#!/bin/bash
# furt-lua/scripts/test_auth.sh
# Test API-Key-Authentifizierung (ohne jq parse errors)

BASE_URL="http://127.0.0.1:8080"
HUGO_API_KEY="YOUR_API_KEY_HERE"
ADMIN_API_KEY="YOUR_ADMIN_KEY_HERE"
INVALID_API_KEY="invalid-key-should-fail"

echo "🔐 Testing Furt API-Key Authentication"
echo "======================================"

# Helper function to make clean API calls
make_request() {
    local method="$1"
    local url="$2"
    local headers="$3"
    local data="$4"

    echo "Request: $method $url"
    if [ -n "$headers" ]; then
        echo "Headers: $headers"
    fi

    local response=$(curl -s $method \
        ${headers:+-H "$headers"} \
        ${data:+-d "$data"} \
        -H "Content-Type: application/json" \
        "$url")

    local status=$(curl -s -o /dev/null -w "%{http_code}" $method \
        ${headers:+-H "$headers"} \
        ${data:+-d "$data"} \
        -H "Content-Type: application/json" \
        "$url")

    echo "Status: $status"
    echo "Response: $response" | jq '.' 2>/dev/null || echo "$response"
    echo ""
}

# Test 1: Health-Check (public, no auth needed)
echo "1️⃣ Public Health Check (no auth required):"
make_request "-X GET" "$BASE_URL/health"

# Test 2: No API-Key -> 401
echo "2️⃣ Mail without API-Key (should fail with 401):"
make_request "-X POST" "$BASE_URL/v1/mail/send" "" '{"name":"Test","email":"test@example.com","message":"Test"}'

# Test 3: Invalid API-Key -> 401
echo "3️⃣ Mail with invalid API-Key (should fail with 401):"
make_request "-X POST" "$BASE_URL/v1/mail/send" "X-API-Key: $INVALID_API_KEY" '{"name":"Test","email":"test@example.com","message":"Test"}'

# Test 4: Valid API-Key -> 200 (or SMTP error)
echo "4️⃣ Mail with valid Hugo API-Key (should work):"
make_request "-X POST" "$BASE_URL/v1/mail/send" "X-API-Key: $HUGO_API_KEY" '{
    "name": "Test User",
    "email": "test@example.com",
    "subject": "API Auth Test",
    "message": "This is a test message via authenticated API"
}'

# Test 5: Auth Status Check
echo "5️⃣ Auth Status Check with Hugo API-Key:"
make_request "-X GET" "$BASE_URL/v1/auth/status" "X-API-Key: $HUGO_API_KEY"

# Test 6: Auth Status with Admin API-Key
echo "6️⃣ Auth Status Check with Admin API-Key:"
make_request "-X GET" "$BASE_URL/v1/auth/status" "X-API-Key: $ADMIN_API_KEY"

echo "✅ Auth Testing Complete!"
echo ""
echo "Expected Results:"
echo "- Test 1: ✅ 200 OK (health check)"
echo "- Test 2: ❌ 401 Unauthorized (Missing API-Key)"
echo "- Test 3: ❌ 401 Unauthorized (Invalid API-Key)"
echo "- Test 4: ✅ 200 OK (Valid API-Key) or 500 if SMTP not configured"
echo "- Test 5,6: ✅ 200 OK with auth details"