<?php

use App\Models\User;
use Laravel\Sanctum\Sanctum;

it('rejects requests without api key or sanctum session', function (): void {
    $response = $this->getJson('/api/stations?postcode=SW1A1AA&fuel_type=e10');

    $response->assertStatus(403);
});

it('accepts requests with valid api key', function (): void {
    config(['app.api_secret_key' => 'test-secret']);

    $response = $this->withHeader('X-Api-Key', 'test-secret')
        ->getJson('/api/stations?postcode=SW1A1AA&fuel_type=e10');

    // 403 would mean middleware rejected — any other status means it passed through
    expect($response->status())->not->toBe(403);
});

it('accepts requests from sanctum authenticated users', function (): void {
    $user = User::factory()->create();
    Sanctum::actingAs($user);

    $response = $this->getJson('/api/stations?postcode=SW1A1AA&fuel_type=e10');

    expect($response->status())->not->toBe(403);
});