mirror of
https://github.com/superseriousbusiness/gotosocial.git
synced 2025-01-30 12:46:26 +01:00
5b765d734e
* Update push subscription API model to be Mastodon 4.0 compatible * Add webpush-go dependency # Conflicts: # go.sum * Single-row table for storing instance's VAPID key pair * Generate VAPID key pair during startup * Add VAPID public key to instance info API * Return VAPID public key when registering an app * Store Web Push subscriptions in DB * Add Web Push sender (similar to email sender) * Add no-op push senders to most processor tests * Test Web Push notifications from workers * Delete Web Push subscriptions when account is deleted * Implement push subscription API * Linter fixes * Update Swagger * Fix enum to int migration * Fix GetVAPIDKeyPair * Create web push subscriptions table with indexes * Log Web Push server error messages * Send instance URL as Web Push JWT subject * Accept any 2xx code as a success * Fix malformed VAPID sub claim * Use packed notification flags * Remove unused date columns * Add notification type for update notifications Not used yet * Make GetVAPIDKeyPair idempotent and remove PutVAPIDKeyPair * Post-rebase fixes * go mod tidy * Special-case 400 errors other than 408/429 Most client errors should remove the subscription. * Improve titles, trim body to reasonable length * Disallow cleartext HTTP for Web Push servers * Fix lint * Remove redundant index on unique column Also removes redundant unique and notnull tags on ID column since these are implied by pk * Make realsender.go more readable * Use Tobi's style for wrapping errors * Restore treating all 5xx codes as temporary problems * Always load target account settings * Stub `policy` and `standard` * webpush.Sender: take type converter as ctor param * Move webpush.MockSender and noopSender into testrig
341 lines
12 KiB
Go
341 lines
12 KiB
Go
// GoToSocial
|
|
// Copyright (C) GoToSocial Authors admin@gotosocial.org
|
|
// SPDX-License-Identifier: AGPL-3.0-or-later
|
|
//
|
|
// This program is free software: you can redistribute it and/or modify
|
|
// it under the terms of the GNU Affero General Public License as published by
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
// (at your option) any later version.
|
|
//
|
|
// This program is distributed in the hope that it will be useful,
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
// GNU Affero General Public License for more details.
|
|
//
|
|
// You should have received a copy of the GNU Affero General Public License
|
|
// along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
package webpush
|
|
|
|
import (
|
|
"context"
|
|
"encoding/json"
|
|
"fmt"
|
|
"io"
|
|
"net/http"
|
|
"slices"
|
|
"strings"
|
|
"time"
|
|
|
|
webpushgo "github.com/SherClockHolmes/webpush-go"
|
|
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
|
|
"github.com/superseriousbusiness/gotosocial/internal/config"
|
|
"github.com/superseriousbusiness/gotosocial/internal/filter/usermute"
|
|
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
|
|
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
|
|
"github.com/superseriousbusiness/gotosocial/internal/httpclient"
|
|
"github.com/superseriousbusiness/gotosocial/internal/log"
|
|
"github.com/superseriousbusiness/gotosocial/internal/state"
|
|
"github.com/superseriousbusiness/gotosocial/internal/text"
|
|
"github.com/superseriousbusiness/gotosocial/internal/typeutils"
|
|
)
|
|
|
|
// realSender is the production Web Push sender, backed by an HTTP client, DB, and worker pool.
|
|
type realSender struct {
|
|
httpClient *http.Client
|
|
state *state.State
|
|
converter *typeutils.Converter
|
|
}
|
|
|
|
// NewRealSender creates a Sender from an http.Client instead of an httpclient.Client.
|
|
// This should only be used by NewSender and in tests.
|
|
func NewRealSender(httpClient *http.Client, state *state.State, converter *typeutils.Converter) Sender {
|
|
return &realSender{
|
|
httpClient: httpClient,
|
|
state: state,
|
|
converter: converter,
|
|
}
|
|
}
|
|
|
|
func (r *realSender) Send(
|
|
ctx context.Context,
|
|
notification *gtsmodel.Notification,
|
|
filters []*gtsmodel.Filter,
|
|
mutes *usermute.CompiledUserMuteList,
|
|
) error {
|
|
// Load subscriptions.
