package com.dalab.discovery.client.rest;

import org.springframework.boot.test.context.TestConfiguration;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Primary;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.web.SecurityFilterChain;

/**
 * Test security configuration for integration tests.
 * Provides HTTP Basic authentication instead of OAuth2/JWT for simplicity.
 */
@TestConfiguration
@EnableWebSecurity
@EnableMethodSecurity(prePostEnabled = true)
public class TestWebSecurityConfiguration {

    @Bean
    @Primary
    public SecurityFilterChain testFilterChain(HttpSecurity http) throws Exception {
        http
            .authorizeHttpRequests(authorize -> authorize
                .requestMatchers("/api/v1/discovery/config/**").hasRole("ADMIN")
                .requestMatchers("/api/v1/discovery/stats/**").hasAnyRole("ADMIN", "USER")
                .requestMatchers("/api/v1/discovery/scans/**").hasAnyRole("ADMIN", "DATA_STEWARD", "USER")
                .requestMatchers("/api/v1/discovery/jobs/**").hasAnyRole("ADMIN", "DATA_STEWARD", "USER")
                .anyRequest().authenticated()
            )
            .csrf(csrf -> csrf.disable())
            .httpBasic(basic -> {});
        
        return http.build();
    }
}