import { test, expect, registerUser } from '../fixtures';

test.describe('MCP API — Auth Guards', () => {
  test.describe('GET /mcp/servers', () => {
    test('rejects unauthenticated request with 401', async ({ request }) => {
      const res = await request.get('mcp/servers');

      expect(res.status()).toBe(401);
    });

    test('returns server list for authenticated user', async ({ request }) => {
      const { accessToken } = await registerUser(request);

      const res = await request.get('mcp/servers', {
        headers: { Authorization: `Bearer ${accessToken}` },
      });

      expect(res.status()).toBe(200);
      const body = await res.json();
      expect(body).toHaveProperty('servers');
      expect(Array.isArray(body.servers)).toBeTruthy();
    });
  });

  test.describe('GET /mcp/:serverName/sse', () => {
    test('rejects unauthenticated SSE connection with 401', async ({ request }) => {
      const res = await request.get('mcp/search/sse');

      expect(res.status()).toBe(401);
    });
  });

  test.describe('POST /mcp/:serverName/messages', () => {
    test('rejects unauthenticated message with 401', async ({ request }) => {
      const res = await request.post('mcp/search/messages', {
        params: { sessionId: 'fake-session' },
        data: {},
      });

      expect(res.status()).toBe(401);
    });

    test('returns 400 when sessionId is missing for authenticated user', async ({ request }) => {
      const { accessToken } = await registerUser(request);

      const res = await request.post('mcp/search/messages', {
        data: {},
        headers: { Authorization: `Bearer ${accessToken}` },
      });

      expect(res.status()).toBe(400);
    });
  });
});