From 97adb3d3e332f06fdd8b49fa9e548914240e6504 Mon Sep 17 00:00:00 2001 From: James Lakin Date: Sat, 28 Mar 2020 16:27:45 +0000 Subject: [PATCH 01/21] Add webpush-go dependency --- go.mod | 3 ++- go.sum | 5 +++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 54abb2292f80e..a422f18036e44 100644 --- a/go.mod +++ b/go.mod @@ -18,6 +18,7 @@ require ( gitea.com/macaron/toolbox v0.0.0-20190822013122-05ff0fc766b7 github.com/PuerkitoBio/goquery v1.5.0 github.com/RoaringBitmap/roaring v0.4.21 // indirect + github.com/SherClockHolmes/webpush-go v1.1.0 github.com/bgentry/speakeasy v0.1.0 // indirect github.com/blevesearch/bleve v0.8.1 github.com/blevesearch/blevex v0.0.0-20180227211930-4b158bb555a3 // indirect @@ -102,7 +103,7 @@ require ( github.com/yohcop/openid-go v0.0.0-20160914080427-2c050d2dae53 github.com/yuin/goldmark v1.1.25 go.etcd.io/bbolt v1.3.3 // indirect - golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073 + golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59 golang.org/x/net v0.0.0-20200301022130-244492dfa37a golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45 golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527 diff --git a/go.sum b/go.sum index 552be8a7d0da5..26c731561f120 100644 --- a/go.sum +++ b/go.sum @@ -54,6 +54,8 @@ github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 h1:d+Bc7a5rLufV github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= github.com/RoaringBitmap/roaring v0.4.21 h1:WJ/zIlNX4wQZ9x8Ey33O1UaD9TCTakYsdLFSBcTwH+8= github.com/RoaringBitmap/roaring v0.4.21/go.mod h1:D0gp8kJQgE1A4LQ5wFLggQEyvDi06Mq5mKs52e1TwOo= +github.com/SherClockHolmes/webpush-go v1.1.0 h1:WjWbwo0Bf1Cbd8Yr0myrpYYlcN7VvQz/TVmUTjxL35g= +github.com/SherClockHolmes/webpush-go v1.1.0/go.mod h1:Jbd13H6kOFZubRMAaEHQS+e0EpP/aSHtLKeo9gsyO5k= github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo= github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI= github.com/Unknwon/com v0.0.0-20190321035513-0fed4efef755/go.mod h1:voKvFVpXBJxdIPeqjoJuLK+UVcRlo/JLjeToGxPYu68= @@ -608,6 +610,7 @@ go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= golang.org/x/crypto v0.0.0-20180820150726-614d502a4dac/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/crypto v0.0.0-20190131182504-b8fe1690c613/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190320223903-b7391e95e576/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= @@ -622,6 +625,8 @@ golang.org/x/crypto v0.0.0-20190927123631-a832865fa7ad/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073 h1:xMPOj6Pz6UipU1wXLkrtqpHbR0AVFnyPEQq/wRWz9lM= golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59 h1:3zb4D3T4G8jdExgVU/95+vQXfpEPiMdCaZgmGVxjNHM= +golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= From d8924ada34ed722ef9f1fbefa0a977af48658942 Mon Sep 17 00:00:00 2001 From: James Lakin Date: Sat, 28 Mar 2020 16:28:24 +0000 Subject: [PATCH 02/21] Generate VAPID keys and add to settings automatically --- .../doc/advanced/config-cheat-sheet.en-us.md | 2 ++ modules/setting/setting.go | 33 +++++++++++++++++++ 2 files changed, 35 insertions(+) diff --git a/docs/content/doc/advanced/config-cheat-sheet.en-us.md b/docs/content/doc/advanced/config-cheat-sheet.en-us.md index 2306dd2281e61..c7575ff76cad3 100644 --- a/docs/content/doc/advanced/config-cheat-sheet.en-us.md +++ b/docs/content/doc/advanced/config-cheat-sheet.en-us.md @@ -289,6 +289,8 @@ set name for unique queues. Individual queues will default to - `INSTALL_LOCK`: **false**: Disallow access to the install page. - `SECRET_KEY`: **\**: Global secret key. This should be changed. +- `WEB_PUSH_PUBLIC_KEY`: **\**: VAPID key pair used for Web Push notifications +- `WEB_PUSH_PRIVATE_KEY`: **\**: VAPID key pair used for Web Push notifications - `LOGIN_REMEMBER_DAYS`: **7**: Cookie lifetime, in days. - `COOKIE_USERNAME`: **gitea\_awesome**: Name of the cookie used to store the current username. - `COOKIE_REMEMBER_NAME`: **gitea\_incredible**: Name of cookie used to store authentication diff --git a/modules/setting/setting.go b/modules/setting/setting.go index 74f6da38d1564..0d3863febaaa3 100644 --- a/modules/setting/setting.go +++ b/modules/setting/setting.go @@ -26,6 +26,7 @@ import ( "code.gitea.io/gitea/modules/log" "code.gitea.io/gitea/modules/user" + webpush "github.com/SherClockHolmes/webpush-go" shellquote "github.com/kballard/go-shellquote" version "github.com/mcuadros/go-version" "github.com/unknwon/cae/zip" @@ -147,6 +148,8 @@ var ( // Security settings InstallLock bool SecretKey string + WebPushPublicKey string + WebPushPrivateKey string LogInRememberDays int CookieUserName string CookieRememberName string @@ -816,6 +819,36 @@ func NewContext() { PasswordHashAlgo = sec.Key("PASSWORD_HASH_ALGO").MustString("pbkdf2") CSRFCookieHTTPOnly = sec.Key("CSRF_COOKIE_HTTP_ONLY").MustBool(true) + WebPushPublicKey = sec.Key("WEB_PUSH_PUBLIC_KEY").String() + WebPushPrivateKey = sec.Key("WEB_PUSH_PRIVATE_KEY").String() + if WebPushPrivateKey == "" || WebPushPublicKey == "" { + log.Info("No VAPID (Web Push) keypair detected. Generating and saving to app.ini") + WebPushPrivateKey, WebPushPublicKey, err = webpush.GenerateVAPIDKeys() + if err != nil { + log.Fatal("error generating VAPID keypair: %v", err) + return + } + + cfg := ini.Empty() + if com.IsFile(CustomConf) { + if err := cfg.Append(CustomConf); err != nil { + log.Error("failed to load custom conf %s: %v", CustomConf, err) + return + } + } + cfg.Section("security").Key("WEB_PUSH_PUBLIC_KEY").SetValue(WebPushPublicKey) + cfg.Section("security").Key("WEB_PUSH_PRIVATE_KEY").SetValue(WebPushPrivateKey) + + if err := os.MkdirAll(filepath.Dir(CustomConf), os.ModePerm); err != nil { + log.Fatal("failed to create '%s': %v", CustomConf, err) + return + } + if err := cfg.SaveTo(CustomConf); err != nil { + log.Fatal("error saving generated VAPID keypair to custom config: %v", err) + return + } + } + InternalToken = loadInternalToken(sec) cfgdata := sec.Key("PASSWORD_COMPLEXITY").Strings(",") From 4d3753693d87c3b3413d45044f36177cecdd4a05 Mon Sep 17 00:00:00 2001 From: James Lakin Date: Sat, 28 Mar 2020 16:47:11 +0000 Subject: [PATCH 03/21] Document requirement of service worker --- docs/content/doc/advanced/config-cheat-sheet.en-us.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/content/doc/advanced/config-cheat-sheet.en-us.md b/docs/content/doc/advanced/config-cheat-sheet.en-us.md index c7575ff76cad3..9d25aff559c72 100644 --- a/docs/content/doc/advanced/config-cheat-sheet.en-us.md +++ b/docs/content/doc/advanced/config-cheat-sheet.en-us.md @@ -131,7 +131,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`. - `REACTIONS`: All available reactions. Allow users react with different emoji's. - `DEFAULT_SHOW_FULL_NAME`: **false**: Whether the full name of the users should be shown where possible. If the full name isn't set, the username will be used. - `SEARCH_REPO_DESCRIPTION`: **true**: Whether to search within description at repository search on explore page. -- `USE_SERVICE_WORKER`: **true**: Whether to enable a Service Worker to cache frontend assets. +- `USE_SERVICE_WORKER`: **true**: Whether to enable a Service Worker to cache frontend assets and enable push notifications on supported browsers. ### UI - Admin (`ui.admin`) From bd138af510b1fc36424cd3d4ce00799dbf6ca201 Mon Sep 17 00:00:00 2001 From: James Lakin Date: Sat, 28 Mar 2020 17:03:21 +0000 Subject: [PATCH 04/21] Provide public key to JS side --- modules/templates/helper.go | 3 +++ templates/base/head.tmpl | 1 + 2 files changed, 4 insertions(+) diff --git a/modules/templates/helper.go b/modules/templates/helper.go index b5b49874276db..27a9ca1201434 100644 --- a/modules/templates/helper.go +++ b/modules/templates/helper.go @@ -70,6 +70,9 @@ func NewFuncMap() []template.FuncMap { "AppDomain": func() string { return setting.Domain }, + "WebPushPublicKey": func() string { + return setting.WebPushPublicKey + }, "DisableGravatar": func() bool { return setting.DisableGravatar }, diff --git a/templates/base/head.tmpl b/templates/base/head.tmpl index e0765d59d30ed..9a7ea696fe889 100644 --- a/templates/base/head.tmpl +++ b/templates/base/head.tmpl @@ -86,6 +86,7 @@ window.config = { AppSubUrl: '{{AppSubUrl}}', StaticUrlPrefix: '{{StaticUrlPrefix}}', + WebPushPublicKey: '{{WebPushPublicKey}}', csrf: '{{.CsrfToken}}', HighlightJS: {{if .RequireHighlightJS}}true{{else}}false{{end}}, Minicolors: {{if .RequireMinicolors}}true{{else}}false{{end}}, From c92df3c8832d9de1d71429c7a062f667a53971e0 Mon Sep 17 00:00:00 2001 From: James Lakin Date: Sat, 28 Mar 2020 23:21:29 +0000 Subject: [PATCH 05/21] Add demo button to enable push subscriptions --- templates/base/head.tmpl | 2 + templates/user/notification/notification.tmpl | 10 ++++- web_src/js/features/pushnotifications.js | 45 +++++++++++++++++++ web_src/js/index.js | 2 + 4 files changed, 58 insertions(+), 1 deletion(-) create mode 100644 web_src/js/features/pushnotifications.js diff --git a/templates/base/head.tmpl b/templates/base/head.tmpl index 9a7ea696fe889..ae7874369d4f9 100644 --- a/templates/base/head.tmpl +++ b/templates/base/head.tmpl @@ -12,6 +12,7 @@ navigator.serviceWorker.register('{{AppSubUrl}}/serviceworker.js').then(function(registration) { // Registration was successful console.info('ServiceWorker registration successful with scope: ', registration.scope); + window.serviceWorkerRegistration = registration; }, function(err) { // registration failed :( console.info('ServiceWorker registration failed: ', err); @@ -87,6 +88,7 @@ AppSubUrl: '{{AppSubUrl}}', StaticUrlPrefix: '{{StaticUrlPrefix}}', WebPushPublicKey: '{{WebPushPublicKey}}', + ServiceWorkerEnabled: {{if UseServiceWorker}}true{{else}}false{{end}}, csrf: '{{.CsrfToken}}', HighlightJS: {{if .RequireHighlightJS}}true{{else}}false{{end}}, Minicolors: {{if .RequireMinicolors}}true{{else}}false{{end}}, diff --git a/templates/user/notification/notification.tmpl b/templates/user/notification/notification.tmpl index c4f744a291738..27517bd608a46 100644 --- a/templates/user/notification/notification.tmpl +++ b/templates/user/notification/notification.tmpl @@ -2,7 +2,15 @@
