<?php

namespace Tests\Feature;

use Illuminate\Foundation\Testing\RefreshDatabase;
use Tests\TestCase;

class AdminFlashSuccessShouldSupportOptionalLinkTest extends TestCase
{
    use RefreshDatabase;

    protected function loginAsPlatformAdmin(): void
    {
        $this->seed();

        $this->post('/admin/login', [
            'email' => 'platform.admin@demo.local',
            'password' => 'Platform@123456',
        ])->assertRedirect('/admin');
    }

    public function test_flash_success_should_render_optional_link_when_session_keys_present(): void
    {
        $this->loginAsPlatformAdmin();

        $res = $this->withSession([
            'success' => '操作成功',
            'success_link_href' => '/admin/platform-batches/show?type=bas&run_id=BAS202603171234560001',
            'success_link_label' => '进入批次复盘',
        ])->get('/admin');

        $res->assertOk();
        $res->assertSee('操作成功');
        $res->assertSee('进入批次复盘');
        $res->assertSee('/admin/platform-batches/show?type=bas&amp;run_id=BAS202603171234560001', false);
    }

    public function test_flash_success_link_should_be_sanitized_to_relative_path(): void
    {
        $this->loginAsPlatformAdmin();

        $res = $this->withSession([
            'success' => 'ok',
            'success_link_href' => 'https://evil.example.com/x',
            'success_link_label' => '查看',
        ])->get('/admin');

        $res->assertOk();
        // 外链应被 sanitize 掉，不应渲染 href
        $res->assertDontSee('https://evil.example.com/x');
    }
}