// SPDX-License-Identifier: AGPL-3.0-or-later

package store

import (
	"testing"
	"time"
)

func TestSessionCreateAndValidate(t *testing.T) {
	db := testDB(t)
	users := NewUserStore(db)
	sessions := NewSessionStore(db)

	Argon2Memory = 1024
	Argon2Time = 1
	defer func() { Argon2Memory = 65536; Argon2Time = 3 }()

	user, _ := users.Create("testuser", "password123", "user")

	token, err := sessions.Create(user.ID)
	if err != nil {
		t.Fatalf("create session: %v", err)
	}
	if len(token) != 64 { // 32 bytes hex-encoded
		t.Errorf("token length = %d, want 64", len(token))
	}

	session, err := sessions.Validate(token)
	if err != nil {
		t.Fatalf("validate session: %v", err)
	}
	if session.UserID != user.ID {
		t.Errorf("session user ID = %d, want %d", session.UserID, user.ID)
	}
}

func TestSessionValidateInvalidToken(t *testing.T) {
	db := testDB(t)
	sessions := NewSessionStore(db)

	_, err := sessions.Validate("nonexistent-token")
	if err != ErrSessionNotFound {
		t.Errorf("err = %v, want ErrSessionNotFound", err)
	}
}

func TestSessionDelete(t *testing.T) {
	db := testDB(t)
	users := NewUserStore(db)
	sessions := NewSessionStore(db)

	Argon2Memory = 1024
	Argon2Time = 1
	defer func() { Argon2Memory = 65536; Argon2Time = 3 }()

	user, _ := users.Create("testuser", "password123", "user")
	token, _ := sessions.Create(user.ID)

	err := sessions.Delete(token)
	if err != nil {
		t.Fatalf("delete session: %v", err)
	}

	_, err = sessions.Validate(token)
	if err != ErrSessionNotFound {
		t.Errorf("after delete: err = %v, want ErrSessionNotFound", err)
	}
}

func TestSessionDeleteAllForUser(t *testing.T) {
	db := testDB(t)
	users := NewUserStore(db)
	sessions := NewSessionStore(db)

	Argon2Memory = 1024
	Argon2Time = 1
	defer func() { Argon2Memory = 65536; Argon2Time = 3 }()

	user, _ := users.Create("testuser", "password123", "user")
	token1, _ := sessions.Create(user.ID)
	token2, _ := sessions.Create(user.ID)

	err := sessions.DeleteAllForUser(user.ID)
	if err != nil {
		t.Fatalf("delete all: %v", err)
	}

	_, err = sessions.Validate(token1)
	if err != ErrSessionNotFound {
		t.Error("token1 should be deleted")
	}
	_, err = sessions.Validate(token2)
	if err != ErrSessionNotFound {
		t.Error("token2 should be deleted")
	}
}

func TestSessionExpiry(t *testing.T) {
	db := testDB(t)
	users := NewUserStore(db)
	sessions := NewSessionStore(db)
	sessions.SetLifetime(1 * time.Millisecond)

	Argon2Memory = 1024
	Argon2Time = 1
	defer func() { Argon2Memory = 65536; Argon2Time = 3 }()

	user, _ := users.Create("testuser", "password123", "user")
	token, _ := sessions.Create(user.ID)

	// Wait for expiry.
	time.Sleep(5 * time.Millisecond)

	_, err := sessions.Validate(token)
	if err != ErrSessionNotFound {
		t.Errorf("expired session: err = %v, want ErrSessionNotFound", err)
	}
}