import { test, expect } from '@playwright/test';
import { ae_app_local_data_defaults } from '../_helpers/ae_defaults';

test.describe('V3 API Header Integrity', () => {
	test.setTimeout(7000);

	test.beforeEach(async ({ page }) => {
		// Log browser console errors to the terminal for easier debugging.
		page.on('pageerror', (err) => console.error(`BROWSER ERROR: ${err.message}`));
		page.on('console', (msg) => {
			if (msg.type() === 'error' || msg.type() === 'warn') {
				console.error(`BROWSER [${msg.type().toUpperCase()}]: ${msg.text()}`);
			}
		});

		// Mock all API requests to ensure tests are fast and independent of the network.
		await page.route('**/*oneskyit.com/**', async (route) => {
			const url = route.request().url();

			// 1. Handshake Mock: Provide a complete response to allow the app to boot.
			if (url.includes('site_domain/search')) {
				return route.fulfill({
					status: 200,
					contentType: 'application/json',
					body: JSON.stringify({
						data: [
							{
								id: 'test-site-domain-id',
								id_random: 'test-site-domain-id',
								account_id: 'test-account-id',
								site_id: 'test-site-id',
								account_name: 'Test Account',
								enable: '1',
								cfg_json: {}
							}
						]
					})
				});
			}
			// 2. Default Mock: Provide a generic empty success response for all other API calls.
			return route.fulfill({
				status: 200,
				contentType: 'application/json',
				body: JSON.stringify({ data: [] })
			});
		});
	});

	test('Verify lookup requests include the unauthenticated bypass header', async ({ page }) => {
		// Prepare the browser's localStorage with the necessary state for this test.
		await page.addInitScript((defaults) => {
			const testData = { ...defaults, account_id: 'test-account-id', manager_access: true };
			window.localStorage.setItem('ae_loc', JSON.stringify(testData));
		}, ae_app_local_data_defaults);

		// Start waiting for the lookup request *before* navigating.
		const requestPromise = page.waitForRequest((request) =>
			request.url().includes('/v3/lookup/country/list')
		);

		// Navigate to the page that triggers the lookup.
		await page.goto('/core/lookups');

		// Wait for the request to be captured.
		const request = await requestPromise;
		const headers = request.headers();

		// Assert that the correct bypass headers were used.
		expect(headers['x-no-account-id']).toBe('Nothing to See Here');
		expect(headers['x-aether-api-key']).toBeDefined();
	});

	test('Verify Account ID Scavenging from localStorage on CRUD requests', async ({ page }) => {
		const testAccountId = 'scavenged-account-id-123';

		// Prepare the browser's localStorage with a specific account ID.
		await page.addInitScript(({ defaults, id }) => {
			const testData = { ...defaults, account_id: id, manager_access: true };
			window.localStorage.setItem('ae_loc', JSON.stringify(testData));
		},{ defaults: ae_app_local_data_defaults, id: testAccountId });

		// Start waiting for the CRUD request.
		const requestPromise = page.waitForRequest((request) => {
			const url = request.url();
			// The /core/users page triggers a 'user' search on load.
			return url.includes('/v3/crud/user/search');
		});

		// Navigate to a page that is guaranteed to make a standard CRUD call.
		await page.goto('/core/users');

		// Wait for the request to be captured.
		const request = await requestPromise;
		const headers = request.headers();

		// Assert that the scavenged account ID was correctly included in the header.
		expect(headers['x-account-id']).toBe(testAccountId);
	});
});