package e2e

import (
	"fmt"
	"io"
	"net/http"
	"os"
	"strings"
	"testing"
)

func TestMaintenanceEndpointsRequireToken(t *testing.T) {
	config := `server:
  host: "127.0.0.1"
  port: 26550
logging:
  level: "error"
  format: "text"
security:
  access_tokens:
    - "legacy-token"
conversion:
  cache_timeout: 60
`

	app, _, cleanup := setupTestApplicationWithConfig(t, config)
	t.Cleanup(cleanup)

	server := app.GetHTTPServer()
	token := "legacy-token"

	tests := []struct {
		name           string
		method         string
		path           string
		authorizedPath string
		expectedBody   string
	}{
		{
			name:           "RefreshRules",
			method:         http.MethodGet,
			path:           "/refreshrules",
			authorizedPath: fmt.Sprintf("/refreshrules?token=%s", token),
			expectedBody:   "done\n",
		},
		{
			name:           "ReadConf",
			method:         http.MethodGet,
			path:           "/readconf",
			authorizedPath: fmt.Sprintf("/readconf?token=%s", token),
			expectedBody:   "done\n",
		},
		{
			name:           "FlushCache",
			method:         http.MethodGet,
			path:           "/flushcache",
			authorizedPath: fmt.Sprintf("/flushcache?token=%s", token),
			expectedBody:   "done",
		},
	}

	for _, tt := range tests {
		tt := tt
		t.Run(tt.name+"/Unauthorized", func(t *testing.T) {
			resp := doRequest(t, server, tt.method, tt.path)
			defer resp.Body.Close()

			if resp.StatusCode != http.StatusForbidden {
				t.Fatalf("expected 403 for %s, got %d", tt.path, resp.StatusCode)
			}
		})

		t.Run(tt.name+"/Authorized", func(t *testing.T) {
			resp := doRequest(t, server, tt.method, tt.authorizedPath)
			defer resp.Body.Close()

			if resp.StatusCode != http.StatusOK {
				t.Fatalf("expected 200 for %s, got %d", tt.authorizedPath, resp.StatusCode)
			}

			if ct := resp.Header.Get("Content-Type"); !strings.HasPrefix(ct, "text/plain") {
				t.Fatalf("expected text/plain content type, got %q", ct)
			}

			body, err := io.ReadAll(resp.Body)
			if err != nil {
				t.Fatalf("failed to read response body: %v", err)
			}

			if string(body) != tt.expectedBody {
				t.Fatalf("unexpected body for %s: got %q, want %q", tt.authorizedPath, string(body), tt.expectedBody)
			}
		})
	}
}

func TestUpdateConfRewritesConfiguration(t *testing.T) {
	initialConfig := `server:
  host: "127.0.0.1"
  port: 26560
logging:
  level: "error"
  format: "text"
security:
  access_tokens:
    - "legacy-token"
`

	app, configPath, cleanup := setupTestApplicationWithConfig(t, initialConfig)
	t.Cleanup(cleanup)

	server := app.GetHTTPServer()
	token := "legacy-token"

	updatedConfig := `server:
  host: "127.0.0.1"
  port: 28600
logging:
  level: "warning"
  format: "text"
security:
  access_tokens:
    - "legacy-token"
conversion:
  default_target: "surge"
`

	unauthorized := doRequestWithBody(t, server, http.MethodPost, "/updateconf?type=form", strings.NewReader(updatedConfig), map[string]string{"Content-Type": "text/plain"})
	defer unauthorized.Body.Close()
	if unauthorized.StatusCode != http.StatusForbidden {
		t.Fatalf("expected 403 when missing token, got %d", unauthorized.StatusCode)
	}

	resp := doRequestWithBody(t, server, http.MethodPost, fmt.Sprintf("/updateconf?type=form&token=%s", token), strings.NewReader(updatedConfig), map[string]string{"Content-Type": "text/plain"})
	defer resp.Body.Close()

	if resp.StatusCode != http.StatusOK {
		t.Fatalf("expected 200 for authorized updateconf, got %d", resp.StatusCode)
	}

	body, err := io.ReadAll(resp.Body)
	if err != nil {
		t.Fatalf("failed to read body: %v", err)
	}

