"""
Tests for POST /api/webhook/telegram.
"""
from __future__ import annotations

import os

os.environ.setdefault("BOT_TOKEN", "test-bot-token")
os.environ.setdefault("CHAT_ID", "-1001234567890")
os.environ.setdefault("WEBHOOK_SECRET", "test-webhook-secret")
os.environ.setdefault("WEBHOOK_URL", "https://example.com/api/webhook/telegram")
os.environ.setdefault("FRONTEND_ORIGIN", "http://localhost:3000")

import pytest
from tests.conftest import make_app_client

CORRECT_SECRET = "test-webhook-secret"

_SAMPLE_UPDATE = {
    "update_id": 100,
    "message": {
        "message_id": 1,
        "from": {"id": 12345678, "first_name": "Test", "last_name": "User"},
        "chat": {"id": 12345678, "type": "private"},
        "text": "/start",
    },
}


@pytest.mark.asyncio
async def test_webhook_valid_secret_returns_200():
    """Correct X-Telegram-Bot-Api-Secret-Token → 200."""
    async with make_app_client() as client:
        resp = await client.post(
            "/api/webhook/telegram",
            json=_SAMPLE_UPDATE,
            headers={"X-Telegram-Bot-Api-Secret-Token": CORRECT_SECRET},
        )
    assert resp.status_code == 200
    assert resp.json() == {"ok": True}


@pytest.mark.asyncio
async def test_webhook_missing_secret_returns_403():
    """Request without the secret header must return 403."""
    async with make_app_client() as client:
        resp = await client.post(
            "/api/webhook/telegram",
            json=_SAMPLE_UPDATE,
        )
    assert resp.status_code == 403


@pytest.mark.asyncio
async def test_webhook_wrong_secret_returns_403():
    """Request with a wrong secret header must return 403."""
    async with make_app_client() as client:
        resp = await client.post(
            "/api/webhook/telegram",
            json=_SAMPLE_UPDATE,
            headers={"X-Telegram-Bot-Api-Secret-Token": "wrong-secret"},
        )
    assert resp.status_code == 403


@pytest.mark.asyncio
async def test_webhook_start_command_registers_user():
    """A /start command in the update should not raise and must return 200."""
    async with make_app_client() as client:
        resp = await client.post(
            "/api/webhook/telegram",
            json={
                "update_id": 101,
                "message": {
                    "message_id": 2,
                    "from": {"id": 99887766, "first_name": "Frank", "last_name": ""},
                    "chat": {"id": 99887766, "type": "private"},
                    "text": "/start",
                },
            },
            headers={"X-Telegram-Bot-Api-Secret-Token": CORRECT_SECRET},
        )
    assert resp.status_code == 200


@pytest.mark.asyncio
async def test_webhook_non_start_command_returns_200():
    """Any update without /start should still return 200."""
    async with make_app_client() as client:
        resp = await client.post(
            "/api/webhook/telegram",
            json={
                "update_id": 102,
                "message": {
                    "message_id": 3,
                    "from": {"id": 11111111, "first_name": "Anon"},
                    "chat": {"id": 11111111, "type": "private"},
                    "text": "hello",
                },
            },
            headers={"X-Telegram-Bot-Api-Secret-Token": CORRECT_SECRET},
        )
    assert resp.status_code == 200


@pytest.mark.asyncio
async def test_webhook_empty_body_with_valid_secret_returns_200():
    """An update with no message field should still return 200."""
    async with make_app_client() as client:
        resp = await client.post(
            "/api/webhook/telegram",
            json={"update_id": 103},
            headers={"X-Telegram-Bot-Api-Secret-Token": CORRECT_SECRET},
        )
    assert resp.status_code == 200