/**
 * Integration tests for Billing endpoints.
 * Uses a real Postgres test DB and Redis test instance.
 *
 * Routes covered:
 *   POST /api/v1/billing/checkout — create Stripe Checkout Session (authenticated)
 *   POST /api/v1/billing/webhook  — Stripe webhook handler (unauthenticated, raw body)
 *   GET  /api/v1/billing/usage    — today's usage summary (authenticated)
 */

import crypto from 'crypto';
import request from 'supertest';
import { Application } from 'express';
import { v4 as uuidv4 } from 'uuid';
import { Pool } from 'pg';

const { privateKey, publicKey } = crypto.generateKeyPairSync('rsa', {
  modulusLength: 2048,
  publicKeyEncoding: { type: 'spki', format: 'pem' },
  privateKeyEncoding: { type: 'pkcs8', format: 'pem' },
});

process.env['DATABASE_URL'] =
  process.env['TEST_DATABASE_URL'] ??
  'postgresql://sentryagent:sentryagent@localhost:5432/sentryagent_idp_test';
process.env['REDIS_URL'] = process.env['TEST_REDIS_URL'] ?? 'redis://localhost:6379/1';
process.env['JWT_PRIVATE_KEY'] = privateKey;
process.env['JWT_PUBLIC_KEY'] = publicKey;
process.env['NODE_ENV'] = 'test';
process.env['DEFAULT_ORG_ID'] = 'org_system';
// Use a test Stripe key placeholder — actual Stripe calls will not be made in unit context
process.env['STRIPE_SECRET_KEY'] = 'sk_test_placeholder';
process.env['STRIPE_WEBHOOK_SECRET'] = 'whsec_test_placeholder';

import { createApp } from '../../src/app';
import { signToken } from '../../src/utils/jwt';
import { closePool } from '../../src/db/pool';
import { closeRedisClient } from '../../src/cache/redis';

const ORG_ID = uuidv4();
const AGENT_ID = uuidv4();

function makeToken(sub: string = AGENT_ID, scope = 'billing:manage', orgId: string = ORG_ID): string {
  return signToken({ sub, client_id: sub, scope, organization_id: orgId, jti: uuidv4() }, privateKey);
}

describe('Billing Endpoints Integration Tests', () => {
  let app: Application;
  let pool: Pool;

  beforeAll(async () => {
    app = await createApp();
    pool = new Pool({ connectionString: process.env['DATABASE_URL'] });

    await pool.query(`
      CREATE TABLE IF NOT EXISTS organizations (
        organization_id VARCHAR(40) PRIMARY KEY,
        name VARCHAR(100) NOT NULL,
        plan VARCHAR(20) NOT NULL DEFAULT 'free',
        created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
        updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
      )
    `);

    await pool.query(`
      CREATE TABLE IF NOT EXISTS usage_events (
        id BIGSERIAL PRIMARY KEY,
        tenant_id VARCHAR(40) NOT NULL,
        date DATE NOT NULL,
        metric_type VARCHAR(50) NOT NULL,
        count INTEGER NOT NULL DEFAULT 1
      )
    `);

    await pool.query(
      `INSERT INTO organizations (organization_id, name) VALUES ($1, $2) ON CONFLICT DO NOTHING`,
      [ORG_ID, 'Test Billing Org'],
    );
  });

  afterAll(async () => {
    await pool.query(`DELETE FROM usage_events WHERE tenant_id = $1`, [ORG_ID]);
    await pool.query(`DELETE FROM organizations WHERE organization_id = $1`, [ORG_ID]);
    await pool.end();
    await closePool();
    await closeRedisClient();
  });

  // ─── GET /billing/usage ──────────────────────────────────────────────────────

  describe('GET /api/v1/billing/usage', () => {
    it('should return 200 with usage summary for authenticated user', async () => {
      const res = await request(app)
        .get('/api/v1/billing/usage')
        .set('Authorization', `Bearer ${makeToken()}`);

      expect(res.status).toBe(200);
      expect(res.body).toHaveProperty('apiCalls');
    });

    it('should return 401 when no token provided', async () => {
      const res = await request(app).get('/api/v1/billing/usage');
      expect(res.status).toBe(401);
    });
  });

  // ─── POST /billing/checkout ──────────────────────────────────────────────────

  describe('POST /api/v1/billing/checkout', () => {
    it('should return 401 when no token provided', async () => {
      const res = await request(app)
        .post('/api/v1/billing/checkout')
        .send({ targetTier: 'pro' });

      expect(res.status).toBe(401);
    });

    it('should return 422 when targetTier is missing', async () => {
      const res = await request(app)
        .post('/api/v1/billing/checkout')
        .set('Authorization', `Bearer ${makeToken()}`)
        .send({});

      expect([400, 422]).toContain(res.status);
    });
  });

  // ─── POST /billing/webhook ───────────────────────────────────────────────────

  describe('POST /api/v1/billing/webhook', () => {
    it('should return 400 when Stripe-Signature header is missing', async () => {
      const res = await request(app)
        .post('/api/v1/billing/webhook')
        .set('Content-Type', 'application/json')
        .send(JSON.stringify({ type: 'checkout.session.completed' }));

      // Stripe webhook verification will fail without the signature
      expect([400, 401, 403]).toContain(res.status);
    });
  });
});