package authserver

import (
	"net/http"
	"net/http/httptest"
	"net/url"
	"testing"

	"github.com/gin-gonic/gin"
	"github.com/stretchr/testify/assert"

	"edge-infra.dev/pkg/edge/auth-proxy/session"
)

func TestGetClusterEdgeIdFromPath(t *testing.T) {
	t.Parallel()

	tests := map[string]struct {
		path         string
		expClusterID string
	}{
		"Remoteaccess without subpath": {
			path:         "/remoteaccess/abcd",
			expClusterID: "",
		},
		"Remoteaccess with trailing slash": {
			path:         "/remoteaccess/abcd/",
			expClusterID: "abcd",
		},
		"Remoteaccess with subpath": {
			path:         "/remoteaccess/abcd/a",
			expClusterID: "abcd",
		},
		"Missing / Prefix": {
			path:         "remoteaccess/abcd/a/a",
			expClusterID: "",
		},
		"Incorrect Prefix": {
			path:         "/grafana/abcd/a",
			expClusterID: "",
		},
	}

	for name, tc := range tests {
		tc := tc
		t.Run(name, func(t *testing.T) {
			t.Parallel()

			out := getClusterEdgeIDFromPath(tc.path)
			assert.Equal(t, tc.expClusterID, out)
		})
	}
}

func TestRejectAdditionalSlashes(t *testing.T) {
	t.Parallel()

	tests := map[string]struct {
		path   string
		expErr assert.ErrorAssertionFunc
	}{
		"Clean path": {
			path:   "/abcd/efgh",
			expErr: assert.NoError,
		},
		"Double slash": {
			path:   "/abcd//efgh",
			expErr: assert.Error,
		},
		"Empty path": {
			path:   "http://example.com.",
			expErr: assert.NoError,
		},
		"Root dir": {
			path:   "/",
			expErr: assert.NoError,
		},
		"Current Dir": {
			path:   "/.",
			expErr: assert.Error,
		},
		"Parent dir": {
			path:   "/abcd/../efgh",
			expErr: assert.Error,
		},
		"Current dir in path": {
			path:   "/abcd/./efgh",
			expErr: assert.Error,
		},
		"escaped slash": {
			path:   "/" + url.PathEscape("/abcd//efgh"),
			expErr: assert.NoError,
		},
		"Trailing Slash": {
			path:   "/abcd/",
			expErr: assert.NoError,
		},
		"Double trailing slash": {
			path:   "/abcd//",
			expErr: assert.Error,
		},
		"novnc single slash": {
			path:   "/abcd/novnc/ws",
			expErr: assert.NoError,
		},
		"novnc double slash": {
			// Temporarily the novnc ws endpoint must accept a double slash for
			// bwc. This exception will be removed in a future release
			path:   "/abcd/novnc//ws",
			expErr: assert.NoError,
		},
		"novnc triple slash": {
			// novnc with a tripple slash should be rejected as this is an
			// unexpected call
			path:   "/abcd/novnc///ws",
			expErr: assert.Error,
		},
		"novnc other path double slash": {
			// There should only be an exception for the novnc ws endpoint
			path:   "/abcd/novnc//authorize",
			expErr: assert.Error,
		},
	}

	for name, tc := range tests {
		tc := tc
		t.Run(name, func(t *testing.T) {
			t.Parallel()

			r := httptest.NewRecorder()
			ctx, _ := gin.CreateTestContext(r)

			req := httptest.NewRequest(http.MethodGet, tc.path, nil)
			ctx.Request = req

			as := &AuthServer{}

			err := (*AuthServer).rejectDuplicateSlashes(as, ctx, session.NewMockSessions())
			tc.expErr(t, err)
		})
	}
}