|
|
subscriptions, err := r.state.DB.GetWebPushSubscriptionsByAccountID(ctx, notification.TargetAccountID)
|
|
if err != nil {
|
|
return gtserror.Newf(
|
|
"error getting Web Push subscriptions for account %s: %w",
|
|
notification.TargetAccountID,
|
|
err,
|
|
)
|
|
}
|
|
|
|
// Subscriptions we're actually going to send to.
|
|
relevantSubscriptions := slices.DeleteFunc(
|
|
subscriptions,
|
|
func(subscription *gtsmodel.WebPushSubscription) bool {
|
|
// Remove subscriptions that don't want this type of notification.
|
|
return !subscription.NotificationFlags.Get(notification.NotificationType)
|
|
},
|
|
)
|
|
if len(relevantSubscriptions) == 0 {
|
|
return nil
|
|
}
|
|
|
|
// Get VAPID keys.
|
|
vapidKeyPair, err := r.state.DB.GetVAPIDKeyPair(ctx)
|
|
if err != nil {
|
|
return gtserror.Newf("error getting VAPID key pair: %w", err)
|
|
}
|
|
|
|
// Get contact email for this instance, if available.
|
|
domain := config.GetHost()
|
|
instance, err := r.state.DB.GetInstance(ctx, domain)
|
|
if err != nil {
|
|
return gtserror.Newf("error getting current instance: %w", err)
|
|
}
|
|
vapidSubjectEmail := instance.ContactEmail
|
|
if vapidSubjectEmail == "" {
|
|
// Instance contact email not configured. Use a dummy address.
|
|
vapidSubjectEmail = "admin@" + domain
|
|
}
|
|
|
|
// Get target account settings.
|
|
targetAccountSettings, err := r.state.DB.GetAccountSettings(ctx, notification.TargetAccountID)
|
|
if err != nil {
|
|
return gtserror.Newf("error getting settings for account %s: %w", notification.TargetAccountID, err)
|
|
}
|
|
|
|
// Get API representations of notification and accounts involved.
|
|
apiNotification, err := r.converter.NotificationToAPINotification(ctx, notification, filters, mutes)
|
|
if err != nil {
|
|
return gtserror.Newf("error converting notification %s to API representation: %w", notification.ID, err)
|
|
}
|
|
|
|
// Queue up a .Send() call for each relevant subscription.
|
|
for _, subscription := range relevantSubscriptions {
|
|
r.state.Workers.WebPush.Queue.Push(func(ctx context.Context) {
|
|
if err := r.sendToSubscription(
|
|
ctx,
|
|
vapidKeyPair,
|
|
vapidSubjectEmail,
|
|
targetAccountSettings,
|
|
subscription,
|
|
notification,
|
|
apiNotification,
|
|
); err != nil {
|
|
log.Errorf(
|
|
ctx,
|
|
"error sending Web Push notification for subscription with token ID %s: %v",
|
|
subscription.TokenID,
|
|
err,
|
|
)
|
|
}
|
|
})
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// sendToSubscription sends a notification to a single Web Push subscription.
|
|
func (r *realSender) sendToSubscription(
|
|
ctx context.Context,
|
|
vapidKeyPair *gtsmodel.VAPIDKeyPair,
|
|
vapidSubjectEmail string,
|
|
targetAccountSettings *gtsmodel.AccountSettings,
|
|
subscription *gtsmodel.WebPushSubscription,
|
|
notification *gtsmodel.Notification,
|
|
apiNotification *apimodel.Notification,
|
|
) error {
|
|
const (
|
|
// TTL is an arbitrary time to ask the Web Push server to store notifications
|
|
// while waiting for the client to retrieve them.
|
|
TTL = 48 * time.Hour
|
|
|
|
// responseBodyMaxLen limits how much of the Web Push server response we read for error messages.
