const request = require("supertest")
const createServer = require("../createServer")
const clearBlacklist = require("./utils/clearBlacklist")
const withBlacklist = require("./utils/withBlacklist")
const withRevokedToken = require("./utils/withRevokedToken")
const withToken = require("./utils/withToken")

describe("The server", () => {
  let server
  beforeEach(() => {
    server = createServer()
  })

  it("rejects invalid package names", done => {
    request(server)
      .get("/_invalid/index.js")
      .end((err, res) => {
        expect(res.statusCode).toBe(403)
        done()
      })
  })

  it("redirects invalid query params", done => {
    request(server)
      .get("/react?main=index&invalid")
      .end((err, res) => {
        expect(res.statusCode).toBe(302)
        expect(res.headers.location).toBe("/react?main=index")
        done()
      })
  })

  it("redirects /_meta to ?meta", done => {
    request(server)
      .get("/_meta/react?main=index")
      .end((err, res) => {
        expect(res.statusCode).toBe(302)
        expect(res.headers.location).toBe("/react?main=index&meta")
        done()
      })
  })

  it("does not serve blacklisted packages", done => {
    withBlacklist(["bad-package"], () => {
      request(server)
        .get("/bad-package/index.js")
        .end((err, res) => {
          expect(res.statusCode).toBe(403)
          done()
        })
    })
  })

  describe("POST /_auth", () => {
    it("creates a new auth token", done => {
      request(server)
        .post("/_auth")
        .end((err, res) => {
          expect(res.body).toHaveProperty("token")
          done()
        })
    })
  })

  describe("GET /_auth", () => {
    describe("with no auth", () => {
      it("echoes back null", done => {
        request(server)
          .get("/_auth")
          .end((err, res) => {
            expect(res.body).toHaveProperty("auth")
            expect(res.body.auth).toBe(null)
            done()
          })
      })
    })

    describe("with a revoked auth token", () => {
      it("echoes back null", done => {
        withRevokedToken({ some: { scope: true } }, token => {
          request(server)
            .get("/_auth?token=" + token)
            .end((err, res) => {
              expect(res.body).toHaveProperty("auth")
              expect(res.body.auth).toBe(null)
              done()
            })
        })
      })
    })

    describe("with a valid auth token", () => {
      it("echoes back the auth payload", done => {
        withToken({ some: { scope: true } }, token => {
          request(server)
            .get("/_auth?token=" + token)
            .end((err, res) => {
              expect(res.body).toHaveProperty("auth")
              expect(typeof res.body.auth).toBe("object")
              done()
            })
        })
      })
    })
  })

  describe("GET /_publicKey", () => {
    it("echoes the public key", done => {
      request(server)
        .get("/_publicKey")
        .end((err, res) => {
          expect(res.text).toMatch(/PUBLIC KEY/)
          done()
        })
    })
  })

  describe("POST /_blacklist", () => {
    afterEach(clearBlacklist)

    describe("with no auth", () => {
      it("is forbidden", done => {
        request(server)
          .post("/_blacklist")
          .end((err, res) => {
            expect(res.statusCode).toBe(403)
            done()
          })
      })
    })

    describe('with the "blacklist.add" scope', () => {
      it("can add to the blacklist", done => {
        withToken({ blacklist: { add: true } }, token => {
          request(server)
            .post("/_blacklist")
            .send({ token, packageName: "bad-package" })
            .end((err, res) => {
              expect(res.statusCode).toBe(200)
              expect(res.headers["content-location"]).toEqual("/_blacklist/bad-package")
              expect(res.body.ok).toBe(true)
              done()
            })
        })
      })
    })
  })

  describe("GET /_blacklist", () => {
    describe("with no auth", () => {
      it("is forbidden", done => {
        request(server)
          .get("/_blacklist")
          .end((err, res) => {
            expect(res.statusCode).toBe(403)
            done()
          })
      })
    })

    describe('with the "blacklist.read" scope', () => {
      it("can read the blacklist", done => {
        withToken({ blacklist: { read: true } }, token => {
          request(server)
            .get("/_blacklist?token=" + token)
            .end((err, res) => {
              expect(res.statusCode).toBe(200)
              done()
            })
        })
      })
    })
  })

  describe("DELETE /_blacklist/:packageName", () => {
    describe("with no auth", () => {
      it("is forbidden", done => {
        request(server)
          .delete("/_blacklist/bad-package")
          .end((err, res) => {
            expect(res.statusCode).toBe(403)
            done()
          })
      })
    })

    describe('with the "blacklist.remove" scope', () => {
      it("can remove a package from the blacklist", done => {
        withToken({ blacklist: { remove: true } }, token => {
          request(server)
            .delete("/_blacklist/bad-package")
            .send({ token })
            .end((err, res) => {
              expect(res.statusCode).toBe(200)
              expect(res.body.ok).toBe(true)
              done()
            })
        })
      })

      it("can remove a scoped package from the blacklist", done => {
        withToken({ blacklist: { remove: true } }, token => {
          request(server)
            .delete("/_blacklist/@scope/bad-package")
            .send({ token })
            .end((err, res) => {
              expect(res.statusCode).toBe(200)
              expect(res.body.ok).toBe(true)
              done()
            })
        })
      })
    })
  })
})