using NATS.Server.WebSocket;
using Shouldly;

namespace NATS.Server.Transport.Tests.WebSocket;

public class WsOriginCheckerTests
{
    [Fact]
    public void NoOriginHeader_Accepted()
    {
        var checker = new WsOriginChecker(sameOrigin: true, allowedOrigins: null);
        checker.CheckOrigin(origin: null, requestHost: "localhost:4222", isTls: false)
            .ShouldBeNull();
    }

    [Fact]
    public void NeitherSameNorList_AlwaysAccepted()
    {
        var checker = new WsOriginChecker(sameOrigin: false, allowedOrigins: null);
        checker.CheckOrigin("https://evil.com", "localhost:4222", false)
            .ShouldBeNull();
    }

    [Fact]
    public void SameOrigin_Match()
    {
        var checker = new WsOriginChecker(sameOrigin: true, allowedOrigins: null);
        checker.CheckOrigin("http://localhost:4222", "localhost:4222", false)
            .ShouldBeNull();
    }

    [Fact]
    public void SameOrigin_Mismatch()
    {
        var checker = new WsOriginChecker(sameOrigin: true, allowedOrigins: null);
        checker.CheckOrigin("http://other:4222", "localhost:4222", false)
            .ShouldNotBeNull();
    }

    [Fact]
    public void SameOrigin_DefaultPort_Http()
    {
        var checker = new WsOriginChecker(sameOrigin: true, allowedOrigins: null);
        checker.CheckOrigin("http://localhost", "localhost:80", false)
            .ShouldBeNull();
    }

    [Fact]
    public void SameOrigin_DefaultPort_Https()
    {
        var checker = new WsOriginChecker(sameOrigin: true, allowedOrigins: null);
        checker.CheckOrigin("https://localhost", "localhost:443", true)
            .ShouldBeNull();
    }

    [Fact]
    public void AllowedOrigins_Match()
    {
        var checker = new WsOriginChecker(sameOrigin: false,
            allowedOrigins: ["https://app.example.com"]);
        checker.CheckOrigin("https://app.example.com", "localhost:4222", false)
            .ShouldBeNull();
    }

    [Fact]
    public void AllowedOrigins_Mismatch()
    {
        var checker = new WsOriginChecker(sameOrigin: false,
            allowedOrigins: ["https://app.example.com"]);
        checker.CheckOrigin("https://evil.example.com", "localhost:4222", false)
            .ShouldNotBeNull();
    }

    [Fact]
    public void AllowedOrigins_SchemeMismatch()
    {
        var checker = new WsOriginChecker(sameOrigin: false,
            allowedOrigins: ["https://app.example.com"]);
        checker.CheckOrigin("http://app.example.com", "localhost:4222", false)
            .ShouldNotBeNull();
    }
}