import requests
import time

# The URL where your app is running (port 5001 based on wsgi.py)
BASE_URL = "http://localhost:5000"

def run_test():
    print(f"--- Starting Spam Protection Test on {BASE_URL} ---")
    
    # Create a session to handle cookies
    s = requests.Session()

    # TEST 1: Posting Too Fast
    print("\n1. Testing 'Posting Too Fast' (Speed Limit)...")
    try:
        # Load the page to start the timer
        s.get(BASE_URL)
        
        # Post immediately (0 seconds wait)
        payload = {'content': 'Spam bot speed test', 'captcha': '0'}
        response = s.post(f"{BASE_URL}/post", data=payload)
        
        if "You are posting too fast" in response.text:
            print("   [PASS] Server blocked the request.")
        else:
            print("   [FAIL] Server allowed the request.")
    except Exception as e:
        print(f"   [ERROR] Could not connect: {e}")

    # TEST 2: Honeypot (Instant Ban)
    print("\n2. Testing 'Honeypot' (Hidden Field)...")
    try:
        # Load page again to reset timer
        s.get(BASE_URL)
        time.sleep(3.5) # Wait 3.5s to pass the speed check
        
        # Fill the hidden 'website_check' field
        payload = {
            'content': 'I am a bot',
            'captcha': '0',
            'website_check': 'I am a bot' # This triggers the ban
        }
        s.post(f"{BASE_URL}/post", data=payload)
        
        # Check if we are banned by trying to load the homepage
        check = s.get(BASE_URL)
        
        if check.status_code == 403:
            print("   [PASS] IP was successfully BANNED (403 Forbidden).")
        else:
            print(f"   [FAIL] IP is still active. Status Code: {check.status_code}")
            
    except Exception as e:
        print(f"   [ERROR] {e}")

if __name__ == "__main__":
    run_test()