-

{{.i18n.Tr "notification.notifications"}}

+
+
+

{{.i18n.Tr "notification.notifications"}}

+
+
+
+
+
+
diff --git a/web_src/js/features/pushnotifications.js b/web_src/js/features/pushnotifications.js new file mode 100644 index 0000000000000..e666ea8dff384 --- /dev/null +++ b/web_src/js/features/pushnotifications.js @@ -0,0 +1,45 @@ +export default async function initPushNotificationsOptIn() { + if (!window.location.pathname.startsWith('/notifications')) return; + if (!('serviceWorker' in navigator && 'PushManager' in window && window.config.ServiceWorkerEnabled)) { + return; + } + + const button = $('Enable Push Notifications'); + button.on('click', subscribe); + $('#pushNotificationOptIn').prepend(button); +} + +async function subscribe() { + const canNotify = await hasNotificationPermission(); + if (!canNotify) return alert('Denied.'); + + /** @type {ServiceWorkerRegistration} */ + const registration = window.serviceWorkerRegistration; + const subscriptionResults = await registration.pushManager.subscribe({ + userVisibleOnly: true, + applicationServerKey: window.config.WebPushPublicKey + }); + // eslint-disable-next-line no-console + console.log(JSON.stringify(subscriptionResults.toJSON())); +} + +async function hasNotificationPermission() { + const requestResult = await requestNotificationPermission(); + if (requestResult === 'granted') { + return true; + } + return false; +} + +function requestNotificationPermission() { + return new Promise((resolve, reject) => { + // This used to be callback-based instead of a Promise. We account for that here: + const permissionResult = Notification.requestPermission((result) => { + return resolve(result); + }); + + if (permissionResult) { + permissionResult.then(resolve, reject); + } + }); +} diff --git a/web_src/js/index.js b/web_src/js/index.js index 2db5b08b8bee0..a130d3a383b46 100644 --- a/web_src/js/index.js +++ b/web_src/js/index.js @@ -16,6 +16,7 @@ import initGitGraph from './features/gitgraph.js'; import initClipboard from './features/clipboard.js'; import initUserHeatmap from './features/userheatmap.js'; import initDateTimePicker from './features/datetimepicker.js'; +import initPushNotificationsOptIn from './features/pushnotifications.js'; import createDropzone from './features/dropzone.js'; import ActivityTopAuthors from './components/ActivityTopAuthors.vue'; @@ -2554,6 +2555,7 @@ $(document).ready(async () => { initRepoStatusChecker(); initTemplateSearch(); initContextPopups(); + initPushNotificationsOptIn(); // Repo clone url. if ($('#repo-clone-url').length > 0) { From eb1251a0990db3a642f929344a005b64caf140f3 Mon Sep 17 00:00:00 2001 From: James Lakin Date: Sat, 28 Mar 2020 23:22:39 +0000 Subject: [PATCH 06/21] Expand service worker to accept pushes and notifications --- templates/pwa/serviceworker_js.tmpl | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/templates/pwa/serviceworker_js.tmpl b/templates/pwa/serviceworker_js.tmpl index 7117555dd237c..a951fbdd062ce 100644 --- a/templates/pwa/serviceworker_js.tmpl +++ b/templates/pwa/serviceworker_js.tmpl @@ -74,3 +74,25 @@ self.addEventListener('fetch', function (event) { ) ); }); + +self.addEventListener('push', function (event) { + var eventPayload = event.data.json(); + var options = { + body: eventPayload.text, + vibrate: [100, 50, 100], + data: { + url: eventPayload.url + } + }; + + event.waitUntil(self.registration.showNotification(eventPayload.title, options)); +}); + +self.addEventListener('notificationclick', function (event) { + var notification = event.notification; + var url = notification.data.url; + + clients.openWindow(url); + notification.close(); +}); + From 2adca5b78fe4b11b94195d18f0060dbebf76f4f3 Mon Sep 17 00:00:00 2001 From: James Lakin Date: Sat, 28 Mar 2020 23:32:40 +0000 Subject: [PATCH 07/21] Allow sending of notification events to hardcoded web push subscription --- models/notification.go | 22 +++++++++++++ modules/webpush/webpush_notification.go | 41 +++++++++++++++++++++++++ 2 files changed, 63 insertions(+) create mode 100644 modules/webpush/webpush_notification.go diff --git a/models/notification.go b/models/notification.go index 05b0e92c9b8b5..a5a724fe918ec 100644 --- a/models/notification.go +++ b/models/notification.go @@ -7,11 +7,13 @@ package models import ( "fmt" "path" + "strconv" "code.gitea.io/gitea/modules/log" "code.gitea.io/gitea/modules/setting" api "code.gitea.io/gitea/modules/structs" "code.gitea.io/gitea/modules/timeutil" + "code.gitea.io/gitea/modules/webpush" "xorm.io/builder" "xorm.io/xorm" @@ -193,6 +195,11 @@ func createOrUpdateIssueNotifications(e Engine, issueID, commentID int64, notifi continue } + err := sendWebPushNotification(userID, issue, commentID) + if err != nil { + log.Error("problem sending webhook notification: %v", err) + } + if notificationExists(notifications, issue.ID, userID) { if err = updateIssueNotification(e, userID, issue.ID, commentID, notificationAuthorID); err != nil { return err @@ -732,3 +739,18 @@ func UpdateNotificationStatuses(user *User, currentStatus NotificationStatus, de Update(n) return err } + +func sendWebPushNotification(userID int64, issue *Issue, commentID int64) error { + issueType := "issue" + if issue.IsPull { + issueType = "pull request" + } + + notificationPayload := &webpush.NotificationPayload{ + Title: setting.AppName + " - " + issue.Repo.MustOwner().Name + "/" + issue.Repo.Name, + Text: "New activity on " + issueType + " #" + strconv.FormatInt(issue.Index, 10) + " " + issue.Title + ".\nClick to open.", + URL: issue.HTMLURL(), + } + err := webpush.SendWebPushNotification(userID, notificationPayload) + return err +} diff --git a/modules/webpush/webpush_notification.go b/modules/webpush/webpush_notification.go new file mode 100644 index 0000000000000..751a815bbd9c1 --- /dev/null +++ b/modules/webpush/webpush_notification.go @@ -0,0 +1,41 @@ +package webpush + +import ( + "encoding/json" + + "code.gitea.io/gitea/modules/setting" + "github.com/SherClockHolmes/webpush-go" +) + +// NotificationPayload marks a JSON payload sent in a push event to the JS service worker. +// This is used for background notifications. +type NotificationPayload struct { + Title string `json:"title"` + Text string `json:"text"` + URL string `json:"url"` +} + +// SendWebPushNotification sends a background Web Push notification to any of the user's +// enrolled browsers. +func SendWebPushNotification(userID int64, payload *NotificationPayload) error { + subscriptionJSON := `{"endpoint":"https://updates.push.services.mozilla.com/wpush/v2/gAAAAABef9kAcjpOcA08JjgxxNAtS-bcR63Q8Rb2DWvjjGHJvyR3FeUc6ILDSFiuMXU6MVEdNLATfwkVQDrrwk2_ZZLawyqHQ04SpWDTiJyaPmc-izAScxmMfhkwaHE2QJ4iwaekANIUS7E0cPCbKCeKQelYXz7OsGdI_9CGp7HPW2mDSUlnTDE","keys":{"auth":"ZoXN3QIExEC1FG0ZeeyRMg","p256dh":"BFWEbLR4Yd2Jai0R-xIBlKE66U6_LXV9m33qTCRu51TVj0rIMeA4B9juluGFUxKIDYQhOtfrvsGyD0BMX33Tenc"}}` + s := &webpush.Subscription{} + json.Unmarshal([]byte(subscriptionJSON), s) + + pushPayload, err := json.Marshal(payload) + if err != nil { + return err + } + + resp, err := webpush.SendNotification(pushPayload, s, &webpush.Options{ + VAPIDPublicKey: setting.WebPushPublicKey, + VAPIDPrivateKey: setting.WebPushPrivateKey, + TTL: 30, + }) + if err != nil { + return err + } + + defer resp.Body.Close() + return nil +} From 1334af057b122923cade6867f9181a533f1d38b7 Mon Sep 17 00:00:00 2001 From: James Lakin Date: Sun, 29 Mar 2020 11:54:16 +0100 Subject: [PATCH 08/21] Link to issue comment if ID is present --- models/notification.go | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/models/notification.go b/models/notification.go index a5a724fe918ec..dc63efc7c7182 100644 --- a/models/notification.go +++ b/models/notification.go @@ -746,10 +746,15 @@ func sendWebPushNotification(userID int64, issue *Issue, commentID int64) error issueType = "pull request" } + anchorURL := "" + if commentID != 0 { + anchorURL = "#issuecomment-" + strconv.FormatInt(commentID, 10) + } + notificationPayload := &webpush.NotificationPayload{ Title: setting.AppName + " - " + issue.Repo.MustOwner().Name + "/" + issue.Repo.Name, Text: "New activity on " + issueType + " #" + strconv.FormatInt(issue.Index, 10) + " " + issue.Title + ".\nClick to open.", - URL: issue.HTMLURL(), + URL: issue.HTMLURL() + anchorURL, } err := webpush.SendWebPushNotification(userID, notificationPayload) return err From 58106e03f7b6c33036d231ed95605e33864a9b19 Mon Sep 17 00:00:00 2001 From: James Lakin Date: Sun, 29 Mar 2020 11:56:54 +0100 Subject: [PATCH 09/21] Add licence to webpush_notification --- modules/webpush/webpush_notification.