package middleware

import (
	"errors"
	"github.com/DATA-DOG/go-sqlmock"
	"github.com/cloudreve/Cloudreve/v3/pkg/cache"
	"github.com/cloudreve/Cloudreve/v3/pkg/mocks/wopimock"
	"github.com/cloudreve/Cloudreve/v3/pkg/wopi"
	"github.com/gin-gonic/gin"
	"github.com/stretchr/testify/assert"
	"net/http/httptest"
	"testing"
)

func TestWopiWriteAccess(t *testing.T) {
	asserts := assert.New(t)
	rec := httptest.NewRecorder()
	testFunc := WopiWriteAccess()

	// deny preview only session
	{
		c, _ := gin.CreateTestContext(rec)
		c.Set(WopiSessionCtx, &wopi.SessionCache{Action: wopi.ActionPreview})
		testFunc(c)
		asserts.True(c.IsAborted())
	}

	// pass
	{
		c, _ := gin.CreateTestContext(rec)
		c.Set(WopiSessionCtx, &wopi.SessionCache{Action: wopi.ActionEdit})
		testFunc(c)
		asserts.False(c.IsAborted())
	}
}

func TestWopiAccessValidation(t *testing.T) {
	asserts := assert.New(t)
	rec := httptest.NewRecorder()
	mockWopi := &wopimock.WopiClientMock{}
	mockCache := cache.NewMemoStore()
	testFunc := WopiAccessValidation(mockWopi, mockCache)

	// malformed access token
	{
		c, _ := gin.CreateTestContext(rec)
		c.AddParam(wopi.AccessTokenQuery, "000")
		testFunc(c)
		asserts.True(c.IsAborted())
	}

	// session key not exist
	{
		c, _ := gin.CreateTestContext(rec)
		c.Request = httptest.NewRequest("GET", "/wopi/files/1?access_token=", nil)
		query := c.Request.URL.Query()
		query.Set(wopi.AccessTokenQuery, "sessionID.key")
		c.Request.URL.RawQuery = query.Encode()
		testFunc(c)
		asserts.True(c.IsAborted())
	}

	// user key not exist
	{
		c, _ := gin.CreateTestContext(rec)
		c.Request = httptest.NewRequest("GET", "/wopi/files/1?access_token=", nil)
		query := c.Request.URL.Query()
		query.Set(wopi.AccessTokenQuery, "sessionID.key")
		c.Request.URL.RawQuery = query.Encode()
		mockCache.Set(wopi.SessionCachePrefix+"sessionID", wopi.SessionCache{UserID: 1, FileID: 1}, 0)
		mock.ExpectQuery("SELECT(.+)users(.+)").WillReturnError(errors.New("error"))
		testFunc(c)
		asserts.True(c.IsAborted())
		asserts.NoError(mock.ExpectationsWereMet())
	}

	// file not found
	{
		c, _ := gin.CreateTestContext(rec)
		c.Request = httptest.NewRequest("GET", "/wopi/files/1?access_token=", nil)
		query := c.Request.URL.Query()
		query.Set(wopi.AccessTokenQuery, "sessionID.key")
		c.Request.URL.RawQuery = query.Encode()
		mockCache.Set(wopi.SessionCachePrefix+"sessionID", wopi.SessionCache{UserID: 1, FileID: 1}, 0)
		mock.ExpectQuery("SELECT(.+)users(.+)").WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(1))
		c.Set("object_id", uint(0))
		testFunc(c)
		asserts.True(c.IsAborted())
		asserts.NoError(mock.ExpectationsWereMet())
	}

	// all pass
	{
		c, _ := gin.CreateTestContext(rec)
		c.Request = httptest.NewRequest("GET", "/wopi/files/1?access_token=", nil)
		query := c.Request.URL.Query()
		query.Set(wopi.AccessTokenQuery, "sessionID.key")
		c.Request.URL.RawQuery = query.Encode()
		mockCache.Set(wopi.SessionCachePrefix+"sessionID", wopi.SessionCache{UserID: 1, FileID: 1}, 0)
		mock.ExpectQuery("SELECT(.+)users(.+)").WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow(1))
		c.Set("object_id", uint(1))
		testFunc(c)
		asserts.False(c.IsAborted())
		asserts.NoError(mock.ExpectationsWereMet())
		asserts.NotPanics(func() {
			c.MustGet(WopiSessionCtx)
		})
		asserts.NotPanics(func() {
			c.MustGet("user")
		})
	}
}