import { expect, test } from './fixtures';

// 对已部署 H5：匿名、伪造 unionid、page_path 净化（与 huike-front main.ts 一致）
test.describe('music-room shell', () => {
  test('根路径挂载 Vue 根节点', async ({ page }) => {
    await page.goto('/', { waitUntil: 'domcontentloaded', timeout: 60_000 });
    await expect(page.locator('#app')).toBeVisible({ timeout: 60_000 });
  });

  test('带伪造 unionid/status 的入口不应导致白屏', async ({ page }) => {
    await page.goto('/?unionid=fake-wx-unionid-e2e&status=2', {
      waitUntil: 'domcontentloaded',
      timeout: 60_000,
    });
    await expect(page.locator('#app')).toBeVisible({ timeout: 60_000 });
  });

  test('page_path 内嵌他人 unionid 时应被剥离（最终 URL 不含该串）', async ({ page }) => {
    const poison = 'attacker-unionid-e2e-marker';
    const pagePath = encodeURIComponent(`/?unionid=${poison}&status=2`);
    await page.goto(`/?page_path=${pagePath}`, {
      waitUntil: 'domcontentloaded',
      timeout: 60_000,
    });
    await page.waitForURL((u) => !u.toString().includes(poison), { timeout: 60_000 });
    await expect(page.locator('#app')).toBeVisible();
  });
});