import { describe, it, expect } from 'vitest';
import { Hono } from 'hono';

import { mediaRouter } from '../src/routes/media.ts';
import type { CardsDb } from '../src/db/connection.ts';

/**
 * Auth-Gate-Tests für die Media-Routen ohne echte DB. Wir prüfen, dass
 * der authMiddleware-Pfad ehrt und Validation-Errors konsistent sind.
 * Ein echter MinIO-Roundtrip bleibt dem manuellen E2E-Smoke vorbehalten,
 * weil sql.js + JSZip + MinIO-SDK in Vitest zu viel Mock-Overhead wäre.
 */
function buildApp() {
	const app = new Hono();
	const stub = {} as CardsDb;
	app.route('/api/v1/media', mediaRouter({ db: stub }));
	return { app };
}

describe('mediaRouter — auth-gate', () => {
	it('GET ohne X-User-Id ist 401', async () => {
		const { app } = buildApp();
		const res = await app.request('/api/v1/media');
		expect(res.status).toBe(401);
	});

	it('GET /:id ohne X-User-Id ist 401', async () => {
		const { app } = buildApp();
		const res = await app.request('/api/v1/media/abc');
		expect(res.status).toBe(401);
	});

	it('POST /upload ohne X-User-Id ist 401', async () => {
		const { app } = buildApp();
		const res = await app.request('/api/v1/media/upload', {
			method: 'POST',
		});
		expect(res.status).toBe(401);
	});
});

describe('mediaRouter — Input-Validation', () => {
	it('POST /upload ohne multipart-Body ist 400', async () => {
		const { app } = buildApp();
		const res = await app.request('/api/v1/media/upload', {
			method: 'POST',
			headers: { 'X-User-Id': 'u-1' },
		});
		expect(res.status).toBe(400);
		const body = (await res.json()) as { error: string };
		expect(body.error).toBe('expected_multipart');
	});
});