[feature] Push notifications (#3587)

* Update push subscription API model to be Mastodon 4.0 compatible

* Add webpush-go dependency

# Conflicts:
#	go.sum

* Single-row table for storing instance's VAPID key pair

* Generate VAPID key pair during startup

* Add VAPID public key to instance info API

* Return VAPID public key when registering an app

* Store Web Push subscriptions in DB

* Add Web Push sender (similar to email sender)

* Add no-op push senders to most processor tests

* Test Web Push notifications from workers

* Delete Web Push subscriptions when account is deleted

* Implement push subscription API

* Linter fixes

* Update Swagger

* Fix enum to int migration

* Fix GetVAPIDKeyPair

* Create web push subscriptions table with indexes

* Log Web Push server error messages

* Send instance URL as Web Push JWT subject

* Accept any 2xx code as a success

* Fix malformed VAPID sub claim

* Use packed notification flags

* Remove unused date columns

* Add notification type for update notifications

Not used yet

* Make GetVAPIDKeyPair idempotent

and remove PutVAPIDKeyPair

* Post-rebase fixes

* go mod tidy

* Special-case 400 errors other than 408/429

Most client errors should remove the subscription.

* Improve titles, trim body to reasonable length

* Disallow cleartext HTTP for Web Push servers

* Fix lint

* Remove redundant index on unique column

Also removes redundant unique and notnull tags on ID column since these are implied by pk

* Make realsender.go more readable

* Use Tobi's style for wrapping errors

* Restore treating all 5xx codes as temporary problems

* Always load target account settings

* Stub `policy` and `standard`

* webpush.Sender: take type converter as ctor param

* Move webpush.MockSender and noopSender into testrig

1 files changed, 45 insertions, 0 deletions

diff --git a/internal/typeutils/internaltofrontend.go b/internal/typeutils/internaltofrontend.go
index cdc250f98..6739d0540 100644
--- a/internal/typeutils/internaltofrontend.go
+++ b/internal/typeutils/internaltofrontend.go
@@ -616,6 +616,11 @@ func (c *Converter) AccountToAdminAPIAccount(ctx context.Context, a *gtsmodel.Ac
 }
 
 func (c *Converter) AppToAPIAppSensitive(ctx context.Context, a *gtsmodel.Application) (*apimodel.Application, error) {
+	vapidKeyPair, err := c.state.DB.GetVAPIDKeyPair(ctx)
+	if err != nil {
+		return nil, gtserror.Newf("error getting VAPID public key: %w", err)
+	}
+
 	return &apimodel.Application{
 		ID:           a.ID,
 		Name:         a.Name,
@@ -623,6 +628,7 @@ func (c *Converter) AppToAPIAppSensitive(ctx context.Context, a *gtsmodel.Applic
 		RedirectURI:  a.RedirectURI,
 		ClientID:     a.ClientID,
 		ClientSecret: a.ClientSecret,
+		VapidKey:     vapidKeyPair.Public,
 	}, nil
 }
 
@@ -1878,6 +1884,12 @@ func (c *Converter) InstanceToAPIV2Instance(ctx context.Context, i *gtsmodel.Ins
 	instance.Configuration.Emojis.EmojiSizeLimit = int(config.GetMediaEmojiLocalMaxSize()) // #nosec G115 -- Already validated.
 	instance.Configuration.OIDCEnabled = config.GetOIDCEnabled()
 
+	vapidKeyPair, err := c.state.DB.GetVAPIDKeyPair(ctx)
+	if err != nil {
+		return nil, gtserror.Newf("error getting VAPID public key: %w", err)
+	}
+	instance.Configuration.VAPID.PublicKey = vapidKeyPair.Public
+
 	// registrations
 	instance.Registrations.Enabled = config.GetAccountsRegistrationOpen()
 	instance.Registrations.ApprovalRequired = true // always required
@@ -2985,3 +2997,36 @@ func (c *Converter) InteractionReqToAPIInteractionReq(
 		URI:        req.URI,
 	}, nil
 }
+
+func (c *Converter) WebPushSubscriptionToAPIWebPushSubscription(
+	ctx context.Context,
+	subscription *gtsmodel.WebPushSubscription,
+) (*apimodel.WebPushSubscription, error) {
+	vapidKeyPair, err := c.state.DB.GetVAPIDKeyPair(ctx)
+	if err != nil {
+		return nil, gtserror.Newf("error getting VAPID key pair: %w", err)
+	}
+
+	return &apimodel.WebPushSubscription{
+		ID:        subscription.ID,
+		Endpoint:  subscription.Endpoint,
+		ServerKey: vapidKeyPair.Public,
+		Alerts: apimodel.WebPushSubscriptionAlerts{
+			Follow:           subscription.NotificationFlags.Get(gtsmodel.NotificationFollow),
+			FollowRequest:    subscription.NotificationFlags.Get(gtsmodel.NotificationFollowRequest),
+			Favourite:        subscription.NotificationFlags.Get(gtsmodel.NotificationFavourite),
+			Mention:          subscription.NotificationFlags.Get(gtsmodel.NotificationMention),
+			Reblog:           subscription.NotificationFlags.Get(gtsmodel.NotificationReblog),
+			Poll:             subscription.NotificationFlags.Get(gtsmodel.NotificationPoll),
+			Status:           subscription.NotificationFlags.Get(gtsmodel.NotificationStatus),
+			Update:           subscription.NotificationFlags.Get(gtsmodel.NotificationUpdate),
+			AdminSignup:      subscription.NotificationFlags.Get(gtsmodel.NotificationAdminSignup),
+			AdminReport:      subscription.NotificationFlags.Get(gtsmodel.NotificationAdminReport),
+			PendingFavourite: subscription.NotificationFlags.Get(gtsmodel.NotificationPendingFave),
+			PendingReply:     subscription.NotificationFlags.Get(gtsmodel.NotificationPendingReply),
+			PendingReblog:    subscription.NotificationFlags.Get(gtsmodel.NotificationPendingReblog),
+		},
+		Policy:   apimodel.WebPushNotificationPolicyAll,
+		Standard: true,
+	}, nil
+}