from __future__ import annotations

from pathlib import Path

from fastapi.testclient import TestClient

from beaver.interfaces.web.app import create_app
from beaver.services.agent_service import AgentService
from beaver.services.user_file_resolver import UserFileStorageResolver
from beaver.services.user_files import LocalUserFileStorage, UserFileService


def _auth_headers(app, username: str = "alice") -> dict[str, str]:
    token = f"test-token-{username}"
    app.state.auth_tokens[token] = username
    return {"Authorization": f"Bearer {token}"}


def test_workspace_browser_api_manages_workspace_files(tmp_path: Path) -> None:
    service = AgentService(workspace=tmp_path)
    app = create_app(service=service, manage_service_lifecycle=False)

    with TestClient(app) as client:
        root = client.get("/api/workspace/browse")
        mkdir = client.post("/api/workspace/mkdir", params={"path": "docs"})
        upload = client.post(
            "/api/workspace/upload",
            data={"path": "docs"},
            files={"file": ("hello.txt", b"hello workspace", "text/plain")},
        )
        docs = client.get("/api/workspace/browse", params={"path": "docs"})
        download = client.get("/api/workspace/download", params={"path": "docs/hello.txt"})
        deleted = client.delete("/api/workspace/delete", params={"path": "docs/hello.txt"})
        after_delete = client.get("/api/workspace/browse", params={"path": "docs"})

    assert root.status_code == 200
    assert root.json()["path"] == ""
    assert all(item["name"] != "docs" for item in root.json()["items"])
    assert mkdir.status_code == 200
    assert mkdir.json()["path"] == "docs"
    assert upload.status_code == 200
    assert upload.json()["path"] == "docs/hello.txt"
    assert docs.status_code == 200
    assert [item["name"] for item in docs.json()["items"]] == ["hello.txt"]
    assert download.status_code == 200
    assert download.content == b"hello workspace"
    assert deleted.status_code == 200
    assert deleted.json() == {"ok": True}
    assert after_delete.status_code == 200
    assert after_delete.json()["items"] == []


def test_attachment_file_api_round_trips_uploaded_file(tmp_path: Path) -> None:
    service = AgentService(workspace=tmp_path)
    app = create_app(service=service, manage_service_lifecycle=False)

    with TestClient(app) as client:
        upload = client.post(
            "/api/files/upload",
            data={"session_id": "web:test"},
            files={"file": ("note.txt", b"hello attachment", "text/plain")},
        )
        file_id = upload.json()["file_id"]
        listed = client.get("/api/files", params={"session_id": "web:test"})
        download = client.get(f"/api/files/{file_id}")
        deleted = client.delete(f"/api/files/{file_id}")
        missing = client.get(f"/api/files/{file_id}")

    assert upload.status_code == 200
    assert upload.json()["name"] == "note.txt"
    assert upload.json()["url"] == f"/api/files/{file_id}"
    assert listed.status_code == 200
    assert [item["file_id"] for item in listed.json()] == [file_id]
    assert download.status_code == 200
    assert download.content == b"hello attachment"
    assert deleted.status_code == 200
    assert deleted.json() == {"ok": True}
    assert missing.status_code == 404


def test_user_files_api_uses_virtual_roots_and_hides_workspace(tmp_path: Path) -> None:
    service = AgentService(workspace=tmp_path)
    app = create_app(service=service, manage_service_lifecycle=False)

    with TestClient(app) as client:
        headers = _auth_headers(app)
        root = client.get("/api/user-files/browse", headers=headers)
        status = client.get("/api/user-files/status", headers=headers)
        upload = client.post(
            "/api/user-files/upload",
            data={"path": "uploads"},
            files={"file": ("hello.txt", b"hello user files", "text/plain")},
            headers=headers,
        )
        uploads = client.get("/api/user-files/browse", params={"path": "uploads"}, headers=headers)
        preview = client.get("/api/user-files/preview", params={"path": "uploads/hello.txt"}, headers=headers)
        download = client.get("/api/user-files/download", params={"path": "uploads/hello.txt"}, headers=headers)

    assert root.status_code == 200
    assert [item["name"] for item in root.json()["items"]] == ["uploads", "outputs", "shared", "tasks"]
    assert all("bucket" not in item for item in root.json()["items"])
    assert status.status_code == 200
    assert status.json()["workspace_visible"] is False
    assert "base_path" not in status.json()
    assert upload.status_code == 200
    assert upload.json()["path"] == "uploads/hello.txt"
    assert uploads.status_code == 200
    assert [item["name"] for item in uploads.json()["items"]] == ["hello.txt"]
    assert preview.status_code == 200
    assert preview.json()["content"] == "hello user files"
    assert download.status_code == 200
    assert download.content == b"hello user files"


