# frozen_string_literal: true

require 'rails_helper'

RSpec.describe Web::PushNotificationWorker do
  subject { described_class.new }

  let(:endpoint) { 'https://updates.push.services.mozilla.com/push/v1/subscription-id' }
  let(:user) { Fabricate(:user) }
  let(:notification) { Fabricate(:notification) }
  let(:vapid_public_key) { 'BB37UCyc8LLX4PNQSe-04vSFvpUWGrENubUaslVFM_l5TxcGVMY0C3RXPeUJAQHKYlcOM2P4vTYmkoo0VZGZTM4=' }
  let(:vapid_private_key) { 'OPrw1Sum3gRoL4-DXfSCC266r-qfFSRZrnj8MgIhRHg=' }
  let(:vapid_key) { Webpush::VapidKey.from_keys(vapid_public_key, vapid_private_key) }
  let(:contact_email) { 'sender@example.com' }

  # Legacy values
  let(:p256dh) { 'BN4GvZtEZiZuqFxSKVZfSfluwKBD7UxHNBmWkfiZfCtgDE8Bwh-_MtLXbBxTBAWH9r7IPKL0lhdcaqtL1dfxU5E=' }
  let(:auth) { 'Q2BoAjC09xH3ywDLNJr-dA==' }
  let(:legacy_subscription) { Fabricate(:web_push_subscription, user_id: user.id, key_p256dh: p256dh, key_auth: auth, endpoint: endpoint, data: { alerts: { notification.type => true } }) }
  let(:legacy_payload) do
    {
      ciphertext: "+\xB8\xDBT}\x13\xB6\xDD.\xF9\xB0\xA7\xC8\xD2\x80\xFD\x99#\xF7\xAC\x83\xA4\xDB,\x1F\xB5\xB9w\x85>\xF7\xADr",
      salt: "X\x97\x953\xE4X\xF8_w\xE7T\x95\xC51q\xFE",
      server_public_key: "\x04\b-RK9w\xDD$\x16lFz\xF9=\xB4~\xC6\x12k\xF3\xF40t\xA9\xC1\fR\xC3\x81\x80\xAC\f\x7F\xE4\xCC\x8E\xC2\x88 n\x8BB\xF1\x9C\x14\a\xFA\x8D\xC9\x80\xA1\xDDyU\\&c\x01\x88#\x118Ua",
      shared_secret: "\t\xA7&\x85\t\xC5m\b\xA8\xA7\xF8B{1\xADk\xE1y'm\xEDE\xEC\xDD\xEDj\xB3$s\xA9\xDA\xF0",
    }
  end

  # Standard values, from RFC8291
  let(:std_p256dh) { 'BCVxsr7N_eNgVRqvHtD0zTZsEc6-VV-JvLexhqUzORcxaOzi6-AYWXvTBHm4bjyPjs7Vd8pZGH6SRpkNtoIAiw4' }
  let(:std_auth) { 'BTBZMqHH6r4Tts7J_aSIgg' }
  let(:std_as_public) { 'BP4z9KsN6nGRTbVYI_c7VJSPQTBtkgcy27mlmlMoZIIgDll6e3vCYLocInmYWAmS6TlzAC8wEqKK6PBru3jl7A8' }
  let(:std_as_private) { 'yfWPiYE-n46HLnH0KqZOF1fJJU3MYrct3AELtAQ-oRw' }
  let(:std_salt) { 'DGv6ra1nlYgDCS1FRnbzlw' }
  let(:std_subscription) { Fabricate(:web_push_subscription, user_id: user.id, key_p256dh: std_p256dh, key_auth: std_auth, endpoint: endpoint, standard: true, data: { alerts: { notification.type => true } }) }
  let(:std_input) { 'When I grow up, I want to be a watermelon' }
  let(:std_ciphertext) { 'DGv6ra1nlYgDCS1FRnbzlwAAEABBBP4z9KsN6nGRTbVYI_c7VJSPQTBtkgcy27mlmlMoZIIgDll6e3vCYLocInmYWAmS6TlzAC8wEqKK6PBru3jl7A_yl95bQpu6cVPTpK4Mqgkf1CXztLVBSt2Ks3oZwbuwXPXLWyouBWLVWGNWQexSgSxsj_Qulcy4a-fN' }

