// META: script=/common/utils.js
// META: script=resources/support.sub.js
// META: script=/common/subset-tests.js
// META: variant=?1-8
// META: variant=?9-last
//
// Spec: https://wicg.github.io/private-network-access/#integration-fetch
//
// These tests check that fetches from within `ServiceWorker` scripts are
// subject to Private Network Access checks, just like fetches from within
// documents.

// Results that may be expected in tests.
const TestResult = {
  SUCCESS: { ok: true, body: "success" },
  FAILURE: { error: "TypeError" },
};

async function makeTest(t, { source, target, expected }) {
  const bridgeUrl = resolveUrl(
      "resources/service-worker-bridge.html",
      sourceResolveOptions({ server: source.server }));

  const scriptUrl =
      resolveUrl("resources/service-worker.js", sourceResolveOptions(source));

  const realTargetUrl = preflightUrl(target);

  // Fetch a URL within the service worker's scope, but tell it which URL to
  // really fetch.
  const targetUrl = new URL("service-worker-proxy", scriptUrl);
  targetUrl.searchParams.append("proxied-url", realTargetUrl.href);

  const iframe = await appendIframe(t, document, bridgeUrl);

  const request = (message) => {
    const reply = futureMessage();
    iframe.contentWindow.postMessage(message, "*");
    return reply;
  };

  {
    const { error, loaded } = await request({
      action: "register",
      url: scriptUrl.href,
    });

    assert_equals(error, undefined, "register error");
    assert_true(loaded, "response loaded");
  }

  try {
    const { controlled, numControllerChanges } = await request({
      action: "wait",
      numControllerChanges: 1,
    });

    assert_equals(numControllerChanges, 1, "controller change");
    assert_true(controlled, "bridge script is controlled");

    const { error, ok, body } = await request({
      action: "fetch",
      url: targetUrl.href,
    });

    assert_equals(error, expected.error, "fetch error");
    assert_equals(ok, expected.ok, "response ok");
    assert_equals(body, expected.body, "response body");
  } finally {
    // Always unregister the service worker.
    const { error, unregistered } = await request({
      action: "unregister",
      scope: new URL("./", scriptUrl).href,
    });

    assert_equals(error, undefined, "unregister error");
    assert_true(unregistered, "unregistered");
  }
}

subsetTest(promise_test, t => makeTest(t, {
  source: { server: Server.HTTPS_LOCAL },
  target: { server: Server.HTTPS_LOCAL },
  expected: TestResult.SUCCESS,
}), "local to local: success.");

subsetTest(promise_test, t => makeTest(t, {
  source: { server: Server.HTTPS_PRIVATE },
  target: {
    server: Server.HTTPS_LOCAL,
    behavior: { response: ResponseBehavior.allowCrossOrigin() },
  },
  expected: TestResult.FAILURE,
}), "private to local: failed preflight.");

subsetTest(promise_test, t => makeTest(t, {
  source: { server: Server.HTTPS_PRIVATE },
  target: {
    server: Server.HTTPS_LOCAL,
    behavior: {
      preflight: PreflightBehavior.success(token()),
      response: ResponseBehavior.allowCrossOrigin(),
    },
  },
  expected: TestResult.SUCCESS,
}), "private to local: success.");

subsetTest(promise_test, t => makeTest(t, {
  source: { server: Server.HTTPS_PRIVATE },
  target: { server: Server.HTTPS_PRIVATE },
  expected: TestResult.SUCCESS,
}), "private to private: success.");

subsetTest(promise_test, t => makeTest(t, {
  source: { server: Server.HTTPS_PUBLIC },
  target: {
    server: Server.HTTPS_LOCAL,
    behavior: { response: ResponseBehavior.allowCrossOrigin() },
  },
  expected: TestResult.FAILURE,
}), "public to local: failed preflight.");

subsetTest(promise_test, t => makeTest(t, {
  source: { server: Server.HTTPS_PUBLIC },
  target: {
    server: Server.HTTPS_LOCAL,
    behavior: {
      preflight: PreflightBehavior.success(token()),
      response: ResponseBehavior.allowCrossOrigin(),
    },
  },
  expected: TestResult.SUCCESS,
}), "public to local: success.");

subsetTest(promise_test, t => makeTest(t, {
  source: { server: Server.HTTPS_PUBLIC },
  target: {
    server: Server.HTTPS_PRIVATE,
    behavior: { response: ResponseBehavior.allowCrossOrigin() },
  },
  expected: TestResult.FAILURE,
}), "public to private: failed preflight.");

subsetTest(promise_test, t => makeTest(t, {
  source: { server: Server.HTTPS_PUBLIC },
  target: {
    server: Server.HTTPS_PRIVATE,
    behavior: {
      preflight: PreflightBehavior.success(token()),
      response: ResponseBehavior.allowCrossOrigin(),
    },
  },
  expected: TestResult.SUCCESS,
}), "public to private: success.");

subsetTest(promise_test, t => makeTest(t, {
  source: { server: Server.HTTPS_PUBLIC },
  target: { server: Server.HTTPS_PUBLIC },
  expected: TestResult.SUCCESS,
}), "public to public: success.");

subsetTest(promise_test, t => makeTest(t, {
  source: {
    server: Server.HTTPS_LOCAL,
    treatAsPublic: true,
  },
  target: {
    server: Server.OTHER_HTTPS_LOCAL,
    behavior: { response: ResponseBehavior.allowCrossOrigin() },
  },
  expected: TestResult.FAILURE,
}), "treat-as-public to local: failed preflight.");

subsetTest(promise_test, t => makeTest(t, {
  source: {
    server: Server.HTTPS_LOCAL,
    treatAsPublic: true,
  },
  target: {
    server: Server.OTHER_HTTPS_LOCAL,
    behavior: {
      preflight: PreflightBehavior.success(token()),
      response: ResponseBehavior.allowCrossOrigin(),
    },
  },
  expected: TestResult.SUCCESS,
}), "treat-as-public to local: success.");

subsetTest(promise_test, t => makeTest(t, {
  source: {
    server: Server.HTTPS_LOCAL,
    treatAsPublic: true,
  },
  target: { server: Server.HTTPS_LOCAL },
  expected: TestResult.SUCCESS,
}), "treat-as-public to local (same-origin): no preflight required.");

subsetTest(promise_test, t => makeTest(t, {
  source: {
    server: Server.HTTPS_LOCAL,
    treatAsPublic: true,
  },
  target: {
    server: Server.HTTPS_PRIVATE,
    behavior: { response: ResponseBehavior.allowCrossOrigin() },
  },
  expected: TestResult.FAILURE,
}), "treat-as-public to private: failed preflight.");

subsetTest(promise_test, t => makeTest(t, {
  source: {
    server: Server.HTTPS_LOCAL,
    treatAsPublic: true,
  },
  target: {
    server: Server.HTTPS_PRIVATE,
    behavior: {
      preflight: PreflightBehavior.success(token()),
      response: ResponseBehavior.allowCrossOrigin(),
    },
  },
  expected: TestResult.SUCCESS,
}), "treat-as-public to private: success.");

subsetTest(promise_test, t => makeTest(t, {
  source: {
    server: Server.HTTPS_LOCAL,
    treatAsPublic: true,
  },
  target: {
    server: Server.HTTPS_PUBLIC,
    behavior: { response: ResponseBehavior.allowCrossOrigin() },
  },
  expected: TestResult.SUCCESS,
}), "treat-as-public to public: success.");