package pub

import (
	"context"
	"errors"
	"testing"
	"time"

	"perms-system-server/internal/config"
	productmemberModel "perms-system-server/internal/model/productmember"
	"perms-system-server/internal/response"
	"perms-system-server/internal/svc"
	"perms-system-server/internal/testutil"
	"perms-system-server/internal/types"

	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"
)

func newCaptchaDisabledSvcCtx() *svc.ServiceContext {
	cfg := testutil.GetTestConfig()
	cfg.Capjs = config.CapjsConf{Enable: 0}
	return svc.NewServiceContext(cfg)
}

// TC-1213: cap.js 未启用 + 验证码为空
func TestLogin_CaptchaDisabled_EmptyCaptcha(t *testing.T) {
	svcCtx := newCaptchaDisabledSvcCtx()
	logic := NewLoginLogic(context.Background(), svcCtx)

	resp, err := logic.Login(&types.LoginReq{
		Username:    "testuser",
		Password:    "pass123",
		ProductCode: "pc",
		CaptchaId:   "",
		CaptchaCode: "",
	})
	require.Nil(t, resp)
	require.Error(t, err)

	var codeErr *response.CodeError
	require.True(t, errors.As(err, &codeErr))
	assert.Equal(t, 400, codeErr.Code())
	assert.Contains(t, codeErr.Error(), "验证码不能为空")
}

// TC-1214: cap.js 未启用 + 验证码错误/过期
func TestLogin_CaptchaDisabled_WrongCaptcha(t *testing.T) {
	svcCtx := newCaptchaDisabledSvcCtx()
	logic := NewLoginLogic(context.Background(), svcCtx)

	resp, err := logic.Login(&types.LoginReq{
		Username:    "testuser",
		Password:    "pass123",
		ProductCode: "pc",
		CaptchaId:   "non_existent_captcha",
		CaptchaCode: "0000",
	})
	require.Nil(t, resp)
	require.Error(t, err)

	var codeErr *response.CodeError
	require.True(t, errors.As(err, &codeErr))
	assert.Equal(t, 400, codeErr.Code())
	assert.Contains(t, codeErr.Error(), "验证码错误或已过期")
}

// TC-1215: cap.js 未启用 + 验证码正确 → 正常登录
func TestLogin_CaptchaDisabled_CorrectCaptcha(t *testing.T) {
	ctx := context.Background()
	svcCtx := newCaptchaDisabledSvcCtx()
	conn := testutil.GetTestSqlConn()
	username := testutil.UniqueId()
	password := "TestPass123"
	pc := testutil.UniqueId()
	now := time.Now().Unix()

	userId, cleanUser := insertTestUser(t, ctx, svcCtx, username, password, 1, 2)
	t.Cleanup(cleanUser)

	_, cleanProduct := insertTestProduct(t, ctx, svcCtx, pc, testutil.UniqueId(), "secret")
	t.Cleanup(cleanProduct)

	pmRes, err := svcCtx.SysProductMemberModel.Insert(ctx, &productmemberModel.SysProductMember{
		ProductCode: pc, UserId: userId, MemberType: "MEMBER", Status: 1, CreateTime: now, UpdateTime: now,
	})
	require.NoError(t, err)
	pmId, _ := pmRes.LastInsertId()
	t.Cleanup(func() { testutil.CleanTable(ctx, conn, "`sys_product_member`", pmId) })

	captchaId := "test_login_captcha_" + testutil.UniqueId()
	captchaCode := "9876"
	defaultCaptchaStore.Set(captchaId, captchaCode)

	logic := NewLoginLogic(ctx, svcCtx)
	resp, err := logic.Login(&types.LoginReq{
		Username:    username,
		Password:    password,
		ProductCode: pc,
		CaptchaId:   captchaId,
		CaptchaCode: captchaCode,
	})
	require.NoError(t, err)
	require.NotNil(t, resp)
	assert.NotEmpty(t, resp.AccessToken)
	assert.NotEmpty(t, resp.RefreshToken)
	assert.Equal(t, username, resp.UserInfo.Username)
}

// TC-1250: 验证 cap.js 已启用时传统登录接口被拒绝
func TestLogin_CapEnabled_Rejected(t *testing.T) {
	ctx := context.Background()
	svcCtx := newTestSvcCtx() // Capjs.Enable=1

	logic := NewLoginLogic(ctx, svcCtx)
	resp, err := logic.Login(&types.LoginReq{
		Username:    "user",
		Password:    "pass",
		ProductCode: "pc",
	})
	require.Nil(t, resp)
	require.Error(t, err)

	var codeErr *response.CodeError
	require.True(t, errors.As(err, &codeErr))
	assert.Equal(t, 400, codeErr.Code())
	assert.Contains(t, codeErr.Error(), "当前已启用人机验证")
}