import pytest
from fastapi import HTTPException
from app.auth import verify_internal_key

def test_no_server_key_rejects(monkeypatch):
    monkeypatch.delenv("INTERNAL_API_KEY", raising=False)
    with pytest.raises(HTTPException) as e:
        verify_internal_key("anything")
    assert e.value.status_code == 401

def test_wrong_key_rejects(monkeypatch):
    monkeypatch.setenv("INTERNAL_API_KEY", "secret")
    with pytest.raises(HTTPException) as e:
        verify_internal_key("wrong")
    assert e.value.status_code == 401

def test_correct_key_passes(monkeypatch):
    monkeypatch.setenv("INTERNAL_API_KEY", "secret")
    assert verify_internal_key("secret") is None