"""restic repo URL builder + env tests."""

from __future__ import annotations

import pytest

from cloud_sync.sync import _restic_env, _restic_repo


_IID = "01H7XJ4WB2KD5MNCYV8RQ6PTAZ"


def test_basic_http_url():
    repo = _restic_repo("http://cloud.tm.center", "12345", "secretpw", _IID)
    assert repo == f"rest:http://12345:secretpw@cloud.tm.center/12345/{_IID}/"


def test_https_url():
    repo = _restic_repo("https://cloud.tm.center", "12345", "pw", _IID)
    assert repo == f"rest:https://12345:pw@cloud.tm.center/12345/{_IID}/"


def test_trailing_slash_stripped():
    repo = _restic_repo("https://cloud.tm.center/", "12345", "pw", _IID)
    assert repo == f"rest:https://12345:pw@cloud.tm.center/12345/{_IID}/"


def test_url_with_port():
    repo = _restic_repo("http://127.0.0.1:8002", "alice", "pw", _IID)
    assert repo == f"rest:http://alice:pw@127.0.0.1:8002/alice/{_IID}/"


def test_rest_prefix_stripped_if_supplied():
    repo = _restic_repo("rest:http://x.test", "u", "p", _IID)
    assert repo == f"rest:http://u:p@x.test/u/{_IID}/"


def test_password_with_special_chars_encoded():
    repo = _restic_repo("http://x.test", "u", "p@ss/word?!&", _IID)
    assert "p%40ss%2Fword%3F%21%26@x.test" in repo


def test_user_with_special_chars_encoded():
    repo = _restic_repo("http://x.test", "u/with@chars", "pw", _IID)
    assert "u%2Fwith%40chars" in repo


def test_instance_id_in_url_path():
    repo = _restic_repo("http://x.test", "u", "p", _IID)
    assert repo.endswith(f"/u/{_IID}/")


def test_missing_scheme_rejected():
    with pytest.raises(ValueError):
        _restic_repo("cloud.tm.center", "u", "p", _IID)


def test_env_does_not_contain_password():
    """Repos use --insecure-no-password; RESTIC_PASSWORD must NOT appear in env
    or it would silently switch repos into encrypted mode."""
    env = _restic_env()
    assert "RESTIC_PASSWORD" not in env
    assert env["RESTIC_PROGRESS_FPS"] == "0"