import { expect, test } from '@playwright/test';

const shouldRun = process.env.E2E_CONTACT_SPAM === '1';
const baseUrl = process.env.E2E_BASE_URL ?? 'https://test-y0k0.fotospiel.app';

test.describe('Marketing contact form spam/throttle', () => {
  test.skip(!shouldRun, 'Set E2E_CONTACT_SPAM=1 to run contact spam/throttle check on staging.');

  test('honeypot rejects bot submission and throttling kicks in', async ({ page }) => {
    await page.goto(`${baseUrl}/de#contact`);

    const acceptCookies = page.getByRole('button', { name: /akzeptieren|accept/i });
    if (await acceptCookies.isVisible()) {
      await acceptCookies.click();
    }

    // Fill visible fields
    await page.fill('input[name="name"]', 'Spam Bot');
    await page.fill('input[name="email"]', 'spam@example.com');
    await page.fill('textarea[name="message"]', 'Test spam message');

    // Trip honeypot
    await page.$eval('input[name="nickname"]', (el: HTMLInputElement) => {
      el.value = 'bot-field';
    });

    const submit = page.getByRole('button', { name: /senden|absenden|submit/i }).first();
    await submit.click();

    await expect(page.locator('text=/error|ungültig|invalid/i')).toBeVisible();

    // Rapid resubmits to trigger throttle (best-effort)
    for (let i = 0; i < 5; i += 1) {
      await submit.click();
    }

    // Either error message or no success flash should be present
    const success = page.locator('text=/Danke|Erfolg|success/i');
    await expect(success).not.toBeVisible({ timeout: 1000 });
  });
});