From 5b765d734ee70f0a8a0790444d60969a727567f8 Mon Sep 17 00:00:00 2001 From: Vyr Cossont Date: Thu, 23 Jan 2025 16:47:30 -0800 Subject: [feature] Push notifications (#3587) * Update push subscription API model to be Mastodon 4.0 compatible * Add webpush-go dependency # Conflicts: # go.sum * Single-row table for storing instance's VAPID key pair * Generate VAPID key pair during startup * Add VAPID public key to instance info API * Return VAPID public key when registering an app * Store Web Push subscriptions in DB * Add Web Push sender (similar to email sender) * Add no-op push senders to most processor tests * Test Web Push notifications from workers * Delete Web Push subscriptions when account is deleted * Implement push subscription API * Linter fixes * Update Swagger * Fix enum to int migration * Fix GetVAPIDKeyPair * Create web push subscriptions table with indexes * Log Web Push server error messages * Send instance URL as Web Push JWT subject * Accept any 2xx code as a success * Fix malformed VAPID sub claim * Use packed notification flags * Remove unused date columns * Add notification type for update notifications Not used yet * Make GetVAPIDKeyPair idempotent and remove PutVAPIDKeyPair * Post-rebase fixes * go mod tidy * Special-case 400 errors other than 408/429 Most client errors should remove the subscription. * Improve titles, trim body to reasonable length * Disallow cleartext HTTP for Web Push servers * Fix lint * Remove redundant index on unique column Also removes redundant unique and notnull tags on ID column since these are implied by pk * Make realsender.go more readable * Use Tobi's style for wrapping errors * Restore treating all 5xx codes as temporary problems * Always load target account settings * Stub `policy` and `standard` * webpush.Sender: take type converter as ctor param * Move webpush.MockSender and noopSender into testrig --- internal/api/model/instancev2.go | 10 ++ internal/api/model/pushsubscription.go | 44 --------- internal/api/model/webpushnotification.go | 52 ++++++++++ internal/api/model/webpushsubscription.go | 157 ++++++++++++++++++++++++++++++ 4 files changed, 219 insertions(+), 44 deletions(-) delete mode 100644 internal/api/model/pushsubscription.go create mode 100644 internal/api/model/webpushnotification.go create mode 100644 internal/api/model/webpushsubscription.go (limited to 'internal/api/model') diff --git a/internal/api/model/instancev2.go b/internal/api/model/instancev2.go index 982ed0c63..b3d11dee2 100644 --- a/internal/api/model/instancev2.go +++ b/internal/api/model/instancev2.go @@ -174,6 +174,8 @@ type InstanceV2Configuration struct { Emojis InstanceConfigurationEmojis `json:"emojis"` // True if instance is running with OIDC as auth/identity backend, else omitted. OIDCEnabled bool `json:"oidc_enabled,omitempty"` + // Instance VAPID configuration. + VAPID InstanceV2ConfigurationVAPID `json:"vapid"` } // Information about registering for this instance. @@ -204,3 +206,11 @@ type InstanceV2Contact struct { // Key/value not present if no contact account set. Account *Account `json:"account,omitempty"` } + +// InstanceV2ConfigurationVAPID holds the instance's VAPID configuration. +// +// swagger:model instanceV2ConfigurationVAPID +type InstanceV2ConfigurationVAPID struct { + // The instance's VAPID public key, Base64-encoded. + PublicKey string `json:"public_key"` +} diff --git a/internal/api/model/pushsubscription.go b/internal/api/model/pushsubscription.go deleted file mode 100644 index 1e7708d94..000000000 --- a/internal/api/model/pushsubscription.go +++ /dev/null @@ -1,44 +0,0 @@ -// GoToSocial -// Copyright (C) GoToSocial Authors admin@gotosocial.org -// SPDX-License-Identifier: AGPL-3.0-or-later -// -// This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU Affero General Public License as published by -// the Free Software Foundation, either version 3 of the License, or -// (at your option) any later version. