<?php

declare(strict_types=1);

namespace App\Tests\Integration\Admin;

use App\Domain\Auth\Role;
use App\Domain\Auth\TokenKind;
use App\Tests\Integration\Support\AppTestCase;

final class ReportersControllerTest extends AppTestCase
{
    public function testNonAdminCannotCreateReporter(): void
    {
        $token = $this->createToken(TokenKind::Admin, role: Role::Operator);
        $response = $this->request(
            'POST',
            '/api/v1/admin/reporters',
            ['Authorization' => 'Bearer ' . $token, 'Content-Type' => 'application/json'],
            json_encode(['name' => 'web-prod']) ?: null,
        );
        self::assertSame(403, $response->getStatusCode());
    }

    public function testAdminCanCreateAndFetchReporter(): void
    {
        $token = $this->createToken(TokenKind::Admin, role: Role::Admin);

        $created = $this->request(
            'POST',
            '/api/v1/admin/reporters',
            ['Authorization' => 'Bearer ' . $token, 'Content-Type' => 'application/json'],
            json_encode([
                'name' => 'web-prod-01',
                'description' => 'first webserver',
                'trust_weight' => 1.5,
            ]) ?: null,
        );
        self::assertSame(201, $created->getStatusCode());
        $body = $this->decode($created);
        self::assertSame('web-prod-01', $body['name']);
        self::assertSame(1.5, $body['trust_weight']);
        self::assertTrue($body['is_active']);

        $id = (int) $body['id'];
        $detail = $this->request('GET', "/api/v1/admin/reporters/{$id}", [
            'Authorization' => 'Bearer ' . $token,
        ]);
        self::assertSame(200, $detail->getStatusCode());
        self::assertSame('web-prod-01', $this->decode($detail)['name']);
    }

    public function testCreateRejectsOutOfRangeTrustWeight(): void
    {
        $token = $this->createToken(TokenKind::Admin, role: Role::Admin);
        $response = $this->request(
            'POST',
            '/api/v1/admin/reporters',
            ['Authorization' => 'Bearer ' . $token, 'Content-Type' => 'application/json'],
            json_encode(['name' => 'bad', 'trust_weight' => 5.0]) ?: null,
        );
        self::assertSame(400, $response->getStatusCode());
        $body = $this->decode($response);
        self::assertSame('validation_failed', $body['error']);
        self::assertArrayHasKey('trust_weight', $body['details']);
    }

    public function testDuplicateNameRejected(): void
    {
        $token = $this->createToken(TokenKind::Admin, role: Role::Admin);
        $this->request(
            'POST',
            '/api/v1/admin/reporters',
            ['Authorization' => 'Bearer ' . $token, 'Content-Type' => 'application/json'],
            json_encode(['name' => 'dup']) ?: null,
        );
        $second = $this->request(
            'POST',
            '/api/v1/admin/reporters',
            ['Authorization' => 'Bearer ' . $token, 'Content-Type' => 'application/json'],
            json_encode(['name' => 'dup']) ?: null,
        );
        self::assertSame(400, $second->getStatusCode());
    }

    public function testPatchUpdatesFields(): void
    {
        $token = $this->createToken(TokenKind::Admin, role: Role::Admin);
        $reporterId = $this->createReporter('web-edit');

        $patch = $this->request(
            'PATCH',
            "/api/v1/admin/reporters/{$reporterId}",
            ['Authorization' => 'Bearer ' . $token, 'Content-Type' => 'application/json'],
            json_encode(['trust_weight' => 0.25, 'is_active' => false]) ?: null,
        );
        self::assertSame(200, $patch->getStatusCode());
        $body = $this->decode($patch);
        self::assertSame(0.25, $body['trust_weight']);
        self::assertFalse($body['is_active']);
    }

    public function testPatchTogglesAuditEnabled(): void
    {
        $token = $this->createToken(TokenKind::Admin, role: Role::Admin);
        $reporterId = $this->createReporter('web-audit-toggle');

        // Default is true on create.
        $detail = $this->request('GET', "/api/v1/admin/reporters/{$reporterId}", [
            'Authorization' => 'Bearer ' . $token,
        ]);
        self::assertTrue($this->decode($detail)['audit_enabled']);

        $patch = $this->request(
            'PATCH',
            "/api/v1/admin/reporters/{$reporterId}",
            ['Authorization' => 'Bearer ' . $token, 'Content-Type' => 'application/json'],
            json_encode(['audit_enabled' => false]) ?: null,
        );
        self::assertSame(200, $patch->getStatusCode());
        self::assertFalse($this->decode($patch)['audit_enabled']);
    }

    public function testDeleteWithoutReportsSoftDeletes(): void
    {
        $token = $this->createToken(TokenKind::Admin, role: Role::Admin);
        $reporterId = $this->createReporter('web-disposable');

        $delete = $this->request('DELETE', "/api/v1/admin/reporters/{$reporterId}", [
            'Authorization' => 'Bearer ' . $token,
        ]);
        self::assertSame(204, $delete->getStatusCode());

        $detail = $this->request('GET', "/api/v1/admin/reporters/{$reporterId}", [
            'Authorization' => 'Bearer ' . $token,
        ]);
        self::assertSame(200, $detail->getStatusCode());
        self::assertFalse($this->decode($detail)['is_active']);
    }

    public function testDeleteWithReportsReturns409(): void
    {
        $token = $this->createToken(TokenKind::Admin, role: Role::Admin);
        $reporterId = $this->createReporter('web-with-reports');

        $categoryId = (int) $this->db->fetchOne(
            'SELECT id FROM categories WHERE slug = :slug',
            ['slug' => 'brute_force']
        );

        $this->db->insert('reports', [
            'category_id' => $categoryId,
            'reporter_id' => $reporterId,
            'ip_bin' => str_repeat("\0", 12) . "\xff\xff\x01\x02",
            'ip_text' => '0.0.0.1',
            'weight_at_report' => '1.00',
            'received_at' => '2026-01-01 00:00:00',
        ]);

        $delete = $this->request('DELETE', "/api/v1/admin/reporters/{$reporterId}", [
            'Authorization' => 'Bearer ' . $token,
        ]);
        self::assertSame(409, $delete->getStatusCode());
    }
}