[feature] Push notifications (#3587)

* Update push subscription API model to be Mastodon 4.0 compatible * Add webpush-go dependency # Conflicts: # go.sum * Single-row table for storing instance's VAPID key pair * Generate VAPID key pair during startup * Add VAPID public key to instance info API * Return VAPID public key when registering an app * Store Web Push subscriptions in DB * Add Web Push sender (similar to email sender) * Add no-op push senders to most processor tests * Test Web Push notifications from workers * Delete Web Push subscriptions when account is deleted * Implement push subscription API * Linter fixes * Update Swagger * Fix enum to int migration * Fix GetVAPIDKeyPair * Create web push subscriptions table with indexes * Log Web Push server error messages * Send instance URL as Web Push JWT subject * Accept any 2xx code as a success * Fix malformed VAPID sub claim * Use packed notification flags * Remove unused date columns * Add notification type for update notifications Not used yet * Make GetVAPIDKeyPair idempotent and remove PutVAPIDKeyPair * Post-rebase fixes * go mod tidy * Special-case 400 errors other than 408/429 Most client errors should remove the subscription. * Improve titles, trim body to reasonable length * Disallow cleartext HTTP for Web Push servers * Fix lint * Remove redundant index on unique column Also removes redundant unique and notnull tags on ID column since these are implied by pk * Make realsender.go more readable * Use Tobi's style for wrapping errors * Restore treating all 5xx codes as temporary problems * Always load target account settings * Stub `policy` and `standard` * webpush.Sender: take type converter as ctor param * Move webpush.MockSender and noopSender into testrig
2025-10-29 13:32:25 -05:00 · 2025-01-23 16:47:30 -08:00 · 2025-01-23 16:47:30 -08:00 · 5b765d734e
commit 5b765d734e
parent 9333bbc4d0
134 changed files with 21525 additions and 125 deletions
--- a/internal/typeutils/converter_test.go
+++ b/internal/typeutils/converter_test.go
@ -540,8 +540,9 @@ func (suite *TypeUtilsTestSuite) GetProcessor() *processing.Processor {
 	mediaManager := testrig.NewTestMediaManager(&suite.state)
 	federator := testrig.NewTestFederator(&suite.state, transportController, mediaManager)
 	emailSender := testrig.NewEmailSender("../../web/template/", nil)
+	webPushSender := testrig.NewNoopWebPushSender()

-	processor := testrig.NewTestProcessor(&suite.state, federator, emailSender, mediaManager)
+	processor := testrig.NewTestProcessor(&suite.state, federator, emailSender, webPushSender, mediaManager)
 	testrig.StartWorkers(&suite.state, processor.Workers())

 	return processor
--- a/internal/typeutils/internaltofrontend.go
+++ b/internal/typeutils/internaltofrontend.go
@ -616,6 +616,11 @@ func (c *Converter) AccountToAdminAPIAccount(ctx context.Context, a *gtsmodel.Ac
 }

 func (c *Converter) AppToAPIAppSensitive(ctx context.Context, a *gtsmodel.Application) (*apimodel.Application, error) {
+	vapidKeyPair, err := c.state.DB.GetVAPIDKeyPair(ctx)
+	if err != nil {
+		return nil, gtserror.Newf("error getting VAPID public key: %w", err)
+	}
+
 	return &apimodel.Application{
 		ID:           a.ID,
 		Name:         a.Name,
@ -623,6 +628,7 @@ func (c *Converter) AppToAPIAppSensitive(ctx context.Context, a *gtsmodel.Applic
 		RedirectURI:  a.RedirectURI,
 		ClientID:     a.ClientID,
 		ClientSecret: a.ClientSecret,
+		VapidKey:     vapidKeyPair.Public,
 	}, nil
 }

@ -1878,6 +1884,12 @@ func (c *Converter) InstanceToAPIV2Instance(ctx context.Context, i *gtsmodel.Ins
 	instance.Configuration.Emojis.EmojiSizeLimit = int(config.GetMediaEmojiLocalMaxSize()) // #nosec G115 -- Already validated.
 	instance.Configuration.OIDCEnabled = config.GetOIDCEnabled()

