# Copyright 2026 jCloud

# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at

#     http://www.apache.org/licenses/LICENSE-2.0

# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

from src.jcloud_deployment_server.integrations.gitea.middlewares.signature import GiteaSignatureMiddleware
from tests.utils.make_request import make_request, call_next
import pytest
import hashlib
import hmac

def make_signature(body: bytes, secret: bytes) -> str:
    signature = hmac.new(
            secret,
            body,
            hashlib.sha256
        ).hexdigest()
    return f'sha256={signature}'

@pytest.mark.asyncio
@pytest.mark.parametrize('body,secret', [
    (
        b'{"event":"push"}',
        b'\xa1\xd6h\x0c\xe6\xc0\x99\x82yd\x14\xfew\xcc\x8e\xb0\xf9\x8f\xe6yM\xe5\xdd4\xdc\xb5M+\xef\xc8O\x94'
    ),
    (
        b'{"event":"push"}',
        b''
    ),
    (
        b'',
        b'\xa1\xd6h\x0c\xe6\xc0\x99\x82yd\x14\xfew\xcc\x8e\xb0\xf9\x8f\xe6yM\xe5\xdd4\xdc\xb5M+\xef\xc8O\x94'
    ),
    (
        b'',
        b''
    ),
    (
        b'',
        b'\x42'
    ),
    (
        b'',
        b'\x42'
    ),
    (
        b'',
        b'\x04\x02'
    ),
    (
        b'',
        b'\x04\x02'
    ),
])
async def test_GiteaSignatureMiddleware_valid_signature(body, secret):
    middleware = GiteaSignatureMiddleware(app = None, secret = secret)

    headers = {
        'X-Gitea-Signature': make_signature(body, secret)
    }

    req = make_request(
        body,
        '/gitea/webhook',
        headers
    )

    res = await middleware.dispatch(req, call_next)
    assert hasattr(res, 'called')

@pytest.mark.asyncio
@pytest.mark.parametrize('signature,body,secret', [
    (make_signature(b'body', b''), b'body', b'\x42'),
    (make_signature(b'body', b'\x42'), b'body', b''),
    (make_signature(b'body', b'\x43'), b'body', b'\x42'),
    (make_signature(b'body', b'\x42'), b'body', b'\x43'),
    (make_signature(b'body', b''), b'body', b'\x42\x43'),
    (make_signature(b'body', b'\x42\x43'), b'body', b''),
    (make_signature(b'body', b'\x43\x44'), b'body', b'\x42'),
    (make_signature(b'body', b'\x42'), b'body', b'\x43\x44'),
    (make_signature(b'', b''), b'', b'\x42'),
    (make_signature(b'', b'\x42'), b'', b''),
    (make_signature(b'', b'\x43'), b'', b'\x42'),
    (make_signature(b'', b'\x42'), b'', b'\x43'),
    (make_signature(b'', b''), b'', b'\x42\x43'),
    (make_signature(b'', b'\x42\x43'), b'', b''),
    (make_signature(b'', b'\x43\x44'), b'', b'\x42'),
    (make_signature(b'', b'\x42'), b'', b'\x43\x44'),

    (make_signature(b'a', b'\x42'), b'', b'\x42'),
    (make_signature(b'a', b'\x42'), b'b', b'\x42'),
    (make_signature(b'', b'\x42'), b'b', b'\x42'),
])
async def test_GiteaSignatureMiddleware_invalid_signature(signature, body, secret):
    middleware = GiteaSignatureMiddleware(app = None, secret = secret)

    headers = {
        'X-Gitea-Signature': signature
    }

    req = make_request(
        body,
        '/gitea/webhook',
        headers,
    )

    res = await middleware.dispatch(req, call_next)
    assert res.status_code == 401