import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest';
import { apiClient, clearAdminApiKey, getAdminApiKey, setAdminApiKey } from './client';

describe('api client admin key handling', () => {
  const fetchMock = vi.fn();

  beforeEach(() => {
    clearAdminApiKey();
    fetchMock.mockReset();
    fetchMock.mockResolvedValue({
      ok: true,
      json: async () => ({ ok: true }),
    });
    vi.stubGlobal('fetch', fetchMock);
  });

  afterEach(() => {
    clearAdminApiKey();
    vi.unstubAllGlobals();
  });

  it('attaches the in-memory admin key to admin requests only', async () => {
    setAdminApiKey('  test-admin-key  ');

    await apiClient.post('/admin/review-queue');

    expect(getAdminApiKey()).toBe('test-admin-key');
    expect(fetchMock).toHaveBeenCalledTimes(1);
    const [url, init] = fetchMock.mock.calls[0];
    expect(url).toContain('/api/pots-shutdown/admin/review-queue');
    expect(init?.headers).toMatchObject({
      'Content-Type': 'application/json',
      'X-Admin-Key': 'test-admin-key',
    });
  });

  it('does not attach the admin key to public requests', async () => {
    setAdminApiKey('test-admin-key');

    await apiClient.get('/search');

    expect(fetchMock).toHaveBeenCalledTimes(1);
    const [, init] = fetchMock.mock.calls[0];
    expect(init?.headers).toMatchObject({
      'Content-Type': 'application/json',
    });
    expect(init?.headers).not.toHaveProperty('X-Admin-Key');
  });
});