package server

import (
	"bytes"
	"context"
	"net/http"
	"net/http/httptest"
	"testing"

	"github.com/stretchr/testify/assert"

	rulesengine "edge-infra.dev/pkg/sds/emergencyaccess/rules"
)

var (
	testRoleMap = map[string]map[string][]string{"ls": {
		"default":                              {"ea-read"},
		"2f9f5965-ed2a-4262-9fd9-9d2d8f8bee8a": {"ea-write"}},
	}
)

type validateCommandMock struct {
	fakeData map[string]map[string][]string
	RulesEngine
}

func (mreng validateCommandMock) GetEARolesForCommand(_ context.Context, command rulesengine.Command, bannerID string) ([]string, error) {
	data := mreng.fakeData[command.Name]["default"]
	data = append(data, mreng.fakeData[command.Name][bannerID]...)
	return data, nil
}

func (mreng validateCommandMock) UserHasRoles(_ string, eaRoles []string, userEARoles []string) bool {
	for _, iRole := range eaRoles {
		for _, uRole := range userEARoles {
			if uRole == iRole {
				return true
			}
		}
	}
	return false
}
func TestValidateCommand(t *testing.T) {
	t.Parallel()
	tests := map[string]struct {
		data      []byte
		expCode   int
		expOutput StringAssertionFunc
	}{
		"OK": {
			[]byte(`
			{
				"command": {
					"name": "ls",
					"type": "command"
				},
				"identity":{"userid":"user@ncr.com","earoles":["ea-read","ea-write"]}, 
							"target":{"bannerID":"2f9f5965-ed2a-4262-9fd9-9d2d8f8bee8a"}}
				`),
			200,
			JSONEq(`{"valid":true}`),
		},
		"No Command type specified": {
			[]byte(`
				{
					"command": {
						"name": "ls",
						"type": ""
					},
					"identity": {
						"userid": "user@ncr.com",
						"earoles": ["ea-read", "ea-write"]
					},
					"target": {"bannerID": "2f9f5965-ed2a-4262-9fd9-9d2d8f8bee8a"}
				}
			`),
			400,
			JSONEmpty(),
		},
		"No User specified": {
			[]byte(`
			{
				"command": {
					"name": "ls",
					"type": "command"
				},
				"identity":{"earoles":["ea-read","ea-write"]}, 
							"target":{"bannerID":"2f9f5965-ed2a-4262-9fd9-9d2d8f8bee8a"}}
				`),
			200,
			JSONEq(`{"valid":true}`),
		},
		"No Target": {
			[]byte(`{
				"command": {
					"name": "ls",
					"type": "command"
				},
				"identity":{"userid":"user@ncr.com","earoles":["ea-read"]}}
			`),
			400,
			JSONEmpty(),
		},
		"No EARoles": {
			[]byte(`
			{
				"command": {
					"name": "ls",
					"type": "command"
				},
				"identity":{"userid":"user@ncr.com","earoles":[]}, 
							"target":{"bannerID":"2f9f5965-ed2a-4262-9fd9-9d2d8f8bee8a"}}
				`),
			200,
			JSONEq(`{"valid":false}`),
		},
		"Malformed Target": {
			data: []byte(`{
				"command": {
					"name": "ls",
					"type": "command"
				},
				"identity":{"userid":"user@ncr.com","earoles":["ea-read"]},
					 "target":{"bannerID":"not-a-uuid"}}`),
			expCode:   400,
			expOutput: JSONEmpty()},
		"Malformed Payload": {
			data:      []byte(`{`),
			expCode:   400,
			expOutput: JSONEmpty()},
	}
	log := newLogger()
	for name, tc := range tests {
		tc := tc
		t.Run(name, func(t *testing.T) {
			t.Parallel()
			ruleseng := validateCommandMock{fakeData: testRoleMap}
			r := httptest.NewRecorder()
			_, ginEngine := getTestGinContext(r)
			_, err := New(ginEngine, ruleseng, log)
			assert.Nil(t, err)

			url := "/validatecommand"
			data := tc.data
			req, err := http.NewRequest(http.MethodPost, url, bytes.NewBuffer(data))
			assert.NoError(t, err)
			ginEngine.ServeHTTP(r, req)

			response := r.Result()
			assert.Equal(t, tc.expCode, response.StatusCode)

			tc.expOutput(t, r.Body.String(), r.Body.String())
		})
	}
}