Updates and a remaining authentication error to the push service at Mozilla

1 year ago · 5570c0e3dd
5 changed files with 9654 additions and 9642 deletions
--- a/package-lock.json
+++ b/package-lock.json
@ -10,6 +10,7 @@
            "license": "Apache-2.0",
            "dependencies": {
                "body-parser": "^1.20.2",
+                "eckey-utils": "^0.7.13",
                "elliptic": "^6.5.4",
                "express": "^4.18.2",
                "http_ece": "^1.1.0",
@ -2471,6 +2472,14 @@
                "node": ">=8"
            }
        },
+        "node_modules/asn1-ts": {
+            "version": "8.0.2",
+            "resolved": "https://registry.npmjs.org/asn1-ts/-/asn1-ts-8.0.2.tgz",
+            "integrity": "sha512-M9btvRJRhMhPsUFzAfuqkmQPaLLw1KZNl8xtIBpC5fvbAmlpgJcsLKMP/hxKMAUcH52UUTViEQ/cm6/whkYb+Q==",
+            "dependencies": {
+                "tslib": "^2.4.1"
+            }
+        },
        "node_modules/babel-jest": {
            "version": "29.6.2",
            "resolved": "https://registry.npmjs.org/babel-jest/-/babel-jest-29.6.2.tgz",
@ -3590,6 +3599,11 @@
                "safe-buffer": "^5.0.1"
            }
        },
+        "node_modules/eckey-utils": {
+            "version": "0.7.13",
+            "resolved": "https://registry.npmjs.org/eckey-utils/-/eckey-utils-0.7.13.tgz",
+            "integrity": "sha512-medLrbDAa4beQTwcoh2FwRti1d+2b86Op7LtBSaAFNmIRh1MSORt2YwEmAYgp6wf8QEROwJNAoVoC9Rg2Wgbfw=="
+        },
        "node_modules/ee-first": {
            "version": "1.1.1",
            "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz",
--- a/package.json
+++ b/package.json
@ -41,6 +41,7 @@
    "license": "Apache-2.0",
    "dependencies": {
        "body-parser": "^1.20.2",
+        "eckey-utils": "^0.7.13",
        "elliptic": "^6.5.4",
        "express": "^4.18.2",
        "http_ece": "^1.1.0",
--- a/src/main.ts
+++ b/src/main.ts
@ -46,7 +46,6 @@ class Server {
    this.app.post('/web-push/subscribe', async (req: Request, res: Response) => {
      const subscription = req.body as BrowserSubscription;
      const message = { "title": "You are subscribed." } as Message;
-      console.log("/web-push/subscribe", req.body);
      await this.subscriptionService.addSubscription(subscription);
      await this.notificationService.sendNotification(subscription, message);
      res.status(201).send();
--- a/src/notificationService.ts
+++ b/src/notificationService.ts
@ -42,11 +42,13 @@ export class NotificationService {
    private async pushToEndpoint(subscription: BrowserSubscription, message: Message): Promise<void> {
        const payloadString = JSON.stringify(message);
 	const payloadBuffer = Buffer.from(payloadString, 'utf-8');
+        const vapidKeys: VapidKeys[] = await this.vapidService.getVapidKeys();
+	const vapidkey: VapidKeys = vapidKeys[0];

-        const encrypted = await this.encrypt(subscription.keys.p256dh, subscription.keys.auth, payloadBuffer);
+        const encrypted = await this.encrypt(vapidkey, subscription.keys.p256dh, subscription.keys.auth, payloadBuffer);
        const endpoint = subscription.endpoint;

-        const vapidHeaders = await this.vapidService.createVapidAuthHeader(endpoint, 12 * 60 * 60, 'mailto:example@example.com');
+        const vapidHeaders = await this.vapidService.createVapidAuthHeader(endpoint, 12 * 60 * 60, 'mailto:example@example.com', vapidkey);

        const parsedUrl = new URL(subscription.endpoint);
        const options: https.RequestOptions = {
@ -63,6 +65,9 @@ export class NotificationService {
            },
        };

