package config

import "testing"

func TestLoadConfigParsesTrustedProxySettings(t *testing.T) {
	t.Setenv("ENV", "development")
	t.Setenv("DB_TYPE", "sqlite")
	t.Setenv("DB_DSN", "spareparts.db")
	t.Setenv("JWT_SECRET", "0123456789abcdef0123456789abcdef")
	t.Setenv("CORS_ALLOW_ORIGINS", "http://localhost")
	t.Setenv("TRUST_PROXY", "true")
	t.Setenv("PROXY_HEADER", "X-Real-IP")
	t.Setenv("TRUST_PROXY_PROXIES", "10.0.0.1,10.0.0.0/24")
	t.Setenv("TRUST_PROXY_LOOPBACK", "true")
	t.Setenv("TRUST_PROXY_LINK_LOCAL", "true")
	t.Setenv("TRUST_PROXY_PRIVATE", "false")
	t.Setenv("TRUST_PROXY_UNIX_SOCKET", "true")
	t.Setenv("ENABLE_IP_VALIDATION", "false")

	cfg := LoadConfig()

	if !cfg.TrustProxy {
		t.Fatal("expected trust proxy to be enabled")
	}
	if cfg.ProxyHeader != "X-Real-IP" {
		t.Fatalf("expected proxy header X-Real-IP, got %q", cfg.ProxyHeader)
	}
	if got := len(cfg.TrustProxyProxies); got != 2 {
		t.Fatalf("expected 2 trusted proxies, got %d", got)
	}
	if !cfg.TrustProxyLoopback {
		t.Fatal("expected loopback trust to be enabled")
	}
	if !cfg.TrustProxyLinkLocal {
		t.Fatal("expected link-local trust to be enabled")
	}
	if cfg.TrustProxyPrivate {
		t.Fatal("expected private trust to stay disabled")
	}
	if !cfg.TrustProxyUnixSocket {
		t.Fatal("expected unix socket trust to be enabled")
	}
	if cfg.EnableIPValidation {
		t.Fatal("expected IP validation to respect the env override")
	}
}