#!/usr/bin/env bats
# Unit tests for firewall configuration functions

# Add bats library to BATS_LIB_PATH
export BATS_LIB_PATH="/usr/lib/bats-core"

load 'bats-support/load'
load 'bats-assert/load'
load '../test_helper/common.bash'

@test "parse wireguard endpoint from config" {
    # Create test configuration
    local test_config="$TEST_TEMP_DIR/wg0.conf"
    create_test_wg_config "$test_config"
    
    # Source the firewall setup script functions
    source "${PROJECT_ROOT}/src/firewall-setup.sh"
    
    # Test parsing function
    result=$(parse_wg_endpoint "$test_config")
    assert_equal "$result" "192.168.1.100:51820"
}

@test "generate nftables rules for wireguard" {
    source "${PROJECT_ROOT}/src/firewall-setup.sh"
    
    rules=$(generate_nftables_rules "192.168.1.100:51820")
    assert_regex "$rules" "udp.*192.168.1.100.*51820"
    assert_regex "$rules" "policy drop"
}

@test "error handling for missing config file" {
    source "${PROJECT_ROOT}/src/firewall-setup.sh"
    
    run parse_wg_endpoint "/nonexistent/file.conf"
    assert_failure
    assert_output --partial "Error: WireGuard config not found"
}

@test "error handling for malformed config" {
    # Create malformed config without endpoint
    local malformed_config="$TEST_TEMP_DIR/malformed.conf"
    cat > "$malformed_config" << EOF
[Interface]
PrivateKey = testkey
Address = 10.0.0.2/24

[Peer]
PublicKey = testpubkey
# No endpoint line
EOF
    
    source "${PROJECT_ROOT}/src/firewall-setup.sh"
    run parse_wg_endpoint "$malformed_config"
    assert_failure
}