package tests

import (
	"net/http"
	"testing"
)

func TestNoneAuth(t *testing.T) {
	endpoints := []struct {
		method string
		path   string
		body   interface{}
	}{
		{"GET", "/api/auth/me", nil},
		{"POST", "/api/auth/logout", map[string]interface{}{}},
		{"GET", "/api/users", nil},
		{"POST", "/api/users", map[string]interface{}{}},
		{"GET", "/api/orgs", nil},
		{"POST", "/api/orgs", map[string]interface{}{}},
		{"GET", "/api/roles", nil},
		{"POST", "/api/roles", map[string]interface{}{}},
		{"GET", "/api/settings", nil},
		{"GET", "/api/oauth/clients", nil},
		{"GET", "/api/oauth/providers", nil},
	}

	for _, ep := range endpoints {
		t.Run(ep.method+" "+ep.path, func(t *testing.T) {
			w := doRequest(t, ep.method, ep.path, ep.body, "")
			
			// Expect 401 Unauthorized
			// Vigo might return 200 with code 40100 in JSON
			if w.Code == http.StatusUnauthorized {
				return
			}
			
			// Check JSON body for code 40100
			assertVigoCode(t, w, 40100)
		})
	}
}