package helper

import (
	"net/http"
	"net/http/httptest"
	"os"
	"testing"

	"github.com/alexedwards/scs/v2"
)

func TestSetCors_WhenNoCorsTrue(t *testing.T) {
	os.Setenv("NO_CORS", "true")
	defer os.Unsetenv("NO_CORS")

	rr := httptest.NewRecorder()

	SetCors(rr)

	h := rr.Header()

	if h.Get("Access-Control-Allow-Origin") != "*" {
		t.Errorf("expected Access-Control-Allow-Origin to be '*', got %q", h.Get("Access-Control-Allow-Origin"))
	}

	if h.Get("Access-Control-Allow-Methods") != "*" {
		t.Errorf("expected Access-Control-Allow-Methods to be '*', got %q", h.Get("Access-Control-Allow-Methods"))
	}

	if h.Get("Access-Control-Allow-Headers") != "*" {
		t.Errorf("expected Access-Control-Allow-Headers to be '*', got %q", h.Get("Access-Control-Allow-Headers"))
	}
}

func TestSetCors_WhenNoCorsFalse(t *testing.T) {
	os.Setenv("NO_CORS", "false")
	defer os.Unsetenv("NO_CORS")

	rr := httptest.NewRecorder()

	SetCors(rr)

	h := rr.Header()
	if h.Get("Access-Control-Allow-Origin") != "" ||
		h.Get("Access-Control-Allow-Methods") != "" ||
		h.Get("Access-Control-Allow-Headers") != "" {
		t.Errorf("CORS headers should not be set when NO_CORS=false")
	}
}

func TestRequiresLogin_DebugMode_NoRedirect(t *testing.T) {
	os.Setenv("GO_ENV", "debug")
	defer os.Unsetenv("GO_ENV")

	session := scs.New()

	req := httptest.NewRequest("GET", "/", nil)
	rr := httptest.NewRecorder()

	RequiresLogin(session, rr, req)

	if rr.Result().StatusCode == http.StatusSeeOther {
		t.Errorf("expected no redirect in debug mode")
	}
}

// func TestRequiresLogin_UserExists_NoRedirect(t *testing.T) {
// 	os.Setenv("GO_ENV", "production")
// 	defer os.Unsetenv("GO_ENV")

// 	session := scs.New()

// 	req := httptest.NewRequest("GET", "/", nil)
// 	ctx, err := session.Load(req.Context(), "")
// 	if err != nil {
// 		t.Fatalf("session load error: %v", err)
// 	}

// 	ctx = session.Put(ctx, "user", "123")
// 	req = req.WithContext(context.WithValue(ctx, "session", session))

// 	rr := httptest.NewRecorder()

// 	yourpkg.RequiresLogin(session, rr, req)

// 	if rr.Result().StatusCode == http.StatusSeeOther {
// 		t.Errorf("expected no redirect when user exists")
// 	}
// }

// func TestRequiresLogin_NoUser_Redirects(t *testing.T) {
// 	os.Setenv("GO_ENV", "production")
// 	defer os.Unsetenv("GO_ENV")

// 	session := scs.New()

// 	req := httptest.NewRequest("GET", "/", nil)
// 	req = req.WithContext(context.WithValue(req.Context(), "session", session))

// 	rr := httptest.NewRecorder()

// 	RequiresLogin(session, rr, req)

// 	if rr.Result().StatusCode != http.StatusSeeOther {
// 		t.Errorf("expected redirect when user does not exist, got %d", rr.Result().StatusCode)
// 	}

// 	location := rr.Result().Header.Get("Location")
// 	if location != "/user/login" {
// 		t.Errorf("expected redirect to /user/login, got %q", location)
// 	}
// }