  describe 'perform' do
    around do |example|
      original_private = Rails.configuration.x.vapid_private_key
      original_public = Rails.configuration.x.vapid_public_key
      Rails.configuration.x.vapid_private_key = vapid_private_key
      Rails.configuration.x.vapid_public_key = vapid_public_key
      example.run
      Rails.configuration.x.vapid_private_key = original_private
      Rails.configuration.x.vapid_public_key = original_public
    end

    before do
      Setting.site_contact_email = contact_email

      allow(JWT).to receive(:encode).and_return('jwt.encoded.payload')

      stub_request(:post, endpoint).to_return(status: 201, body: '')
    end

    it 'Legacy push calls the relevant service with the legacy headers' do
      allow(Webpush::Legacy::Encryption).to receive(:encrypt).and_return(legacy_payload)

      subject.perform(legacy_subscription.id, notification.id)

      expect(legacy_web_push_endpoint_request)
        .to have_been_made
    end

    # We allow subject stub to encrypt the same input than the RFC8291 example
    # rubocop:disable RSpec/SubjectStub
    it 'Standard push calls the relevant service with the standard headers' do
      # Mock server keys to match RFC example
      allow(OpenSSL::PKey::EC).to receive(:generate).and_return(std_as_keys)
      # Mock the random salt to match RFC example
      rand = Random.new
      allow(Random).to receive(:new).and_return(rand)
      allow(rand).to receive(:bytes).and_return(Webpush.decode64(std_salt))
      # Mock input to match RFC example
      allow(subject).to receive(:push_notification_json).and_return(std_input)

      subject.perform(std_subscription.id, notification.id)

      expect(standard_web_push_endpoint_request)
        .to have_been_made
    end
    # rubocop:enable RSpec/SubjectStub

    def legacy_web_push_endpoint_request
      a_request(
        :post,
        endpoint
      ).with(
        headers: {
          'Content-Encoding' => 'aesgcm',
          'Content-Type' => 'application/octet-stream',
          'Crypto-Key' => "dh=BAgtUks5d90kFmxGevk9tH7GEmvz9DB0qcEMUsOBgKwMf-TMjsKIIG6LQvGcFAf6jcmAod15VVwmYwGIIxE4VWE;p256ecdsa=#{vapid_public_key.delete('=')}",
          'Encryption' => 'salt=WJeVM-RY-F9351SVxTFx_g',
          'Ttl' => '172800',
          'Urgency' => 'normal',
          'Authorization' => 'WebPush jwt.encoded.payload',
          'Unsubscribe-URL' => %r{/api/web/push_subscriptions/},
        },
        body: "+\xB8\xDBT}\u0013\xB6\xDD.\xF9\xB0\xA7\xC8Ҁ\xFD\x99#\xF7\xAC\x83\xA4\xDB,\u001F\xB5\xB9w\x85>\xF7\xADr"
      )
    end

    def standard_web_push_endpoint_request
      a_request(
        :post,
        endpoint
      ).with(
        headers: {
          'Content-Encoding' => 'aes128gcm',
          'Content-Type' => 'application/octet-stream',
          'Ttl' => '172800',
          'Urgency' => 'normal',
          'Authorization' => "vapid t=jwt.encoded.payload,k=#{vapid_public_key.delete('=')}",
          'Unsubscribe-URL' => %r{/api/web/push_subscriptions/},
        },
        body: Webpush.decode64(std_ciphertext)
      )
    end

    def std_as_keys
      # VapidKey contains a method to retrieve EC keypair from
      # B64 raw keys, the keypair is stored in curve field
      Webpush::VapidKey.from_keys(std_as_public, std_as_private).curve
    end
  end
end