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/webpush/webpush_notification.go b/modules/webpush/webpush_notification.go index 751a815bbd9c1..daa6886f4d005 100644 --- a/modules/webpush/webpush_notification.go +++ b/modules/webpush/webpush_notification.go @@ -1,3 +1,7 @@ +// Copyright 2020 The Gitea Authors. All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. + package webpush import ( From f994d6899d56abaa25308ce985e11e7851b5afae Mon Sep 17 00:00:00 2001 From: James Lakin Date: Sun, 29 Mar 2020 12:35:00 +0100 Subject: [PATCH 10/21] Add WebPushSubscription table --- models/migrations/migrations.go | 2 ++ models/migrations/v134.go | 24 ++++++++++++++++++++++++ models/models.go | 1 + models/webpush.go | 21 +++++++++++++++++++++ 4 files changed, 48 insertions(+) create mode 100644 models/migrations/v134.go create mode 100644 models/webpush.go diff --git a/models/migrations/migrations.go b/models/migrations/migrations.go index 3f18a18c6d0b4..44cd18f36cae6 100644 --- a/models/migrations/migrations.go +++ b/models/migrations/migrations.go @@ -200,6 +200,8 @@ var migrations = []Migration{ NewMigration("Add Branch Protection Protected Files Column", addBranchProtectionProtectedFilesColumn), // v133 -> v134 NewMigration("Add EmailHash Table", addEmailHashTable), + // v134 -> v135 + NewMigration("Add WebPushSubscription table", addWebPushSubcriptionTable), } // Migrate database to current version diff --git a/models/migrations/v134.go b/models/migrations/v134.go new file mode 100644 index 0000000000000..dbba18262eb0d --- /dev/null +++ b/models/migrations/v134.go @@ -0,0 +1,24 @@ +// Copyright 2020 The Gitea Authors. All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. + +package migrations + +import ( + "code.gitea.io/gitea/modules/timeutil" + "xorm.io/xorm" +) + +func addWebPushSubcriptionTable(x *xorm.Engine) error { + type WebPushSubscription struct { + ID int64 `xorm:"pk autoincr"` + UserID int64 `xorm:"INDEX"` + + Endpoint string + Auth string + P256DH string + + CreatedUnix timeutil.TimeStamp `xorm:"INDEX created"` + } + return x.Sync2(new(WebPushSubscription)) +} diff --git a/models/models.go b/models/models.go index c818c651007b4..097e162dd4566 100644 --- a/models/models.go +++ b/models/models.go @@ -125,6 +125,7 @@ func init() { new(Task), new(LanguageStat), new(EmailHash), + new(WebPushSubscription), ) gonicNames := []string{"SSL", "UID"} diff --git a/models/webpush.go b/models/webpush.go new file mode 100644 index 0000000000000..c9bfa73a2db7b --- /dev/null +++ b/models/webpush.go @@ -0,0 +1,21 @@ +// Copyright 2020 The Gitea Authors. All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. + +package models + +import ( + "code.gitea.io/gitea/modules/timeutil" +) + +// WebPushSubscription represents a HTML5 Web Push Subscription used for background notifications. +type WebPushSubscription struct { + ID int64 `xorm:"pk autoincr"` + UserID int64 `xorm:"INDEX"` + + Endpoint string + Auth string + P256DH string + + CreatedUnix timeutil.TimeStamp `xorm:"INDEX created"` +} From 09469691c80f4f84de92bd8639e3e5a3a65ea2cc Mon Sep 17 00:00:00 2001 From: James Lakin Date: Sun, 29 Mar 2020 13:09:55 +0100 Subject: [PATCH 11/21] Add Web Push model functions --- models/webpush.go | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/models/webpush.go b/models/webpush.go index c9bfa73a2db7b..69be964c7607a 100644 --- a/models/webpush.go +++ b/models/webpush.go @@ -6,6 +6,8 @@ package models import ( "code.gitea.io/gitea/modules/timeutil" + + "github.com/SherClockHolmes/webpush-go" ) // WebPushSubscription represents a HTML5 Web Push Subscription used for background notifications. @@ -19,3 +21,42 @@ type WebPushSubscription struct { CreatedUnix timeutil.TimeStamp `xorm:"INDEX created"` } + +// CreateWebPushSubscription creates a row on the push subscriptions table. +func CreateWebPushSubscription(userID int64, subscription *webpush.Subscription) error { + return createWebPushSubscription(x, userID, subscription) +} + +func createWebPushSubscription(e Engine, userID int64, subscription *webpush.Subscription) error { + webPushSubscription := &WebPushSubscription{ + UserID: userID, + Endpoint: subscription.Endpoint, + Auth: subscription.Keys.Auth, + P256DH: subscription.Keys.P256dh, + } + + _, err := e.Insert(webPushSubscription) + return err +} + +// GetWebPushSubscriptionsByUserID gets all the Web Push subscriptions for a given user +func GetWebPushSubscriptionsByUserID(userID int64) ([]*WebPushSubscription, error) { + return getWebPushSubscriptionsByUserID(x, userID) +} + +func getWebPushSubscriptionsByUserID(e Engine, userID int64) ([]*WebPushSubscription, error) { + subscriptions := make([]*WebPushSubscription, 0) + err := e.Where("user_id = ?", userID).Find(&subscriptions) + return subscriptions, err +} + +// DeleteWebPushSubscription deletes a given Web Push subscription by ID +func DeleteWebPushSubscription(subscriptionID int64) ([]*WebPushSubscription, error) { + return deleteWebPushSubscription(x, subscriptionID) +} + +func deleteWebPushSubscription(e Engine, subscriptionID int64) ([]*WebPushSubscription, error) { + subscriptions := make([]*WebPushSubscription, 0) + _, err := e.Delete(&WebPushSubscription{ID: subscriptionID}) + return subscriptions, err +} From da2323a746690b36ff1ccda7f890ff31f4b621c9 Mon Sep 17 00:00:00 2001 From: James Lakin Date: Sun, 29 Mar 2020 17:13:54 +0100 Subject: [PATCH 12/21] Refactor Web Push functions to model This is to avoid a circular import. The model triggers a web push, and the web push deletes old expired pushes. --- models/notification.go | 10 +-- models/webpush.go | 84 ++++++++++++++++++++++--- modules/structs/notifications.go | 15 +++++ modules/webpush/webpush_notification.go | 45 ------------- 4 files changed, 96 insertions(+), 58 deletions(-) delete mode 100644 modules/webpush/webpush_notification.go diff --git a/models/notification.go b/models/notification.go index dc63efc7c7182..b1e23708ee2c7 100644 --- a/models/notification.go +++ b/models/notification.go @@ -11,9 +11,9 @@ import ( "code.gitea.io/gitea/modules/log" "code.gitea.io/gitea/modules/setting" + "code.gitea.io/gitea/modules/structs" api "code.gitea.io/gitea/modules/structs" "code.gitea.io/gitea/modules/timeutil" - "code.gitea.io/gitea/modules/webpush" "xorm.io/builder" "xorm.io/xorm" @@ -195,7 +195,7 @@ func createOrUpdateIssueNotifications(e Engine, issueID, commentID int64, notifi continue } - err := sendWebPushNotification(userID, issue, commentID) + err := notificationSendWebPushNotification(userID, issue, commentID) if err != nil { log.Error("problem sending webhook notification: %v", err) } @@ -740,7 +740,7 @@ func UpdateNotificationStatuses(user *User, currentStatus NotificationStatus, de return err } -func sendWebPushNotification(userID int64, issue *Issue, commentID int64) error { +func notificationSendWebPushNotification(userID int64, issue *Issue, commentID int64) error { issueType := "issue" if issue.IsPull { issueType = "pull request" @@ -751,11 +751,11 @@ func sendWebPushNotification(userID int64, issue *Issue, commentID int64) error anchorURL = "#issuecomment-" + strconv.FormatInt(commentID, 10) } - notificationPayload := &webpush.NotificationPayload{ + notificationPayload := &structs.NotificationPayload{ Title: setting.AppName + " - " + issue.Repo.MustOwner().Name + "/" + issue.Repo.Name, Text: "New activity on " + issueType + " #" + strconv.FormatInt(issue.Index, 10) + " " + issue.Title + ".\nClick to open.", URL: issue.HTMLURL() + anchorURL, } - err := webpush.SendWebPushNotification(userID, notificationPayload) + err := SendWebPushNotificationToUser(userID, notificationPayload) return err } diff --git a/models/webpush.go b/models/webpush.go index 69be964c7607a..dcabbc06cdc34 100644 --- a/models/webpush.go +++ b/models/webpush.go @@ -5,6 +5,12 @@ package models import ( + "encoding/json" + "net/http" + + "code.gitea.io/gitea/modules/log" + "code.gitea.io/gitea/modules/setting" + "code.gitea.io/gitea/modules/structs" "code.gitea.io/gitea/modules/timeutil" "github.com/SherClockHolmes/webpush-go" @@ -23,16 +29,16 @@ type WebPushSubscription struct { } // CreateWebPushSubscription creates a row on the push subscriptions table. -func CreateWebPushSubscription(userID int64, subscription *webpush.Subscription) error { +func CreateWebPushSubscription(userID int64, subscription *structs.NotificationWebPushSubscription) error { return createWebPushSubscription(x, userID, subscription) } -func createWebPushSubscription(e Engine, userID int64, subscription *webpush.Subscription) error { +func createWebPushSubscription(e Engine, userID int64, subscription *structs.NotificationWebPushSubscription) error { webPushSubscription := &WebPushSubscription{ UserID: userID, Endpoint: subscription.Endpoint, - Auth: subscription.Keys.Auth, - P256DH: subscription.Keys.P256dh, + Auth: subscription.Auth, + P256DH: subscription.P256DH, } _, err := e.Insert(webPushSubscription) @@ -51,12 +57,74 @@ func getWebPushSubscriptionsByUserID(e Engine, userID int64) ([]*WebPushSubscrip } // DeleteWebPushSubscription deletes a given Web Push subscription by ID -func DeleteWebPushSubscription(subscriptionID int64) ([]*WebPushSubscription, error) { +func DeleteWebPushSubscription(subscriptionID int64) error { return deleteWebPushSubscription(x, subscriptionID) } -func deleteWebPushSubscription(e Engine, subscriptionID int64) ([]*WebPushSubscription, error) { - subscriptions := make([]*WebPushSubscription, 0) +func deleteWebPushSubscription(e Engine, subscriptionID int64) error { _, err := e.Delete(&WebPushSubscription{ID: subscriptionID}) - return subscriptions, err + return err +} + +// SendWebPushNotificationToUser sends a background Web Push notification to any of the user's +// enrolled browsers. +// It will also remove any failed (expired) subscriptions. +func SendWebPushNotificationToUser(userID int64, payload *structs.NotificationPayload) error { + userSubscriptions, err := GetWebPushSubscriptionsByUserID(userID) + if err != nil { + return err + } + + for _, userSubscription := range userSubscriptions { + subscription := &structs.NotificationWebPushSubscription{ + Endpoint: userSubscription.Endpoint, + Auth: userSubscription.Auth, + P256DH: userSubscription.P256DH, + } + resp, err := SendWebPushNotification(subscription, payload) + if err != nil { + return err + } + defer resp.Body.Close() + + if resp.StatusCode != http.StatusCreated { + // This is a bad subscription. It may have expired (410 Gone). + err = DeleteWebPushSubscription(userSubscription.ID) + if err != nil { + log.Error("could not delete Web Push subscription: %v", err) + return err + } + } + } + return nil +} + +// SendWebPushNotification sends a background Web Push notification to any of the user's +// enrolled browsers. +// The HTTP status code indicates success. err is for internal problems. +func SendWebPushNotification(subscription *structs.NotificationWebPushSubscription, payload *structs.NotificationPayload) (*http.Response, error) { + webPushSubscription := &webpush.Subscription{ + Endpoint: subscription.Endpoint, + Keys: webpush.Keys{ + Auth: subscription.Auth, + P256dh: subscription.P256DH, + }, + } + + pushPayload, err := json.Marshal(payload) + if err != nil { + return nil, err + } + + resp, err := webpush.SendNotification(pushPayload, webPushSubscription, &webpush.Options{ + VAPIDPublicKey: setting.WebPushPublicKey, + VAPIDPrivateKey: setting.WebPushPrivateKey, + TTL: 30, + }) + if err != nil { + return resp, err + } + + defer resp.Body.Close() + return resp, nil } diff --git a/modules/structs/notifications.go b/modules/structs/notifications.go index b6c9774a97ad8..dc5923e7ec593 100644 --- a/modules/structs/notifications.go +++ b/modules/structs/notifications.go @@ -31,3 +31,18 @@ type NotificationSubject struct { type NotificationCount struct { New int64 `json:"new"` } + +// NotificationWebPushSubscription represents a HTML5 Web Push Subscription used for background notifications. +type NotificationWebPushSubscription struct { + Endpoint string `json:"endpoint"` + Auth string `json:"auth"` + P256DH string `json:"p256dh"` +} + +// NotificationPayload marks a JSON payload sent in a push event to the JS service worker. +// This is used for background notifications. +type NotificationPayload struct { + Title string `json:"title"` + Text string `json:"text"` + URL string `json:"url"` +} diff --git a/modules/webpush/webpush_notification.go b/modules/webpush/webpush_notification.go deleted file mode 100644 index daa6886f4d005..0000000000000 --- a/modules/webpush/webpush_notification.go +++ /dev/null @@ -1,45 +0,0 @@ -// Copyright 2020 The Gitea Authors. All rights reserved. -// Use of this source code is governed by a MIT-style -// license that can be found in the LICENSE file. - -package webpush - -import ( - "encoding/json" - - "code.gitea.io/gitea/modules/setting" - "github.com/SherClockHolmes/webpush-go" -) - -// NotificationPayload marks a JSON payload sent in a push event to the JS service worker. -// This is used for background notifications. -type NotificationPayload struct { - Title string `json:"title"` - Text string `json:"text"` - URL string `json:"url"` -} - -// SendWebPushNotification sends a background Web Push notification to any of the user's -// enrolled browsers. -func SendWebPushNotification(userID int64, payload *NotificationPayload) error { - subscriptionJSON := `{"endpoint":"https://updates.push.services.mozilla.com/wpush/v2/gAAAAABef9kAcjpOcA08JjgxxNAtS-bcR63Q8Rb2DWvjjGHJvyR3FeUc6ILDSFiuMXU6MVEdNLATfwkVQDrrwk2_ZZLawyqHQ04SpWDTiJyaPmc-izAScxmMfhkwaHE2QJ4iwaekANIUS7E0cPCbKCeKQelYXz7OsGdI_9CGp7HPW2mDSUlnTDE","keys":{"auth":"ZoXN3QIExEC1FG0ZeeyRMg","p256dh":"BFWEbLR4Yd2Jai0R-xIBlKE66U6_LXV9m33qTCRu51TVj0rIMeA4B9juluGFUxKIDYQhOtfrvsGyD0BMX33Tenc"}}` - s := &webpush.Subscription{} - json.Unmarshal([]byte(subscriptionJSON), s) - - pushPayload, err := json.Marshal(payload) - if err != nil { - return err - } - - resp, err := webpush.SendNotification(pushPayload, s, &webpush.Options{ - VAPIDPublicKey: setting.WebPushPublicKey, - VAPIDPrivateKey: setting.WebPushPrivateKey, - TTL: 30, - }) - if err != nil { - return err - } - - defer resp.Body.Close() - return nil -} From 760262f7ac399645318e67666bceac6c56d290b9 Mon Sep 17 00:00:00 2001 From: James Lakin Date: Sun, 29 Mar 2020 17:15:28 +0100 Subject: [PATCH 13/21] Create endpoint to create Web Push subscriptions --- routers/api/v1/api.go | 1 + routers/api/v1/notify/notifications.go | 60 ++++++++++++++++++++++++++ routers/api/v1/swagger/options.go | 3 ++ templates/swagger/v1_json.tmpl | 50 ++++++++++++++++++++- 4 files changed, 113 insertions(+), 1 deletion(-) diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go index eee9440574d5f..6842bc832274d 100644 --- a/routers/api/v1/api.go +++ b/routers/api/v1/api.go @@ -519,6 +519,7 @@ func RegisterRoutes(m *macaron.Macaron) { Get(notify.ListNotifications). Put(notify.ReadNotifications) m.Get("/new", notify.NewAvailable) + m.Post("/subscription", bind(api.NotificationWebPushSubscription{}), notify.NewWebPushSubscription) m.Combo("/threads/:id"). Get(notify.GetThread). Patch(notify.ReadThread) diff --git a/routers/api/v1/notify/notifications.go b/routers/api/v1/notify/notifications.go index 847fe3313e0d5..5621fb56eb24c 100644 --- a/routers/api/v1/notify/notifications.go +++ b/routers/api/v1/notify/notifications.go @@ -6,9 +6,12 @@ package notify import ( "net/http" + "strings" "code.gitea.io/gitea/models" "code.gitea.io/gitea/modules/context" + "code.gitea.io/gitea/modules/log" + "code.gitea.io/gitea/modules/setting" api "code.gitea.io/gitea/modules/structs" ) @@ -31,3 +34,60 @@ func NewAvailable(ctx *context.APIContext) { ctx.Status(http.StatusNoContent) } } + +// NewWebPushSubscription check if unread notifications exist +func NewWebPushSubscription(ctx *context.APIContext, input api.NotificationWebPushSubscription) { + // swagger:operation POST /notifications/subscription notification notifyNewWebPushSubscription + // --- + // summary: Create a Web Push subscription for the current user to receieve push notifications. + // This will also produce a test notification to ensure the given details are valid. + // consumes: + // - application/json + // parameters: + // - name: body + // in: body + // schema: + // "$ref": "#/definitions/NotificationWebPushSubscription" + // responses: + // "201": + // description: The Web Push subscription was tested and saved sucessfully. + // "422": + // description: Required fields were missing or the provided subscription could not be tested successfully. + + if input.Endpoint == "" || input.Auth == "" || input.P256DH == "" { + ctx.Status(http.StatusUnprocessableEntity) + return + } + + testPayload := &api.NotificationPayload{ + Title: setting.AppName, + Text: "This is a test notification from Gitea.", + URL: setting.AppSubURL, + } + resp, err := models.SendWebPushNotification(&input, testPayload) + if err != nil { + // An invalid key causes a mathematical error. This is the user's fault. + if strings.Contains(err.Error(), "key is not a valid point on the curve") { + ctx.Status(http.StatusUnprocessableEntity) + return + } + // Otherwise it could be a network problem. + ctx.Status(http.StatusInternalServerError) + return + } + + // Web Push returns 201 on success. + if resp.StatusCode != http.StatusCreated { + ctx.Status(http.StatusUnprocessableEntity) + return + } + + err = models.CreateWebPushSubscription(ctx.User.ID, &input) + if err != nil { + log.Error("could not create web push: %v", err) + ctx.Status(http.StatusInternalServerError) + return + } + + ctx.Status(http.StatusCreated) +} diff --git a/routers/api/v1/swagger/options.go b/routers/api/v1/swagger/options.go index 4bb649616a01a..8f66c3d739728 100644 --- a/routers/api/v1/swagger/options.go +++ b/routers/api/v1/swagger/options.go @@ -137,4 +137,7 @@ type swaggerParameterBodies struct { // in:body CreateOAuth2ApplicationOptions api.CreateOAuth2ApplicationOptions + + // in:body + NotificationWebPushSubscription api.NotificationWebPushSubscription } diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl index c564f8739b0bc..ed4d5c39677e9 100644 --- a/templates/swagger/v1_json.tmpl +++ b/templates/swagger/v1_json.tmpl @@ -537,6 +537,35 @@ } } }, + "/notifications/subscription": { + "post": { + "consumes": [ + "application/json" + ], + "tags": [ + "notification" + ], + "summary": "Create a Web Push subscription for the current user to receieve push notifications. This will also produce a test notification to ensure the given details are valid.", + "operationId": "notifyNewWebPushSubscription", + "parameters": [ + { + "name": "body", + "in": "body", + "schema": { + "$ref": "#/definitions/NotificationWebPushSubscription" + } + } + ], + "responses": { + "201": { + "description": "The Web Push subscription was tested and saved sucessfully." + }, + "422": { + "description": "Required fields were missing or the provided subscription could not be tested successfully." + } + } + } + }, "/notifications/threads/{id}": { "get": { "consumes": [ @@ -12316,6 +12345,25 @@ }, "x-go-package": "code.gitea.io/gitea/modules/structs" }, + "NotificationWebPushSubscription": { + "type": "object", + "title": "NotificationWebPushSubscription represents a HTML5 Web Push Subscription used for background notifications.", + "properties": { + "auth": { + "type": "string", + "x-go-name": "Auth" + }, + "endpoint": { + "type": "string", + "x-go-name": "Endpoint" + }, + "p256dh": { + "type": "string", + "x-go-name": "P256DH" + } + }, + "x-go-package": "code.gitea.io/gitea/modules/structs" + }, "OAuth2Application": { "type": "object", "title": "OAuth2Application represents an OAuth2 application.", @@ -14140,7 +14188,7 @@ "parameterBodies": { "description": "parameterBodies", "schema": { - "$ref": "#/definitions/CreateOAuth2ApplicationOptions" + "$ref": "#/definitions/NotificationWebPushSubscription" } }, "redirect": { From 7d0fd8cd17803c630caf1c3418e522132121085c Mon Sep 17 00:00:00 2001 From: James Lakin Date: Sun, 29 Mar 2020 20:50:46 +0100 Subject: [PATCH 14/21] Make Web Push endpoint unique --- models/migrations/v134.go | 2 +- models/webpush.