import { eq } from 'drizzle-orm';
import { getMediaStatus } from '../src/actions/media';
import { db } from '../src/db';
import { users } from '../src/db/schema/auth';
import { media } from '../src/db/schema/media';
import { resources } from '../src/db/schema/resource';
import { cleanupMediaRecord } from './helpers/media-cleanup';

async function upsertUser(email: string, name: string) {
  const [existing] = await db.select().from(users).where(eq(users.email, email)).limit(1);

  if (existing) {
    return existing;
  }

  const [created] = await db.insert(users).values({
    email,
    name,
    passwordHash: 'test_password_hash',
  }).returning();

  return created;
}

async function runTest() {
  console.log('🔐 Testing media permission checks...');
  let ownedMediaId: string | null = null;

  const owner = await upsertUser('media-owner@ekb.com', 'Media Owner');
  const outsider = await upsertUser('media-outsider@ekb.com', 'Media Outsider');

  const pathSuffix = `${Date.now()}-permission-test.mp4`;
  const [resource] = await db.insert(resources).values({
    name: 'permission-test.mp4',
    path: `/media/${pathSuffix}`,
    type: 'file',
    ownerId: owner.id,
  }).returning();

  const [ownedMedia] = await db.insert(media).values({
    resourceId: resource.id,
    filename: 'permission-test.mp4',
    storageKey: `uploads/${pathSuffix}`,
    mimeType: 'video/mp4',
    size: BigInt(1),
    status: 'completed',
    metadata: {
      hlsPath: `hls/permission-test-${pathSuffix}/index.m3u8`,
      processedAt: new Date().toISOString(),
    },
  }).returning();
  ownedMediaId = ownedMedia.id;

  try {
    const ownerStatus = await getMediaStatus(ownedMedia.id, {
      auth: { userId: owner.id, groupIds: [] },
    });

    if (!ownerStatus?.hlsUrl) {
      throw new Error('Owner did not receive playback URL.');
    }

    try {
      await getMediaStatus(ownedMedia.id, {
        auth: { userId: outsider.id, groupIds: [] },
      });
      throw new Error('Outsider unexpectedly received media access.');
    } catch (error) {
      const message = error instanceof Error ? error.message : String(error);
      if (!message.includes('No matching permission')) {
        throw error;
      }
    }
  } finally {
    if (ownedMediaId) {
      await cleanupMediaRecord(ownedMediaId);
    }
  }

  console.log('✅ Media permission checks passed.');
  process.exit(0);
}

runTest().catch((error) => {
  console.error('❌ Test failed with error:', error);
  process.exit(1);
});