// This file is part of the happyDomain (R) project.
// Copyright (c) 2020-2026 happyDomain
// Authors: Pierre-Olivier Mercier, et al.

package checker

import (
	"encoding/json"
	"testing"

	sdk "git.happydns.org/checker-sdk-go/checker"
)

func wellKnownData(t *testing.T, probes map[string]WellKnownProbe) map[string]json.RawMessage {
	t.Helper()
	raw, err := json.Marshal(WellKnownData{URIs: probes})
	if err != nil {
		t.Fatalf("marshal: %v", err)
	}
	return map[string]json.RawMessage{ObservationKeyWellKnown: raw}
}

func TestSecurityTxtRule_OK(t *testing.T) {
	data := &HTTPData{
		Domain: "example.test",
		Probes: []HTTPProbe{httpsProbe("a:443")},
		Extensions: wellKnownData(t, map[string]WellKnownProbe{
			"/.well-known/security.txt": {StatusCode: 200, Bytes: 128},
			"/robots.txt":               {StatusCode: 200, Bytes: 42},
		}),
	}
	states := runRule(t, &securityTxtRule{}, data, nil)
	mustStatus(t, states, sdk.StatusOK)
	if !hasCode(states, "http.security_txt.ok") {
		t.Errorf("expected ok, got %+v", states)
	}
}

func TestSecurityTxtRule_Empty(t *testing.T) {
	data := &HTTPData{
		Domain: "example.test",
		Probes: []HTTPProbe{httpsProbe("a:443")},
		Extensions: wellKnownData(t, map[string]WellKnownProbe{
			"/.well-known/security.txt": {StatusCode: 200, Bytes: 0},
		}),
	}
	states := runRule(t, &securityTxtRule{}, data, nil)
	mustStatus(t, states, sdk.StatusWarn)
	if !hasCode(states, "http.security_txt.empty") {
		t.Errorf("expected empty, got %+v", states)
	}
}

func TestSecurityTxtRule_Missing(t *testing.T) {
	data := &HTTPData{
		Domain: "example.test",
		Probes: []HTTPProbe{httpsProbe("a:443")},
		Extensions: wellKnownData(t, map[string]WellKnownProbe{
			"/.well-known/security.txt": {StatusCode: 404},
		}),
	}
	states := runRule(t, &securityTxtRule{}, data, nil)
	mustStatus(t, states, sdk.StatusInfo)
	if !hasCode(states, "http.security_txt.missing") {
		t.Errorf("expected missing, got %+v", states)
	}
	if states[0].Meta["fix"] == nil {
		t.Errorf("expected fix hint in meta, got %+v", states[0].Meta)
	}
}

func TestSecurityTxtRule_NoCollectorData(t *testing.T) {
	data := &HTTPData{
		Domain: "example.test",
		Probes: []HTTPProbe{httpsProbe("a:443")},
	}
	states := runRule(t, &securityTxtRule{}, data, nil)
	mustStatus(t, states, sdk.StatusUnknown)
	if !hasCode(states, "http.security_txt.no_data") {
		t.Errorf("expected no_data, got %+v", states)
	}
}

func TestSecurityTxtRule_DecodeError(t *testing.T) {
	data := &HTTPData{
		Domain: "example.test",
		Probes: []HTTPProbe{httpsProbe("a:443")},
		Extensions: map[string]json.RawMessage{
			ObservationKeyWellKnown: json.RawMessage(`"not an object"`),
		},
	}
	states := runRule(t, &securityTxtRule{}, data, nil)
	if states[0].Status != sdk.StatusError || states[0].Code != "http.security_txt.decode_error" {
		t.Errorf("expected decode_error, got %+v", states)
	}
}