package handler

import (
	"baron-sso-backend/internal/domain"
	"context"
	"encoding/json"
	"net/http"
	"net/http/httptest"
	"testing"
	"time"

	"github.com/gofiber/fiber/v2"
	"github.com/stretchr/testify/require"
)

type fakeDataIntegrityChecker struct {
	calls  int
	report domain.DataIntegrityReport
	err    error
}

func (f *fakeDataIntegrityChecker) CheckDataIntegrity(ctx context.Context) (domain.DataIntegrityReport, error) {
	f.calls++
	return f.report, f.err
}

func TestAdminHandler_GetDataIntegrityRequiresSuperAdmin(t *testing.T) {
	checker := &fakeDataIntegrityChecker{}
	h := &AdminHandler{IntegrityChecker: checker}
	app := fiber.New()
	app.Use(func(c *fiber.Ctx) error {
		c.Locals("user_profile", &domain.UserProfileResponse{ID: "tenant-admin", Role: domain.RoleTenantAdmin})
		return c.Next()
	})
	app.Get("/api/v1/admin/integrity", h.GetDataIntegrity)

	req := httptest.NewRequest(http.MethodGet, "/api/v1/admin/integrity", nil)
	resp, err := app.Test(req)
	require.NoError(t, err)
	require.Equal(t, http.StatusForbidden, resp.StatusCode)
	require.Equal(t, 0, checker.calls)
}

func TestAdminHandler_GetDataIntegrityReturnsReportForSuperAdmin(t *testing.T) {
	checkedAt := time.Date(2026, 5, 14, 0, 0, 0, 0, time.UTC)
	checker := &fakeDataIntegrityChecker{
		report: domain.DataIntegrityReport{
			Status:    domain.DataIntegrityStatusFail,
			CheckedAt: checkedAt,
			Summary: domain.DataIntegritySummary{
				TotalChecks: 1,
				Failures:    1,
			},
			Sections: []domain.DataIntegritySection{
				{
					Key:    "tenant_integrity",
					Label:  "테넌트 정합성",
					Status: domain.DataIntegrityStatusFail,
					Checks: []domain.DataIntegrityCheck{
						{
							Key:      "duplicate_tenant_slugs",
							Label:    "중복 테넌트 slug",
							Status:   domain.DataIntegrityStatusFail,
							Count:    1,
							Severity: "error",
						},
					},
				},
			},
		},
	}
	h := &AdminHandler{IntegrityChecker: checker}
	app := fiber.New()
	app.Use(func(c *fiber.Ctx) error {
		c.Locals("user_profile", &domain.UserProfileResponse{ID: "super", Role: domain.RoleSuperAdmin})
		return c.Next()
	})
	app.Get("/api/v1/admin/integrity", h.GetDataIntegrity)

	req := httptest.NewRequest(http.MethodGet, "/api/v1/admin/integrity", nil)
	resp, err := app.Test(req)
	require.NoError(t, err)
	require.Equal(t, http.StatusOK, resp.StatusCode)
	require.Equal(t, 1, checker.calls)

	var body domain.DataIntegrityReport
	require.NoError(t, json.NewDecoder(resp.Body).Decode(&body))
	require.Equal(t, domain.DataIntegrityStatusFail, body.Status)
	require.Equal(t, int64(1), body.Summary.Failures)
	require.Len(t, body.Sections, 1)
	require.Equal(t, "tenant_integrity", body.Sections[0].Key)
}