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/models/migrations/v134.go b/models/migrations/v134.go index dbba18262eb0d..30d5ef159c160 100644 --- a/models/migrations/v134.go +++ b/models/migrations/v134.go @@ -14,7 +14,7 @@ func addWebPushSubcriptionTable(x *xorm.Engine) error { ID int64 `xorm:"pk autoincr"` UserID int64 `xorm:"INDEX"` - Endpoint string + Endpoint string `xorm:"UNIQUE"` Auth string P256DH string diff --git a/models/webpush.go b/models/webpush.go index dcabbc06cdc34..0830fe3a417b2 100644 --- a/models/webpush.go +++ b/models/webpush.go @@ -21,7 +21,7 @@ type WebPushSubscription struct { ID int64 `xorm:"pk autoincr"` UserID int64 `xorm:"INDEX"` - Endpoint string + Endpoint string `xorm:"UNIQUE"` Auth string P256DH string From 4aada2ecb90283c0cbc045c8225177c9fe4e248d Mon Sep 17 00:00:00 2001 From: James Lakin Date: Sun, 29 Mar 2020 20:51:29 +0100 Subject: [PATCH 15/21] Tweak endpoint to accept non-token authentication --- routers/api/v1/api.go | 3 ++- routers/api/v1/notify/notifications.go | 9 +++++++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go index 6842bc832274d..0313a913e1d38 100644 --- a/routers/api/v1/api.go +++ b/routers/api/v1/api.go @@ -519,11 +519,12 @@ func RegisterRoutes(m *macaron.Macaron) { Get(notify.ListNotifications). Put(notify.ReadNotifications) m.Get("/new", notify.NewAvailable) - m.Post("/subscription", bind(api.NotificationWebPushSubscription{}), notify.NewWebPushSubscription) m.Combo("/threads/:id"). Get(notify.GetThread). Patch(notify.ReadThread) }, reqToken()) + // Can also make use of session-based authentication, hence reqToken isn't used as above: + m.Post("/notifications/subscription", bind(api.NotificationWebPushSubscription{}), notify.NewWebPushSubscription) // Users m.Group("/users", func() { diff --git a/routers/api/v1/notify/notifications.go b/routers/api/v1/notify/notifications.go index 5621fb56eb24c..ed4aaed1db153 100644 --- a/routers/api/v1/notify/notifications.go +++ b/routers/api/v1/notify/notifications.go @@ -54,6 +54,11 @@ func NewWebPushSubscription(ctx *context.APIContext, input api.NotificationWebPu // "422": // description: Required fields were missing or the provided subscription could not be tested successfully. + if !ctx.IsSigned { + ctx.Context.Error(http.StatusUnauthorized) + return + } + if input.Endpoint == "" || input.Auth == "" || input.P256DH == "" { ctx.Status(http.StatusUnprocessableEntity) return @@ -61,8 +66,8 @@ func NewWebPushSubscription(ctx *context.APIContext, input api.NotificationWebPu testPayload := &api.NotificationPayload{ Title: setting.AppName, - Text: "This is a test notification from Gitea.", - URL: setting.AppSubURL, + Text: "This is a test notification from Gitea. If you're reading this notifications are working. Hooray!", + URL: setting.AppURL, } resp, err := models.SendWebPushNotification(&input, testPayload) if err != nil { From e82a5a97fa04f96db56cf69e2d72af0b4b8031db Mon Sep 17 00:00:00 2001 From: James Lakin Date: Sun, 29 Mar 2020 21:25:03 +0100 Subject: [PATCH 16/21] Allow subscribing to push notifications in the UI --- web_src/js/features/pushnotifications.js | 26 +++++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/web_src/js/features/pushnotifications.js b/web_src/js/features/pushnotifications.js index e666ea8dff384..a79233153bd9b 100644 --- a/web_src/js/features/pushnotifications.js +++ b/web_src/js/features/pushnotifications.js @@ -11,7 +11,7 @@ export default async function initPushNotificationsOptIn() { async function subscribe() { const canNotify = await hasNotificationPermission(); - if (!canNotify) return alert('Denied.'); + if (!canNotify) return false; /** @type {ServiceWorkerRegistration} */ const registration = window.serviceWorkerRegistration; @@ -19,8 +19,28 @@ async function subscribe() { userVisibleOnly: true, applicationServerKey: window.config.WebPushPublicKey }); - // eslint-disable-next-line no-console - console.log(JSON.stringify(subscriptionResults.toJSON())); + await createGiteaServerSubscription(subscriptionResults.toJSON()); +} + +async function createGiteaServerSubscription(subscriptionJSON) { + try { + const request = await fetch(`${window.config.AppSubUrl}/api/v1/notifications/subscription`, { + credentials: 'include', + method: 'POST', + headers: { + 'Content-Type': 'application/json; charset=utf-8', + }, + body: JSON.stringify({ + endpoint: subscriptionJSON.endpoint, + auth: subscriptionJSON.keys.auth, + p256dh: subscriptionJSON.keys.p256dh + }) + }); + if (request.status === 201) return true; + } catch (error) { + console.error(error); + } + return false; } async function hasNotificationPermission() { From c25003b9d155836d5632ac25325014457156d664 Mon Sep 17 00:00:00 2001 From: James Lakin Date: Sun, 29 Mar 2020 22:14:50 +0100 Subject: [PATCH 17/21] Vendor webpush-go dependency No, I'm not sure why crypto has updated slightly during `go get`... --- .../SherClockHolmes/webpush-go/.gitignore | 4 + .../SherClockHolmes/webpush-go/LICENSE | 21 ++ .../SherClockHolmes/webpush-go/README.md | 62 +++++ .../SherClockHolmes/webpush-go/go.mod | 8 + .../SherClockHolmes/webpush-go/go.sum | 4 + .../SherClockHolmes/webpush-go/urgency.go | 26 ++ .../SherClockHolmes/webpush-go/vapid.go | 99 +++++++ .../SherClockHolmes/webpush-go/webpush.go | 252 ++++++++++++++++++ vendor/golang.org/x/crypto/hkdf/hkdf.go | 93 +++++++ vendor/golang.org/x/crypto/ssh/kex.go | 4 +- vendor/golang.org/x/crypto/ssh/keys.go | 18 +- vendor/modules.txt | 6 +- 12 files changed, 589 insertions(+), 8 deletions(-) create mode 100644 vendor/github.com/SherClockHolmes/webpush-go/.gitignore create mode 100644 vendor/github.com/SherClockHolmes/webpush-go/LICENSE create mode 100644 vendor/github.com/SherClockHolmes/webpush-go/README.md create mode 100644 vendor/github.com/SherClockHolmes/webpush-go/go.mod create mode 100644 vendor/github.com/SherClockHolmes/webpush-go/go.sum create mode 100644 vendor/github.com/SherClockHolmes/webpush-go/urgency.go create mode 100644 vendor/github.com/SherClockHolmes/webpush-go/vapid.go create mode 100644 vendor/github.com/SherClockHolmes/webpush-go/webpush.go create mode 100644 vendor/golang.org/x/crypto/hkdf/hkdf.go diff --git a/vendor/github.com/SherClockHolmes/webpush-go/.gitignore b/vendor/github.com/SherClockHolmes/webpush-go/.gitignore new file mode 100644 index 0000000000000..13b7c32ac2591 --- /dev/null +++ b/vendor/github.com/SherClockHolmes/webpush-go/.gitignore @@ -0,0 +1,4 @@ +vendor/** + +.DS_Store +*.out diff --git a/vendor/github.com/SherClockHolmes/webpush-go/LICENSE b/vendor/github.com/SherClockHolmes/webpush-go/LICENSE new file mode 100644 index 0000000000000..161eac777d374 --- /dev/null +++ b/vendor/github.com/SherClockHolmes/webpush-go/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2016 Ethan Holmes + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/vendor/github.com/SherClockHolmes/webpush-go/README.md b/vendor/github.com/SherClockHolmes/webpush-go/README.md new file mode 100644 index 0000000000000..202f8b0aa1c32 --- /dev/null +++ b/vendor/github.com/SherClockHolmes/webpush-go/README.md @@ -0,0 +1,62 @@ +# webpush-go + +[![Go Report Card](https://goreportcard.com/badge/github.com/SherClockHolmes/webpush-go)](https://goreportcard.com/report/github.com/SherClockHolmes/webpush-go) +[![GoDoc](https://godoc.org/github.com/SherClockHolmes/webpush-go?status.svg)](https://godoc.org/github.com/SherClockHolmes/webpush-go) + +Web Push API Encryption with VAPID support. + +```bash +go get -u github.com/SherClockHolmes/webpush-go +``` + +## Example + +For a full example, refer to the code in the [example](example/) directory. + +```go +package main + +import ( + "encoding/json" + + webpush "github.com/SherClockHolmes/webpush-go" +) + +func main() { + // Decode subscription + s := &webpush.Subscription{} + json.Unmarshal([]byte(""), s) + + // Send Notification + _, err := webpush.SendNotification([]byte("Test"), s, &webpush.Options{ + Subscriber: "example@example.com", + VAPIDPublicKey: "", + VAPIDPrivateKey: "", + TTL: 30, + }) + if err != nil { + // TODO: Handle error + } +} +``` + +### Generating VAPID Keys + +Use the helper method `GenerateVAPIDKeys` to generate the VAPID key pair. + +```golang +privateKey, publicKey, err := webpush.GenerateVAPIDKeys() +if err != nil { + // TODO: Handle error +} +``` + +## Development + +1. Install [Go 1.11+](https://golang.org/) +2. `go mod vendor` +3. `go test` + +#### For other language implementations visit: + +[WebPush Libs](https://github.com/web-push-libs) diff --git a/vendor/github.com/SherClockHolmes/webpush-go/go.mod b/vendor/github.com/SherClockHolmes/webpush-go/go.mod new file mode 100644 index 0000000000000..1f2a28f17661c --- /dev/null +++ b/vendor/github.com/SherClockHolmes/webpush-go/go.mod @@ -0,0 +1,8 @@ +module github.com/SherClockHolmes/webpush-go + +require ( + github.com/dgrijalva/jwt-go v3.2.0+incompatible + golang.org/x/crypto v0.0.0-20190131182504-b8fe1690c613 +) + +go 1.13 diff --git a/vendor/github.com/SherClockHolmes/webpush-go/go.sum b/vendor/github.com/SherClockHolmes/webpush-go/go.sum new file mode 100644 index 0000000000000..c784ca6eb147b --- /dev/null +++ b/vendor/github.com/SherClockHolmes/webpush-go/go.sum @@ -0,0 +1,4 @@ +github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM= +github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= +golang.org/x/crypto