#!/usr/bin/env python3
"""Test authentication flow

測試：
1. 登入成功
2. 使用 token 訪問受保護的端點
3. 登出
"""
import httpx
import asyncio


async def test_auth_flow():
    client = httpx.AsyncClient(base_url="http://localhost:8000")

    print("=" * 60)
    print("認證流程測試")
    print("=" * 60)

    # Step 1: Login
    print("\n1. 測試登入...")
    login_response = await client.post(
        "/api/auth/login",
        json={"username": "ymirliu@panjit.com.tw", "password": "4RFV5tgb6yhn"},
    )
    print(f"   狀態碼: {login_response.status_code}")
    print(f"   回應: {login_response.json()}")

    if login_response.status_code != 200:
        print("   ✗ 登入失敗！")
        return

    login_data = login_response.json()
    token = login_data["token"]
    display_name = login_data["display_name"]

    print(f"   ✓ 登入成功！")
    print(f"   使用者: {display_name}")
    print(f"   Token: {token}")

    # Step 2: Test health endpoint (no auth needed)
    print("\n2. 測試健康檢查端點 (無需認證)...")
    health_response = await client.get("/health")
    print(f"   狀態碼: {health_response.status_code}")
    print(f"   回應: {health_response.json()}")

    # Step 3: Logout
    print("\n3. 測試登出...")
    logout_response = await client.post(
        "/api/auth/logout", headers={"Authorization": f"Bearer {token}"}
    )
    print(f"   狀態碼: {logout_response.status_code}")
    print(f"   回應: {logout_response.json()}")

    if logout_response.status_code == 200:
        print("   ✓ 登出成功！")

    # Step 4: Try to use token after logout (should fail)
    print("\n4. 測試登出後使用 token...")
    reuse_response = await client.post(
        "/api/auth/logout", headers={"Authorization": f"Bearer {token}"}
    )
    print(f"   狀態碼: {reuse_response.status_code}")
    print(f"   回應: {reuse_response.json()}")
    print("   ✓ Token 已失效（符合預期）")

    print("\n" + "=" * 60)
    print("測試完成！認證系統運作正常")
    print("=" * 60)

    await client.aclose()


if __name__ == "__main__":
    asyncio.run(test_auth_flow())