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU Affero General Public License for more details. -// -// You should have received a copy of the GNU Affero General Public License -// along with this program. If not, see . - -package model - -// PushSubscription represents a subscription to the push streaming server. -type PushSubscription struct { - // The id of the push subscription in the database. - ID string `json:"id"` - // Where push alerts will be sent to. - Endpoint string `json:"endpoint"` - // The streaming server's VAPID key. - ServerKey string `json:"server_key"` - // Which alerts should be delivered to the endpoint. - Alerts *PushSubscriptionAlerts `json:"alerts"` -} - -// PushSubscriptionAlerts represents the specific alerts that this push subscription will give. -type PushSubscriptionAlerts struct { - // Receive a push notification when someone has followed you? - Follow bool `json:"follow"` - // Receive a push notification when a status you created has been favourited by someone else? - Favourite bool `json:"favourite"` - // Receive a push notification when someone else has mentioned you in a status? - Mention bool `json:"mention"` - // Receive a push notification when a status you created has been boosted by someone else? - Reblog bool `json:"reblog"` - // Receive a push notification when a poll you voted in or created has ended? - Poll bool `json:"poll"` -} diff --git a/internal/api/model/webpushnotification.go b/internal/api/model/webpushnotification.go new file mode 100644 index 000000000..5d7a593fc --- /dev/null +++ b/internal/api/model/webpushnotification.go @@ -0,0 +1,52 @@ +// GoToSocial +// Copyright (C) GoToSocial Authors admin@gotosocial.org +// SPDX-License-Identifier: AGPL-3.0-or-later +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +package model + +// WebPushNotification represents a notification summary delivered to the client by the Web Push server. +// It does not contain an entire Notification, just the NotificationID and some preview information. +// It is not used in the client API directly, but is included in the API doc for decoding Web Push notifications. +// +// swagger:model webPushNotification +type WebPushNotification struct { + // NotificationID is the Notification.ID of the referenced Notification. + NotificationID string `json:"notification_id"` + + // NotificationType is the Notification.Type of the referenced Notification. + NotificationType string `json:"notification_type"` + + // Title is a title for the notification, + // generally describing an action taken by a user. + Title string `json:"title"` + + // Body is a preview of the notification body, + // such as the first line of a status's CW or text, + // or the first line of an account bio. + Body string `json:"body"` + + // Icon is an image URL that can be displayed with the notification, + // normally the account's avatar. + Icon string `json:"icon"` + + // PreferredLocale is a BCP 47 language tag for the receiving user's locale. + PreferredLocale string `json:"preferred_locale"` + + // AccessToken is the access token associated with the Web Push subscription. + // I don't know why this is sent, given that the client should know that already, + // but Feditext does use it. + AccessToken string `json:"access_token"` +} diff --git a/internal/api/model/webpushsubscription.go b/internal/api/model/webpushsubscription.go new file mode 100644 index 000000000..a28bb7294 --- /dev/null +++ b/internal/api/model/webpushsubscription.go @@ -0,0 +1,157 @@ +// GoToSocial +// Copyright (C) GoToSocial Authors admin@gotosocial.org +// SPDX-License-Identifier: AGPL-3.0-or-later +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +package model + +// WebPushSubscription represents a subscription to a Web Push server. +// +// swagger:model webPushSubscription +type WebPushSubscription struct { + // The id of the push subscription in the database. + ID string `json:"id"` + + // Where push alerts will be sent to. + Endpoint string `json:"endpoint"` + + // The streaming server's VAPID public key. + ServerKey string `json:"server_key"` + + // Which alerts should be delivered to the endpoint. + Alerts WebPushSubscriptionAlerts `json:"alerts"` + + // Which accounts should generate notifications. + Policy WebPushNotificationPolicy `json:"policy"` + + // Whether the subscription uses RFC or pre-RFC Web Push standards. + // For GotoSocial, this is always true. + Standard bool `json:"standard"` +} + +// WebPushSubscriptionAlerts represents the specific events that this Web Push subscription will receive. +// +// swagger:model webPushSubscriptionAlerts +type WebPushSubscriptionAlerts struct { + // Receive a push notification when someone has followed you? + Follow bool `json:"follow"` + + // Receive a push notification when someone has requested to follow you? + FollowRequest bool `json:"follow_request"` + + // Receive