ntfy/server/server_web_push.go

139 lines
4.6 KiB
Go
Raw Normal View History

2023-05-30 19:56:10 +02:00
package server
import (
"encoding/json"
"fmt"
"net/http"
"regexp"
2023-05-30 19:56:10 +02:00
"github.com/SherClockHolmes/webpush-go"
"heckel.io/ntfy/log"
"heckel.io/ntfy/user"
2023-05-30 19:56:10 +02:00
)
// test: https://regexr.com/7eqvl
// example urls:
//
// https://android.googleapis.com/XYZ
// https://fcm.googleapis.com/XYZ
// https://updates.push.services.mozilla.com/XYZ
// https://updates-autopush.stage.mozaws.net/XYZ
// https://updates-autopush.dev.mozaws.net/XYZ
// https://AAA.notify.windows.com/XYZ
// https://AAA.push.apple.com/XYZ
const (
webPushEndpointAllowRegexStr = `^https:\/\/(android\.googleapis\.com|fcm\.googleapis\.com|updates\.push\.services\.mozilla\.com|updates-autopush\.stage\.mozaws\.net|updates-autopush\.dev\.mozaws\.net|.*\.notify\.windows\.com|.*\.push\.apple\.com)\/.*$`
webPushTopicSubscribeLimit = 50
)
var webPushEndpointAllowRegex = regexp.MustCompile(webPushEndpointAllowRegexStr)
func (s *Server) handleWebPushUpdate(w http.ResponseWriter, r *http.Request, v *visitor) error {
payload, err := readJSONWithLimit[webPushSubscriptionPayload](r.Body, jsonBodyBytesLimit, false)
if err != nil || payload.BrowserSubscription.Endpoint == "" || payload.BrowserSubscription.Keys.P256dh == "" || payload.BrowserSubscription.Keys.Auth == "" {
2023-05-30 19:56:10 +02:00
return errHTTPBadRequestWebPushSubscriptionInvalid
}
if !webPushEndpointAllowRegex.MatchString(payload.BrowserSubscription.Endpoint) {
return errHTTPBadRequestWebPushEndpointUnknown
}
if len(payload.Topics) > webPushTopicSubscribeLimit {
return errHTTPBadRequestWebPushTopicCountTooHigh
}
u := v.User()
2023-05-30 19:56:10 +02:00
topics, err := s.topicsFromIDs(payload.Topics...)
2023-05-30 19:56:10 +02:00
if err != nil {
return err
2023-05-30 19:56:10 +02:00
}
if s.userManager != nil {
for _, t := range topics {
if err := s.userManager.Authorize(u, t.ID, user.PermissionRead); err != nil {
logvr(v, r).With(t).Err(err).Debug("Access to topic %s not authorized", t.ID)
return errHTTPForbidden.With(t)
}
}
2023-05-30 19:56:10 +02:00
}
if err := s.webPush.UpdateSubscriptions(payload.Topics, v.MaybeUserID(), payload.BrowserSubscription); err != nil {
2023-05-30 19:56:10 +02:00
return err
}
return s.writeJSON(w, newSuccessResponse())
}
func (s *Server) publishToWebPushEndpoints(v *visitor, m *message) {
2023-05-30 20:23:03 +02:00
subscriptions, err := s.webPush.SubscriptionsForTopic(m.Topic)
2023-05-30 19:56:10 +02:00
if err != nil {
logvm(v, m).Err(err).Warn("Unable to publish web push messages")
2023-06-02 14:45:05 +02:00
2023-05-30 19:56:10 +02:00
return
}
for i, xi := range subscriptions {
go func(i int, sub webPushSubscription) {
2023-05-30 20:23:03 +02:00
ctx := log.Context{"endpoint": sub.BrowserSubscription.Endpoint, "username": sub.UserID, "topic": m.Topic, "message_id": m.ID}
2023-05-30 19:56:10 +02:00
2023-06-02 14:45:05 +02:00
s.sendWebPushNotification(newWebPushPayload(fmt.Sprintf("%s/%s", s.config.BaseURL, m.Topic), *m), &sub, &ctx)
}(i, xi)
}
}
2023-05-30 19:56:10 +02:00
2023-06-02 14:45:05 +02:00
func (s *Server) expireOrNotifyOldSubscriptions() {
subscriptions, err := s.webPush.ExpireAndGetExpiringSubscriptions(s.config.WebPushExpiryWarningDuration, s.config.WebPushExpiryDuration)
if err != nil {
log.Tag(tagWebPush).Err(err).Warn("Unable to publish expiry imminent warning")
2023-05-30 19:56:10 +02:00
2023-06-02 14:45:05 +02:00
return
}
2023-05-30 19:56:10 +02:00
2023-06-02 14:45:05 +02:00
for i, xi := range subscriptions {
go func(i int, sub webPushSubscription) {
ctx := log.Context{"endpoint": sub.BrowserSubscription.Endpoint}
s.sendWebPushNotification(newWebPushSubscriptionExpiringPayload(), &sub, &ctx)
2023-05-30 19:56:10 +02:00
}(i, xi)
}
2023-06-02 14:45:05 +02:00
log.Tag(tagWebPush).Debug("Expired old subscriptions and published %d expiry imminent warnings", len(subscriptions))
}
func (s *Server) sendWebPushNotification(payload any, sub *webPushSubscription, ctx *log.Context) {
jsonPayload, err := json.Marshal(payload)
if err != nil {
log.Tag(tagWebPush).Err(err).Fields(*ctx).Debug("Unable to publish web push message")
return
}
resp, err := webpush.SendNotification(jsonPayload, &sub.BrowserSubscription, &webpush.Options{
Subscriber: s.config.WebPushEmailAddress,
VAPIDPublicKey: s.config.WebPushPublicKey,
VAPIDPrivateKey: s.config.WebPushPrivateKey,
// Deliverability on iOS isn't great with lower urgency values,
// and thus we can't really map lower ntfy priorities to lower urgency values
Urgency: webpush.UrgencyHigh,
})
if err != nil {
log.Tag(tagWebPush).Err(err).Fields(*ctx).Debug("Unable to publish web push message")
if err := s.webPush.RemoveByEndpoint(sub.BrowserSubscription.Endpoint); err != nil {
log.Tag(tagWebPush).Err(err).Fields(*ctx).Warn("Unable to expire subscription")
}
return
}
// May want to handle at least 429 differently, but for now treat all errors the same
if !(200 <= resp.StatusCode && resp.StatusCode <= 299) {
log.Tag(tagWebPush).Fields(*ctx).Field("response", resp).Debug("Unable to publish web push message")
if err := s.webPush.RemoveByEndpoint(sub.BrowserSubscription.Endpoint); err != nil {
log.Tag(tagWebPush).Err(err).Fields(*ctx).Warn("Unable to expire subscription")
}
return
}
2023-05-30 19:56:10 +02:00
}