def test_health_no_auth(client):
    r = client.get("/health")
    assert r.status_code == 200
    assert r.json() == {"status": "ok"}


def test_fetch_requires_key(client):
    r = client.post("/fetch", params={"q": "anything"})
    assert r.status_code == 401
    assert "message" in r.json()


def test_fetch_rejects_wrong_key(client):
    r = client.post("/fetch", params={"q": "anything"},
                    headers={"X-API-Key": "wrong"})
    assert r.status_code == 401