a push notification when a status you created has been favourited by someone else? + Favourite bool `json:"favourite"` + + // Receive a push notification when someone else has mentioned you in a status? + Mention bool `json:"mention"` + + // Receive a push notification when a status you created has been boosted by someone else? + Reblog bool `json:"reblog"` + + // Receive a push notification when a poll you voted in or created has ended? + Poll bool `json:"poll"` + + // Receive a push notification when a subscribed account posts a status? + Status bool `json:"status"` + + // Receive a push notification when a status you interacted with has been edited? + Update bool `json:"update"` + + // Receive a push notification when a new user has signed up? + AdminSignup bool `json:"admin.sign_up"` + + // Receive a push notification when a new report has been filed? + AdminReport bool `json:"admin.report"` + + // Receive a push notification when a fave is pending? + PendingFavourite bool `json:"pending.favourite"` + + // Receive a push notification when a reply is pending? + PendingReply bool `json:"pending.reply"` + + // Receive a push notification when a boost is pending? + PendingReblog bool `json:"pending.reblog"` +} + +// WebPushSubscriptionCreateRequest captures params for creating or replacing a Web Push subscription. +// +// swagger:ignore +type WebPushSubscriptionCreateRequest struct { + Subscription *WebPushSubscriptionRequestSubscription `form:"-" json:"subscription"` + + SubscriptionEndpoint *string `form:"subscription[endpoint]" json:"-"` + SubscriptionKeysAuth *string `form:"subscription[keys][auth]" json:"-"` + SubscriptionKeysP256dh *string `form:"subscription[keys][p256dh]" json:"-"` + + WebPushSubscriptionUpdateRequest +} + +// WebPushSubscriptionRequestSubscription is the part of a Web Push subscription that is fixed at creation. +// +// swagger:ignore +type WebPushSubscriptionRequestSubscription struct { + // Endpoint is the URL to which Web Push notifications will be sent. + Endpoint string `json:"endpoint"` + + Keys WebPushSubscriptionRequestSubscriptionKeys `json:"keys"` +} + +// WebPushSubscriptionRequestSubscriptionKeys is the part of a Web Push subscription that contains auth secrets. +// +// swagger:ignore +type WebPushSubscriptionRequestSubscriptionKeys struct { + // Auth is the auth secret, a Base64 encoded string of 16 bytes of random data. + Auth string `json:"auth"` + + // P256dh is the user agent public key, a Base64 encoded string of a public key from an ECDH keypair using the prime256v1 curve. + P256dh string `json:"p256dh"` +} + +// WebPushSubscriptionUpdateRequest captures params for updating a Web Push subscription. +// +// swagger:ignore +type WebPushSubscriptionUpdateRequest struct { + Data *WebPushSubscriptionRequestData `form:"-" json:"data"` + + DataAlertsFollow *bool `form:"data[alerts][follow]" json:"-"` + DataAlertsFollowRequest *bool `form:"data[alerts][follow_request]" json:"-"` + DataAlertsFavourite *bool `form:"data[alerts][favourite]" json:"-"` + DataAlertsMention *bool `form:"data[alerts][mention]" json:"-"` + DataAlertsReblog *bool `form:"data[alerts][reblog]" json:"-"` + DataAlertsPoll *bool `form:"data[alerts][poll]" json:"-"` + DataAlertsStatus *bool `form:"data[alerts][status]" json:"-"` + DataAlertsUpdate *bool `form:"data[alerts][update]" json:"-"` + DataAlertsAdminSignup *bool `form:"data[alerts][admin.sign_up]" json:"-"` + DataAlertsAdminReport *bool `form:"data[alerts][admin.report]" json:"-"` + DataAlertsPendingFavourite *bool `form:"data[alerts][pending.favourite]" json:"-"` + DataAlertsPendingReply *bool `form:"data[alerts][pending.reply]" json:"-"` + DataAlertsPendingReblog *bool `form:"data[alerts][pending.reblog]" json:"-"` +} + +// WebPushSubscriptionRequestData is the part of a Web Push subscription that can be changed after creation. +// +// swagger:ignore +type WebPushSubscriptionRequestData struct { + // Alerts selects the specific events that this Web Push subscription will receive. + Alerts *WebPushSubscriptionAlerts `form:"-" json:"alerts"` +} + +// WebPushNotificationPolicy names sets of accounts that can generate notifications. +type WebPushNotificationPolicy string + +const ( + // WebPushNotificationPolicyAll allows all accounts to send notifications to the subscribing user. + WebPushNotificationPolicyAll WebPushNotificationPolicy = "all" +) -- cgit v1.2.3