import { describe, expect, it, vi } from "vitest"

vi.mock("@/auth", () => ({
  auth: (handler: (req: unknown) => unknown) => handler,
}))

import proxy from "@/proxy"

type SessionRole = "admin" | "teacher" | "student" | "parent"

const createRequest = (pathname: string, role?: SessionRole) => ({
  nextUrl: {
    pathname,
    clone: () => new URL(`http://localhost${pathname}`),
  },
  auth: role ? { user: { role } } : null,
  url: `http://localhost${pathname}`,
})

describe("proxy route guard", () => {
  it("redirects unauthenticated requests to login with callback", async () => {
    const response = await proxy(createRequest("/teacher/dashboard") as never)
    expect(response.status).toBe(307)
    const location = response.headers.get("location") ?? ""
    expect(location).toContain("/login")
    expect(location).toContain("callbackUrl=%2Fteacher%2Fdashboard")
  })

  it("redirects student away from admin routes", async () => {
    const response = await proxy(createRequest("/admin/dashboard", "student") as never)
    expect(response.status).toBe(307)
    expect(response.headers.get("location")).toContain("/student/dashboard")
  })

  it("redirects parent away from management routes", async () => {
    const response = await proxy(createRequest("/management/grade/insights", "parent") as never)
    expect(response.status).toBe(307)
    expect(response.headers.get("location")).toContain("/parent/dashboard")
  })

  it("allows teacher access to management routes", async () => {
    const response = await proxy(createRequest("/management/grade/insights", "teacher") as never)
    expect(response.status).toBe(200)
    expect(response.headers.get("location")).toBeNull()
  })
})