def test_user_files_api_rejects_invalid_paths_and_root_delete(tmp_path: Path) -> None:
    service = AgentService(workspace=tmp_path)
    app = create_app(service=service, manage_service_lifecycle=False)

    with TestClient(app) as client:
        headers = _auth_headers(app)
        traversal = client.get("/api/user-files/browse", params={"path": "uploads/../state"}, headers=headers)
        unknown_root = client.get("/api/user-files/browse", params={"path": "memory/private.txt"}, headers=headers)
        absolute_browse = client.get("/api/user-files/browse", params={"path": "/uploads/input.txt"}, headers=headers)
        absolute_download = client.get("/api/user-files/download", params={"path": "/outputs/result.txt"}, headers=headers)
        absolute_preview = client.get("/api/user-files/preview", params={"path": "/shared/profile.json"}, headers=headers)
        absolute_mkdir = client.post("/api/user-files/mkdir", params={"path": "/tasks/task-123/draft.md"}, headers=headers)
        absolute_upload = client.post(
            "/api/user-files/upload",
            data={"path": "/uploads"},
            files={"file": ("input.txt", b"x", "text/plain")},
            headers=headers,
        )
        delete_root = client.delete("/api/user-files/delete", params={"path": "uploads"}, headers=headers)

    assert traversal.status_code == 400
    assert unknown_root.status_code == 400
    assert absolute_browse.status_code == 400
    assert absolute_download.status_code == 400
    assert absolute_preview.status_code == 400
    assert absolute_mkdir.status_code == 400
    assert absolute_upload.status_code == 400
    assert delete_root.status_code == 400


def test_user_files_api_rejects_anonymous_access_before_storage(tmp_path: Path) -> None:
    service = AgentService(workspace=tmp_path)
    app = create_app(service=service, manage_service_lifecycle=False)

    with TestClient(app) as client:
        browse = client.get("/api/user-files/browse")
        status = client.get("/api/user-files/status")
        upload = client.post(
            "/api/user-files/upload",
            data={"path": "uploads"},
            files={"file": ("hello.txt", b"hello user files", "text/plain")},
        )
        delete = client.delete("/api/user-files/delete", params={"path": "uploads/hello.txt"})
        mkdir = client.post("/api/user-files/mkdir", params={"path": "uploads/new"})

    assert browse.status_code == 401
    assert status.status_code == 401
    assert upload.status_code == 401
    assert delete.status_code == 401
    assert mkdir.status_code == 401


def test_user_files_api_authenticated_request_resolves_identity(tmp_path: Path, monkeypatch) -> None:
    service = AgentService(workspace=tmp_path)
    app = create_app(service=service, manage_service_lifecycle=False)
    seen = []

    async def fake_service(self):
        seen.append(self.auth_context)
        return UserFileService(LocalUserFileStorage(tmp_path / "user-files"))

    monkeypatch.setattr(UserFileStorageResolver, "service", fake_service)

    with TestClient(app) as client:
        alice_headers = _auth_headers(app, "alice")
        upload = client.post(
            "/api/user-files/upload",
            data={"path": "uploads"},
            files={"file": ("alice.txt", b"alice", "text/plain")},
            headers=alice_headers,
        )

    assert upload.status_code == 200
    assert seen
    assert seen[0].username == "alice"
    assert seen[0].backend_id == "alice"
    assert seen[0].storage_namespace == "users/alice"


def test_user_files_api_streams_upload_and_enforces_configured_limit(tmp_path: Path, monkeypatch) -> None:
    monkeypatch.setenv("BEAVER_USER_FILES_MAX_UPLOAD_BYTES", "5")
    service = AgentService(workspace=tmp_path)
    app = create_app(service=service, manage_service_lifecycle=False)

    with TestClient(app) as client:
        headers = _auth_headers(app)
        ok_upload = client.post(
            "/api/user-files/upload",
            data={"path": "uploads"},
            files={"file": ("small.txt", b"abcde", "text/plain")},
            headers=headers,
        )
        too_large = client.post(
            "/api/user-files/upload",
            data={"path": "uploads"},
            files={"file": ("large.txt", b"abcdef", "text/plain")},
            headers=headers,
        )
        preview = client.get("/api/user-files/preview", params={"path": "uploads/small.txt"}, headers=headers)

    assert ok_upload.status_code == 200
    assert ok_upload.json()["path"] == "uploads/small.txt"
    assert too_large.status_code == 413
    assert "File too large" in too_large.json()["detail"]
    assert preview.status_code == 200
    assert preview.json()["content"] == "abcde"