v0.0.0-20190131182504-b8fe1690c613 h1:MQ/ZZiDsUapFFiMS+vzwXkCTeEKaum+Do5rINYJDmxc= +golang.org/x/crypto v0.0.0-20190131182504-b8fe1690c613/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= diff --git a/vendor/github.com/SherClockHolmes/webpush-go/urgency.go b/vendor/github.com/SherClockHolmes/webpush-go/urgency.go new file mode 100644 index 0000000000000..97c4a32b42c54 --- /dev/null +++ b/vendor/github.com/SherClockHolmes/webpush-go/urgency.go @@ -0,0 +1,26 @@ +package webpush + +// Urgency indicates to the push service how important a message is to the user. +// This can be used by the push service to help conserve the battery life of a user's device +// by only waking up for important messages when battery is low. +type Urgency string + +const ( + // UrgencyVeryLow requires device state: on power and Wi-Fi + UrgencyVeryLow Urgency = "very-low" + // UrgencyLow requires device state: on either power or Wi-Fi + UrgencyLow Urgency = "low" + // UrgencyNormal excludes device state: low battery + UrgencyNormal Urgency = "normal" + // UrgencyHigh admits device state: low battery + UrgencyHigh Urgency = "high" +) + +// Checking allowable values for the urgency header +func isValidUrgency(urgency Urgency) bool { + switch urgency { + case UrgencyVeryLow, UrgencyLow, UrgencyNormal, UrgencyHigh: + return true + } + return false +} diff --git a/vendor/github.com/SherClockHolmes/webpush-go/vapid.go b/vendor/github.com/SherClockHolmes/webpush-go/vapid.go new file mode 100644 index 0000000000000..20dffaa64afc3 --- /dev/null +++ b/vendor/github.com/SherClockHolmes/webpush-go/vapid.go @@ -0,0 +1,99 @@ +package webpush + +import ( + "crypto/ecdsa" + "crypto/elliptic" + "crypto/rand" + "encoding/base64" + "fmt" + "math/big" + "net/url" + "time" + + jwt "github.com/dgrijalva/jwt-go" +) + +// GenerateVAPIDKeys will create a private and public VAPID key pair +func GenerateVAPIDKeys() (privateKey, publicKey string, err error) { + // Get the private key from the P256 curve + curve := elliptic.P256() + + private, x, y, err := elliptic.GenerateKey(curve, rand.Reader) + if err != nil { + return + } + + public := elliptic.Marshal(curve, x, y) + + // Convert to base64 + publicKey = base64.RawURLEncoding.EncodeToString(public) + privateKey = base64.RawURLEncoding.EncodeToString(private) + + return +} + +// Generates the ECDSA public and private keys for the JWT encryption +func generateVAPIDHeaderKeys(privateKey []byte) *ecdsa.PrivateKey { + // Public key + curve := elliptic.P256() + px, py := curve.ScalarMult( + curve.Params().Gx, + curve.Params().Gy, + privateKey, + ) + + pubKey := ecdsa.PublicKey{ + Curve: curve, + X: px, + Y: py, + } + + // Private key + d := &big.Int{} + d.SetBytes(privateKey) + + return &ecdsa.PrivateKey{ + PublicKey: pubKey, + D: d, + } +} + +// getVAPIDAuthorizationHeader +func getVAPIDAuthorizationHeader( + endpoint, + subscriber, + vapidPublicKey, + vapidPrivateKey string, +) (string, error) { + // Create the JWT token + subURL, err := url.Parse(endpoint) + if err != nil { + return "", err + } + + token := jwt.NewWithClaims(jwt.SigningMethodES256, jwt.MapClaims{ + "aud": fmt.Sprintf("%s://%s", subURL.Scheme, subURL.Host), + "exp": time.Now().Add(time.Hour * 12).Unix(), + "sub": fmt.Sprintf("mailto:%s", subscriber), + }) + + // ECDSA + decodedVapidPrivateKey, err := base64.RawURLEncoding.DecodeString(vapidPrivateKey) + if err != nil { + return "", err + } + + privKey := generateVAPIDHeaderKeys(decodedVapidPrivateKey) + + // Sign token with private key + jwtString, err := token.SignedString(privKey) + if err != nil { + return "", err + } + + return fmt.Sprintf( + "vapid t=%s, k=%s", + jwtString, + vapidPublicKey, + ), nil +} diff --git a/vendor/github.com/SherClockHolmes/webpush-go/webpush.go b/vendor/github.com/SherClockHolmes/webpush-go/webpush.go new file mode 100644 index 0000000000000..6b41aa0effd2e --- /dev/null +++ b/vendor/github.com/SherClockHolmes/webpush-go/webpush.go @@ -0,0 +1,252 @@ +package webpush + +import ( + "bytes" + "crypto/aes" + "crypto/cipher" + "crypto/elliptic" + "crypto/rand" + "crypto/sha256" + "encoding/base64" + "encoding/binary" + "errors" + "io" + "net/http" + "strconv" + "strings" + + "golang.org/x/crypto/hkdf" +) + +const MaxRecordSize uint32 = 4096 + +// saltFunc generates a salt of 16 bytes +var saltFunc = func() ([]byte, error) { + salt := make([]byte, 16) + _, err := io.ReadFull(rand.Reader, salt) + if err != nil { + return salt, err + } + + return salt, nil +} + +// HTTPClient is an interface for sending the notification HTTP request / testing +type HTTPClient interface { + Do(*http.Request) (*http.Response, error) +} + +// Options are config and extra params needed to send a notification +type Options struct { + HTTPClient HTTPClient // Will replace with *http.Client by default if not included + RecordSize uint32 // Limit the record size + Subscriber string // Sub in VAPID JWT token + Topic string // Set the Topic header to collapse a pending messages (Optional) + TTL int // Set the TTL on the endpoint POST request + Urgency Urgency // Set the Urgency header to change a message priority (Optional) + VAPIDPublicKey string // VAPID public key, passed in VAPID Authorization header + VAPIDPrivateKey string // VAPID private key, used to sign VAPID JWT token +} + +// Keys are the base64 encoded values from PushSubscription.getKey() +type Keys struct { + Auth string `json:"auth"` + P256dh string `json:"p256dh"` +} + +// Subscription represents a PushSubscription object from the Push API +type Subscription struct { + Endpoint string `json:"endpoint"` + Keys Keys `json:"keys"` +} + +// SendNotification sends a push notification to a subscription's endpoint +// Message Encryption for Web Push, and VAPID protocols. +// FOR MORE INFORMATION SEE RFC8291: https://datatracker.ietf.org/doc/rfc8291 +func SendNotification(message []byte, s *Subscription, options *Options) (*http.Response, error) { + // Authentication secret (auth_secret) + authSecret, err := decodeSubscriptionKey(s.Keys.Auth) + if err != nil { + return nil, err + } + + // dh (Diffie Hellman) + dh, err := decodeSubscriptionKey(s.Keys.P256dh) + if err != nil { + return nil, err + } + + // Generate 16 byte salt + salt, err := saltFunc() + if err != nil { + return nil, err + } + + // Create the ecdh_secret shared key pair + curve := elliptic.P256() + + // Application server key pairs (single use) + localPrivateKey, x, y, err := elliptic.GenerateKey(curve, rand.Reader) + if err != nil { + return nil, err + } + + localPublicKey := elliptic.Marshal(curve, x, y) + + // Combine application keys with dh + sharedX, sharedY := elliptic.Unmarshal(curve, dh) + if sharedX == nil { + return nil, errors.New("Unmarshal Error: Public key is not a valid point on the curve") + } + + sx, _ := curve.ScalarMult(sharedX, sharedY, localPrivateKey) + sharedECDHSecret := sx.Bytes() + + hash := sha256.New + + // ikm + prkInfoBuf := bytes.NewBuffer([]byte("WebPush: info\x00")) + prkInfoBuf.Write(dh) + prkInfoBuf.Write(localPublicKey) + + prkHKDF := hkdf.New(hash, sharedECDHSecret, authSecret, prkInfoBuf.Bytes()) + ikm, err := getHKDFKey(prkHKDF, 32) + if err != nil { + return nil, err + } + + // Derive Content Encryption Key + contentEncryptionKeyInfo := []byte("Content-Encoding: aes128gcm\x00") + contentHKDF := hkdf.New(hash, ikm, salt, contentEncryptionKeyInfo) + contentEncryptionKey, err := getHKDFKey(contentHKDF, 16) + if err != nil { + return nil, err + } + + // Derive the Nonce + nonceInfo := []byte("Content-Encoding: nonce\x00") + nonceHKDF := hkdf.New(hash, ikm, salt, nonceInfo) + nonce, err := getHKDFKey(nonceHKDF, 12) + if err != nil { + return nil, err + } + + // Cipher + c, err := aes.NewCipher(contentEncryptionKey) + if err != nil { + return nil, err + } + + gcm, err := cipher.NewGCM(c) + if err != nil { + return nil, err + } + + // Get the record size + recordSize := options.RecordSize + if recordSize == 0 { + recordSize = MaxRecordSize + } + + recordLength := int(recordSize) - 16 + + // Encryption Content-Coding Header + recordBuf := bytes.NewBuffer(salt) + + rs := make([]byte, 4) + binary.BigEndian.PutUint32(rs, recordSize) + + recordBuf.Write(rs) + recordBuf.Write([]byte{byte(len(localPublicKey))}) + recordBuf.Write(localPublicKey) + + // Data + dataBuf := bytes.NewBuffer(message) + + // Pad content to max record size - 16 - header + // Padding ending delimeter + dataBuf.Write([]byte("\x02")) + pad(dataBuf, recordLength-recordBuf.Len()) + + // Compose the ciphertext + ciphertext := gcm.Seal([]byte{}, nonce, dataBuf.Bytes(), nil) + recordBuf.Write(ciphertext) + + // POST request + req, err := http.NewRequest("POST", s.Endpoint, recordBuf) + if err != nil { + return nil, err + } + + req.Header.Set("Content-Encoding", "aes128gcm") + req.Header.Set("Content-Length", strconv.Itoa(len(ciphertext))) + req.Header.Set("Content-Type", "application/octet-stream") + req.Header.Set("TTL", strconv.Itoa(options.TTL)) + + // Сheck the optional headers + if len(options.Topic) > 0 { + req.Header.Set("Topic", options.Topic) + } + + if isValidUrgency(options.Urgency) { + req.Header.Set("Urgency", string(options.Urgency)) + } + + // Get VAPID Authorization header + vapidAuthHeader, err := getVAPIDAuthorizationHeader( + s.Endpoint, + options.Subscriber, + options.VAPIDPublicKey, + options.VAPIDPrivateKey, + ) + if err != nil { + return nil, err + } + + req.Header.Set("Authorization", vapidAuthHeader) + + // Send the request + var client HTTPClient + if options.HTTPClient != nil { + client = options.HTTPClient + } else { + client = &http.Client{} + } + + return client.Do(req) +} + +// decodeSubscriptionKey decodes a base64 subscription key. +// if necessary, add "=" padding to the key for URL decode +func decodeSubscriptionKey(key string) ([]byte, error) { + // "=" padding + buf := bytes.NewBufferString(key) + if rem := len(key) % 4; rem != 0 { + buf.WriteString(strings.Repeat("=", 4-rem)) + } + + bytes, err := base64.StdEncoding.DecodeString(buf.String()) + if err == nil { + return bytes, nil + } + return base64.URLEncoding.DecodeString(buf.String()) +} + +// Returns a key of length "length" given an hkdf function +func getHKDFKey(hkdf io.Reader, length int) ([]byte, error) { + key := make([]byte, length) + n, err := io.ReadFull(hkdf, key) + if n != len(key) || err != nil { + return key, err + } + + return key, nil +} + +func pad(payload *bytes.Buffer, maxPadLen int) { + payloadLen := payload.Len() + padLen := maxPadLen - payloadLen + + padding := make([]byte, padLen) + payload.Write(padding) +} diff --git a/vendor/golang.org/x/crypto/hkdf/hkdf.go b/vendor/golang.org/x/crypto/hkdf/hkdf.go new file mode 100644 index 0000000000000..dda3f143bec50 --- /dev/null +++ b/vendor/golang.org/x/crypto/hkdf/hkdf.go @@ -0,0 +1,93 @@ +// Copyright 2014 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Package hkdf implements the HMAC-based Extract-and-Expand Key Derivation +// Function (HKDF) as defined in RFC 5869. +// +// HKDF is a cryptographic key derivation function (KDF) with the goal of +// expanding limited input keying material into one or more cryptographically +// strong secret keys. +package hkdf // import "golang.org/x/crypto/hkdf" + +import ( + "crypto/hmac" + "errors" + "hash" + "io" +) + +// Extract generates a pseudorandom key for use with Expand from an input secret +// and an optional independent salt. +// +// Only use this function if you need to reuse the extracted key with multiple +// Expand invocations and different context values. Most common scenarios, +// including the generation of multiple keys, should use New instead. +func Extract(hash func() hash.Hash, secret, salt []byte) []byte { + if salt == nil { + salt = make([]byte, hash().Size()) + } + extractor := hmac.New(hash, salt) + extractor.Write(secret) + return extractor.Sum(nil) +} + +type hkdf struct { + expander hash.Hash + size int + + info []byte + counter byte + + prev []byte + buf []byte +} + +func (f *hkdf) Read(p []byte) (int, error) { + // Check whether enough data can be generated + need := len(p) + remains := len(f.buf) + int(255-f.counter+1)*f.size + if remains < need { + return 0, errors.New("hkdf: entropy limit reached") + } + // Read any leftover from the buffer + n := copy(p, f.buf) + p = p[n:] + + // Fill the rest of the buffer + for len(p) > 0 { + f.expander.Reset() + f.expander.Write(f.prev) + f.expander.Write(f.info) + f.expander.Write([]byte{f.counter}) + f.prev = f.expander.Sum(f.prev[:0]) + f.counter++ + + // Copy the new batch into p + f.buf = f.prev + n = copy(p, f.buf) + p = p[n:] + } + // Save leftovers for next run + f.buf = f.buf[n:] + + return need, nil +} + +// Expand returns a Reader, from which keys can be read, using the given +// pseudorandom key and optional context info, skipping the extraction step. +// +// The pseudorandomKey should have been generated by Extract, or be a uniformly +// random or pseudorandom cryptographically strong key. See RFC 5869, Section +// 3.3. Most common scenarios will want to use New instead. +func Expand(hash func() hash.Hash, pseudorandomKey, info []byte) io.Reader { + expander := hmac.New(hash, pseudorandomKey) + return &hkdf{expander, expander.Size(), info, 1, nil, nil} +} + +// New returns a Reader, from which keys can be read, using the given hash, +// secret, salt and context info. Salt and info can be nil. +func New(hash func() hash.Hash, secret, salt, info []byte) io.Reader { + prk := Extract(hash, secret, salt) + return Expand(hash, prk, info) +} diff --git a/vendor/golang.org/x/crypto/ssh/kex.go b/vendor/golang.org/x/crypto/ssh/kex.go index 6c3c648fc952c..7eedb209fa7fb 100644 --- a/vendor/golang.org/x/crypto/ssh/kex.go +++ b/vendor/golang.org/x/crypto/ssh/kex.go @@ -572,7 +572,7 @@ func (gex *dhGEXSHA) diffieHellman(theirPublic, myPrivate *big.Int) (*big.Int, e return new(big.Int).Exp(theirPublic, myPrivate, gex.p), nil } -func (gex *dhGEXSHA) Client(c packetConn, randSource io.Reader, magics *handshakeMagics) (*kexResult, error) { +func (gex dhGEXSHA) Client(c packetConn, randSource io.Reader, magics *handshakeMagics) (*kexResult, error) { // Send GexRequest kexDHGexRequest := kexDHGexRequestMsg{ MinBits: dhGroupExchangeMinimumBits, @@ -677,7 +677,7 @@ func (gex *dhGEXSHA) Client(c packetConn, randSource io.Reader, magics *handshak // Server half implementation of the Diffie Hellman Key Exchange with SHA1 and SHA256. // // This is a minimal implementation to satisfy the automated tests. -func (gex *dhGEXSHA) Server(c packetConn, randSource io.Reader, magics *handshakeMagics, priv Signer) (result *kexResult, err error) { +func (gex dhGEXSHA) Server(c packetConn, randSource io.Reader, magics *handshakeMagics, priv Signer) (result *kexResult, err error) { // Receive GexRequest packet, err := c.readPacket() if err != nil { diff --git a/vendor/golang.org/x/crypto/ssh/keys.go b/vendor/golang.org/x/crypto/ssh/keys.go index 06f537c135a55..31f26349a05ff 100644 --- a/vendor/golang.org/x/crypto/ssh/keys.go +++ b/vendor/golang.org/x/crypto/ssh/keys.go @@ -1246,15 +1246,23 @@ func passphraseProtectedOpenSSHKey(passphrase []byte) openSSHDecryptFunc { } key, iv := k[:32], k[32:] - if cipherName != "aes256-ctr" { - return nil, fmt.Errorf("ssh: unknown cipher %q, only supports %q", cipherName, "aes256-ctr") - } c, err := aes.NewCipher(key) if err != nil { return nil, err } - ctr := cipher.NewCTR(c, iv) - ctr.XORKeyStream(privKeyBlock, privKeyBlock) + switch cipherName { + case "aes256-ctr": + ctr := cipher.NewCTR(c, iv) + ctr.XORKeyStream(privKeyBlock, privKeyBlock) + case "aes256-cbc": + if len(privKeyBlock)%c.BlockSize() != 0 { + return nil, fmt.Errorf("ssh: invalid encrypted private key length, not a multiple of the block size") + } + cbc := cipher.NewCBCDecrypter(c, iv) + cbc.CryptBlocks(privKeyBlock, privKeyBlock) + default: + return nil, fmt.Errorf("ssh: unknown cipher %q, only supports %q or %q", cipherName, "aes256-ctr", "aes256-cbc") + } return privKeyBlock, nil } diff --git a/vendor/modules.txt b/vendor/modules.txt index 98ee2f9b128ad..b14055784f252 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -57,6 +57,9 @@ github.com/PuerkitoBio/urlesc # github.com/RoaringBitmap/roaring v0.4.21 ## explicit github.com/RoaringBitmap/roaring +# github.com/SherClockHolmes/webpush-go v1.1.0 +## explicit +github.com/SherClockHolmes/webpush-go # github.com/andybalholm/cascadia v1.0.0 github.com/andybalholm/cascadia # github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239 @@ -633,7 +636,7 @@ go.mongodb.org/mongo-driver/bson/bsonrw go.mongodb.org/mongo-driver/bson/bsontype go.mongodb.org/mongo-driver/bson/primitive go.mongodb.org/mongo-driver/x/bsonx/bsoncore -# golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073 +# golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59 ## explicit golang.org/x/crypto/acme golang.org/x/crypto/acme/autocert @@ -646,6 +649,7 @@ golang.org/x/crypto/chacha20 golang.org/x/crypto/curve25519 golang.org/x/crypto/ed25519 golang.org/x/crypto/ed25519/internal/edwards25519 +golang.org/x/crypto/hkdf golang.org/x/crypto/internal/subtle golang.org/x/crypto/md4 golang.org/x/crypto/openpgp From cd809b1a6d57b02341c96aabf15dd8832282f397 Mon Sep 17 00:00:00 2001 From: James Lakin Date: Mon, 13 Apr 2020 16:46:15 +0100 Subject: [PATCH 18/21] Attempt to 'make vendor' again --- go.sum | 2 -- vendor/golang.org/x/crypto/ssh/kex.go | 4 ++-- vendor/golang.org/x/crypto/ssh/keys.go | 18 +++++------------- vendor/modules.txt | 2 +- 4 files changed, 8 insertions(+), 18 deletions(-) diff --git a/go.sum b/go.sum index 8752c61d0f920..81154824580d4 100644 --- a/go.sum +++ b/go.sum @@ -654,8 +654,6 @@ golang.org/x/crypto v0.0.0-20190927123631-a832865fa7ad/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073 h1:xMPOj6Pz6UipU1wXLkrtqpHbR0AVFnyPEQq/wRWz9lM= golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59 h1:3zb4D3T4G8jdExgVU/95+vQXfpEPiMdCaZgmGVxjNHM= -golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= diff --git a/vendor/golang.org/x/crypto/ssh/kex.go b/vendor/golang.org/x/crypto/ssh/kex.go index 7eedb209fa7fb..6c3c648fc952c 100644 --- a/vendor/golang.org/x/crypto/ssh/kex.go +++ b/vendor/golang.org/x/crypto/ssh/kex.go @@ -572,7 +572,7 @@ func (gex *dhGEXSHA) diffieHellman(theirPublic, myPrivate *big.Int) (*big.Int, e return new(big.Int).Exp(theirPublic, myPrivate, gex.p), nil } -func (gex dhGEXSHA) Client(c packetConn, randSource io.Reader, magics *handshakeMagics) (*kexResult, error) { +func (gex *dhGEXSHA) Client(c packetConn, randSource io.Reader, magics *handshakeMagics) (*kexResult, error) { // Send GexRequest kexDHGexRequest := kexDHGexRequestMsg{ MinBits: dhGroupExchangeMinimumBits, @@ -677,7 +677,7 @@ func (gex dhGEXSHA) Client(c packetConn, randSource io.Reader, magics *handshake // Server half implementation of the Diffie Hellman Key Exchange with SHA1 and SHA256. // // This is a minimal implementation to satisfy the automated tests. -func (gex dhGEXSHA) Server(c packetConn, randSource io.Reader, magics *handshakeMagics, priv Signer) (result *kexResult, err error) { +func (gex *dhGEXSHA) Server(c packetConn, randSource io.Reader, magics *handshakeMagics, priv Signer) (result *kexResult, err