Browse Source

Updates and a remaining authentication error to the push service at Mozilla

unsubscribe-mute
Matthew Raymer 1 year ago
parent
commit
5570c0e3dd
  1. 14
      package-lock.json
  2. 1
      package.json
  3. 1
      src/main.ts
  4. 27
      src/notificationService.ts
  5. 15
      src/vapidService.ts

14
package-lock.json

@ -10,6 +10,7 @@
"license": "Apache-2.0",
"dependencies": {
"body-parser": "^1.20.2",
"eckey-utils": "^0.7.13",
"elliptic": "^6.5.4",
"express": "^4.18.2",
"http_ece": "^1.1.0",
@ -2471,6 +2472,14 @@
"node": ">=8"
}
},
"node_modules/asn1-ts": {
"version": "8.0.2",
"resolved": "https://registry.npmjs.org/asn1-ts/-/asn1-ts-8.0.2.tgz",
"integrity": "sha512-M9btvRJRhMhPsUFzAfuqkmQPaLLw1KZNl8xtIBpC5fvbAmlpgJcsLKMP/hxKMAUcH52UUTViEQ/cm6/whkYb+Q==",
"dependencies": {
"tslib": "^2.4.1"
}
},
"node_modules/babel-jest": {
"version": "29.6.2",
"resolved": "https://registry.npmjs.org/babel-jest/-/babel-jest-29.6.2.tgz",
@ -3590,6 +3599,11 @@
"safe-buffer": "^5.0.1"
}
},
"node_modules/eckey-utils": {
"version": "0.7.13",
"resolved": "https://registry.npmjs.org/eckey-utils/-/eckey-utils-0.7.13.tgz",
"integrity": "sha512-medLrbDAa4beQTwcoh2FwRti1d+2b86Op7LtBSaAFNmIRh1MSORt2YwEmAYgp6wf8QEROwJNAoVoC9Rg2Wgbfw=="
},
"node_modules/ee-first": {
"version": "1.1.1",
"resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz",

1
package.json

@ -41,6 +41,7 @@
"license": "Apache-2.0",
"dependencies": {
"body-parser": "^1.20.2",
"eckey-utils": "^0.7.13",
"elliptic": "^6.5.4",
"express": "^4.18.2",
"http_ece": "^1.1.0",

1
src/main.ts

@ -46,7 +46,6 @@ class Server {
this.app.post('/web-push/subscribe', async (req: Request, res: Response) => {
const subscription = req.body as BrowserSubscription;
const message = { "title": "You are subscribed." } as Message;
console.log("/web-push/subscribe", req.body);
await this.subscriptionService.addSubscription(subscription);
await this.notificationService.sendNotification(subscription, message);
res.status(201).send();

27
src/notificationService.ts

@ -42,11 +42,13 @@ export class NotificationService {
private async pushToEndpoint(subscription: BrowserSubscription, message: Message): Promise<void> {
const payloadString = JSON.stringify(message);
const payloadBuffer = Buffer.from(payloadString, 'utf-8');
const vapidKeys: VapidKeys[] = await this.vapidService.getVapidKeys();
const vapidkey: VapidKeys = vapidKeys[0];
const encrypted = await this.encrypt(subscription.keys.p256dh, subscription.keys.auth, payloadBuffer);
const encrypted = await this.encrypt(vapidkey, subscription.keys.p256dh, subscription.keys.auth, payloadBuffer);
const endpoint = subscription.endpoint;
const vapidHeaders = await this.vapidService.createVapidAuthHeader(endpoint, 12 * 60 * 60, 'mailto:example@example.com');
const vapidHeaders = await this.vapidService.createVapidAuthHeader(endpoint, 12 * 60 * 60, 'mailto:example@example.com', vapidkey);
const parsedUrl = new URL(subscription.endpoint);
const options: https.RequestOptions = {
@ -63,6 +65,9 @@ export class NotificationService {
},
};
console.log(parsedUrl);
console.log(options);
return new Promise<void>((resolve, reject) => {
const req = https.request(options, (res) => {
if (res.statusCode! >= 200 && res.statusCode! < 300) {
@ -82,34 +87,22 @@ export class NotificationService {
}
private async encrypt(p256dh: string, auth: string, payload: Buffer): Promise<Buffer> {
private async encrypt(appKeys: VapidKeys, p256dh: string, auth: string, payload: Buffer): Promise<Buffer> {
try {
console.log('Public Key:', p256dh);
console.log('Auth:', auth);
const vapidKeys: VapidKeys[] = await this.vapidService.getVapidKeys();
const vapidkey: VapidKeys = vapidKeys[0];
const vapidPrivateKeyBase64: string = vapidkey['privateKey'];
console.log("vapidPrivateKeyBase64: ", vapidPrivateKeyBase64);
const vapidPrivateKeyBase64: string = appKeys['privateKey'];
const vapidPrivateKeyBuffer: Buffer = Buffer.from(vapidPrivateKeyBase64, 'base64');
const ecdh = crypto.createECDH('prime256v1');
ecdh.setPrivateKey(vapidPrivateKeyBuffer);
const publicKeyBuffer: Buffer = Buffer.from(p256dh, 'base64');
console.log("1: ", payload);
console.log("3: ", publicKeyBuffer);
console.log("4: ", auth);
return http_ece.encrypt(payload, {
'privateKey': ecdh,
'dh': publicKeyBuffer,
'authSecret': Buffer.from(auth)
});
} catch (error) {
console.error('Error encrypting payload:', error);
// Handle the error as appropriate for your application
throw error;
}
}

15
src/vapidService.ts

@ -1,4 +1,4 @@
import ecKeyUtils from "eckey-utils";
import { VapidKeys } from './VapidKeys.js';
import jwt from 'jsonwebtoken';
import crypto from 'crypto';
@ -16,7 +16,6 @@ class VapidService {
private static instance: VapidService;
private dbService: DBService = DBService.getInstance();
private constructor() {
}
@ -60,16 +59,22 @@ class VapidService {
}
async createVapidAuthHeader(endpoint: string, expiration: number, subject: string): Promise<{ 'Authorization': string, 'Crypto-Key': string }> {
const { publicKey, privateKey } = await this.getVapidKeys()[0];
async createVapidAuthHeader(endpoint: string, expiration: number, subject: string, appKeys: VapidKeys): Promise<{ 'Authorization': string, 'Crypto-Key': string }> {
const { publicKey, privateKey } = appKeys;
const jwtInfo = {
aud: new URL(endpoint).origin,
exp: Math.floor((Date.now() / 1000) + expiration),
sub: subject
};
const curveName = 'prime256v1';
const ecdh = crypto.createECDH(curveName);
const privateKeyBuffer = Buffer.from(privateKey, 'base64');
ecdh.setPrivateKey(privateKeyBuffer);
const pems = ecKeyUtils.generatePem({curveName, privateKey: ecdh.getPrivateKey(), publicKey: ecdh.getPublicKey() });
const jwtToken = jwt.sign(jwtInfo, privateKey, { algorithm: 'ES256' });
const jwtToken = jwt.sign(jwtInfo, pems.privateKey, { algorithm: 'ES256' });
return {
'Authorization': `vapid t=${jwtToken}, k=${publicKey}`,

Loading…
Cancel
Save