package mcp_test

import (
	"bytes"
	"encoding/json"
	"net/http"
	"net/http/httptest"
	"strings"
	"testing"

	"github.com/mathiasbq/supervisor/internal/mcp"
	"github.com/mathiasbq/supervisor/internal/registry"
	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"
)

func jsonBody(t *testing.T, v any) *bytes.Buffer {
	t.Helper()
	b, err := json.Marshal(v)
	require.NoError(t, err)
	return bytes.NewBuffer(b)
}

func TestMCPInitialize(t *testing.T) {
	reg := registry.New()
	srv := mcp.NewServer(reg, "")

	req := httptest.NewRequest(http.MethodPost, "/mcp", jsonBody(t, map[string]any{
		"jsonrpc": "2.0",
		"id":      1,
		"method":  "initialize",
		"params":  map[string]any{},
	}))
	req.Header.Set("Content-Type", "application/json")
	rr := httptest.NewRecorder()

	srv.ServeHTTP(rr, req)

	assert.Equal(t, http.StatusOK, rr.Code)
	var resp map[string]any
	require.NoError(t, json.Unmarshal(rr.Body.Bytes(), &resp))
	result := resp["result"].(map[string]any)
	assert.Equal(t, "2024-11-05", result["protocolVersion"])
}

func TestMCPToolsList(t *testing.T) {
	reg := registry.New()
	srv := mcp.NewServer(reg, "")

	req := httptest.NewRequest(http.MethodPost, "/mcp", jsonBody(t, map[string]any{
		"jsonrpc": "2.0", "id": 2, "method": "tools/list", "params": map[string]any{},
	}))
	req.Header.Set("Content-Type", "application/json")
	rr := httptest.NewRecorder()
	srv.ServeHTTP(rr, req)

	assert.Equal(t, http.StatusOK, rr.Code)
	var resp map[string]any
	require.NoError(t, json.Unmarshal(rr.Body.Bytes(), &resp))
	result := resp["result"].(map[string]any)
	assert.NotNil(t, result["tools"])
}

func TestMCPUnknownMethod(t *testing.T) {
	reg := registry.New()
	srv := mcp.NewServer(reg, "")

	req := httptest.NewRequest(http.MethodPost, "/mcp", jsonBody(t, map[string]any{
		"jsonrpc": "2.0", "id": 3, "method": "unknown/method", "params": map[string]any{},
	}))
	req.Header.Set("Content-Type", "application/json")
	rr := httptest.NewRecorder()
	srv.ServeHTTP(rr, req)

	assert.Equal(t, http.StatusOK, rr.Code)
	var resp map[string]any
	require.NoError(t, json.Unmarshal(rr.Body.Bytes(), &resp))
	assert.NotNil(t, resp["error"])
}

func TestMCPNotificationKnownMethodGetsNoResponseBody(t *testing.T) {
	reg := registry.New()
	srv := mcp.NewServer(reg, "")

	// JSON-RPC 2.0 notification: "id" field absent. Per spec, server MUST NOT
	// reply. notifications/initialized is part of the standard MCP handshake.
	req := httptest.NewRequest(http.MethodPost, "/mcp", jsonBody(t, map[string]any{
		"jsonrpc": "2.0",
		"method":  "notifications/initialized",
	}))
	req.Header.Set("Content-Type", "application/json")
	rr := httptest.NewRecorder()
	srv.ServeHTTP(rr, req)

	assert.Equal(t, http.StatusOK, rr.Code)
	assert.Empty(t, strings.TrimSpace(rr.Body.String()),
		"notifications must not receive a response body")
}

func TestMCPAuth(t *testing.T) {
	const token = "s3cr3t"

	cases := []struct {
		name       string
		token      string
		authHeader string
		wantStatus int
	}{
		{"no token configured passes without header", "", "", http.StatusOK},
		{"correct bearer passes", token, "Bearer " + token, http.StatusOK},
		{"wrong bearer rejected", token, "Bearer wrong", http.StatusUnauthorized},
		{"missing header rejected", token, "", http.StatusUnauthorized},
		{"wrong scheme rejected", token, "Basic " + token, http.StatusUnauthorized},
	}

	for _, tc := range cases {
		t.Run(tc.name, func(t *testing.T) {
			reg := registry.New()
			srv := mcp.NewServer(reg, tc.token)

			req := httptest.NewRequest(http.MethodPost, "/mcp", jsonBody(t, map[string]any{
				"jsonrpc": "2.0", "id": 1, "method": "initialize", "params": map[string]any{},
			}))
			req.Header.Set("Content-Type", "application/json")
			if tc.authHeader != "" {
				req.Header.Set("Authorization", tc.authHeader)
			}
			rr := httptest.NewRecorder()
			srv.ServeHTTP(rr, req)

			assert.Equal(t, tc.wantStatus, rr.Code)
			if tc.wantStatus == http.StatusUnauthorized {
				var resp map[string]any
				require.NoError(t, json.Unmarshal(rr.Body.Bytes(), &resp))
				rpcErr, ok := resp["error"].(map[string]any)
				require.True(t, ok, "expected error object in response")
				assert.Equal(t, float64(-32001), rpcErr["code"])
			}
		})
	}
}

func TestMCPNotificationUnknownMethodGetsNoResponseBody(t *testing.T) {
	reg := registry.New()
	srv := mcp.NewServer(reg, "")

	req := httptest.NewRequest(http.MethodPost, "/mcp", jsonBody(t, map[string]any{
		"jsonrpc": "2.0",
		"method":  "notifications/totally-unknown",
	}))
	req.Header.Set("Content-Type", "application/json")
	rr := httptest.NewRecorder()
	srv.ServeHTTP(rr, req)

	assert.Equal(t, http.StatusOK, rr.Code)
	assert.Empty(t, strings.TrimSpace(rr.Body.String()),
		"unknown notifications must also receive no response body")
}