// smoke: bearer-protected auth endpoints
//
// Covers:
//   POST /api/v1/auth/logout  (happy: 200)
//   POST /api/v1/auth/logout  (negative: 401 without Bearer)
import { post, checkEnvelope, checkError } from '../lib/http.js';
import { registerAndConfirm } from '../lib/auth.js';

export const options = {
  vus: 1,
  iterations: 1,
  thresholds: { checks: ['rate==1.0'] },
};

export default function () {
  // negative: no bearer
  const naked = post('/api/v1/auth/logout');
  checkError(naked, 'POST /auth/logout (no bearer)', 401, 28501000);

  // happy: with bearer
  const { tokens } = registerAndConfirm();
  const ok = post('/api/v1/auth/logout', null, {
    Authorization: `Bearer ${tokens.access_token}`,
  });
  const body = checkEnvelope(ok, 'POST /auth/logout');
  if (!body.data || body.data.ok !== true) {
    throw new Error(`logout: data.ok != true: ${ok.body}`);
  }
}