import { describe, it, expect, vi, afterEach } from "vitest";

vi.mock("server-only", () => ({}));

const { isAuthorizedCronRequest } = await import("@/lib/cron-auth");

function mkReq(authHeader: string | null): Request {
  return new Request("https://example.invalid/", {
    headers: authHeader ? { authorization: authHeader } : {},
  });
}

afterEach(() => {
  delete process.env.CRON_TOKEN;
});

describe("isAuthorizedCronRequest", () => {
  it("refuse si CRON_TOKEN absent côté serveur", () => {
    expect(isAuthorizedCronRequest(mkReq("Bearer anything"))).toBe(false);
  });

  it("refuse si pas d'en-tête Authorization", () => {
    process.env.CRON_TOKEN = "secret";
    expect(isAuthorizedCronRequest(mkReq(null))).toBe(false);
  });

  it("refuse si format incorrect (pas Bearer)", () => {
    process.env.CRON_TOKEN = "secret";
    expect(isAuthorizedCronRequest(mkReq("Basic secret"))).toBe(false);
    expect(isAuthorizedCronRequest(mkReq("Token secret"))).toBe(false);
  });

  it("refuse si token différent", () => {
    process.env.CRON_TOKEN = "secret";
    expect(isAuthorizedCronRequest(mkReq("Bearer wrong"))).toBe(false);
  });

  it("accepte si token exact", () => {
    process.env.CRON_TOKEN = "secret";
    expect(isAuthorizedCronRequest(mkReq("Bearer secret"))).toBe(true);
  });

  it("trim les espaces autour du token (defensive)", () => {
    process.env.CRON_TOKEN = "secret";
    expect(isAuthorizedCronRequest(mkReq("Bearer  secret  "))).toBe(true);
  });
});