package blockuser

import (
	"bytes"
	"context"
	"testing"
	"time"

	"galaxy/authsession/internal/domain/common"
	"galaxy/authsession/internal/testkit"

	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"
	"go.uber.org/zap"
	"go.uber.org/zap/zapcore"
)

func TestExecuteLogsSafeOutcomeFields(t *testing.T) {
	t.Parallel()

	userDirectory := &testkit.InMemoryUserDirectory{}
	require.NoError(t, userDirectory.SeedExisting(common.Email("pilot@example.com"), common.UserID("user-1")))

	sessionStore := &testkit.InMemorySessionStore{}
	require.NoError(t, sessionStore.Create(context.Background(), activeSessionFixture("device-session-1", "user-1", time.Unix(10, 0).UTC())))

	logger, buffer := newObservedServiceLogger()
	service, err := NewWithObservability(
		userDirectory,
		sessionStore,
		&testkit.RecordingProjectionPublisher{},
		testkit.FixedClock{Time: time.Unix(20, 0).UTC()},
		logger,
		nil,
	)
	require.NoError(t, err)

	_, err = service.Execute(context.Background(), Input{
		UserID:     "user-1",
		ReasonCode: "policy_block",
		ActorType:  "admin",
	})
	require.NoError(t, err)

	logOutput := buffer.String()
	assert.Contains(t, logOutput, "block_user")
	assert.Contains(t, logOutput, "\"user_id\":\"user-1\"")
	assert.Contains(t, logOutput, "\"reason_code\":\"policy_block\"")
	assert.NotContains(t, logOutput, "pilot@example.com")
}

func newObservedServiceLogger() (*zap.Logger, *bytes.Buffer) {
	buffer := &bytes.Buffer{}
	encoderConfig := zap.NewProductionEncoderConfig()
	encoderConfig.TimeKey = ""

	core := zapcore.NewCore(
		zapcore.NewJSONEncoder(encoderConfig),
		zapcore.AddSync(buffer),
		zap.DebugLevel,
	)

	return zap.New(core), buffer
}