package com.cameleer3.server.app;

import com.cameleer3.server.core.agent.AgentRegistryService;
import com.cameleer3.server.core.security.JwtService;
import org.springframework.http.HttpHeaders;
import org.springframework.http.MediaType;
import org.springframework.stereotype.Component;

import java.util.List;
import java.util.Map;

/**
 * Test utility for creating JWT-authenticated requests in integration tests.
 * <p>
 * Registers a test agent and issues a JWT access token that can be used
 * to authenticate against protected endpoints.
 */
@Component
public class TestSecurityHelper {

    private final JwtService jwtService;
    private final AgentRegistryService agentRegistryService;

    public TestSecurityHelper(JwtService jwtService, AgentRegistryService agentRegistryService) {
        this.jwtService = jwtService;
        this.agentRegistryService = agentRegistryService;
    }

    /**
     * Registers a test agent and returns a valid JWT access token with AGENT role.
     */
    public String registerTestAgent(String agentId) {
        agentRegistryService.register(agentId, "test", "test-group", "1.0", List.of(), Map.of());
        return jwtService.createAccessToken(agentId, "test-group", List.of("AGENT"));
    }

    /**
     * Returns a valid JWT access token with the given roles (no agent registration).
     */
    public String createToken(String subject, String application, List<String> roles) {
        return jwtService.createAccessToken(subject, application, roles);
    }

    /**
     * Returns a valid JWT access token with OPERATOR role.
     */
    public String operatorToken() {
        // Subject must start with "user:" for JwtAuthenticationFilter to treat it as a UI user token
        return jwtService.createAccessToken("user:test-operator", "user", List.of("OPERATOR"));
    }

    /**
     * Returns a valid JWT access token with ADMIN role.
     */
    public String adminToken() {
        return jwtService.createAccessToken("user:test-admin", "user", List.of("ADMIN"));
    }

    /**
     * Returns a valid JWT access token with VIEWER role.
     */
    public String viewerToken() {
        return jwtService.createAccessToken("user:test-viewer", "user", List.of("VIEWER"));
    }

    /**
     * Returns HttpHeaders with JWT Bearer authorization, protocol version, and JSON content type.
     */
    public HttpHeaders authHeaders(String jwt) {
        HttpHeaders headers = new HttpHeaders();
        headers.set("Authorization", "Bearer " + jwt);
        headers.set("X-Cameleer-Protocol-Version", "1");
        headers.setContentType(MediaType.APPLICATION_JSON);
        return headers;
    }

    /**
     * Returns HttpHeaders with JWT Bearer authorization and protocol version (no content type).
     */
    public HttpHeaders authHeadersNoBody(String jwt) {
        HttpHeaders headers = new HttpHeaders();
        headers.set("Authorization", "Bearer " + jwt);
        headers.set("X-Cameleer-Protocol-Version", "1");
        return headers;
    }

    /**
     * Returns HttpHeaders with bootstrap token authorization, protocol version, and JSON content type.
     */
    public HttpHeaders bootstrapHeaders() {
        HttpHeaders headers = new HttpHeaders();
        headers.set("Authorization", "Bearer test-bootstrap-token");
        headers.set("X-Cameleer-Protocol-Version", "1");
        headers.setContentType(MediaType.APPLICATION_JSON);
        return headers;
    }
}