import { test, expect } from '@playwright/test';

test.describe('Authentication Flow', () => {
  test('should redirect to login when not authenticated', async ({ page }) => {
    await page.goto('/dashboard');
    await expect(page).toHaveURL('/login');
  });

  test('should show login form', async ({ page }) => {
    await page.goto('/login');
    
    await expect(page.getByLabel('Email')).toBeVisible();
    await expect(page.getByLabel('Password')).toBeVisible();
    await expect(page.getByRole('button', { name: 'Sign In' })).toBeVisible();
  });

  test('should show validation errors for invalid login', async ({ page }) => {
    await page.goto('/login');
    
    await page.getByLabel('Email').fill('invalid-email');
    await page.getByLabel('Password').fill('short');
    await page.getByRole('button', { name: 'Sign In' }).click();
    
    // Should show validation errors (assuming form validation exists)
    await expect(page.locator('text=Invalid email')).toBeVisible();
  });

  // Note: This test would require setting up test users in the database
  test.skip('should login successfully with valid credentials', async ({ page }) => {
    await page.goto('/login');
    
    await page.getByLabel('Email').fill('test@example.com');
    await page.getByLabel('Password').fill('password123');
    await page.getByRole('button', { name: 'Sign In' }).click();
    
    await expect(page).toHaveURL('/dashboard');
  });
});

test.describe('Protected Routes', () => {
  test('should protect admin routes', async ({ page }) => {
    await page.goto('/admin/users');
    await expect(page).toHaveURL('/login');
  });

  test('should protect reviewer routes', async ({ page }) => {
    await page.goto('/admin/qc');
    await expect(page).toHaveURL('/login');
  });
});