import { test, expect } from '@playwright/test'

test.describe('Expired token logout', () => {
  test('router guard redirects expired token to login and logs out', async ({
    page,
  }) => {
    const past = Math.floor(Date.now() / 1000) - 3600
    const jwt = makeJwt({ sub: 'test@bilhej.se', role: 'user', exp: past })

    await page.goto('/')
    await page.evaluate((token) => localStorage.setItem('auth_token', token), jwt)

    await page.goto('/orders')

    await expect(page).toHaveURL(/\/logga-in\?redirect=\/orders/)
    await expect(page.getByRole('heading', { name: 'Logga in' })).toBeVisible()

    const header = page.locator('header')
    await expect(header.getByRole('link', { name: 'Logga in' })).toBeVisible()
    await expect(
      header.getByRole('button', { name: 'Logga ut' }),
    ).not.toBeVisible()

    const stored = await page.evaluate(() => localStorage.getItem('auth_token'))
    expect(stored).toBeNull()
  })

  test('API 401 logs out and redirects when guard accepts token but backend rejects it', async ({
    page,
  }) => {
    const future = Math.floor(Date.now() / 1000) + 3600
    const jwt = makeJwt({ sub: 'test@bilhej.se', role: 'user', exp: future })

    await page.goto('/')
    await page.evaluate((token) => localStorage.setItem('auth_token', token), jwt)

    await page.goto('/orders')
    await page.waitForURL(/\/logga-in\?redirect=\/orders/)

    await expect(page.getByRole('heading', { name: 'Logga in' })).toBeVisible()

    const header = page.locator('header')
    await expect(header.getByRole('button', { name: 'Logga ut' })).not.toBeVisible()

    const stored = await page.evaluate(() => localStorage.getItem('auth_token'))
    expect(stored).toBeNull()
  })
})

function makeJwt(payload: Record<string, unknown>): string {
  const header = btoa(JSON.stringify({ alg: 'HS256', typ: 'JWT' }))
  const body = btoa(JSON.stringify(payload))
  const signature = 'test-sig'
  return `${header}.${body}.${signature}`
}