<?php

namespace Tests\Feature;

use App\Models\User;
use App\Models\Person;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Laravel\Sanctum\Sanctum;
use Tests\TestCase;

class PersonApiAuthTest extends TestCase
{
    use RefreshDatabase;

    /**
     * Test that unauthenticated users receive 401 when accessing index endpoint
     */
    public function test_unauthenticated_users_cannot_access_index(): void
    {
        $response = $this->getJson('/api/persons');
        
        $response->assertStatus(401)
            ->assertJson([
                'message' => 'Unauthenticated.'
            ]);
    }

    /**
     * Test that unauthenticated users receive 401 when accessing show endpoint
     */
    public function test_unauthenticated_users_cannot_access_show(): void
    {
        $person = Person::factory()->create();
        
        $response = $this->getJson("/api/persons/{$person->person_id}");
        
        $response->assertStatus(401)
            ->assertJson([
                'message' => 'Unauthenticated.'
            ]);
    }

    /**
     * Test that unauthenticated users receive 401 when accessing store endpoint
     */
    public function test_unauthenticated_users_cannot_access_store(): void
    {
        $personData = [
            'surname' => 'New',
            'christian_name' => 'Person',
            'full_name' => 'New Person',
        ];

        $response = $this->postJson('/api/persons', $personData);
        
        $response->assertStatus(401)
            ->assertJson([
                'message' => 'Unauthenticated.'
            ]);
    }

    /**
     * Test that unauthenticated users receive 401 when accessing update endpoint
     */
    public function test_unauthenticated_users_cannot_access_update(): void
    {
        $person = Person::factory()->create();
        
        $updateData = [
            'surname' => 'Updated',
            'christian_name' => 'Person',
        ];

        $response = $this->putJson("/api/persons/{$person->person_id}", $updateData);
        
        $response->assertStatus(401)
            ->assertJson([
                'message' => 'Unauthenticated.'
            ]);
    }

    /**
     * Test that unauthenticated users receive 401 when accessing delete endpoint
     */
    public function test_unauthenticated_users_cannot_access_delete(): void
    {
        $person = Person::factory()->create();
        
        $response = $this->deleteJson("/api/persons/{$person->person_id}");
        
        $response->assertStatus(401)
            ->assertJson([
                'message' => 'Unauthenticated.'
            ]);
    }

    /**
     * Test that unauthenticated users receive 401 when accessing custom endpoints
     */
    public function test_unauthenticated_users_cannot_access_custom_endpoints(): void
    {
        Person::factory()->create(['id_card_no' => 'TEST-12345']);
        
        $response = $this->getJson("/api/persons/id-card/TEST-12345");
        
        $response->assertStatus(401)
            ->assertJson([
                'message' => 'Unauthenticated.'
            ]);
    }

    /**
     * Test that invalid tokens result in a 401 response
     */
    public function test_invalid_tokens_result_in_401(): void
    {
        // Test with a completely invalid token
        $response = $this->withHeader('Authorization', 'Bearer invalid-token-here')
            ->getJson('/api/persons');
        
        $response->assertStatus(401)
            ->assertJson([
                'message' => 'Unauthenticated.'
            ]);
    }

    /**
     * Test that expired tokens result in a 401 response
     */
    public function test_expired_tokens_result_in_401(): void
    {
        // Create a user
        $user = User::factory()->create();
        
        // Generate token
        $token = $user->createToken('test-token')->plainTextToken;

        // Revoke the token to simulate expiration
        $user->tokens()->delete();

        // Try to use the now-revoked token
        $response = $this->withHeader('Authorization', 'Bearer ' . $token)
            ->getJson('/api/persons');
        
        $response->assertStatus(401)
            ->assertJson([
                'message' => 'Unauthenticated.'
            ]);
    }

    /**
     * Test that authenticated users can access protected endpoints
     */
    public function test_authenticated_users_can_access_protected_endpoints(): void
    {
        // Create and authenticate a user
        $user = User::factory()->create();
        Sanctum::actingAs($user);

        // Test the index endpoint
        $response = $this->getJson('/api/persons');
        $response->assertStatus(200);

        // Test creating a person
        $personData = [
            'surname' => 'Test',
            'christian_name' => 'User',
            'full_name' => 'Test User',
        ];
        
        $response = $this->postJson('/api/persons', $personData);
        $response->assertStatus(201);

        // Get the created person ID
        $personId = $response->json('data.person_id');

        // Test getting a specific person
        $response = $this->getJson("/api/persons/{$personId}");
        $response->assertStatus(200);

        // Test updating a person
        $updateData = [
            'surname' => 'Updated',
        ];
        
        $response = $this->putJson("/api/persons/{$personId}", $updateData);
        $response->assertStatus(200);

        // Test deleting a person
        $response = $this->deleteJson("/api/persons/{$personId}");
        $response->assertStatus(200);
    }

    /**
     * Test that the login endpoint returns the correct JSON structure
     */
    public function test_login_returns_proper_json_response(): void
    {
        // Create a test user
        $user = User::factory()->create([
            'email' => 'test@example.com',
            'password' => bcrypt('password123'),
        ]);

        $response = $this->postJson('/api/login', [
            'email' => 'test@example.com',
            'password' => 'password123',
            'device_name' => 'test_device',
        ]);

        $response->assertStatus(200)
            ->assertJsonStructure([
                'success',
                'message',
                'token',
                'token_type',
                'expires_at',
                'user' => [
                    'id',
                    'name',
                    'email',
                    'is_admin',
                    'abilities',
                ]
            ])
            ->assertJson([
                'success' => true,
                'message' => 'User signed in successfully',
                'token_type' => 'Bearer',
            ]);
    }
}