import { describe, expect, it, beforeEach, afterEach } from 'vitest';
import { buildCsrfHeaders } from '../csrf';

describe('buildCsrfHeaders', () => {
  beforeEach(() => {
    localStorage.setItem('device-id', 'device-123');
  });

  afterEach(() => {
    localStorage.clear();
    document.head.querySelectorAll('meta[name="csrf-token"]').forEach((node) => node.remove());
    document.cookie = 'XSRF-TOKEN=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/';
  });

  it('reads token from meta tag', () => {
    const meta = document.createElement('meta');
    meta.setAttribute('name', 'csrf-token');
    meta.setAttribute('content', 'meta-token');
    document.head.appendChild(meta);

    const headers = buildCsrfHeaders('device-xyz');
    expect(headers['X-CSRF-TOKEN']).toBe('meta-token');
    expect(headers['X-XSRF-TOKEN']).toBe('meta-token');
    expect(headers['X-Device-Id']).toBe('device-xyz');
  });

  it('falls back to cookie token', () => {
    const raw = btoa('cookie-token');
    document.cookie = `XSRF-TOKEN=${raw}; path=/`;

    const headers = buildCsrfHeaders();
    expect(headers['X-CSRF-TOKEN']).toBe('cookie-token');
    expect(headers['X-XSRF-TOKEN']).toBe('cookie-token');
    expect(headers['X-Device-Id']).toBe('device-123');
  });
});