/**
 * Decks-Routes — Post-Cutover-Smokes (L-2, 2026-05-20).
 *
 * Nach dem event-sync-Cutover existieren nur noch zwei Read-Only-
 * Endpoints: marketplace-source-Lookup + Distractors-Sample. Beide
 * brauchen Auth.
 */

import { describe, expect, it } from 'vitest';
import { Hono } from 'hono';

import { decksRouter } from '../src/routes/decks.ts';

function withRouter() {
	const app = new Hono();
	app.route('/api/v1/decks', decksRouter({ db: undefined }));
	return app;
}

describe('decksRouter — post-cutover', () => {
	it('marketplace-source ohne Auth → 401', async () => {
		const app = withRouter();
		const res = await app.request('/api/v1/decks/abc/marketplace-source');
		expect(res.status).toBe(401);
	});

	it('distractors ohne Auth → 401', async () => {
		const app = withRouter();
		const res = await app.request('/api/v1/decks/abc/distractors');
		expect(res.status).toBe(401);
	});

	it('CRUD-Routes existieren nicht mehr — POST mit Auth-Stub → 404 (no route matches)', async () => {
		const app = withRouter();
		const res = await app.request('/api/v1/decks', {
			method: 'POST',
			headers: { 'Content-Type': 'application/json', 'X-User-Id': 'u1' },
			body: JSON.stringify({ name: 'foo' }),
		});
		// Mit Auth-Stub matched die Auth-Middleware, aber keine Route.
		// Hono Default ohne Route: 404.
		expect([404, 405]).toContain(res.status);
	});
});