import { describe, it, expect } from "bun:test";

const BASE = process.env.TEST_BASE_URL ?? "http://127.0.0.1:3000";

function parseCookie(res: Response): string {
  const raw = res.headers.get("set-cookie");
  if (!raw) return "";
  return raw.split(";")[0] ?? "";
}

(process.env.TEST_INTEGRATION ? describe : describe.skip)("auth over HTTP", () => {
  it("register → me → verify → patch", async () => {
    const email = `u${Date.now()}@example.com`;
    const reg = await fetch(`${BASE}/api/auth/register`, {
      method: "POST",
      headers: { "content-type": "application/json" },
      body: JSON.stringify({
        email,
        password: "password123",
        name: "T",
        age: 30,
      }),
    });
    expect(reg.status).toBe(200);
    const regJson = (await reg.json()) as {
      user: { emailVerified: boolean };
      _testTokens?: { verify?: string };
    };
    expect(regJson.user.emailVerified).toBe(false);
    const cookie = parseCookie(reg);
    expect(cookie.length).toBeGreaterThan(5);

    const me1 = await fetch(`${BASE}/api/me`, { headers: { cookie } });
    expect(me1.status).toBe(200);

    const patch1 = await fetch(`${BASE}/api/me`, {
      method: "PATCH",
      headers: { cookie, "content-type": "application/json" },
      body: JSON.stringify({ name: "T2" }),
    });
    expect(patch1.status).toBe(403);

    const verify = await fetch(`${BASE}/api/auth/verify-email`, {
      method: "POST",
      headers: { "content-type": "application/json" },
      body: JSON.stringify({ token: regJson._testTokens?.verify }),
    });
    expect(verify.status).toBe(200);

    const patch2 = await fetch(`${BASE}/api/me`, {
      method: "PATCH",
      headers: { cookie, "content-type": "application/json" },
      body: JSON.stringify({ name: "T2" }),
    });
    expect(patch2.status).toBe(200);
  });
});