<?php

use App\Http\Controllers\SettingController;
use App\Services\DhlTrackingService;
use Illuminate\Support\Facades\Http;

beforeEach(function () {
    // Pre-populate the process-wide DHL config cache (introduced in Phase 10)
    // so the SettingController::getDhlConfig() call inside DhlTrackingService
    // does not hit the database during the unit test.
    $reflection = new ReflectionClass(SettingController::class);
    $property = $reflection->getProperty('cachedDhlConfig');
    $property->setAccessible(true);
    $property->setValue(null, [
        'api_key' => 'cached-test-api-key-1234',
    ]);
});

afterEach(function () {
    SettingController::flushDhlConfigCache();
    DhlTrackingService::clearQuotaPause();
    Mockery::close();
});

it('returns an explicit auth_error and a meaningful message on HTTP 401', function () {
    Http::fake([
        'api-eu.dhl.com/track/shipments*' => Http::response(['title' => 'Unauthorized'], 401),
    ]);

    $service = new DhlTrackingService;
    $result = $service->trackShipment('00340434292135100148');

    expect($result)
        ->toHaveKey('success', false)
        ->toHaveKey('auth_error', true)
        ->toHaveKey('http_status', 401)
        ->toHaveKey('api_used', 'unified');

    expect($result['message'])
        ->toContain('Authentifizierung fehlgeschlagen')
        ->toContain('HTTP 401')
        ->toContain('Shipment Tracking - Unified');

    // No fallback request to a phantom Parcel DE tracking endpoint must occur.
    Http::assertSentCount(1);
});

it('marks HTTP 403 as auth error too', function () {
    Http::fake([
        'api-eu.dhl.com/track/shipments*' => Http::response(['title' => 'Forbidden'], 403),
    ]);

    $service = new DhlTrackingService;
    $result = $service->trackShipment('00340434292135100148');

    expect($result['auth_error'])->toBeTrue()
        ->and($result['http_status'])->toBe(403)
        ->and($result['message'])->toContain('HTTP 403');
});

it('distinguishes a "not found" response from a 401 auth error', function () {
    Http::fake([
        'api-eu.dhl.com/track/shipments*' => Http::response(['shipments' => []], 200),
    ]);

    $service = new DhlTrackingService;
    $result = $service->trackShipment('99999999999999999999');

    expect($result)
        ->toHaveKey('success', false)
        ->toHaveKey('not_found', true)
        ->and($result['message'])->toBe('Sendung nicht gefunden oder noch nicht im DHL-System erfasst.');

    expect($result)->not->toHaveKey('auth_error');
});

it('does not fall back to the non-existent parcel-de tracking endpoint anymore', function () {
    Http::fake([
        'api-eu.dhl.com/track/shipments*' => Http::response(['title' => 'Unauthorized'], 401),
        'api-eu.dhl.com/parcel/de/tracking*' => Http::response('should never be called', 500),
    ]);

    $service = new DhlTrackingService;
    $service->trackShipment('00340434292135100148');

    Http::assertSentCount(1);
    Http::assertNotSent(function ($request) {
        return str_contains($request->url(), '/parcel/de/tracking');
    });
});

it('redacts the api key in the auth-error log payload', function () {
    Http::fake([
        'api-eu.dhl.com/track/shipments*' => Http::response([], 401),
    ]);

    \Illuminate\Support\Facades\Log::spy();

    $service = new DhlTrackingService;
    $service->trackShipment('00340434292135100148');

    \Illuminate\Support\Facades\Log::shouldHaveReceived('error')
        ->withArgs(function (string $message, array $context) {
            return str_contains($message, 'authentication failed')
                && ($context['api_key_suffix'] ?? null) === '***1234'
                && ! str_contains(json_encode($context), 'cached-test-api-key');
        });
});