review-bot/github/files_test.go

package github

import (
	"context"
	"encoding/json"
	"net/http"
	"net/http/httptest"
	"strings"
	"testing"
	"time"
)

func TestGetFileContent_DelegatesToGetFileContentAtRef(t *testing.T) {
	var gotRef string
	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		gotRef = r.URL.Query().Get("ref")
		json.NewEncoder(w).Encode(map[string]string{
			"content":  "dGVzdA==", // "test" in base64
			"encoding": "base64",
		})
	}))
	defer srv.Close()

	c := NewClient("token", srv.URL, AllowInsecureHTTP())
	c.SetHTTPClient(srv.Client())

	// Call with empty ref — should not include ref param
	content, err := c.GetFileContent(context.Background(), "owner", "repo", "file.go", "")
	if err != nil {
		t.Fatalf("unexpected error: %v", err)
	}
	if content != "test" {
		t.Errorf("expected 'test', got %q", content)
	}
	if gotRef != "" {
		t.Errorf("expected empty ref, got %q", gotRef)
	}
}

func TestGetFileContent_WithRef(t *testing.T) {
	var gotRef string
	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		gotRef = r.URL.Query().Get("ref")
		json.NewEncoder(w).Encode(map[string]string{
			"content":  "dGVzdA==",
			"encoding": "base64",
		})
	}))
	defer srv.Close()

	c := NewClient("token", srv.URL, AllowInsecureHTTP())
	c.SetHTTPClient(srv.Client())

	_, err := c.GetFileContent(context.Background(), "owner", "repo", "file.go", "abc123")
	if err != nil {
		t.Fatalf("unexpected error: %v", err)
	}
	if gotRef != "abc123" {
		t.Errorf("expected ref 'abc123', got %q", gotRef)
	}
}

func TestGetFileContent_404(t *testing.T) {
	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		w.WriteHeader(404)
		w.Write([]byte(`{"message":"Not Found"}`))
	}))
	defer srv.Close()

	c := NewClient("token", srv.URL, AllowInsecureHTTP())
	c.SetHTTPClient(srv.Client())

	_, err := c.GetFileContent(context.Background(), "owner", "repo", "missing.go", "")
	if err == nil {
		t.Fatal("expected error for 404")
	}
}

func TestGetFileContent_401(t *testing.T) {
	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		w.WriteHeader(401)
		w.Write([]byte(`{"message":"Bad credentials"}`))
	}))
	defer srv.Close()

	c := NewClient("token", srv.URL, AllowInsecureHTTP())
	c.SetHTTPClient(srv.Client())

	_, err := c.GetFileContent(context.Background(), "owner", "repo", "file.go", "")
	if err == nil {
		t.Fatal("expected error for 401")
	}
}

func TestGetFileContent_429Retry(t *testing.T) {
	attempts := 0
	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		attempts++
		if attempts == 1 {
			w.WriteHeader(429)
			w.Write([]byte(`{"message":"rate limit"}`))
			return
		}
		json.NewEncoder(w).Encode(map[string]string{
			"content":  "b2s=",
			"encoding": "base64",
		})
	}))
	defer srv.Close()

	c := NewClient("token", srv.URL, AllowInsecureHTTP())
	c.SetHTTPClient(srv.Client())
	if err := c.SetRetryBackoff([]time.Duration{1 * time.Millisecond, 1 * time.Millisecond}); err != nil {
		t.Fatalf("SetRetryBackoff: %v", err)
	}

	content, err := c.GetFileContent(context.Background(), "owner", "repo", "file.go", "")
	if err != nil {
		t.Fatalf("unexpected error: %v", err)
	}
	if content != "ok" {
		t.Errorf("expected 'ok', got %q", content)
	}
	if attempts != 2 {
		t.Errorf("expected 2 attempts, got %d", attempts)
	}
}

func TestGetFileContent_MalformedJSON(t *testing.T) {
	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		w.WriteHeader(200)
		w.Write([]byte(`not json`))
	}))
	defer srv.Close()

	c := NewClient("token", srv.URL, AllowInsecureHTTP())
	c.SetHTTPClient(srv.Client())

