/* eslint-disable unicorn/prevent-abbreviations */
import { INestApplication } from '@nestjs/common';
import { Test, TestingModule } from '@nestjs/testing';
import * as request from 'supertest';
import { createHash } from 'node:crypto';
import {
  finalizeEvent,
  generateSecretKey,
  getPublicKey,
  type UnsignedEvent,
} from 'nostr-tools';
import { NostrAuthModule } from '../src/nostr-auth/nostr-auth.module';

const hashPayload = (payload: string) =>
  createHash('sha256').update(payload).digest('hex');

describe('NostrAuth (e2e)', () => {
  let app: INestApplication;

  const secretKey = generateSecretKey();
  const pubkey = getPublicKey(secretKey);
  const host = 'nostr.test';
  const path = '/nostr-auth/echo';
  const url = `http://${host}${path}`;

  const buildAuthHeader = (unsignedEvent: UnsignedEvent): string => {
    const event = finalizeEvent(unsignedEvent, secretKey);
    return `Nostr ${Buffer.from(JSON.stringify(event)).toString('base64')}`;
  };

  beforeAll(async () => {
    const moduleFixture: TestingModule = await Test.createTestingModule({
      imports: [NostrAuthModule],
    }).compile();

    app = moduleFixture.createNestApplication();
    await app.init();
  });

  afterAll(async () => {
    await app.close();
  });

  it('accepts a valid nostr-signed request', async () => {
    const body = { ping: 'pong' };
    const payload = JSON.stringify(body);

    const authHeader = buildAuthHeader({
      pubkey,
      kind: 27_235,
      created_at: Math.floor(Date.now() / 1000),
      tags: [
        ['u', url],
        ['method', 'POST'],
        ['payload', hashPayload(payload)],
      ],
      content: '',
    });

    const response = await request(app.getHttpServer())
      .post(path)
      .set('host', host)
      .set('x-forwarded-proto', 'http')
      .set('authorization', authHeader)
      .send(body)
      .expect(201);

    expect(response.body.pubkey).toBe(pubkey);
  });

  it('rejects a tampered payload hash', async () => {
    const body = { ping: 'pong' };
    const payload = JSON.stringify(body);

    const authHeader = buildAuthHeader({
      pubkey,
      kind: 27_235,
      created_at: Math.floor(Date.now() / 1000),
      tags: [
        ['u', url],
        ['method', 'POST'],
        ['payload', hashPayload(`${payload}tampered`)],
      ],
      content: '',
    });

    const response = await request(app.getHttpServer())
      .post(path)
      .set('host', host)
      .set('x-forwarded-proto', 'http')
      .set('authorization', authHeader)
      .send(body)
      .expect(401);

    expect(response.body.code).toBe('PAYLOAD_MISMATCH');
  });
});