import { describe, it, expect, vi } from "vitest";

// Unit tests for partner-auth middleware logic
// Tests the auth extraction and validation behaviour without a live KBDB

function extractBearerToken(authHeader: string | undefined): string | null {
  if (!authHeader?.startsWith("Bearer ")) return null;
  return authHeader.slice(7);
}

describe("partner-auth: token extraction", () => {
  it("returns null when Authorization header is missing", () => {
    expect(extractBearerToken(undefined)).toBeNull();
  });

  it("returns null when header does not start with 'Bearer '", () => {
    expect(extractBearerToken("Basic abc123")).toBeNull();
    expect(extractBearerToken("bearer abc123")).toBeNull();
    expect(extractBearerToken("Token abc123")).toBeNull();
  });

  it("extracts token from valid Bearer header", () => {
    expect(extractBearerToken("Bearer my-secret-key")).toBe("my-secret-key");
  });

  it("handles token with special characters", () => {
    expect(extractBearerToken("Bearer abc.def_ghi-123")).toBe("abc.def_ghi-123");
  });
});

describe("partner-auth: KBDB response validation", () => {
  it("rejects when valid is false", () => {
    const info = { valid: false, org_namespace: "org-a" };
    expect(info.valid).toBe(false);
  });

  it("accepts when valid is true and extracts org_namespace", () => {
    const info = { valid: true, org_namespace: "org-a" };
    expect(info.valid).toBe(true);
    expect(info.org_namespace).toBe("org-a");
  });
});