#!/bin/bash

# Test Clients API

BASE_URL="http://localhost:4000"

echo "=== 1. Health Check ==="
curl -s $BASE_URL/health | jq .
echo -e "\n"

echo "=== 2. Login as Admin ==="
LOGIN_RESPONSE=$(curl -s -X POST $BASE_URL/auth/login \
  -H "Content-Type: application/json" \
  -d '{"email":"admin@docflow.rs","password":"admin123"}')
echo $LOGIN_RESPONSE | jq .

TOKEN=$(echo $LOGIN_RESPONSE | jq -r '.token')
echo "Token: ${TOKEN:0:50}..."
echo -e "\n"

echo "=== 3. Create Client ==="
CREATE_RESPONSE=$(curl -s -X POST $BASE_URL/clients \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $TOKEN" \
  -d '{
    "name": "Test Company d.o.o.",
    "pib": "123456789",
    "mb": "12345678",
    "address": "Kralja Petra 10",
    "city": "Beograd",
    "postalCode": "11000",
    "email": "info@testcompany.rs",
    "phone": "+381 11 1234567"
  }')
echo $CREATE_RESPONSE | jq .

CLIENT_ID=$(echo $CREATE_RESPONSE | jq -r '.id')
echo -e "\n"

echo "=== 4. Get All Clients ==="
curl -s -X GET $BASE_URL/clients \
  -H "Authorization: Bearer $TOKEN" | jq .
echo -e "\n"

echo "=== 5. Get Client by ID ==="
curl -s -X GET $BASE_URL/clients/$CLIENT_ID \
  -H "Authorization: Bearer $TOKEN" | jq .
echo -e "\n"

echo "=== 6. Update Client ==="
curl -s -X PUT $BASE_URL/clients/$CLIENT_ID \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $TOKEN" \
  -d '{
    "phone": "+381 11 9999999"
  }' | jq .
echo -e "\n"

echo "=== 7. Search Clients ==="
curl -s -X GET "$BASE_URL/clients?search=Test" \
  -H "Authorization: Bearer $TOKEN" | jq .
echo -e "\n"

echo "=== 8. Deactivate Client (Admin only) ==="
curl -s -X DELETE $BASE_URL/clients/$CLIENT_ID \
  -H "Authorization: Bearer $TOKEN" | jq .
echo -e "\n"

echo "=== 9. Get All Clients (including inactive) ==="
curl -s -X GET $BASE_URL/clients \
  -H "Authorization: Bearer $TOKEN" | jq .
echo -e "\n"

echo "=== 10. Get Active Clients Only ==="
curl -s -X GET "$BASE_URL/clients?activeOnly=true" \
  -H "Authorization: Bearer $TOKEN" | jq .
echo -e "\n"

echo "=== 11. Try to create duplicate PIB (should fail) ==="
curl -s -X POST $BASE_URL/clients \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $TOKEN" \
  -d '{
    "name": "Another Company",
    "pib": "123456789",
    "address": "Some Address",
    "city": "Beograd",
    "postalCode": "11000"
  }' | jq .
echo -e "\n"

echo "=== 12. Login as Employee ==="
EMPLOYEE_LOGIN=$(curl -s -X POST $BASE_URL/auth/login \
  -H "Content-Type: application/json" \
  -d '{"email":"employee@docflow.rs","password":"employee123"}')
EMPLOYEE_TOKEN=$(echo $EMPLOYEE_LOGIN | jq -r '.token')
echo "Employee logged in"
echo -e "\n"

echo "=== 13. Try to deactivate as Employee (should fail - 403) ==="
curl -s -X DELETE $BASE_URL/clients/$CLIENT_ID \
  -H "Authorization: Bearer $EMPLOYEE_TOKEN" | jq .
echo -e "\n"

echo "=== Tests completed ==="