From 98adc34ef0e6d1bb111eb5e5bac4dd706bb12ca9 Mon Sep 17 00:00:00 2001 From: Egor Date: Tue, 17 Feb 2026 22:23:46 -0800 Subject: [PATCH] correcting webpush data --- service/integration/webpush/sender.go | 7 ++++++ service/integration/webpush/validation.go | 30 ++++++++++++++++------- 2 files changed, 28 insertions(+), 9 deletions(-) diff --git a/service/integration/webpush/sender.go b/service/integration/webpush/sender.go index 73341cb..82e3a53 100644 --- a/service/integration/webpush/sender.go +++ b/service/integration/webpush/sender.go @@ -33,6 +33,11 @@ func (s *Sender) Send(sub *notification.Subscription, notif notification.Notific } if sub.WebPush.HasEncryption() { + vapidPublicKey, err := deriveVAPIDPublicKey(sub.WebPush.VapidPrivateKey) + if err != nil { + return notification.NewPermanentError(fmt.Errorf("invalid webpush VAPID key for subscription %s: %w", sub.ID, err)) + } + subscription := &webpush.Subscription{ Endpoint: sub.WebPush.Endpoint, Keys: webpush.Keys{ @@ -42,6 +47,8 @@ func (s *Sender) Send(sub *notification.Subscription, notif notification.Notific } resp, err := webpush.SendNotification(payload, subscription, &webpush.Options{ + Subscriber: "mailto:lonecloud604@proton.me", + VAPIDPublicKey: vapidPublicKey, VAPIDPrivateKey: sub.WebPush.VapidPrivateKey, TTL: 86400, }) diff --git a/service/integration/webpush/validation.go b/service/integration/webpush/validation.go index 31c0a29..9366706 100644 --- a/service/integration/webpush/validation.go +++ b/service/integration/webpush/validation.go @@ -2,10 +2,8 @@ package webpush import ( "crypto/ecdh" - "crypto/elliptic" "encoding/base64" "fmt" - "math/big" "net/url" "strings" ) @@ -33,19 +31,33 @@ func normalizeVAPIDPrivateKey(raw string) (string, error) { return "", fmt.Errorf("invalid VAPID private key encoding") } - if len(decoded) != 32 { - return "", fmt.Errorf("invalid VAPID private key length: expected 32 bytes, got %d", len(decoded)) - } - - n := elliptic.P256().Params().N - d := new(big.Int).SetBytes(decoded) - if d.Sign() <= 0 || d.Cmp(n) >= 0 { + if _, err := ecdh.P256().NewPrivateKey(decoded); err != nil { return "", fmt.Errorf("invalid VAPID private key scalar") } return base64.RawURLEncoding.EncodeToString(decoded), nil } +func deriveVAPIDPublicKey(privateKey string) (string, error) { + normalizedPrivateKey, err := normalizeVAPIDPrivateKey(privateKey) + if err != nil { + return "", err + } + + privateBytes, err := decodeBase64URL(normalizedPrivateKey) + if err != nil { + return "", fmt.Errorf("invalid VAPID private key encoding") + } + + privateECKey, err := ecdh.P256().NewPrivateKey(privateBytes) + if err != nil { + return "", fmt.Errorf("invalid VAPID private key scalar") + } + publicBytes := privateECKey.PublicKey().Bytes() + + return base64.RawURLEncoding.EncodeToString(publicBytes), nil +} + func normalizeP256DH(raw string) (string, error) { decoded, err := decodeBase64URL(raw) if err != nil {