use crate::harness::{TestServer, test_config};

#[tokio::test]
async fn path_traversal_rejected() {
    let server = TestServer::start(test_config(tempfile::tempdir().unwrap().keep())).await;

    let traversal_attempts = [
        "../etc/passwd",
        "..%2F..%2Fetc%2Fpasswd",
        "valid-site/../other",
    ];

    for attempt in &traversal_attempts {
        let resp = TestServer::client()
            .post(server.url(attempt))
            .header("Authorization", "Bearer test-token")
            .send()
            .await;

        if let Ok(resp) = resp {
            let status = resp.status().as_u16();
            assert!(
                status == 400 || status == 404,
                "path traversal '{attempt}' should be rejected, got {status}"
            );
        }
    }
}

#[tokio::test]
async fn very_long_site_name_rejected() {
    let server = TestServer::start(test_config(tempfile::tempdir().unwrap().keep())).await;

    let long_name = "a".repeat(1000);
    let resp = TestServer::client()
        .post(server.url(&long_name))
        .header("Authorization", "Bearer test-token")
        .send()
        .await;

    if let Ok(resp) = resp {
        let status = resp.status().as_u16();
        assert!(
            status == 400 || status == 404 || status == 414,
            "long site name should be rejected gracefully, got {status}"
        );
    }
}

#[tokio::test]
async fn service_healthy_after_errors() {
    let server = TestServer::start(test_config(tempfile::tempdir().unwrap().keep())).await;

    // Make requests to non-existent sites (causes 404s in the app)
    for _ in 0..5 {
        let _ = TestServer::client()
            .post(server.url("/nonexistent"))
            .send()
            .await;
    }

    // Server should still be healthy
    let resp = TestServer::client()
        .get(server.url("/health"))
        .send()
        .await
        .unwrap();
    assert_eq!(resp.status().as_u16(), 200);
}