"""restic repo URL builder + env tests."""

from __future__ import annotations

import pytest

from cloud_sync.sync import _restic_env, _restic_repo


def test_basic_http_url():
    repo = _restic_repo("http://cloud.tm.center", "12345", "secretpw")
    assert repo == "rest:http://12345:secretpw@cloud.tm.center/12345/"


def test_https_url():
    repo = _restic_repo("https://cloud.tm.center", "12345", "pw")
    assert repo == "rest:https://12345:pw@cloud.tm.center/12345/"


def test_trailing_slash_stripped():
    repo = _restic_repo("https://cloud.tm.center/", "12345", "pw")
    assert repo == "rest:https://12345:pw@cloud.tm.center/12345/"


def test_url_with_port():
    repo = _restic_repo("http://127.0.0.1:8002", "alice", "pw")
    assert repo == "rest:http://alice:pw@127.0.0.1:8002/alice/"


def test_rest_prefix_stripped_if_supplied():
    repo = _restic_repo("rest:http://x.test", "u", "p")
    assert repo == "rest:http://u:p@x.test/u/"


def test_password_with_special_chars_encoded():
    repo = _restic_repo("http://x.test", "u", "p@ss/word?!&")
    # URL-encoded form of "p@ss/word?!&"
    assert "p%40ss%2Fword%3F%21%26@x.test" in repo


def test_user_with_special_chars_encoded():
    repo = _restic_repo("http://x.test", "u/with@chars", "pw")
    assert "u%2Fwith%40chars" in repo


def test_missing_scheme_rejected():
    with pytest.raises(ValueError):
        _restic_repo("cloud.tm.center", "u", "p")


def test_env_does_not_contain_password():
    """Repos use --insecure-no-password; RESTIC_PASSWORD must NOT appear in env
    or it would silently switch repos into encrypted mode."""
    env = _restic_env()
    assert "RESTIC_PASSWORD" not in env
    assert env["RESTIC_PROGRESS_FPS"] == "0"