require "test_helper"

class SanastoCorsTest < ActiveSupport::TestCase
  def setup
    @app = ->(_env) { [ 200, {}, [ "ok" ] ] }
    @middleware = Middleware::SanastoCors.new(@app)
    @origin = "http://localhost:5173"
    @app_id = "app.sanasto"
  end

  test "adds cors headers for allowed get requests" do
    env = Rack::MockRequest.env_for(
      "/api/entries",
      method: "GET",
      "HTTP_ORIGIN" => @origin,
      "HTTP_X_SANASTO_APP" => @app_id
    )

    status, headers, _body = @middleware.call(env)

    assert_equal 200, status
    assert_equal @origin, headers["Access-Control-Allow-Origin"]
    assert_includes headers["Access-Control-Allow-Headers"], "X-Sanasto-App"
  end

  test "returns preflight response with cors headers when app header is requested" do
    env = Rack::MockRequest.env_for(
      "/api/entries",
      method: "OPTIONS",
      "HTTP_ORIGIN" => @origin,
      "HTTP_ACCESS_CONTROL_REQUEST_METHOD" => "GET",
      "HTTP_ACCESS_CONTROL_REQUEST_HEADERS" => "x-sanasto-app"
    )

    status, headers, _body = @middleware.call(env)

    assert_equal 204, status
    assert_equal @origin, headers["Access-Control-Allow-Origin"]
    assert_includes headers["Access-Control-Allow-Headers"], "x-sanasto-app"
    assert_includes headers["Vary"], "Access-Control-Request-Headers"
  end

  test "does not add cors headers when app id is missing" do
    env = Rack::MockRequest.env_for(
      "/api/entries",
      method: "GET",
      "HTTP_ORIGIN" => @origin
    )

    status, headers, _body = @middleware.call(env)

    assert_equal 200, status
    assert_nil headers["Access-Control-Allow-Origin"]
  end
end