/**
 * Auth Tests (Section 4 of TESTS.md)
 *
 * Tests token extraction and OAuth configuration logic.
 */
import { describe, it, expect } from "vitest";
import { extractToken, isOAuthEnabled } from "../src/auth.js";

describe("4.1 Token extraction", () => {
  it("extracts token from cookie header", () => {
    const token = extractToken("hf_access_token=abc123; other=value");
    expect(token).toBe("abc123");
  });

  it("returns undefined for missing cookie", () => {
    const token = extractToken("other=value; foo=bar");
    expect(token).toBeUndefined();
  });

  it("returns undefined for empty header", () => {
    expect(extractToken(undefined)).toBeUndefined();
    expect(extractToken("")).toBeUndefined();
  });

  it("handles token as first cookie", () => {
    const token = extractToken("hf_access_token=xyz789");
    expect(token).toBe("xyz789");
  });

  it("handles token with special characters", () => {
    const token = extractToken("hf_access_token=hf_AbCdEf123456");
    expect(token).toBe("hf_AbCdEf123456");
  });
});

describe("4.2 OAuth configuration", () => {
  it("isOAuthEnabled returns false without SPACE_ID and OAUTH_CLIENT_ID", () => {
    expect(isOAuthEnabled()).toBe(false);
  });
});