package api

import (
	"bytes"
	"net/http"
	"net/http/httptest"
	"testing"
)

func TestHandleGenerateRunnerAPIKey_UnauthorizedWithoutContext(t *testing.T) {
	s := &Manager{}
	req := httptest.NewRequest(http.MethodPost, "/api/admin/runner-api-keys", bytes.NewBufferString(`{"name":"k"}`))
	rr := httptest.NewRecorder()

	s.handleGenerateRunnerAPIKey(rr, req)

	if rr.Code != http.StatusUnauthorized {
		t.Fatalf("status = %d, want %d", rr.Code, http.StatusUnauthorized)
	}
}

func TestHandleGenerateRunnerAPIKey_RejectsBadJSON(t *testing.T) {
	s := &Manager{}
	req := httptest.NewRequest(http.MethodPost, "/api/admin/runner-api-keys", bytes.NewBufferString(`{`))
	rr := httptest.NewRecorder()

	s.handleGenerateRunnerAPIKey(rr, req)

	// No auth context means unauthorized happens first; this still validates safe
	// failure handling for malformed requests in this handler path.
	if rr.Code != http.StatusUnauthorized {
		t.Fatalf("status = %d, want %d", rr.Code, http.StatusUnauthorized)
	}
}