import unittest
import sys
import os
import json

# Add scripts directory to path so we can import web_dashboard
sys.path.append(os.path.dirname(os.path.abspath(__file__)))

from web_dashboard import app
from unittest.mock import patch

class TestWebDashboard(unittest.TestCase):
    def setUp(self):
        self.app = app.test_client()
        self.app.testing = True

    def test_dashboard_error_handling(self):
        """Test that errors are handled securely (no stack traces leaked)."""
        with patch('web_dashboard.app.jinja_env.from_string') as mock_compile:
            mock_compile.side_effect = Exception("Secret Database Info Leaked")

            import web_dashboard
            original_template = web_dashboard.DASHBOARD_TEMPLATE
            web_dashboard.DASHBOARD_TEMPLATE = None

            try:
                response = self.app.get('/')
                self.assertEqual(response.status_code, 500)
                self.assertNotIn(b"Secret Database Info Leaked", response.data)
                self.assertIn(b"Internal Server Error", response.data)
            finally:
                web_dashboard.DASHBOARD_TEMPLATE = original_template

    def test_dashboard_route(self):
        """Test that the root route returns HTML."""
        response = self.app.get('/')
        self.assertEqual(response.status_code, 200)
        self.assertIn(b'<!DOCTYPE html>', response.data)
        self.assertIn(b'GenX FX Trading Automation', response.data)

    def test_health_route_json(self):
        """Test that the health route returns a JSON response."""
        response = self.app.get('/health')
        self.assertEqual(response.status_code, 200)
        try:
            data = json.loads(response.data)
            self.assertEqual(data.get('status'), 'healthy')
        except json.JSONDecodeError:
            self.fail("Response is not valid JSON")

    def test_api_endpoints(self):
        """Test custom API endpoints."""
        # Version
        resp = self.app.get('/api/version')
        self.assertEqual(resp.status_code, 200)
        self.assertIn(b'version', resp.data)

        # System info
        resp = self.app.get('/api/system_info')
        self.assertEqual(resp.status_code, 200)
        self.assertIn(b'platform', resp.data)

        # Files
        resp = self.app.get('/api/files')
        self.assertEqual(resp.status_code, 200)
        self.assertIn(b'files', resp.data)

    def test_skip_link_present(self):
        """Test that the skip link is present in the dashboard HTML."""
        response = self.app.get('/')
        self.assertEqual(response.status_code, 200)
        self.assertIn(b'<a href="#main-content" class="skip-link">Skip to main content</a>', response.data)

    def test_security_headers(self):
        """Test that security headers are present."""
        response = self.app.get('/')
        self.assertEqual(response.status_code, 200)
        self.assertIn('Content-Security-Policy', response.headers)
        self.assertIn('X-Content-Type-Options', response.headers)
        self.assertIn('X-Frame-Options', response.headers)
        self.assertIn('Referrer-Policy', response.headers)

if __name__ == '__main__':
    unittest.main()