+        console.log(parsedUrl);
+	console.log(options);
+	
        return new Promise<void>((resolve, reject) => {
            const req = https.request(options, (res) => {
                if (res.statusCode! >= 200 && res.statusCode! < 300) {
@ -82,34 +87,22 @@ export class NotificationService {
    }


-    private async encrypt(p256dh: string, auth: string, payload: Buffer): Promise<Buffer> {
+    private async encrypt(appKeys: VapidKeys, p256dh: string, auth: string, payload: Buffer): Promise<Buffer> {
      try {
-        console.log('Public Key:', p256dh);
-        console.log('Auth:', auth);
-	
-        const vapidKeys: VapidKeys[] = await this.vapidService.getVapidKeys();
-	const vapidkey: VapidKeys = vapidKeys[0];
-	const vapidPrivateKeyBase64: string = vapidkey['privateKey'];
-	
-	console.log("vapidPrivateKeyBase64: ", vapidPrivateKeyBase64);
-	
+	const vapidPrivateKeyBase64: string = appKeys['privateKey'];
        const vapidPrivateKeyBuffer: Buffer = Buffer.from(vapidPrivateKeyBase64, 'base64');
        const ecdh = crypto.createECDH('prime256v1');
        ecdh.setPrivateKey(vapidPrivateKeyBuffer);
 	const publicKeyBuffer: Buffer = Buffer.from(p256dh, 'base64');
 	
-	console.log("1: ", payload);
-        console.log("3: ", publicKeyBuffer);
-	console.log("4: ", auth);
-
        return http_ece.encrypt(payload, {
            'privateKey': ecdh,
            'dh': publicKeyBuffer,
            'authSecret': Buffer.from(auth)
        });
+	
      } catch (error) {
        console.error('Error encrypting payload:', error);
-        // Handle the error as appropriate for your application
        throw error;
      }
    }    
--- a/src/vapidService.ts
+++ b/src/vapidService.ts
@ -1,4 +1,4 @@
-
+import ecKeyUtils from "eckey-utils";
 import { VapidKeys } from './VapidKeys.js';
 import jwt from 'jsonwebtoken';
 import crypto from 'crypto';
@ -16,7 +16,6 @@ class VapidService {
  private static instance: VapidService;
  private dbService: DBService = DBService.getInstance();

-
  private constructor() {
  }

@ -60,16 +59,22 @@ class VapidService {
  }


-  async createVapidAuthHeader(endpoint: string, expiration: number, subject: string): Promise<{ 'Authorization': string, 'Crypto-Key': string }> {
-    const { publicKey, privateKey } = await this.getVapidKeys()[0];
+  async createVapidAuthHeader(endpoint: string, expiration: number, subject: string, appKeys: VapidKeys): Promise<{ 'Authorization': string, 'Crypto-Key': string }> {
+    const { publicKey, privateKey } = appKeys;

    const jwtInfo = {
      aud: new URL(endpoint).origin,
      exp: Math.floor((Date.now() / 1000) + expiration),
      sub: subject
    };
+    const curveName = 'prime256v1';
+    const ecdh = crypto.createECDH(curveName);
+    const privateKeyBuffer = Buffer.from(privateKey, 'base64');
+    ecdh.setPrivateKey(privateKeyBuffer);
+
+    const pems = ecKeyUtils.generatePem({curveName, privateKey: ecdh.getPrivateKey(), publicKey: ecdh.getPublicKey() });
    
-    const jwtToken = jwt.sign(jwtInfo, privateKey, { algorithm: 'ES256' });
+    const jwtToken = jwt.sign(jwtInfo, pems.privateKey, { algorithm: 'ES256' });

    return {
      'Authorization': `vapid t=${jwtToken}, k=${publicKey}`,