#!/usr/bin/env node
const baseUrl = process.env.BOSS_TEST_BASE_URL || "http://127.0.0.1:3000";

const loginResponse = await fetch(`${baseUrl}/api/auth/login`, {
  method: "POST",
  headers: {
    "content-type": "application/json",
  },
  body: JSON.stringify({}),
});

if (!loginResponse.ok) {
  throw new Error(`LOGIN_FAILED:${loginResponse.status}`);
}

const cookie = (loginResponse.headers.get("set-cookie") || "").split(";")[0];
if (!cookie) {
  throw new Error("COOKIE_MISSING");
}

const getResponse = await fetch(`${baseUrl}/api/v1/storage/config`, {
  headers: {
    cookie,
  },
});

if (!getResponse.ok) {
  throw new Error(`GET_CONFIG_FAILED:${getResponse.status}`);
}

const getJson = await getResponse.json();
if (!getJson.ok || getJson.config?.mode !== "server_file") {
  throw new Error("DEFAULT_STORAGE_MODE_INVALID");
}

const patchPayload = {
  mode: "server_file",
  ossProvider: "aliyun_oss",
  aliyunOss: {
    enabled: false,
    accessKeyId: "ak-test",
    accessKeySecret: "oss-secret-test",
    bucket: "boss-private-bucket",
    endpoint: "oss-cn-shanghai.aliyuncs.com",
    region: "oss-cn-shanghai",
    prefix: "boss/custom/",
  },
};

const patchResponse = await fetch(`${baseUrl}/api/v1/storage/config`, {
  method: "PATCH",
  headers: {
    cookie,
    "content-type": "application/json",
  },
  body: JSON.stringify(patchPayload),
});

if (!patchResponse.ok) {
  throw new Error(`PATCH_CONFIG_FAILED:${patchResponse.status}`);
}

const patchJson = await patchResponse.json();
if (!patchJson.ok) {
  throw new Error("PATCH_CONFIG_NOT_OK");
}
if (patchJson.config?.aliyunOss?.accessKeySecretConfigured !== true) {
  throw new Error("SECRET_SANITIZE_FLAG_MISSING");
}
if ("accessKeySecretEncrypted" in (patchJson.config?.aliyunOss ?? {})) {
  throw new Error("ENCRYPTED_SECRET_LEAKED");
}

const rereadResponse = await fetch(`${baseUrl}/api/v1/storage/config`, {
  headers: {
    cookie,
  },
});

if (!rereadResponse.ok) {
  throw new Error(`GET_CONFIG_REREAD_FAILED:${rereadResponse.status}`);
}

const rereadJson = await rereadResponse.json();
if (rereadJson.config?.aliyunOss?.accessKeyId !== "ak-test") {
  throw new Error("PATCHED_CONFIG_NOT_PERSISTED");
}
if (rereadJson.config?.aliyunOss?.accessKeySecretConfigured !== true) {
  throw new Error("SECRET_FLAG_NOT_PERSISTED");
}

console.log("OK");