# frozen_string_literal: true

require_relative "test_helper"

class HostAuthorization < Minitest::Test
  describe "in development environment" do
    setup do
      Sinatra::Base.set :environment, :development
    end

    %w[
      127.0.0.1
      127.0.0.1:3000
      [::1]
      [::1]:3000
      localhost
      localhost:3000
      foo.localhost
      foo.test
    ].each do |development_host|
      it "allows a host like '#{development_host}'" do
        mock_app do
          get("/") { "OK" }
        end

        headers = { "HTTP_HOST" => development_host }
        request = Rack::MockRequest.new(@app)
        response = request.get("/", headers)

        assert_equal 200, response.status
        assert_equal "OK", response.body
      end
    end

    it "stops non-development hosts by default" do
      mock_app { get("/") { "OK" } }

      get "/", { "HTTP_HOST" => "example.com" }

      assert_equal 403, response.status
      assert_equal "Host not permitted", body
    end

    it "allows any requests when no permitted hosts are specified" do
      mock_app do
        set :host_authorization, { permitted_hosts: [] }
        get("/") { "OK" }
      end

      get "/", { "HTTP_HOST" => "example.com" }

      assert_equal 200, response.status
      assert_equal "OK", body
    end
  end

  describe "in non-development environments" do
    it "allows requests based on the permitted hosts specified" do
      allowed_host = "allowed.org"
      mock_app do
        set :host_authorization, { permitted_hosts: [allowed_host] }

        get("/") { "OK" }
      end

      headers = { "HTTP_HOST" => allowed_host }
      request = Rack::MockRequest.new(@app)
      response = request.get("/", headers)

      assert_equal 200, response.status
      assert_equal "OK", response.body
    end

    it "stops requests based on the permitted hosts specified" do
      allowed_host = "allowed.org"
      mock_app do
        set :host_authorization, { permitted_hosts: [allowed_host] }

        get("/") { "OK" }
      end

      headers = { "HTTP_HOST" => "bad-host.org" }
      request = Rack::MockRequest.new(@app)
      response = request.get("/", headers)

      assert_equal 403, response.status
      assert_equal "Host not permitted", response.body
    end

    it "defaults to permit any hosts" do
      mock_app do
        get("/") { "OK" }
      end

      headers = { "HTTP_HOST" => "some-host.org" }
      request = Rack::MockRequest.new(@app)
      response = request.get("/", headers)

      assert_equal 200, response.status
      assert_equal "OK", response.body
    end

    it "stops the request using the configured response" do
      allowed_host = "allowed.org"
      status = 418
      message = "No coffee for you"
      mock_app do
        set :host_authorization, {
          permitted_hosts: [allowed_host],
          status: status,
          message: message,
        }

        get("/") { "OK" }
      end

      headers = { "HTTP_HOST" => "bad-host.org" }
      request = Rack::MockRequest.new(@app)
      response = request.get("/", headers)

      assert_equal status, response.status
      assert_equal message, response.body
    end

    it "allows custom logic with 'allow_if'" do
      allowed_host = "allowed.org"
      mock_app do
        set :host_authorization, {
          permitted_hosts: [allowed_host],
          allow_if: ->(env) do
            request = Sinatra::Request.new(env)
            request.path == "/allowed"
          end
        }

        get("/") { "OK" }
        get("/allowed") { "OK" }
      end

      headers = { "HTTP_HOST" => "some-host.org" }
      request = Rack::MockRequest.new(@app)
      response = request.get("/allowed", headers)
      assert_equal 200, response.status
      assert_equal "OK", response.body

      request = Rack::MockRequest.new(@app)
      response = request.get("/", headers)
      assert_equal 403, response.status
    end
  end
end