	_, err := c.GetFileContent(context.Background(), "owner", "repo", "file.go", "")
	if err == nil {
		t.Fatal("expected error for malformed JSON")
	}
}

func TestListContents_HappyPath(t *testing.T) {
	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		if r.URL.Path != "/repos/owner/repo/contents/src" {
			t.Errorf("unexpected path: %s", r.URL.Path)
		}
		json.NewEncoder(w).Encode([]map[string]string{
			{"name": "main.go", "path": "src/main.go", "type": "file"},
			{"name": "lib", "path": "src/lib", "type": "dir"},
		})
	}))
	defer srv.Close()

	c := NewClient("token", srv.URL, AllowInsecureHTTP())
	c.SetHTTPClient(srv.Client())

	entries, err := c.ListContents(context.Background(), "owner", "repo", "src")
	if err != nil {
		t.Fatalf("unexpected error: %v", err)
	}
	if len(entries) != 2 {
		t.Fatalf("expected 2 entries, got %d", len(entries))
	}
	if entries[0].Name != "main.go" {
		t.Errorf("expected name 'main.go', got %q", entries[0].Name)
	}
	if entries[0].Path != "src/main.go" {
		t.Errorf("expected path 'src/main.go', got %q", entries[0].Path)
	}
	if entries[0].Type != "file" {
		t.Errorf("expected type 'file', got %q", entries[0].Type)
	}
	if entries[1].Name != "lib" {
		t.Errorf("expected name 'lib', got %q", entries[1].Name)
	}
	if entries[1].Type != "dir" {
		t.Errorf("expected type 'dir', got %q", entries[1].Type)
	}
}

func TestListContents_404(t *testing.T) {
	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		w.WriteHeader(404)
		w.Write([]byte(`{"message":"Not Found"}`))
	}))
	defer srv.Close()

	c := NewClient("token", srv.URL, AllowInsecureHTTP())
	c.SetHTTPClient(srv.Client())

	_, err := c.ListContents(context.Background(), "owner", "repo", "missing")
	if err == nil {
		t.Fatal("expected error for 404")
	}
}

func TestListContents_401(t *testing.T) {
	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		w.WriteHeader(401)
		w.Write([]byte(`{"message":"Bad credentials"}`))
	}))
	defer srv.Close()

	c := NewClient("token", srv.URL, AllowInsecureHTTP())
	c.SetHTTPClient(srv.Client())

	_, err := c.ListContents(context.Background(), "owner", "repo", "src")
	if err == nil {
		t.Fatal("expected error for 401")
	}
}

func TestListContents_429Retry(t *testing.T) {
	attempts := 0
	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		attempts++
		if attempts == 1 {
			w.WriteHeader(429)
			w.Write([]byte(`{"message":"rate limit"}`))
			return
		}
		json.NewEncoder(w).Encode([]map[string]string{
			{"name": "file.go", "path": "file.go", "type": "file"},
		})
	}))
	defer srv.Close()

	c := NewClient("token", srv.URL, AllowInsecureHTTP())
	c.SetHTTPClient(srv.Client())
	if err := c.SetRetryBackoff([]time.Duration{1 * time.Millisecond, 1 * time.Millisecond}); err != nil {
		t.Fatalf("SetRetryBackoff: %v", err)
	}

	entries, err := c.ListContents(context.Background(), "owner", "repo", "src")
	if err != nil {
		t.Fatalf("unexpected error: %v", err)
	}
	if len(entries) != 1 {
		t.Fatalf("expected 1 entry, got %d", len(entries))
	}
	if attempts != 2 {
		t.Errorf("expected 2 attempts, got %d", attempts)
	}
}

func TestListContents_MalformedJSON(t *testing.T) {
	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		w.WriteHeader(200)
		w.Write([]byte(`not json`))
	}))
	defer srv.Close()

	c := NewClient("token", srv.URL, AllowInsecureHTTP())
	c.SetHTTPClient(srv.Client())

