import * as asserts from '@std/assert';
import { delete_user, EPHEMERAL_SERVER, get_ephemeral_listen_server, get_new_user, set_user_permissions } from './helpers.ts';
import { api, API_CLIENT } from '../utils/api.ts';
import { generateTotp } from '../utils/totp.ts';

Deno.test({
	name: 'API - CHANNELS - EVENTS - Update',
	permissions: {
		env: true,
		read: true,
		write: true,
		net: true
	},
	fn: async () => {
		let test_server_info: EPHEMERAL_SERVER | null = null;
		try {
			test_server_info = await get_ephemeral_listen_server();
			const client: API_CLIENT = api({
				prefix: '/api',
				hostname: test_server_info.hostname,
				port: test_server_info.port
			});

			const owner_info = await get_new_user(client);

			await set_user_permissions(client, owner_info.user, owner_info.session, [...owner_info.user.permissions, 'channels.create']);

			const channel = await client.fetch('/channels', {
				method: 'POST',
				headers: {
					'x-session_id': owner_info.session.id,
					'x-totp': await generateTotp(owner_info.session.secret)
				},
				json: {
					name: 'test update events channel'
				}
			});

			asserts.assert(channel);

			const event_from_owner = await client.fetch(`/events`, {
				method: 'POST',
				headers: {
					'x-session_id': owner_info.session.id,
					'x-totp': await generateTotp(owner_info.session.secret)
				},
				json: {
					type: 'test',
					channel: channel.id,
					data: {
						foo: 'bar'
					}
				}
			});

			asserts.assert(event_from_owner);

			const fetched_event_from_owner = await client.fetch(`/channels/${channel.id}/events/${event_from_owner.id}`, {
				method: 'GET',
				headers: {
					'x-session_id': owner_info.session.id,
					'x-totp': await generateTotp(owner_info.session.secret)
				}
			});

			asserts.assertEquals(fetched_event_from_owner, event_from_owner);

			const updated_event_from_owner = await client.fetch(`/events/${event_from_owner.id}`, {
				method: 'PUT',
				headers: {
					'x-session_id': owner_info.session.id,
					'x-totp': await generateTotp(owner_info.session.secret)
				},
				json: {
					meta: {
						foo: 'baz'
					}
				}
			});

			asserts.assertNotEquals(updated_event_from_owner, event_from_owner);
			asserts.assertEquals(updated_event_from_owner.meta?.foo, 'baz');

			const fetched_updated_event_from_owner = await client.fetch(`/channels/${channel.id}/events/${event_from_owner.id}`, {
				method: 'GET',
				headers: {
					'x-session_id': owner_info.session.id,
					'x-totp': await generateTotp(owner_info.session.secret)
				}
			});

			asserts.assertEquals(fetched_updated_event_from_owner, updated_event_from_owner);
			asserts.assertNotEquals(fetched_updated_event_from_owner, fetched_event_from_owner);
			asserts.assertEquals(fetched_updated_event_from_owner, updated_event_from_owner);

			const other_user_info = await get_new_user(client, {}, owner_info);

			const event_from_other_user = await client.fetch(`/events`, {
				method: 'POST',
				headers: {
					'x-session_id': other_user_info.session.id,
					'x-totp': await generateTotp(other_user_info.session.secret)
				},
				json: {
					type: 'test',
					channel: channel.id,
					data: {
						other_user: true
					}
				}
			});

			asserts.assert(event_from_other_user);

			const fetched_event_from_other_user = await client.fetch(`/channels/${channel.id}/events/${event_from_other_user.id}`, {
				method: 'GET',
				headers: {
					'x-session_id': other_user_info.session.id,
					'x-totp': await generateTotp(other_user_info.session.secret)
				}
			});

			asserts.assertEquals(fetched_event_from_other_user, event_from_other_user);

			const updated_event_from_other_user = await client.fetch(`/events/${event_from_other_user.id}`, {
				method: 'PUT',
				headers: {
					'x-session_id': other_user_info.session.id,
					'x-totp': await generateTotp(other_user_info.session.secret)
				},
				json: {
					data: {
						other_user: 'bloop'
					}
				}
			});

			asserts.assertNotEquals(updated_event_from_other_user, event_from_other_user);
			asserts.assertEquals(updated_event_from_other_user.data.other_user, 'bloop');

			const fetched_updated_event_from_other_user = await client.fetch(`/channels/${channel.id}/events/${event_from_other_user.id}`, {
				method: 'GET',
				headers: {
					'x-session_id': other_user_info.session.id,
					'x-totp': await generateTotp(other_user_info.session.secret)
				}
			});

			asserts.assertEquals(fetched_updated_event_from_other_user, updated_event_from_other_user);
			asserts.assertNotEquals(fetched_updated_event_from_other_user, fetched_event_from_other_user);
			asserts.assertEquals(fetched_updated_event_from_other_user, updated_event_from_other_user);

			const updated_by_owner_channel = await client.fetch(`/channels/${channel.id}`, {
				method: 'PUT',
				headers: {
					'x-session_id': owner_info.session.id,
					'x-totp': await generateTotp(owner_info.session.secret)
				},
				json: {
					permissions: {
						...channel.permissions,
						events: {
							read: [],
							write: [owner_info.user.id]
						}
					}
				}
			});

			asserts.assertEquals(updated_by_owner_channel.permissions.events.write, [owner_info.user.id]);

			try {
				await client.fetch(`/events/${event_from_other_user.id}`, {
					method: 'PUT',
					headers: {
						'x-session_id': other_user_info.session.id,
						'x-totp': await generateTotp(other_user_info.session.secret)
					},
					json: {
						data: {
							other_user: 'glop'
						}
					}
				});

				asserts.fail('allowed updating an event in a channel with a events.write allowed only by owner');
			} catch (error) {
				asserts.assertEquals((error as Error).cause, 'permission_denied');
			}

			try {
				await client.fetch(`/events/${event_from_other_user.id}`, {
					method: 'DELETE',
					headers: {
						'x-session_id': other_user_info.session.id,
						'x-totp': await generateTotp(other_user_info.session.secret)
					}
				});

				asserts.fail('allowed deleting an event in a channel with a events.write allowed only by owner');
			} catch (error) {
				asserts.assertEquals((error as Error).cause, 'permission_denied');
			}

			const publicly_writable_channel = await client.fetch(`/channels/${channel.id}`, {
				method: 'PUT',
				headers: {
					'x-session_id': owner_info.session.id,
					'x-totp': await generateTotp(owner_info.session.secret)
				},
				json: {
					permissions: {
						...channel.permissions,
						events: {
							read: [],
							write: []
						}
					}
				}
			});

			asserts.assertEquals(publicly_writable_channel.permissions.events.write, []);

			const delete_other_user_event_response = await client.fetch(`/events/${event_from_other_user.id}`, {
				method: 'DELETE',
				headers: {
					'x-session_id': other_user_info.session.id,
					'x-totp': await generateTotp(other_user_info.session.secret)
				}
			});

			asserts.assertEquals(delete_other_user_event_response.deleted, true);

			const delete_owner_event_response = await client.fetch(`/events/${event_from_owner.id}`, {
				method: 'DELETE',
				headers: {
					'x-session_id': owner_info.session.id,
					'x-totp': await generateTotp(owner_info.session.secret)
				}
			});

			asserts.assertEquals(delete_owner_event_response.deleted, true);

			await delete_user(client, other_user_info);
			await delete_user(client, owner_info);
		} finally {
			if (test_server_info) {
				await test_server_info?.server?.stop();
			}
		}
	}
});