import { describe, it, expect, vi, beforeEach } from 'vitest'

vi.mock('@/lib/prisma', () => ({
  prisma: {
    product: {
      findFirst: vi.fn(),
    },
    todo: {
      create: vi.fn(),
    },
  },
}))

vi.mock('@/lib/api-auth', () => ({
  authenticateApiRequest: vi.fn(),
}))

import { prisma } from '@/lib/prisma'
import { authenticateApiRequest } from '@/lib/api-auth'
import { POST as postTodo } from '@/app/api/todos/route'

const mockPrisma = prisma as unknown as {
  product: { findFirst: ReturnType<typeof vi.fn> }
  todo: { create: ReturnType<typeof vi.fn> }
}
const mockAuth = authenticateApiRequest as ReturnType<typeof vi.fn>

function makeRequest(body: unknown): Request {
  return new Request('http://localhost/api/todos', {
    method: 'POST',
    headers: { Authorization: 'Bearer test-token', 'Content-Type': 'application/json' },
    body: JSON.stringify(body),
  })
}

describe('POST /api/todos', () => {
  beforeEach(() => {
    vi.clearAllMocks()
  })

  // TC-TD-01
  it.todo('returns 401 when no token provided')

  // TC-TD-03
  it.todo('returns 403 for demo users')

  // TC-TD-04
  it.todo('returns 400 when title is missing')

  // TC-TD-05
  it.todo('returns 400 when title is empty string')

  // TC-TD-06
  it.todo('creates todo without product_id and returns 201')

  // TC-TD-07
  it.todo('creates todo with valid product_id and returns 201')

  // TC-TD-08
  it.todo('returns 403 or 404 when product_id belongs to another user')
})