import { readFileSync } from 'fs';
import { join } from 'path';

describe('Authentication Security Tests', () => {
  it('should use /upadaj route instead of /admin', () => {
    const adminDashboardPath = join(process.cwd(), 'app', 'upadaj', 'dashboard', 'page.tsx');
    const adminLoginPath = join(process.cwd(), 'app', 'upadaj', 'page.tsx');
    
    const dashboardContent = readFileSync(adminDashboardPath, 'utf-8');
    const loginContent = readFileSync(adminLoginPath, 'utf-8');
    
    // Check that /admin is not used
    expect(dashboardContent).not.toContain("'/admin'");
    expect(loginContent).not.toContain("'/admin/dashboard'");
    
    // Check that /upadaj is used
    expect(dashboardContent).toContain("'/upadaj'");
    expect(loginContent).toContain("'/upadaj/dashboard'");
  });

  it('should have proper password hash in terraform vars', () => {
    const tfvarsPath = join(process.cwd(), 'terraform', 'terraform.tfvars');
    const tfvarsContent = readFileSync(tfvarsPath, 'utf-8');
    
    // Check that password hash is present and looks like bcrypt
    expect(tfvarsContent).toMatch(/admin_password_hash\s*=\s*"\$2[aby]\$\d{2}\$[./A-Za-z0-9]{53}"/);
    
    // Ensure the new password hash is set (this is the hash for Filamenteka2025!)
    expect(tfvarsContent).toContain('$2b$10$5G9fgrNGEKMMDunJkjtzy.vWCmLNIftf6HTby25TylgQHqsePI3CG');
  });

  it('should include proper CORS headers in Lambda functions', () => {
    const filamentsLambda = join(process.cwd(), 'lambda', 'filaments', 'index.js');
    const authLambda = join(process.cwd(), 'lambda', 'auth', 'index.js');
    const colorsLambda = join(process.cwd(), 'lambda', 'colors', 'index.js');
    
    const filamentsContent = readFileSync(filamentsLambda, 'utf-8');
    const authContent = readFileSync(authLambda, 'utf-8');
    const colorsContent = readFileSync(colorsLambda, 'utf-8');
    
    // Check that all Lambda functions include X-Accept-Format in CORS headers
    expect(filamentsContent).toContain('X-Accept-Format');
    expect(authContent).toContain('X-Accept-Format');
    expect(colorsContent).toContain('X-Accept-Format');
  });

  it('should have JWT authentication in protected endpoints', () => {
    const authLambda = join(process.cwd(), 'lambda', 'auth', 'index.js');
    const colorsLambda = join(process.cwd(), 'lambda', 'colors', 'index.js');
    
    const authContent = readFileSync(authLambda, 'utf-8');
    const colorsContent = readFileSync(colorsLambda, 'utf-8');
    
    // Check for JWT in auth Lambda
    expect(authContent).toContain('jwt.sign');
    expect(authContent).toContain('jwt.verify');
    
    // Check for auth verification in colors Lambda
    expect(colorsContent).toContain('verifyAuth');
    expect(colorsContent).toContain('Authorization');
  });
});