package receiver

import (
	"encoding/hex"
	"testing"
)

func TestGenerateScopedToken_Deterministic(t *testing.T) {
	token1 := GenerateScopedToken("key", "org", "repo", "wf", "job")
	token2 := GenerateScopedToken("key", "org", "repo", "wf", "job")
	if token1 != token2 {
		t.Errorf("tokens differ: %q vs %q", token1, token2)
	}
}

func TestGenerateScopedToken_ScopePinning(t *testing.T) {
	base := GenerateScopedToken("key", "org", "repo", "wf", "job")

	variants := []struct {
		name string
		org  string
		repo string
		wf   string
		job  string
	}{
		{"different org", "other-org", "repo", "wf", "job"},
		{"different repo", "org", "other-repo", "wf", "job"},
		{"different workflow", "org", "repo", "other-wf", "job"},
		{"different job", "org", "repo", "wf", "other-job"},
	}

	for _, v := range variants {
		t.Run(v.name, func(t *testing.T) {
			token := GenerateScopedToken("key", v.org, v.repo, v.wf, v.job)
			if token == base {
				t.Errorf("token for %s should differ from base", v.name)
			}
		})
	}
}

func TestGenerateScopedToken_DifferentKeys(t *testing.T) {
	token1 := GenerateScopedToken("key-a", "org", "repo", "wf", "job")
	token2 := GenerateScopedToken("key-b", "org", "repo", "wf", "job")
	if token1 == token2 {
		t.Error("different keys should produce different tokens")
	}
}

func TestGenerateScopedToken_ValidHex(t *testing.T) {
	token := GenerateScopedToken("key", "org", "repo", "wf", "job")
	if len(token) != 64 {
		t.Errorf("token length = %d, want 64", len(token))
	}
	if _, err := hex.DecodeString(token); err != nil {
		t.Errorf("token is not valid hex: %v", err)
	}
}

func TestValidateScopedToken_Correct(t *testing.T) {
	token := GenerateScopedToken("key", "org", "repo", "wf", "job")
	if !ValidateScopedToken("key", token, "org", "repo", "wf", "job") {
		t.Error("ValidateScopedToken should accept correct token")
	}
}

func TestValidateScopedToken_WrongToken(t *testing.T) {
	if ValidateScopedToken("key", "deadbeef", "org", "repo", "wf", "job") {
		t.Error("ValidateScopedToken should reject wrong token")
	}
}

func TestValidateScopedToken_WrongScope(t *testing.T) {
	token := GenerateScopedToken("key", "org", "repo", "wf", "job")
	if ValidateScopedToken("key", token, "org", "repo", "wf", "other-job") {
		t.Error("ValidateScopedToken should reject token for different scope")
	}
}