error) { // Receive GexRequest packet, err := c.readPacket() if err != nil { diff --git a/vendor/golang.org/x/crypto/ssh/keys.go b/vendor/golang.org/x/crypto/ssh/keys.go index 31f26349a05ff..06f537c135a55 100644 --- a/vendor/golang.org/x/crypto/ssh/keys.go +++ b/vendor/golang.org/x/crypto/ssh/keys.go @@ -1246,23 +1246,15 @@ func passphraseProtectedOpenSSHKey(passphrase []byte) openSSHDecryptFunc { } key, iv := k[:32], k[32:] + if cipherName != "aes256-ctr" { + return nil, fmt.Errorf("ssh: unknown cipher %q, only supports %q", cipherName, "aes256-ctr") + } c, err := aes.NewCipher(key) if err != nil { return nil, err } - switch cipherName { - case "aes256-ctr": - ctr := cipher.NewCTR(c, iv) - ctr.XORKeyStream(privKeyBlock, privKeyBlock) - case "aes256-cbc": - if len(privKeyBlock)%c.BlockSize() != 0 { - return nil, fmt.Errorf("ssh: invalid encrypted private key length, not a multiple of the block size") - } - cbc := cipher.NewCBCDecrypter(c, iv) - cbc.CryptBlocks(privKeyBlock, privKeyBlock) - default: - return nil, fmt.Errorf("ssh: unknown cipher %q, only supports %q or %q", cipherName, "aes256-ctr", "aes256-cbc") - } + ctr := cipher.NewCTR(c, iv) + ctr.XORKeyStream(privKeyBlock, privKeyBlock) return privKeyBlock, nil } diff --git a/vendor/modules.txt b/vendor/modules.txt index 29f3038019354..91950d8da0073 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -669,7 +669,7 @@ go.mongodb.org/mongo-driver/bson/bsonrw go.mongodb.org/mongo-driver/bson/bsontype go.mongodb.org/mongo-driver/bson/primitive go.mongodb.org/mongo-driver/x/bsonx/bsoncore -# golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59 +# golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073 ## explicit golang.org/x/crypto/acme golang.org/x/crypto/acme/autocert From 5dafc6c63c672d44f9799b24fc5105724926a184 Mon Sep 17 00:00:00 2001 From: James Lakin Date: Mon, 13 Apr 2020 17:01:42 +0100 Subject: [PATCH 19/21] Fix spelling typo in Swagger --- routers/api/v1/notify/notifications.go | 2 +- templates/swagger/v1_json.tmpl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/routers/api/v1/notify/notifications.go b/routers/api/v1/notify/notifications.go index 85a11a0f3d60e..0849b616ed4b2 100644 --- a/routers/api/v1/notify/notifications.go +++ b/routers/api/v1/notify/notifications.go @@ -41,7 +41,7 @@ func NewWebPushSubscription(ctx *context.APIContext, input api.NotificationWebPu // "$ref": "#/definitions/NotificationWebPushSubscription" // responses: // "201": - // description: The Web Push subscription was tested and saved sucessfully. + // description: The Web Push subscription was tested and saved successfully. // "422": // description: Required fields were missing or the provided subscription could not be tested successfully. diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl index d3b5f76ebdbce..9ced87ff4a926 100644 --- a/templates/swagger/v1_json.tmpl +++ b/templates/swagger/v1_json.tmpl @@ -555,7 +555,7 @@ ], "responses": { "201": { - "description": "The Web Push subscription was tested and saved sucessfully." + "description": "The Web Push subscription was tested and saved successfully." }, "422": { "description": "Required fields were missing or the provided subscription could not be tested successfully." From 1726fac04e7f0467a825bc17fb3bee582e41e348 Mon Sep 17 00:00:00 2001 From: James Lakin Date: Mon, 13 Apr 2020 17:23:28 +0100 Subject: [PATCH 20/21] Only treat 4xx errors as invalid web push events --- models/webpush.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/models/webpush.go b/models/webpush.go index 0830fe3a417b2..4e36e40d5fcbc 100644 --- a/models/webpush.go +++ b/models/webpush.go @@ -87,7 +87,7 @@ func SendWebPushNotificationToUser(userID int64, payload *structs.NotificationPa } defer resp.Body.Close() - if resp.StatusCode != http.StatusCreated { + if resp.StatusCode >= 400 && resp.StatusCode <= 499 { // This is a bad subscription. It may have expired (410 Gone). err = DeleteWebPushSubscription(userSubscription.ID) if err != nil { From f873c5d55c9ed3e35590934485d5bfc9a49837e1 Mon Sep 17 00:00:00 2001 From: James Lakin Date: Mon, 13 Apr 2020 20:28:06 +0100 Subject: [PATCH 21/21] Refactor notification participant logic to another function --- models/notification.go | 149 +++++++++++++++++++++++++++-------------- 1 file changed, 97 insertions(+), 52 deletions(-) diff --git a/models/notification.go b/models/notification.go index c78ce977a916c..632735054d4bf 100644 --- a/models/notification.go +++ b/models/notification.go @@ -118,6 +118,97 @@ func GetNotifications(opts FindNotificationOptions) (NotificationList, error) { return getNotifications(x, opts) } +// GetEligibleNotificationParticipants returns a list of users, as well as the issue, who are eligible to +// receive a new or updated notification. +// receiverID > 0 just targets the one user. +func GetEligibleNotificationParticipants(issue *Issue, notificationAuthorID, receiverID int64) (map[int64]struct{}, error) { + sess := x.NewSession() + defer sess.Close() + if err := sess.Begin(); err != nil { + return nil, err + } + + result, err := getEligibleNotificationParticipants(sess, issue, notificationAuthorID, receiverID) + if err != nil { + return nil, err + } + + err = sess.Commit() + if err != nil { + return nil, err + } + + return result, err +} + +func getEligibleNotificationParticipants(e Engine, issue *Issue, notificationAuthorID, receiverID int64) (map[int64]struct{}, error) { + var toNotify map[int64]struct{} + + if receiverID > 0 { + toNotify = make(map[int64]struct{}, 1) + toNotify[receiverID] = struct{}{} + return toNotify, nil + + } + + toNotify = make(map[int64]struct{}, 32) + issueWatches, err := getIssueWatchersIDs(e, issue.ID, true) + if err != nil { + return nil, err + } + for _, id := range issueWatches { + toNotify[id] = struct{}{} + } + + repoWatches, err := getRepoWatchersIDs(e, issue.RepoID) + if err != nil { + return nil, err + } + for _, id := range repoWatches { + toNotify[id] = struct{}{} + } + issueParticipants, err := issue.getParticipantIDsByIssue(e) + if err != nil { + return nil, err + } + for _, id := range issueParticipants { + toNotify[id] = struct{}{} + } + + // dont notify user who cause notification + delete(toNotify, notificationAuthorID) + // filter out explicit unwatch on issue + issueUnWatches, err := getIssueWatchersIDs(e, issue.ID, false) + if err != nil { + return nil, err + } + for _, id := range issueUnWatches { + delete(toNotify, id) + } + + err = issue.loadRepo(e) + if err != nil { + return nil, err + } + units := issue.Repo.Units + issue.Repo.Units = nil // <- Not sure why this was here before refactoring, but we put it back later + defer func() { + issue.Repo.Units = units + }() + + // Filter out those who can't view the linked issue/PR, but were previously involved + for userID := range toNotify { + if issue.IsPull && !issue.Repo.checkUnitUser(e, userID, false, UnitTypePullRequests) { + delete(toNotify, userID) + } + if !issue.IsPull && !issue.Repo.checkUnitUser(e, userID, false, UnitTypeIssues) { + delete(toNotify, userID) + } + } + + return toNotify, nil +} + // CreateOrUpdateIssueNotifications creates an issue notification // for each watcher, or updates it if already exists // receiverID > 0 just send to reciver, else send to all watcher @@ -137,9 +228,7 @@ func CreateOrUpdateIssueNotifications(issueID, commentID, notificationAuthorID, func createOrUpdateIssueNotifications(e Engine, issueID, commentID, notificationAuthorID, receiverID int64) error { // init - var toNotify map[int64]struct{} notifications, err := getNotificationsByIssueID(e, issueID) - if err != nil { return err } @@ -149,68 +238,24 @@ func createOrUpdateIssueNotifications(e Engine, issueID, commentID, notification return err } - if receiverID > 0 { - toNotify = make(map[int64]struct{}, 1) - toNotify[receiverID] = struct{}{} - } else { - toNotify = make(map[int64]struct{}, 32) - issueWatches, err := getIssueWatchersIDs(e, issueID, true) - if err != nil { - return err - } - for _, id := range issueWatches { - toNotify[id] = struct{}{} - } - - repoWatches, err := getRepoWatchersIDs(e, issue.RepoID) - if err != nil { - return err - } - for _, id := range repoWatches { - toNotify[id] = struct{}{} - } - issueParticipants, err := issue.getParticipantIDsByIssue(e) - if err != nil { - return err - } - for _, id := range issueParticipants { - toNotify[id] = struct{}{} - } - - // dont notify user who cause notification - delete(toNotify, notificationAuthorID) - // explicit unwatch on issue - issueUnWatches, err := getIssueWatchersIDs(e, issueID, false) - if err != nil { - return err - } - for _, id := range issueUnWatches { - delete(toNotify, id) - } - } - - err = issue.loadRepo(e) + toNotify, err := getEligibleNotificationParticipants(e, issue, notificationAuthorID, receiverID) if err != nil { return err } + if len(toNotify) == 0 { + return nil + } // notify for userID := range toNotify { - issue.Repo.Units = nil - if issue.IsPull && !issue.Repo.checkUnitUser(e, userID, false, UnitTypePullRequests) { - continue - } - if !issue.IsPull && !issue.Repo.checkUnitUser(e, userID, false, UnitTypeIssues) { - continue - } err := notificationSendWebPushNotification(userID, issue, commentID) if err != nil { log.Error("problem sending webhook notification: %v", err) } - if notificationExists(notifications, issue.ID, userID) { - if err = updateIssueNotification(e, userID, issue.ID, commentID, notificationAuthorID); err != nil { + if notificationExists(notifications, issueID, userID) { + if err = updateIssueNotification(e, userID, issueID, commentID, notificationAuthorID); err != nil { return err } continue