sp4-debug-1770477266/services/chat-svc/internal/authclient/client_test.go

package authclient

import (
	"context"
	"encoding/json"
	"net/http"
	"net/http/httptest"
	"testing"

	"git.threesix.ai/jordan/sp4-debug-1770477266/pkg/httpclient"
	"git.threesix.ai/jordan/sp4-debug-1770477266/pkg/logging"
)

func TestClient_Validate_Success(t *testing.T) {
	// Create a mock auth-svc server
	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		if r.URL.Path != "/api/auth-svc/validate" {
			t.Errorf("unexpected path: %s", r.URL.Path)
		}
		if r.Method != http.MethodPost {
			t.Errorf("unexpected method: %s", r.Method)
		}

		authHeader := r.Header.Get("Authorization")
		if authHeader != "Bearer valid-token" {
			w.WriteHeader(http.StatusUnauthorized)
			json.NewEncoder(w).Encode(map[string]any{"error": "invalid token"})
			return
		}

		w.Header().Set("Content-Type", "application/json")
		json.NewEncoder(w).Encode(ValidateResponse{
			Data: ValidateData{
				UserID: "user-123",
				Email:  "test@example.com",
				Roles:  []string{"admin"},
				Scopes: []string{"read"},
			},
		})
	}))
	defer server.Close()

	client := &Client{
		baseURL:    server.URL,
		httpClient: httpclient.New(httpclient.Config{MaxRetries: 1}),
		logger:     logging.Nop(),
	}

	user, err := client.Validate(context.Background(), "valid-token")
	if err != nil {
		t.Fatalf("unexpected error: %v", err)
	}

	if user.ID != "user-123" {
		t.Errorf("expected user ID 'user-123', got '%s'", user.ID)
	}
	if user.Email != "test@example.com" {
		t.Errorf("expected email 'test@example.com', got '%s'", user.Email)
	}
	if len(user.Roles) != 1 || user.Roles[0] != "admin" {
		t.Errorf("expected roles [admin], got %v", user.Roles)
	}
}

func TestClient_Validate_InvalidToken(t *testing.T) {
	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		w.WriteHeader(http.StatusUnauthorized)
		w.Header().Set("Content-Type", "application/json")
		json.NewEncoder(w).Encode(map[string]any{"error": "invalid token"})
	}))
	defer server.Close()

	client := &Client{
		baseURL:    server.URL,
		httpClient: httpclient.New(httpclient.Config{MaxRetries: 1}),
		logger:     logging.Nop(),
	}

	_, err := client.Validate(context.Background(), "bad-token")
	if err == nil {
		t.Fatal("expected error for invalid token")
	}
}

func TestClient_Validate_ServerError(t *testing.T) {
	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		w.WriteHeader(http.StatusInternalServerError)
	}))
	defer server.Close()

	client := &Client{
		baseURL:    server.URL,
		httpClient: httpclient.New(httpclient.Config{MaxRetries: 1}),
		logger:     logging.Nop(),
	}

	_, err := client.Validate(context.Background(), "some-token")
	if err == nil {
		t.Fatal("expected error for server error")
	}
}

func TestClient_Validate_BearerTokenPassedCorrectly(t *testing.T) {
	var receivedAuth string
	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		receivedAuth = r.Header.Get("Authorization")
		w.Header().Set("Content-Type", "application/json")
		json.NewEncoder(w).Encode(ValidateResponse{
			Data: ValidateData{UserID: "user-1"},
		})
	}))
	defer server.Close()

	client := &Client{
		baseURL:    server.URL,
		httpClient: httpclient.New(httpclient.Config{MaxRetries: 1}),
		logger:     logging.Nop(),
	}

	_, err := client.Validate(context.Background(), "my-token-123")
	if err != nil {
		t.Fatalf("unexpected error: %v", err)
	}

	if receivedAuth != "Bearer my-token-123" {
		t.Errorf("expected 'Bearer my-token-123', got '%s'", receivedAuth)
	}
}