	if string(body) != "done\n" {
		t.Fatalf("unexpected response body: got %q", string(body))
	}

	content, err := os.ReadFile(configPath)
	if err != nil {
		t.Fatalf("failed to read config file: %v", err)
	}

	if string(content) != updatedConfig {
		t.Fatalf("config file not updated, got %q, want %q", string(content), updatedConfig)
	}

	serverConfig := app.GetConfig().GetServerConfig()
	if serverConfig.Port != 28600 {
		t.Fatalf("expected server port to be 28600 after update, got %d", serverConfig.Port)
	}

	if app.GetConfig().GetConfig().Conversion.DefaultTarget != "surge" {
		t.Fatalf("expected default target to update to surge")
	}
}

func TestReadConfReloadsConfiguration(t *testing.T) {
	baseConfig := `server:
  host: "127.0.0.1"
  port: 26570
logging:
  level: "error"
  format: "text"
security:
  access_tokens:
    - "legacy-token"
`

	app, configPath, cleanup := setupTestApplicationWithConfig(t, baseConfig)
	t.Cleanup(cleanup)

	server := app.GetHTTPServer()
	token := "legacy-token"

	replacement := `server:
  host: "127.0.0.1"
  port: 29999
logging:
  level: "debug"
  format: "text"
security:
  access_tokens:
    - "legacy-token"
`

	if err := os.WriteFile(configPath, []byte(replacement), 0o644); err != nil {
		t.Fatalf("failed to overwrite config: %v", err)
	}

	resp := doRequest(t, server, http.MethodGet, fmt.Sprintf("/readconf?token=%s", token))
	defer resp.Body.Close()

	if resp.StatusCode != http.StatusOK {
		t.Fatalf("expected 200 from readconf, got %d", resp.StatusCode)
	}

	body, err := io.ReadAll(resp.Body)
	if err != nil {
		t.Fatalf("failed to read body: %v", err)
	}

	if string(body) != "done\n" {
		t.Fatalf("unexpected readconf body: got %q", string(body))
	}

	if app.GetConfig().GetServerConfig().Port != 29999 {
		t.Fatalf("expected server port reload to 29999")
	}

	if app.GetConfig().GetConfig().Logging.Level != "debug" {
		t.Fatalf("expected logging level to reload to debug")
	}
}

func TestFlushCacheClearsCache(t *testing.T) {
	config := `server:
  host: "127.0.0.1"
  port: 26580
logging:
  level: "error"
  format: "text"
security:
  access_tokens:
    - "legacy-token"
conversion:
  cache_timeout: 60
`

	app, _, cleanup := setupTestApplicationWithConfig(t, config)
	t.Cleanup(cleanup)

	server := app.GetHTTPServer()
	token := "legacy-token"

	unauthorized := doRequest(t, server, http.MethodGet, "/flushcache")
	defer unauthorized.Body.Close()
	if unauthorized.StatusCode != http.StatusForbidden {
		t.Fatalf("expected 403 for unauthorized flushcache, got %d", unauthorized.StatusCode)
	}

	resp := doRequest(t, server, http.MethodGet, fmt.Sprintf("/api/convert?target=clash&url=https://mock-subscribe.example.com&token=%s", token))
	defer resp.Body.Close()
	if resp.StatusCode != http.StatusOK {
		t.Fatalf("expected 200 from conversion request, got %d", resp.StatusCode)
	}

	stats := app.GetCacheStats()
	if stats.TotalSize == 0 && stats.Size == 0 {
		t.Fatalf("expected cache to record entries after conversion request")
	}

	flush := doRequest(t, server, http.MethodGet, fmt.Sprintf("/flushcache?token=%s", token))
	defer flush.Body.Close()

	if flush.StatusCode != http.StatusOK {
		t.Fatalf("expected 200 from flushcache, got %d", flush.StatusCode)
	}

	body, err := io.ReadAll(flush.Body)
	if err != nil {
		t.Fatalf("failed to read flush body: %v", err)
	}

	if string(body) != "done" {
		t.Fatalf("unexpected flush body: got %q", string(body))
	}

	if app.GetCacheStats().Size != 0 {
		t.Fatalf("expected cache size to reset to 0 after flush")
	}
}