from fastapi.testclient import TestClient
from tailscalesd.main import Settings, app, get_settings

client = TestClient(app)


def get_settings_override() -> Settings:
    return Settings(
        test_mode=True,
        tailnet="test",
        client_id="test",
        client_secret="test",
        bearer_token="test",
    )


app.dependency_overrides[get_settings] = get_settings_override


def test_auth_works():
    response = client.get("/", headers={"Authorization": "Bearer test"})
    assert response.status_code == 200
    assert response.json() == []


def test_unauthorized_wrong_token():
    response = client.get("/", headers={"Authorization": "Bearer incorrect_token"})
    assert response.status_code == 401
    assert response.json() == {"detail": "Invalid authentication credentials"}


def test_unauthorized_no_token():
    response = client.get("/")
    assert response.status_code == 403
    assert response.json() == {"detail": "Not authenticated"}


def test_settings_support_secret_files(tmp_path):
    bearer_token_file = tmp_path / "bearer_token"
    client_id_file = tmp_path / "client_id"
    client_secret_file = tmp_path / "client_secret"
    bearer_token_file.write_text("from-file-token\n", encoding="utf-8")
    client_id_file.write_text("from-file-client-id\n", encoding="utf-8")
    client_secret_file.write_text("from-file-client-secret\n", encoding="utf-8")

    settings = Settings(
        test_mode=True,
        tailnet="test",
        bearer_token_file=str(bearer_token_file),
        client_id_file=str(client_id_file),
        client_secret_file=str(client_secret_file),
    )

    assert settings.bearer_token is not None
    assert settings.client_id is not None
    assert settings.client_secret is not None
    assert settings.bearer_token.get_secret_value() == "from-file-token"
    assert settings.client_id.get_secret_value() == "from-file-client-id"
    assert settings.client_secret.get_secret_value() == "from-file-client-secret"