import { describe, it, expect } from "vitest";
import { signSession, verifySession } from "@/lib/auth/session";

describe("session", () => {
  it("signs a session token containing the subject", async () => {
    const token = await signSession({ sub: "admin" });
    expect(token).toBeTypeOf("string");
    expect(token.split(".")).toHaveLength(3); // JWT has 3 parts
  });

  it("verifies a signed token and returns the payload", async () => {
    const token = await signSession({ sub: "admin" });
    const payload = await verifySession(token);
    expect(payload?.sub).toBe("admin");
  });

  it("returns null for tampered token", async () => {
    const token = await signSession({ sub: "admin" });
    const tampered = token.slice(0, -1) + (token.slice(-1) === "a" ? "b" : "a");
    const payload = await verifySession(tampered);
    expect(payload).toBeNull();
  });
});
