lone-cloud/prism
0
0
Fork 0
mirror of https://github.com/lone-cloud/prism synced 2026-06-03 08:43:10 -07:00
Code Issues Projects Releases Packages Wiki Activity

correcting webpush data

Browse source
This commit is contained in:
lone-cloud 2026-02-17 22:23:46 -08:00
parent 45b55dc1c5
commit 9976faaf27
2 changed files with 28 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
service/integration/webpush/sender.go
View file

@ -33,6 +33,11 @@ func (s *Sender) Send(sub *notification.Subscription, notif notification.Notific
} }
if sub.WebPush.HasEncryption() { if sub.WebPush.HasEncryption() {
vapidPublicKey, err := deriveVAPIDPublicKey(sub.WebPush.VapidPrivateKey)
if err != nil {
return notification.NewPermanentError(fmt.Errorf("invalid webpush VAPID key for subscription %s: %w", sub.ID, err))
}
subscription := &webpush.Subscription{ subscription := &webpush.Subscription{
Endpoint: sub.WebPush.Endpoint, Endpoint: sub.WebPush.Endpoint,
Keys: webpush.Keys{ Keys: webpush.Keys{
@ -42,6 +47,8 @@ func (s *Sender) Send(sub *notification.Subscription, notif notification.Notific
} }
resp, err := webpush.SendNotification(payload, subscription, &webpush.Options{ resp, err := webpush.SendNotification(payload, subscription, &webpush.Options{
Subscriber: "mailto:lonecloud604@proton.me",
VAPIDPublicKey: vapidPublicKey,
VAPIDPrivateKey: sub.WebPush.VapidPrivateKey, VAPIDPrivateKey: sub.WebPush.VapidPrivateKey,
TTL: 86400, TTL: 86400,
}) })

30
service/integration/webpush/validation.go
View file

@ -2,10 +2,8 @@ package webpush
import ( import (
"crypto/ecdh" "crypto/ecdh"
"crypto/elliptic"
"encoding/base64" "encoding/base64"
"fmt" "fmt"
"math/big"
"net/url" "net/url"
"strings" "strings"
) )
@ -33,19 +31,33 @@ func normalizeVAPIDPrivateKey(raw string) (string, error) {
return "", fmt.Errorf("invalid VAPID private key encoding") return "", fmt.Errorf("invalid VAPID private key encoding")
} }
if len(decoded) != 32 { if _, err := ecdh.P256().NewPrivateKey(decoded); err != nil {
return "", fmt.Errorf("invalid VAPID private key length: expected 32 bytes, got %d", len(decoded))
}
n := elliptic.P256().Params().N
d := new(big.Int).SetBytes(decoded)
if d.Sign() <= 0 || d.Cmp(n) >= 0 {
return "", fmt.Errorf("invalid VAPID private key scalar") return "", fmt.Errorf("invalid VAPID private key scalar")
} }
return base64.RawURLEncoding.EncodeToString(decoded), nil return base64.RawURLEncoding.EncodeToString(decoded), nil
} }
func deriveVAPIDPublicKey(privateKey string) (string, error) {
normalizedPrivateKey, err := normalizeVAPIDPrivateKey(privateKey)
if err != nil {
return "", err
}
privateBytes, err := decodeBase64URL(normalizedPrivateKey)
if err != nil {
return "", fmt.Errorf("invalid VAPID private key encoding")
}
privateECKey, err := ecdh.P256().NewPrivateKey(privateBytes)
if err != nil {
return "", fmt.Errorf("invalid VAPID private key scalar")
}
publicBytes := privateECKey.PublicKey().Bytes()
return base64.RawURLEncoding.EncodeToString(publicBytes), nil
}
func normalizeP256DH(raw string) (string, error) { func normalizeP256DH(raw string) (string, error) {
decoded, err := decodeBase64URL(raw) decoded, err := decodeBase64URL(raw)
if err != nil { if err != nil {