use authzd::{CedarAuthorizer, CheckService};
use common::*;
use envoy_types::ext_authz::v3::pb::Authorization;
use envoy_types::pb::envoy::service::auth::v3::attribute_context::HttpRequest;
use std::sync::Arc;

mod authorization;
mod common;

#[tokio::test]
async fn test_success_response() {
    let authorizer = Arc::new(CedarAuthorizer::new());
    let server = CheckService::new(authorizer);
    let request = tonic::Request::new(factory_bot::create_request(|item: &mut HttpRequest| {
        item.headers = factory_bot::build_headers(vec![(
            "authorization".to_string(),
            "Bearer valid-token".to_string(),
        )])
    }));

    let response = server.check(request).await;
    assert!(response.is_ok());

    let check_response = response.unwrap().into_inner();
    assert!(check_response.status.is_some());

    let status = check_response.status.unwrap();
    assert_eq!(status.code, tonic::Code::Ok as i32);
}

#[tokio::test]
async fn test_multiple() {
    let authorizer = Arc::new(CedarAuthorizer::new());
    let server = CheckService::new(authorizer);

    let test_cases = vec![
        ("Bearer valid-token", true),
        ("Bearer invalid-token", false),
        ("Basic valid-token", false),
        ("", false),
    ];

    for (auth_value, should_succeed) in test_cases {
        let request = tonic::Request::new(factory_bot::create_request(|item: &mut HttpRequest| {
            item.headers = factory_bot::build_headers(vec![(
                "authorization".to_string(),
                auth_value.to_string(),
            )]);
        }));

        let response = server.check(request).await;
        assert!(response.is_ok());

        let check_response = response.unwrap().into_inner();
        let status = check_response.status.unwrap();

        if should_succeed {
            assert_eq!(status.code, tonic::Code::Ok as i32);
        } else {
            assert_eq!(status.code, tonic::Code::Unauthenticated as i32);
        }
    }
}