using NATS.Server.Auth;

namespace NATS.Server.Auth.Tests.Auth;

public class AuthModelAndCalloutConstantsParityTests
{
    [Fact]
    public void NkeyUser_exposes_parity_fields()
    {
        var now = DateTimeOffset.UtcNow;
        var nkeyUser = new NKeyUser
        {
            Nkey = "UABC",
            Issued = now,
            AllowedConnectionTypes = new HashSet<string> { "STANDARD", "WEBSOCKET" },
            ProxyRequired = true,
        };

        nkeyUser.Issued.ShouldBe(now);
        nkeyUser.ProxyRequired.ShouldBeTrue();
        nkeyUser.AllowedConnectionTypes.ShouldContain("STANDARD");
    }

    [Fact]
    public void User_exposes_parity_fields()
    {
        var user = new User
        {
            Username = "alice",
            Password = "secret",
            AllowedConnectionTypes = new HashSet<string> { "STANDARD" },
            ProxyRequired = false,
        };

        user.ProxyRequired.ShouldBeFalse();
        user.AllowedConnectionTypes.ShouldContain("STANDARD");
    }

    [Fact]
    public void External_auth_callout_constants_match_go_subjects_and_header()
    {
        ExternalAuthCalloutAuthenticator.AuthCalloutSubject.ShouldBe("$SYS.REQ.USER.AUTH");
        ExternalAuthCalloutAuthenticator.AuthRequestSubject.ShouldBe("nats-authorization-request");
        ExternalAuthCalloutAuthenticator.AuthRequestXKeyHeader.ShouldBe("Nats-Server-Xkey");
    }
}