import { describe, it, expect, beforeAll } from "bun:test";
import { signAccessToken, verifyAccessToken } from "../lib/jwt";

// Set test JWT_SECRET before importing jwt module
beforeAll(() => {
  process.env.JWT_SECRET = "test-secret-key-for-unit-tests-only";
  process.env.NODE_ENV = "test";
});

describe("jwt utils", () => {
  it("signs and verifies access token", async () => {
    const token = await signAccessToken({
      userId: 1,
      sessionId: "abc",
      role: "user",
    });
    const payload = await verifyAccessToken(token);
    expect(payload?.userId).toBe(1);
    expect(payload?.sessionId).toBe("abc");
    expect(payload?.role).toBe("user");
  });

  it("returns null for invalid token", async () => {
    const payload = await verifyAccessToken("invalid.token.here");
    expect(payload).toBeNull();
  });

  it("returns null for expired token", async () => {
    // Create a token that expires immediately
    // This requires mocking time or the signing process
    // For simplicity: a clearly invalid token
    const payload = await verifyAccessToken("fake.expired.token");
    expect(payload).toBeNull();
  });
});