import { afterEach, describe, expect, it, vi } from 'vitest'
import { getWebAuthnConfig } from '../server/utils/webauthn-config.js'

const envNames = [
  'NUXT_PUBLIC_BASE_URL',
  'WEBAUTHN_RP_ID',
  'WEBAUTHN_ORIGIN',
  'WEBAUTHN_ALLOWED_ORIGINS'
]

const originalEnv = Object.fromEntries(envNames.map(name => [name, process.env[name]]))

afterEach(() => {
  for (const name of envNames) {
    const originalValue = originalEnv[name]
    if (originalValue === undefined) {
      delete process.env[name]
    } else {
      process.env[name] = originalValue
    }
  }
  vi.restoreAllMocks()
})

describe('WebAuthn origin configuration', () => {
  it('accepts both production hosts when the public URL is the apex domain', () => {
    vi.spyOn(console, 'log').mockImplementation(() => {})
    process.env.NUXT_PUBLIC_BASE_URL = 'https://harheimertc.de'
    process.env.WEBAUTHN_RP_ID = 'harheimertc.de'
    delete process.env.WEBAUTHN_ORIGIN
    delete process.env.WEBAUTHN_ALLOWED_ORIGINS

    const config = getWebAuthnConfig()

    expect(config.origin).toBe('https://harheimertc.de')
    expect(config.origins).toEqual([
      'https://harheimertc.de',
      'https://www.harheimertc.de'
    ])
  })

  it('adds explicitly allowed origins without widening test installations implicitly', () => {
    vi.spyOn(console, 'log').mockImplementation(() => {})
    process.env.WEBAUTHN_ORIGIN = 'https://harheimertc.tsschulz.de'
    process.env.WEBAUTHN_ALLOWED_ORIGINS = ' https://alias.tsschulz.de/ , https://alias.tsschulz.de '

    const config = getWebAuthnConfig()

    expect(config.origins).toEqual([
      'https://harheimertc.tsschulz.de',
      'https://alias.tsschulz.de'
    ])
  })
})