import { tap, expect } from '@git.zone/tstest/tapbundle';
import { ApiTokenManager } from '../ts/config/classes.api-token-manager.js';
import { DcRouterDb } from '../ts/db/index.js';
import * as plugins from '../ts/plugins.js';

const createTestDb = async () => {
  const storagePath = plugins.path.join(
    plugins.os.tmpdir(),
    `dcrouter-api-token-manager-${Date.now()}-${Math.random().toString(16).slice(2)}`,
  );

  DcRouterDb.resetInstance();
  const db = DcRouterDb.getInstance({
    storagePath,
    dbName: `dcrouter-api-token-manager-${Date.now()}-${Math.random().toString(16).slice(2)}`,
  });
  await db.start();
  await db.getDb().mongoDb.createCollection('__test_init');

  return {
    async cleanup() {
      await db.stop();
      DcRouterDb.resetInstance();
      await plugins.fs.promises.rm(storagePath, { recursive: true, force: true });
    },
  };
};

tap.test('ApiTokenManager seeds and rotates an env admin API token', async () => {
  const previousToken = process.env.DCROUTER_ADMIN_API_TOKEN;
  const previousName = process.env.DCROUTER_ADMIN_API_TOKEN_NAME;
  const testDb = await createTestDb();

  try {
    const rawToken1 = `dcr_${plugins.crypto.randomBytes(32).toString('base64url')}`;
    const rawToken2 = `dcr_${plugins.crypto.randomBytes(32).toString('base64url')}`;
    process.env.DCROUTER_ADMIN_API_TOKEN = rawToken1;
    process.env.DCROUTER_ADMIN_API_TOKEN_NAME = 'Onebox Managed Admin';

    const manager = new ApiTokenManager();
    await manager.initialize();

    const token1 = await manager.validateToken(rawToken1);
    expect(token1?.id).toEqual('env-admin-token');
    expect(token1?.name).toEqual('Onebox Managed Admin');
    expect(token1?.policy?.role).toEqual('admin');
    expect(manager.hasScope(token1!, 'tokens:manage')).toEqual(true);

    const listedToken = manager.listTokens().find((token) => token.id === 'env-admin-token') as any;
    expect(listedToken.tokenHash).toBeUndefined();

    process.env.DCROUTER_ADMIN_API_TOKEN = rawToken2;
    const rotatedManager = new ApiTokenManager();
    await rotatedManager.initialize();

    expect(await rotatedManager.validateToken(rawToken1)).toBeNull();
    const token2 = await rotatedManager.validateToken(rawToken2);
    expect(token2?.id).toEqual('env-admin-token');
    expect(token2?.policy?.role).toEqual('admin');
  } finally {
    if (previousToken === undefined) {
      delete process.env.DCROUTER_ADMIN_API_TOKEN;
    } else {
      process.env.DCROUTER_ADMIN_API_TOKEN = previousToken;
    }
    if (previousName === undefined) {
      delete process.env.DCROUTER_ADMIN_API_TOKEN_NAME;
    } else {
      process.env.DCROUTER_ADMIN_API_TOKEN_NAME = previousName;
    }
    await testDb.cleanup();
  }
});

export default tap.start();