	_, err := c.ListContents(context.Background(), "owner", "repo", "src")
	if err == nil {
		t.Fatal("expected error for malformed JSON")
	}
}

func TestListContents_SingleFile(t *testing.T) {
	// GitHub Contents API returns a JSON object (not array) for single-file paths
	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		w.WriteHeader(200)
		w.Write([]byte(`{"name":"README.md","path":"README.md","type":"file"}`))
	}))
	defer srv.Close()

	c := NewClient("token", srv.URL, AllowInsecureHTTP())
	c.SetHTTPClient(srv.Client())
	entries, err := c.ListContents(context.Background(), "owner", "repo", "README.md")
	if err != nil {
		t.Fatalf("unexpected error: %v", err)
	}
	if len(entries) != 1 {
		t.Fatalf("expected 1 entry, got %d", len(entries))
	}
	if entries[0].Name != "README.md" {
		t.Errorf("expected name 'README.md', got %q", entries[0].Name)
	}
	if entries[0].Type != "file" {
		t.Errorf("expected type 'file', got %q", entries[0].Type)
	}
}

func TestEscapePath_ValidPaths(t *testing.T) {
	t.Parallel()
	tests := []struct {
		name string
		path string
		want string
	}{
		{"simple file", "file.go", "file.go"},
		{"nested path", "path/to/file.go", "path/to/file.go"},
		{"special chars", "path/to/my file.go", "path/to/my%20file.go"},
		{"leading slash stripped", "/path/to/file.go", "path/to/file.go"},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			t.Parallel()
			got, err := escapePath(tt.path)
			if err != nil {
				t.Fatalf("unexpected error: %v", err)
			}
			if got != tt.want {
				t.Errorf("escapePath(%q) = %q, want %q", tt.path, got, tt.want)
			}
		})
	}
}

func TestEscapePath_DotSegments(t *testing.T) {
	t.Parallel()
	tests := []struct {
		name string
		path string
	}{
		{"single dot", "./file.go"},
		{"double dot", "../file.go"},
		{"dot in middle", "path/./file.go"},
		{"parent traversal", "path/../file.go"},
		{"only dots", ".."},
		{"nested parent traversal", "a/b/../../c"},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			t.Parallel()
			_, err := escapePath(tt.path)
			if err == nil {
				t.Fatalf("expected error for path %q, got nil", tt.path)
			}
			if !strings.Contains(err.Error(), "dot-segment") {
				t.Errorf("expected error about dot-segment, got: %v", err)
			}
		})
	}
}

func TestGetFileContentAtRef_DotSegmentError(t *testing.T) {
	// Server should never be called — the error is caught before the request.
	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		t.Fatal("server should not have been called")
	}))
	defer srv.Close()

	c := NewClient("token", srv.URL, AllowInsecureHTTP())
	_, err := c.GetFileContentAtRef(context.Background(), "owner", "repo", "foo/../bar.go", "main")
	if err == nil {
		t.Fatal("expected error for path with dot-segments")
	}
	if !strings.Contains(err.Error(), "invalid file path") {
		t.Errorf("expected 'invalid file path' error, got: %v", err)
	}
}

func TestDecodeBase64Content(t *testing.T) {
	// Test with newlines (GitHub's format)
	encoded := "cGFja2FnZSBt\nYWlu"
	decoded, err := decodeBase64Content(encoded)
	if err != nil {
		t.Fatalf("unexpected error: %v", err)
	}
	if decoded != "package main" {
		t.Errorf("expected 'package main', got %q", decoded)
	}
}

func TestDecodeBase64Content_Invalid(t *testing.T) {
	_, err := decodeBase64Content("not!!!valid!!!base64")
	if err == nil {
		t.Fatal("expected error for invalid base64")
	}
}

func TestDecodeBase64Content_CRLF(t *testing.T) {
	// Base64 of "hello world" with CRLF line breaks inserted
	encoded := "aGVs\r\nbG8g\r\nd29y\r\nbGQ="
	decoded, err := decodeBase64Content(encoded)
	if err != nil {
		t.Fatalf("unexpected error: %v", err)
	}
	if decoded != "hello world" {
		t.Errorf("expected 'hello world', got %q", decoded)
	}
}

func TestDecodeBase64Content_SizeLimit(t *testing.T) {
	t.Parallel()
	// Create base64 content that would decode to > maxFileContentSize.
	// maxFileContentSize is 10MB. Base64 of 11MB worth of zeros.
	// We just need something big enough to trigger the estimated size check.
	// 14MB of base64 chars (decodes to ~10.5MB).
	huge := strings.Repeat("A", 14*1024*1024)
	_, err := decodeBase64Content(huge)
	if err == nil {
		t.Fatal("expected error for oversized content")
	}
	if !strings.Contains(err.Error(), "too large") {
		t.Errorf("expected 'too large' error, got: %v", err)
	}
}