package jwt

import (
	"database/sql"
	"testing"

	"github.com/DATA-DOG/go-sqlmock"
	"github.com/stretchr/testify/require"
)

func expectNotRevoked(mock sqlmock.Sqlmock, jti any) {
	mock.ExpectBegin()
	mock.ExpectQuery(`SELECT 1 FROM jwtblacklist`).
		WithArgs(jti).
		WillReturnRows(sqlmock.NewRows([]string{}))
	mock.ExpectCommit()
}

func TestValidateAccess_Success(t *testing.T) {
	gen, mock, cleanup := newGeneratorWithMockDB(t)
	defer cleanup()

	tokenStr, _, err := gen.NewAccess(42, true, false)
	require.NoError(t, err)

	// We don't know the JTI beforehand; match any arg
	expectNotRevoked(mock, sqlmock.AnyArg())

	tx, err := gen.db.Begin()
	require.NoError(t, err)
	defer tx.Rollback()

	token, err := gen.ValidateAccess(tx, tokenStr)
	require.NoError(t, err)
	require.Equal(t, 42, token.SUB)
	require.Equal(t, "access", token.Scope)
	tx.Commit()
}

func TestValidateAccess_NoDB(t *testing.T) {
	gen := newGeneratorWithNoDB(t)

	tokenStr, _, err := gen.NewAccess(42, true, false)
	require.NoError(t, err)

	// Use nil transaction for no-db case
	var tx *sql.Tx = nil

	token, err := gen.ValidateAccess(tx, tokenStr)
	require.NoError(t, err)
	require.Equal(t, 42, token.SUB)
	require.Equal(t, "access", token.Scope)
}

func TestValidateRefresh_Success(t *testing.T) {
	gen, mock, cleanup := newGeneratorWithMockDB(t)
	defer cleanup()

	tokenStr, _, err := gen.NewRefresh(42, false)
	require.NoError(t, err)

	expectNotRevoked(mock, sqlmock.AnyArg())

	tx, err := gen.db.Begin()
	require.NoError(t, err)
	defer tx.Rollback()

	token, err := gen.ValidateRefresh(tx, tokenStr)
	require.NoError(t, err)
	require.Equal(t, 42, token.SUB)
	require.Equal(t, "refresh", token.Scope)
	tx.Commit()
}

func TestValidateRefresh_NoDB(t *testing.T) {
	gen := newGeneratorWithNoDB(t)

	tokenStr, _, err := gen.NewRefresh(42, false)
	require.NoError(t, err)

	// Use nil transaction for no-db case
	var tx *sql.Tx = nil

	token, err := gen.ValidateRefresh(tx, tokenStr)
	require.NoError(t, err)
	require.Equal(t, 42, token.SUB)
	require.Equal(t, "refresh", token.Scope)
}

func TestValidateAccess_EmptyToken(t *testing.T) {
	gen := newTestGenerator(t)

	// Use nil transaction
	var tx *sql.Tx = nil

	_, err := gen.ValidateAccess(tx, "")
	require.Error(t, err)
}

func TestValidateRefresh_WrongScope(t *testing.T) {
	gen := newTestGenerator(t)

	// Create access token but validate as refresh
	tokenStr, _, err := gen.NewAccess(1, false, false)
	require.NoError(t, err)

	// Use nil transaction
	var tx *sql.Tx = nil

	_, err = gen.ValidateRefresh(tx, tokenStr)
	require.Error(t, err)
}