import { describe, it, expect } from 'vitest'
import { readFileSync } from 'node:fs'
import { resolve } from 'node:path'

const source = readFileSync(
  resolve(import.meta.dirname, '../../../server/api/upload/image.post.js'),
  'utf-8'
)

describe('upload/image.post.js source inspection', () => {
  it('requires auth', () => {
    expect(source).toContain('requireAuth(event)')
  })

  it('calls requireAuth before file processing', () => {
    const authIndex = source.indexOf('requireAuth(event)')
    const multipartIndex = source.indexOf('readMultipartFormData(event)')

    expect(authIndex).toBeGreaterThan(-1)
    expect(multipartIndex).toBeGreaterThan(-1)
    expect(authIndex).toBeLessThan(multipartIndex)
  })

  it('validates file type is an image', () => {
    expect(source).toContain("startsWith('image/')")
  })

  it('validates file size with a 10MB limit', () => {
    expect(source).toMatch(/10\s*\*\s*1024\s*\*\s*1024/)
  })

  it('only allows specific image formats', () => {
    expect(source).toContain('allowed_formats')
    for (const fmt of ['jpg', 'png', 'webp', 'gif']) {
      expect(source).toContain(fmt)
    }
  })
})