<?php

namespace Tests\Feature;

use App\Models\Sysparam;
use App\Models\User;
use App\Models\UsernameBlacklist;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Redis;
use Illuminate\Support\Facades\Validator;
use Tests\TestCase;

class AuthControllerTest extends TestCase
{
    use RefreshDatabase;

    protected function setUp(): void
    {
        parent::setUp();

        // Mock captcha validation to always pass
        Validator::extend('captcha', function () {
            return true;
        });

        // Mock Sysparam to return a default superlevel
        Sysparam::updateOrCreate(
            ['alias' => 'superlevel'],
            ['body' => '100']
        );
    }

    public function test_can_register_new_user()
    {
        Redis::shouldReceive('sismember')->with('banned_ips', '127.0.0.1')->andReturn(false);

        $response = $this->postJson('/login', [
            'username' => 'newuser',
            'password' => 'secret123',
            'captcha' => '1234',
            'bSex' => '1',
        ]);

        $response->assertStatus(200)
            ->assertJsonPath('status', 'success');

        $this->assertDatabaseHas('users', [
            'username' => 'newuser',
            'user_level' => 1,
            'sex' => 1,
        ]);

        $this->assertAuthenticated();
    }

    public function test_cannot_register_with_blacklisted_username()
    {
        Redis::shouldReceive('sismember')->with('banned_ips', '127.0.0.1')->andReturn(false);

        UsernameBlacklist::create([
            'username' => 'admin',
            'type' => 'permanent',
        ]);

        $response = $this->postJson('/login', [
            'username' => 'admin',
            'password' => 'secret123',
            'captcha' => '1234',
        ]);

        $response->assertStatus(422)
            ->assertJsonPath('status', 'error');

        $this->assertDatabaseMissing('users', [
            'username' => 'admin',
        ]);

        $this->assertGuest();
    }

    public function test_can_login_existing_user()
    {
        Redis::shouldReceive('sismember')->with('banned_ips', '127.0.0.1')->andReturn(false);

        $user = User::factory()->create([
            'username' => 'testuser',
            'password' => Hash::make('password123'),
        ]);

        $response = $this->postJson('/login', [
            'username' => 'testuser',
            'password' => 'password123',
            'captcha' => '1234',
        ]);

        $response->assertStatus(200)
            ->assertJsonPath('status', 'success');

        $this->assertAuthenticatedAs($user);
    }

    public function test_login_md5_user_upgrades_to_bcrypt()
    {
        Redis::shouldReceive('sismember')->with('banned_ips', '127.0.0.1')->andReturn(false);

        $password = 'oldsecret';
        $user = User::factory()->create([
            'username' => 'olduser',
            'password' => 'temp',
        ]);

        \Illuminate\Support\Facades\DB::table('users')
            ->where('id', $user->id)
            ->update(['password' => md5($password)]);

        $response = $this->postJson('/login', [
            'username' => 'olduser',
            'password' => $password,
            'captcha' => '1234',
        ]);

        if ($response->status() !== 200) {
            dd($response->json());
        }

        $response->assertStatus(200)
            ->assertJsonPath('status', 'success');

        $user->refresh();
        $this->assertTrue(Hash::check($password, $user->password));
        $this->assertAuthenticatedAs($user);
    }

    public function test_banned_user_cannot_login()
    {
        $user = User::factory()->create([
            'username' => 'banneduser',
            'password' => Hash::make('secret123'),
            'user_level' => -1, // banned
        ]);

        $response = $this->postJson('/login', [
            'username' => 'banneduser',
            'password' => 'secret123',
            'captcha' => '1234',
        ]);

        $response->assertStatus(403)
            ->assertJsonPath('status', 'error');

        $this->assertGuest();
    }

    public function test_banned_ip_cannot_login()
    {
        Redis::shouldReceive('sismember')->with('banned_ips', '127.0.0.1')->andReturn(true);

        $user = User::factory()->create([
            'username' => 'normaluser',
            'password' => Hash::make('secret'),
        ]);

        $response = $this->postJson('/login', [
            'username' => 'normaluser',
            'password' => 'secret',
            'captcha' => '1234',
        ]);

        $response->assertStatus(403);
        $this->assertGuest();
    }

    public function test_can_logout()
    {
        /** @var \App\Models\User $user */
        $user = User::factory()->create();

        $response = $this->actingAs($user)->post('/logout');

        $response->assertRedirect('/');
        $this->assertGuest();
    }
}