const { getRequest } = require('../testServer');
const { getAdminSession } = require('../utils/adminSession');

describe('Admin Auth Middleware', () => {
  describe('Without Session', () => {
    it('should reject requests without session cookie', async () => {
      const response = await getRequest()
        .get('/api/admin/deletion-log')
        .expect(403);

      expect(response.body).toHaveProperty('error');
      expect(response.body).toHaveProperty('reason', 'SESSION_REQUIRED');
    });
  });

  describe('With Valid Session', () => {
    let adminSession;

    beforeAll(async () => {
      adminSession = await getAdminSession();
    });

    it('should allow access with valid session', async () => {
      const response = await adminSession.agent
        .get('/api/admin/deletion-log')
        .expect(200);

      expect(response.body).toHaveProperty('success');
    });

    it('should allow access to multiple admin endpoints', async () => {
      const endpoints = [
        '/api/admin/deletion-log',
        '/api/admin/rate-limiter/stats',
        '/api/admin/management-audit',
        '/api/admin/groups'
      ];

      for (const endpoint of endpoints) {
        const response = await adminSession.agent
          .get(endpoint)
          .expect(200);

        expect(response.body).toBeDefined();
      }
    });
  });
});