package auth

import (
	"strings"
	"testing"
)

func TestGenerate_ProducesDistinctTokens(t *testing.T) {
	g := NewGenerator()
	seen := make(map[string]struct{})
	for i := 0; i < 100; i++ {
		raw, hash, err := g.Generate()
		if err != nil {
			t.Fatalf("generate: %v", err)
		}
		if !strings.HasPrefix(raw, "tk_") {
			t.Errorf("expected tk_ prefix, got %q", raw)
		}
		if len(hash) != 64 {
			t.Errorf("expected 64-char hex hash, got %d", len(hash))
		}
		if _, dup := seen[raw]; dup {
			t.Fatal("duplicate token generated")
		}
		seen[raw] = struct{}{}
	}
}

func TestHashToken_Stable(t *testing.T) {
	if HashToken("tk_abc") != HashToken("tk_abc") {
		t.Fatal("expected deterministic hash")
	}
	if HashToken("tk_abc") == HashToken("tk_xyz") {
		t.Fatal("expected distinct hashes for distinct inputs")
	}
}

func TestValidateFormat(t *testing.T) {
	if err := ValidateFormat("tk_" + strings.Repeat("a", 40)); err != nil {
		t.Errorf("expected valid, got %v", err)
	}
	if err := ValidateFormat("not-a-token"); err == nil {
		t.Error("expected error for missing prefix")
	}
	if err := ValidateFormat("tk_short"); err == nil {
		t.Error("expected error for too-short token")
	}
}