExecFuncByName(ctx, "testAuth", ctx); err != nil {
		t.Fatalf("%+v", errors.WithStack(err))
	}
}

func TestAuthAnonymousModule(t *testing.T) {
	t.Parallel()

	logger.SetLevel(slog.LevelDebug)

	keyFunc, _ := getKeyFunc()

	server := app.NewServer(
		module.ConsoleModuleFactory(),
		ModuleFactory(WithJWT(keyFunc)),
	)

	data, err := ioutil.ReadFile("testdata/auth_anonymous.js")
	if err != nil {
		t.Fatal(err)
	}

	if err := server.Load("testdata/auth_anonymous.js", string(data)); err != nil {
		t.Fatal(err)
	}

	if err := server.Start(); err != nil {
		t.Fatalf("%+v", errors.WithStack(err))
	}

	defer server.Stop()

	req, err := http.NewRequest("GET", "/foo", nil)
	if err != nil {
		t.Fatalf("%+v", errors.WithStack(err))
	}

	ctx := context.WithValue(context.Background(), edgeHTTP.ContextKeyOriginRequest, req)

	if _, err := server.ExecFuncByName(ctx, "testAuth", ctx); err != nil {
		t.Fatalf("%+v", errors.WithStack(err))
	}
}

func getKeyFunc() (jwt.Keyfunc, []byte) {
	secret := []byte("not_so_secret")

	keyFunc := func(t *jwt.Token) (interface{}, error) {
		if _, ok := t.Method.(*jwt.SigningMethodHMAC); !ok {
			return nil, fmt.Errorf("Unexpected signing method: %v", t.Header["alg"])
		}

		return secret, nil
	}

	return keyFunc, secret
}