"""Smoke test del patch de auth aplicado 2026-04-24.

Verifica que las 4 rutas antes publicas ahora exigen sesion:
- POST /api/chat
- POST /api/chat/stream
- POST /api/log
- POST /api/convert-skp

Escenario:
  T1  POST sin cookie -> 401 en las 4 rutas
  T2  Login admin OK + cookie
  T3  POST con cookie -> NO 401 (200 si hay API key, 500 si no, pero no 401)

Requiere servidor en localhost:8080 + seed_usuarios_demo aplicado.
"""
from __future__ import annotations

import http.cookiejar
import json
import sys
import urllib.error
import urllib.request

BASE_URL = "http://localhost:8080"
ADMIN = {"email": "admin@demo.local", "password": "demo1234"}

ROUTES = [
    ("/api/chat", {"messages": [{"role": "user", "content": "ping"}]}, "application/json"),
    ("/api/chat/stream", {"messages": [{"role": "user", "content": "ping"}]}, "application/json"),
    ("/api/log", {"query": "ping", "response": "pong"}, "application/json"),
    ("/api/convert-skp", b"\x00\x00", "application/octet-stream"),
]


def _opener():
    cj = http.cookiejar.CookieJar()
    return urllib.request.build_opener(urllib.request.HTTPCookieProcessor(cj)), cj


def _post(opener, path, body, content_type):
    if isinstance(body, (dict, list)):
        data = json.dumps(body).encode("utf-8")
    else:
        data = body
    req = urllib.request.Request(
        BASE_URL + path,
        data=data,
        headers={"Content-Type": content_type, "Accept": "application/json"},
        method="POST",
    )
    try:
        resp = opener.open(req, timeout=10)
        return resp.getcode()
    except urllib.error.HTTPError as e:
        return e.code


def main():
    fails = []

    # T1: sin cookie -> 401
    anon, _ = _opener()
    print("\n=== T1: POST sin sesion debe dar 401 ===")
    for path, body, ct in ROUTES:
        code = _post(anon, path, body, ct)
        ok = code == 401
        mark = "OK" if ok else "FAIL"
        print(f"  [{mark}] {path} -> {code}")
        if not ok:
            fails.append(f"T1 {path}: esperado 401, dio {code}")

    # T2: login
    print("\n=== T2: login admin ===")
    auth, _ = _opener()
    code = _post(auth, "/api/auth/login", ADMIN, "application/json")
    if code != 200:
        print(f"  [FAIL] login -> {code}")
        fails.append(f"T2 login: esperado 200, dio {code}")
        print("\nFAILS:", len(fails))
        for f in fails:
            print("  -", f)
        sys.exit(1)
    print("  [OK] login -> 200")

    # T3: con cookie -> NO 401
    print("\n=== T3: POST con sesion NO debe dar 401 ===")
    for path, body, ct in ROUTES:
        code = _post(auth, path, body, ct)
        ok = code != 401
        mark = "OK" if ok else "FAIL"
        print(f"  [{mark}] {path} -> {code}")
        if not ok:
            fails.append(f"T3 {path}: con sesion dio 401 (no deberia)")

    print("\n=== RESULTADO ===")
    if fails:
        print(f"FAIL ({len(fails)} problemas):")
        for f in fails:
            print("  -", f)
        sys.exit(1)
    else:
        print(f"OK ({len(ROUTES)*2 + 1} checks)")
        sys.exit(0)


if __name__ == "__main__":
    main()