const { describe, it } = require('node:test');
const assert = require('node:assert/strict');
const { encrypt, decrypt } = require('../lib/backup-crypto');

describe('backup-crypto', () => {
  const sampleConfig = {
    hosters: { 'doodstream.com': { enabled: true, apiKey: 'test-key-123' } },
    hosterSettings: { 'doodstream.com': { retries: 3 } },
    globalSettings: { alwaysOnTop: false },
    history: [{ file: 'test.mkv', link: 'https://example.com/abc' }]
  };

  it('encrypt then decrypt round-trips', () => {
    const buf = encrypt(sampleConfig);
    const result = decrypt(buf);
    assert.deepStrictEqual(result, sampleConfig);
  });

  it('decrypt with corrupted data throws', () => {
    const buf = encrypt(sampleConfig);
    buf[buf.length - 1] ^= 0xff; // flip last byte
    assert.throws(() => decrypt(buf), /beschädigt|inkompatiblen/);
  });

  it('decrypt with invalid magic throws', () => {
    // Buffer must be long enough to pass the length check (>= 4+16+12+16+1 = 49)
    const buf = Buffer.alloc(60, 0x41); // 60 bytes of 'A'
    assert.throws(() => decrypt(buf), /Keine gültige/);
  });

  it('decrypt with too-short buffer throws', () => {
    assert.throws(() => decrypt(Buffer.alloc(10)), /Ungültiges Backup-Format/);
  });

  it('handles empty config gracefully', () => {
    const empty = { hosters: {}, hosterSettings: {}, globalSettings: {}, history: [] };
    const buf = encrypt(empty);
    assert.deepStrictEqual(decrypt(buf), empty);
  });

  it('each encryption produces different output (random salt/iv)', () => {
    const a = encrypt(sampleConfig);
    const b = encrypt(sampleConfig);
    assert.ok(!a.equals(b), 'two encryptions should differ');
    // but both decrypt to same result
    assert.deepStrictEqual(decrypt(a), decrypt(b));
  });
});