using Thalos.Bff.Application.Adapters;
using Thalos.Bff.Application.Handlers;
using Thalos.Bff.Application.Security;
using Thalos.Bff.Contracts.Api;

namespace Thalos.Bff.Application.UnitTests;

public class IssueTokenHandlerTests
{
    [Fact]
    public async Task HandleAsync_WhenPermissionAllowed_DelegatesToServiceClient()
    {
        var handler = new IssueTokenHandler(new FakeThalosServiceClient(), new AllowPermissionGuard());

        var response = await handler.HandleAsync(new IssueTokenApiRequest("user-1", "tenant-1"));

        Assert.Equal("token-xyz", response.AccessToken);
        Assert.Equal(1800, response.ExpiresInSeconds);
    }

    private sealed class FakeThalosServiceClient : IThalosServiceClient
    {
        public Task<IssueTokenApiResponse> IssueTokenAsync(IssueTokenApiRequest request)
        {
            return Task.FromResult(new IssueTokenApiResponse("token-xyz", 1800));
        }

        public Task<RefreshSessionApiResponse> RefreshSessionAsync(RefreshSessionApiRequest request)
        {
            return Task.FromResult(new RefreshSessionApiResponse("token-refreshed", 1800));
        }
    }

    private sealed class AllowPermissionGuard : IPermissionGuard
    {
        public bool CanAccess(string permissionCode) => true;
    }
}