// Tests for auth/token.ts
// Pure unit tests - no database needed

import assert from "node:assert/strict";
import { describe, it } from "node:test";
import {
    generateToken,
    hashToken,
    parseAuthorizationHeader,
    SESSION_COOKIE_NAME,
} from "./token";

describe("token", () => {
    describe("generateToken", () => {
        it("generates a non-empty string", () => {
            const token = generateToken();
            assert.equal(typeof token, "string");
            assert.ok(token.length > 0);
        });

        it("generates unique tokens", () => {
            const tokens = new Set<string>();
            for (let i = 0; i < 100; i++) {
                tokens.add(generateToken());
            }
            assert.equal(tokens.size, 100);
        });

        it("generates base64url encoded tokens", () => {
            const token = generateToken();
            // base64url uses A-Z, a-z, 0-9, -, _
            assert.match(token, /^[A-Za-z0-9_-]+$/);
        });
    });

    describe("hashToken", () => {
        it("returns a hex string", () => {
            const hash = hashToken("test-token");
            assert.match(hash, /^[a-f0-9]+$/);
        });

        it("returns consistent hash for same input", () => {
            const hash1 = hashToken("test-token");
            const hash2 = hashToken("test-token");
            assert.equal(hash1, hash2);
        });

        it("returns different hash for different input", () => {
            const hash1 = hashToken("token-1");
            const hash2 = hashToken("token-2");
            assert.notEqual(hash1, hash2);
        });

        it("returns 64 character hash (SHA-256)", () => {
            const hash = hashToken("test-token");
            assert.equal(hash.length, 64);
        });
    });

    describe("parseAuthorizationHeader", () => {
        it("returns null for undefined header", () => {
            assert.equal(parseAuthorizationHeader(undefined), null);
        });

        it("returns null for empty string", () => {
            assert.equal(parseAuthorizationHeader(""), null);
        });

        it("returns null for non-bearer auth", () => {
            assert.equal(parseAuthorizationHeader("Basic abc123"), null);
        });

        it("returns null for malformed header", () => {
            assert.equal(parseAuthorizationHeader("Bearer"), null);
            assert.equal(parseAuthorizationHeader("Bearer token extra"), null);
        });

        it("extracts token from valid bearer header", () => {
            assert.equal(parseAuthorizationHeader("Bearer abc123"), "abc123");
        });

        it("is case-insensitive for Bearer keyword", () => {
            assert.equal(parseAuthorizationHeader("bearer abc123"), "abc123");
            assert.equal(parseAuthorizationHeader("BEARER abc123"), "abc123");
        });
    });

    describe("SESSION_COOKIE_NAME", () => {
        it("is defined", () => {
            assert.equal(typeof SESSION_COOKIE_NAME, "string");
            assert.ok(SESSION_COOKIE_NAME.length > 0);
        });
    });
});