use hmac::{Hmac, Mac};
use sha2::Sha256;
use vylth_flow::{Flow, WebhookVerifier};
#[test]
fn test_client_creation() {
let client = Flow::new("vf_live_test");
let _ = client.invoices();
let _ = client.payouts();
let _ = client.wallets();
let _ = client.swaps();
}
#[test]
fn test_builder() {
let client = vylth_flow::Flow::builder("vf_live_test")
.base_url("https://custom.api.com")
.webhook_secret("whsec_test")
.build();
assert!(client.webhooks().is_some());
}
#[test]
fn test_no_webhook_secret() {
let client = Flow::new("vf_live_test");
assert!(client.webhooks().is_none());
}
#[test]
fn test_webhook_verify() {
let secret = "whsec_test_secret";
let payload = br#"{"id":"evt_123","type":"invoice.paid","data":{"invoice_id":"inv_123"}}"#;
let mut mac = Hmac::<Sha256>::new_from_slice(secret.as_bytes()).unwrap();
mac.update(payload);
let signature = hex::encode(mac.finalize().into_bytes());
let verifier = WebhookVerifier::new(secret);
let event = verifier.verify(payload, &signature).unwrap();
assert_eq!(event.id, "evt_123");
assert_eq!(event.event_type, "invoice.paid");
}
#[test]
fn test_webhook_invalid_signature() {
let verifier = WebhookVerifier::new("whsec_secret");
let result = verifier.verify(b"{}", "bad_signature");
assert!(result.is_err());
}
#[test]
fn test_webhook_is_valid() {
let secret = "whsec_test";
let payload = b"test payload";
let mut mac = Hmac::<Sha256>::new_from_slice(secret.as_bytes()).unwrap();
mac.update(payload);
let sig = hex::encode(mac.finalize().into_bytes());
let verifier = WebhookVerifier::new(secret);
assert!(verifier.is_valid(payload, &sig));
assert!(!verifier.is_valid(payload, "wrong"));
}
#[test]
fn test_webhook_empty_secret() {
let verifier = WebhookVerifier::new("");
assert!(!verifier.is_valid(b"test", "any"));
assert!(verifier.verify(b"test", "any").is_err());
}