correcting webpush data

2026-06-03 08:43:10 -07:00 · 2026-02-17 22:23:46 -08:00 · 2026-02-17 22:23:46 -08:00 · 98adc34ef0
commit 98adc34ef0
parent d11b16e2cf
2 changed files with 28 additions and 9 deletions
--- a/service/integration/webpush/sender.go
+++ b/service/integration/webpush/sender.go
@ -33,6 +33,11 @@ func (s *Sender) Send(sub *notification.Subscription, notif notification.Notific
 	}

 	if sub.WebPush.HasEncryption() {
+		vapidPublicKey, err := deriveVAPIDPublicKey(sub.WebPush.VapidPrivateKey)
+		if err != nil {
+			return notification.NewPermanentError(fmt.Errorf("invalid webpush VAPID key for subscription %s: %w", sub.ID, err))
+		}
+
 		subscription := &webpush.Subscription{
 			Endpoint: sub.WebPush.Endpoint,
 			Keys: webpush.Keys{
@ -42,6 +47,8 @@ func (s *Sender) Send(sub *notification.Subscription, notif notification.Notific
 		}

 		resp, err := webpush.SendNotification(payload, subscription, &webpush.Options{
+			Subscriber:      "mailto:lonecloud604@proton.me",
+			VAPIDPublicKey:  vapidPublicKey,
 			VAPIDPrivateKey: sub.WebPush.VapidPrivateKey,
 			TTL:             86400,
 		})
--- a/service/integration/webpush/validation.go
+++ b/service/integration/webpush/validation.go
@ -2,10 +2,8 @@ package webpush

 import (
 	"crypto/ecdh"
-	"crypto/elliptic"
 	"encoding/base64"
 	"fmt"
-	"math/big"
 	"net/url"
 	"strings"
 )
@ -33,19 +31,33 @@ func normalizeVAPIDPrivateKey(raw string) (string, error) {
 		return "", fmt.Errorf("invalid VAPID private key encoding")
 	}

-	if len(decoded) != 32 {
-		return "", fmt.Errorf("invalid VAPID private key length: expected 32 bytes, got %d", len(decoded))
-	}
-
-	n := elliptic.P256().Params().N
-	d := new(big.Int).SetBytes(decoded)
-	if d.Sign() <= 0 || d.Cmp(n) >= 0 {
+	if _, err := ecdh.P256().NewPrivateKey(decoded); err != nil {
 		return "", fmt.Errorf("invalid VAPID private key scalar")
 	}

 	return base64.RawURLEncoding.EncodeToString(decoded), nil
 }

+func deriveVAPIDPublicKey(privateKey string) (string, error) {
+	normalizedPrivateKey, err := normalizeVAPIDPrivateKey(privateKey)
+	if err != nil {
+		return "", err
+	}
+
+	privateBytes, err := decodeBase64URL(normalizedPrivateKey)
+	if err != nil {
+		return "", fmt.Errorf("invalid VAPID private key encoding")
+	}
+
+	privateECKey, err := ecdh.P256().NewPrivateKey(privateBytes)
+	if err != nil {
+		return "", fmt.Errorf("invalid VAPID private key scalar")
+	}
+	publicBytes := privateECKey.PublicKey().Bytes()
+
+	return base64.RawURLEncoding.EncodeToString(publicBytes), nil
+}
+
 func normalizeP256DH(raw string) (string, error) {
 	decoded, err := decodeBase64URL(raw)
 	if err != nil {