# -*- coding: utf-8 -*-
"""
管理端鉴权测试。POST /api/admin 登录，GET /api/admin 鉴权检查。
"""
import pytest
import requests

from util import admin_headers


def test_admin_login(base_url):
    """POST /api/admin 登录成功"""
    r = requests.post(
        f"{base_url}/api/admin",
        json={"username": "admin", "password": "admin123"},
        timeout=10,
    )
    assert r.status_code == 200
    data = r.json()
    assert data.get("success") is True
    assert "token" in data
    assert "user" in data


def test_admin_check_with_token(admin_token, base_url):
    """GET /api/admin 带 token 鉴权通过"""
    if not admin_token:
        pytest.skip("admin 登录失败，跳过鉴权测试")
    r = requests.get(
        f"{base_url}/api/admin",
        headers=admin_headers(admin_token),
        timeout=10,
    )
    assert r.status_code == 200
    data = r.json()
    assert data.get("success") is True


def test_admin_check_without_token(base_url):
    """GET /api/admin 无 token 返回 401"""
    r = requests.get(f"{base_url}/api/admin", timeout=10)
    assert r.status_code == 401