/**
 * Auth test fixtures — JWT tokens, user payloads, and password helpers.
 *
 * Usage:
 * ```ts
 * import { TEST_USERS, TEST_JWT_SECRET, createTestToken } from '@bytelyst/testing';
 * ```
 */

/** Test JWT secret — NEVER use in production */
export const TEST_JWT_SECRET = 'test-jwt-secret-32-chars-long!!';

/** Pre-built test user payloads */
export const TEST_USERS = {
  admin: {
    id: 'user-admin-001',
    email: 'admin@test.com',
    name: 'Test Admin',
    role: 'super_admin',
    productId: 'lysnrai',
  },
  viewer: {
    id: 'user-viewer-001',
    email: 'viewer@test.com',
    name: 'Test Viewer',
    role: 'viewer',
    productId: 'lysnrai',
  },
  user: {
    id: 'user-basic-001',
    email: 'user@test.com',
    name: 'Test User',
    role: 'user',
    productId: 'lysnrai',
  },
} as const;

export type TestUserKey = keyof typeof TEST_USERS;

/**
 * Create a minimal JWT-like token payload for testing (not cryptographically signed).
 * For actual JWT creation, use `@bytelyst/auth` createJwtUtils().
 */
export function createTestTokenPayload(userKey: TestUserKey = 'admin') {
  const user = TEST_USERS[userKey];
  return {
    sub: user.id,
    email: user.email,
    role: user.role,
    productId: user.productId,
    iss: 'test',
    iat: Math.floor(Date.now() / 1000),
    exp: Math.floor(Date.now() / 1000) + 3600,
  };
}