<?php

declare(strict_types=1);

namespace Siteworxpro\Tests\Http\Middleware;

use Nyholm\Psr7\Response;
use Nyholm\Psr7\ServerRequest;
use Psr\Http\Server\RequestHandlerInterface;
use Siteworxpro\App\Http\Middleware\CorsMiddleware;
use Siteworxpro\App\Services\Facades\Config;
use Siteworxpro\Tests\Unit;

class CorsMiddlewareTest extends Middleware
{
    public function testAllowsConfiguredOrigin(): void
    {
        Config::shouldReceive('get')
            ->with('cors.allowed_origins')
            ->andReturn('https://example.com,https://another.com');

        Config::shouldReceive('get')->with('cors.allow_credentials')->andReturn(false);
        Config::shouldReceive('get')->with('cors.max_age')->andReturn('');

        $middleware = new CorsMiddleware();
        $request = new ServerRequest('GET', '/')->withHeader('Origin', 'https://example.com');
        $handler = $this->mockHandler(new Response(200));

        $response = $middleware->process($request, $handler);

        $this->assertEquals('https://example.com', $response->getHeaderLine('Access-Control-Allow-Origin'));
    }

    public function testBlocksUnconfiguredOrigin(): void
    {
        Config::shouldReceive('get')
            ->with('cors.allowed_origins')
            ->andReturn('https://example.com,https://another.com');

        $middleware = new CorsMiddleware();
        $request = new ServerRequest('GET', '/')->withHeader('Origin', 'https://unauthorized.com');
        $handler = $this->mockHandler(new Response(200));

        $response = $middleware->process($request, $handler);

        $this->assertEmpty($response->getHeaderLine('Access-Control-Allow-Origin'));
    }

    public function testHandlesOptionsRequest(): void
    {
        Config::shouldReceive('get')->with('cors.allowed_origins')->andReturn('https://example.com');
        Config::shouldReceive('get')->with('cors.allow_credentials')->andReturn(false);
        Config::shouldReceive('get')->with('cors.max_age')->andReturn('86400');

        $middleware = new CorsMiddleware();
        $request = new ServerRequest('OPTIONS', '/')->withHeader('Origin', 'https://example.com');
        $handler = $this->mockHandler(new Response(200));

        $response = $middleware->process($request, $handler);

        $this->assertEquals(204, $response->getStatusCode());
        $this->assertEquals('86400', $response->getHeaderLine('Access-Control-Max-Age'));
    }

    public function testAddsAllowCredentialsHeader(): void
    {
        Config::shouldReceive('get')
            ->with('cors.allowed_origins')
            ->andReturn('https://example.com');

        Config::shouldReceive('get')->with('cors.allowed_origins')->andReturn('https://example.com');
        Config::shouldReceive('get')->with('cors.allow_credentials')->andReturn(true);
        Config::shouldReceive('get')->with('cors.max_age')->andReturn('86400');

        $middleware = new CorsMiddleware();
        $request = new ServerRequest('GET', '/')->withHeader('Origin', 'https://example.com');
        $handler = $this->mockHandler(new Response(200));

        $response = $middleware->process($request, $handler);

        $this->assertEquals('true', $response->getHeaderLine('Access-Control-Allow-Credentials'));
    }
}