use authzd::{CedarAuthorizer, CheckService};
use envoy_types::ext_authz::v3::pb::Authorization;
use std::sync::Arc;

mod common;

#[tokio::test]
async fn test_success_response() {
    let authorizer = Arc::new(CedarAuthorizer::new());
    let server = CheckService::new(authorizer);

    let headers = common::create_headers_with_auth("Bearer valid-token");
    let request = common::create_test_request_with_headers(headers);

    let response = server.check(request).await;
    assert!(response.is_ok());

    let check_response = response.unwrap().into_inner();
    assert!(check_response.status.is_some());

    let status = check_response.status.unwrap();
    assert_eq!(status.code, tonic::Code::Ok as i32);
}

#[tokio::test]
async fn test_multiple() {
    let authorizer = Arc::new(CedarAuthorizer::new());
    let server = CheckService::new(authorizer);

    let test_cases = vec![
        ("Bearer valid-token", true),
        ("Bearer invalid-token", false),
        ("Basic valid-token", false),
        ("", false),
    ];

    for (auth_value, should_succeed) in test_cases {
        let headers = common::create_headers_with_auth(auth_value);
        let request = common::create_test_request_with_headers(headers);

        let response = server.check(request).await;
        assert!(response.is_ok());

        let check_response = response.unwrap().into_inner();
        let status = check_response.status.unwrap();

        if should_succeed {
            assert_eq!(status.code, tonic::Code::Ok as i32);
        } else {
            assert_eq!(status.code, tonic::Code::Unauthenticated as i32);
        }
    }
}