+	vapidKeyPair, err := c.state.DB.GetVAPIDKeyPair(ctx)
+	if err != nil {
+		return nil, gtserror.Newf("error getting VAPID public key: %w", err)
+	}
+	instance.Configuration.VAPID.PublicKey = vapidKeyPair.Public
+
 	// registrations
 	instance.Registrations.Enabled = config.GetAccountsRegistrationOpen()
 	instance.Registrations.ApprovalRequired = true // always required
@ -2985,3 +2997,36 @@ func (c *Converter) InteractionReqToAPIInteractionReq(
 		URI:        req.URI,
 	}, nil
 }
+
+func (c *Converter) WebPushSubscriptionToAPIWebPushSubscription(
+	ctx context.Context,
+	subscription *gtsmodel.WebPushSubscription,
+) (*apimodel.WebPushSubscription, error) {
+	vapidKeyPair, err := c.state.DB.GetVAPIDKeyPair(ctx)
+	if err != nil {
+		return nil, gtserror.Newf("error getting VAPID key pair: %w", err)
+	}
+
+	return &apimodel.WebPushSubscription{
+		ID:        subscription.ID,
+		Endpoint:  subscription.Endpoint,
+		ServerKey: vapidKeyPair.Public,
+		Alerts: apimodel.WebPushSubscriptionAlerts{
+			Follow:           subscription.NotificationFlags.Get(gtsmodel.NotificationFollow),
+			FollowRequest:    subscription.NotificationFlags.Get(gtsmodel.NotificationFollowRequest),
+			Favourite:        subscription.NotificationFlags.Get(gtsmodel.NotificationFavourite),
+			Mention:          subscription.NotificationFlags.Get(gtsmodel.NotificationMention),
+			Reblog:           subscription.NotificationFlags.Get(gtsmodel.NotificationReblog),
+			Poll:             subscription.NotificationFlags.Get(gtsmodel.NotificationPoll),
+			Status:           subscription.NotificationFlags.Get(gtsmodel.NotificationStatus),
+			Update:           subscription.NotificationFlags.Get(gtsmodel.NotificationUpdate),
+			AdminSignup:      subscription.NotificationFlags.Get(gtsmodel.NotificationAdminSignup),
+			AdminReport:      subscription.NotificationFlags.Get(gtsmodel.NotificationAdminReport),
+			PendingFavourite: subscription.NotificationFlags.Get(gtsmodel.NotificationPendingFave),
+			PendingReply:     subscription.NotificationFlags.Get(gtsmodel.NotificationPendingReply),
+			PendingReblog:    subscription.NotificationFlags.Get(gtsmodel.NotificationPendingReblog),
+		},
+		Policy:   apimodel.WebPushNotificationPolicyAll,
+		Standard: true,
+	}, nil
+}
--- a/internal/typeutils/internaltofrontend_test.go
+++ b/internal/typeutils/internaltofrontend_test.go
@ -21,6 +21,7 @@ import (
 	"bytes"
 	"context"
 	"encoding/json"
+	"strings"
 	"testing"

 	"github.com/stretchr/testify/suite"
@ -2061,6 +2062,13 @@ func (suite *InternalToFrontendTestSuite) TestInstanceV2ToFrontend() {
 	b, err := json.MarshalIndent(instance, "", "  ")
 	suite.NoError(err)

+	// The VAPID public key changes from run to run.
+	vapidKeyPair, err := suite.db.GetVAPIDKeyPair(ctx)
+	if err != nil {
+		suite.FailNow(err.Error())
+	}
+	s := strings.Replace(string(b), vapidKeyPair.Public, "VAPID_PUBLIC_KEY_PLACEHOLDER", 1)
+
 	suite.Equal(`{
  "domain": "localhost:8080",
  "account_domain": "localhost:8080",
@ -2140,6 +2148,9 @@ func (suite *InternalToFrontendTestSuite) TestInstanceV2ToFrontend() {
    },
    "emojis": {
      "emoji_size_limit": 51200
+    },
+    "vapid": {
+      "public_key": "VAPID_PUBLIC_KEY_PLACEHOLDER"
    }
  },
  "registrations": {
@ -2184,7 +2195,7 @@ func (suite *InternalToFrontendTestSuite) TestInstanceV2ToFrontend() {
  "rules": [],
  "terms": "\u003cp\u003eThis is where a list of terms and conditions might go.\u003c/p\u003e\u003cp\u003eFor example:\u003c/p\u003e\u003cp\u003eIf you want to sign up on this instance, you oughta know that we:\u003c/p\u003e\u003col\u003e\u003cli\u003eWill sell your data to whoever offers.\u003c/li\u003e\u003cli\u003eSecure the server with password \u003ccode\u003epassword\u003c/code\u003e wherever possible.\u003c/li\u003e\u003c/ol\u003e",
  "terms_text": "This is where a list of terms and conditions might go.\n\nFor example:\n\nIf you want to sign up on this instance, you oughta know that we:\n\n1. Will sell your data to whoever offers.\n2. Secure the server with password `+"`"+`password`+"`"+` wherever possible."
-}`, string(b))
+}`, s)
 }

 func (suite *InternalToFrontendTestSuite) TestEmojiToFrontend() {