package authz

import (
	"encoding/hex"
	"os"
	"testing"

	"golang.org/x/crypto/bcrypt"
)

func TestGenerateNewToken(t *testing.T) {
	token, hash, err := GenerateNewToken()
	if err != nil {
		t.Fatalf("GenerateNewToken failed: %v", err)
	}

	// Verify token length (32 bytes = 64 hex chars)
	if len(token) != TokenSize*2 {
		t.Errorf("Expected token length %d, got %d", TokenSize*2, len(token))
	}

	// Verify hash is valid bcrypt
	if len(hash) < 60 {
		t.Errorf("Hash length too short for bcrypt: %d", len(hash))
	}

	// Decode token back to bytes and verify hash matches
	tokenBytes, err := hex.DecodeString(token)
	if err != nil {
		t.Fatalf("Failed to decode token hex: %v", err)
	}

	err = bcrypt.CompareHashAndPassword([]byte(hash), tokenBytes)
	if err != nil {
		t.Errorf("Hash does not match token: %v", err)
	}
}

func TestTokenMap(t *testing.T) {
	// Create a temporary CSV file for testing
	tmpfile, err := os.CreateTemp("", "tokens*.csv")
	if err != nil {
		t.Fatalf("Failed to create temp file: %v", err)
	}
	defer os.Remove(tmpfile.Name())

	// Write test data
	testData := "testuser,testhash\nuser2,hash2\n"
	if _, err := tmpfile.Write([]byte(testData)); err != nil {
		t.Fatalf("Failed to write test data: %v", err)
	}
	tmpfile.Close()

	// Test loading tokens
	tm := NewTokenMap()
	err = tm.LoadTokensFromFile(tmpfile.Name())
	if err != nil {
		t.Fatalf("LoadTokensFromFile failed: %v", err)
	}

	// Verify loaded data
	if hash, ok := tm["testuser"]; !ok || hash != "testhash" {
		t.Errorf("Expected hash 'testhash' for testuser, got %v", hash)
	}
	if hash, ok := tm["user2"]; !ok || hash != "hash2" {
		t.Errorf("Expected hash 'hash2' for user2, got %v", hash)
	}

	// Test loading non-existent file
	err = tm.LoadTokensFromFile("nonexistent.csv")
	if err == nil {
		t.Error("Expected error when loading non-existent file")
	}
}