ui/tests/msw/handlers/admin.ts

import { http } from 'msw'
import { jsonResponse, noContent, paginate } from '../helpers'
import { seedUsers, opAlice, seedPermissions } from '../../fixtures/seed_users'
import { seedClasses } from '../../fixtures/seed_classes'

// Default `/api/admin/*` handlers — auth round-trip, users, classes-write,
// system settings. Tests override per-scenario via `server.use(...)`.

const SEED_BEARER = 'test-bearer-default'

export const adminHandlers = [
  http.post('/api/admin/auth/login', async ({ request }) => {
    const body = (await request.json().catch(() => ({}))) as { email?: string; password?: string }
    const user = seedUsers.find((u) => u.email === body.email) ?? opAlice
    return new Response(JSON.stringify({ token: SEED_BEARER, user }), {
      status: 200,
      headers: {
        'Content-Type': 'application/json',
        // AC-03 contract — refresh cookie is HttpOnly + Secure + SameSite=Strict.
        'Set-Cookie': 'refreshToken=test-refresh; HttpOnly; Secure; SameSite=Strict; Path=/api/admin/auth',
      },
    })
  }),

  http.post('/api/admin/auth/refresh', () => {
    return jsonResponse({ token: SEED_BEARER })
  }),

  http.post('/api/admin/auth/logout', () => noContent()),

  // AZ-510 chains GET /users/me after POST refresh during AuthProvider
  // bootstrap. The default user shape includes `permissions` so production
  // code paths (e.g., hasPermission, RBAC route gates) get a realistic
  // payload without each test having to override.
  http.get('/api/admin/users/me', () =>
    jsonResponse({ ...opAlice, permissions: seedPermissions[opAlice.id] ?? [] }),
  ),

  http.get('/api/admin/users', () => jsonResponse(paginate(seedUsers))),

  http.get('/api/admin/users/:id', ({ params }) => {
    const user = seedUsers.find((u) => u.id === params.id)
    if (!user) return new Response(null, { status: 404 })
    return jsonResponse(user)
  }),

  http.get('/api/admin/classes', () => jsonResponse(seedClasses)),

  http.post('/api/admin/classes', async ({ request }) => {
    const body = await request.json()
    return jsonResponse(body, { status: 201 })
  }),

  http.put('/api/admin/classes/:id', async ({ request }) => {
    const body = await request.json()
    return jsonResponse(body)
  }),

  http.delete('/api/admin/classes/:id', () => noContent()),

  http.get('/api/admin/settings', () =>
    jsonResponse({
      id: 'sys-settings-1',
      name: 'Test System',
      militaryUnit: null,
      defaultCameraWidth: 1920,
      defaultCameraFoV: 60,
      thumbnailWidth: 256,
      thumbnailHeight: 256,
      thumbnailBorder: 2,
      generateAnnotatedImage: true,
      silentDetection: false,
    }),
  ),

  http.put('/api/admin/settings', async ({ request }) => {
    const body = await request.json()
    return jsonResponse(body)
  }),

  // Test-only suite endpoint — gated behind a non-production build flag in the
  // real `admin/` service. The fast-profile MSW just returns 204 so isolation
  // helpers can call it uniformly with the e2e profile.
  http.post('/api/admin/test-only/reset', () => noContent()),
]