|
|
responseBodyMaxLen = 1024
|
|
)
|
|
|
|
// Get the associated access token.
|
|
token, err := r.state.DB.GetTokenByID(ctx, subscription.TokenID)
|
|
if err != nil {
|
|
return gtserror.Newf("error getting token %s: %w", subscription.TokenID, err)
|
|
}
|
|
|
|
// Create push notification payload struct.
|
|
pushNotification := &apimodel.WebPushNotification{
|
|
NotificationID: apiNotification.ID,
|
|
NotificationType: apiNotification.Type,
|
|
Title: formatNotificationTitle(ctx, subscription, notification, apiNotification),
|
|
Body: formatNotificationBody(apiNotification),
|
|
Icon: apiNotification.Account.Avatar,
|
|
PreferredLocale: targetAccountSettings.Language,
|
|
AccessToken: token.Access,
|
|
}
|
|
|
|
// Encode the push notification as JSON.
|
|
pushNotificationBytes, err := json.Marshal(pushNotification)
|
|
if err != nil {
|
|
return gtserror.Newf("error encoding Web Push notification: %w", err)
|
|
}
|
|
|
|
// Send push notification.
|
|
resp, err := webpushgo.SendNotificationWithContext(
|
|
ctx,
|
|
pushNotificationBytes,
|
|
&webpushgo.Subscription{
|
|
Endpoint: subscription.Endpoint,
|
|
Keys: webpushgo.Keys{
|
|
Auth: subscription.Auth,
|
|
P256dh: subscription.P256dh,
|
|
},
|
|
},
|
|
&webpushgo.Options{
|
|
HTTPClient: r.httpClient,
|
|
Subscriber: vapidSubjectEmail,
|
|
VAPIDPublicKey: vapidKeyPair.Public,
|
|
VAPIDPrivateKey: vapidKeyPair.Private,
|
|
TTL: int(TTL.Seconds()),
|
|
},
|
|
)
|
|
if err != nil {
|
|
return gtserror.Newf("error sending Web Push notification: %w", err)
|
|
}
|
|
defer resp.Body.Close()
|
|
|
|
switch {
|
|
// All good, delivered.
|
|
case resp.StatusCode >= 200 && resp.StatusCode <= 299:
|
|
return nil
|
|
|
|
// Temporary outage or some other delivery issue.
|
|
case resp.StatusCode == http.StatusRequestTimeout ||
|
|
resp.StatusCode == http.StatusRequestEntityTooLarge ||
|
|
resp.StatusCode == http.StatusTooManyRequests ||
|
|
(resp.StatusCode >= 500 && resp.StatusCode <= 599):
|
|
|
|
// Try to get the response body.
|
|
bodyBytes, err := io.ReadAll(io.LimitReader(resp.Body, responseBodyMaxLen))
|
|
if err != nil {
|
|
return gtserror.Newf("error reading Web Push server response: %w", err)
|
|
}
|
|
|
|
// Return the error with its response body.
|
|
return gtserror.Newf(
|
|
"unexpected HTTP status %s received when sending Web Push notification: %s",
|
|
resp.Status,
|
|
string(bodyBytes),
|
|
)
|
|
|
|
// Some serious error that indicates auth problems, not a Web Push server, etc.
|
|
// We should not send any more notifications to this subscription. Try to delete it.
|
|
default:
|
|
err := r.state.DB.DeleteWebPushSubscriptionByTokenID(ctx, subscription.TokenID)
|
|
if err != nil {
|
|
return gtserror.Newf(
|
|
"received HTTP status %s but failed to delete subscription: %s",
|
|
resp.Status,
|
|
err,
|
|
)
|
|
}
|
|
|
|
log.Infof(
|
|
ctx,
|
|
"Deleted Web Push subscription with token ID %s because push server sent HTTP status %s",
|
|
subscription.TokenID, resp.Status,
|
|
)
|
|
return nil
|
|
}
|
|
}
|
|
|
|
// formatNotificationTitle creates a title for a Web Push notification from the notification type and account's name.
|
|
func formatNotificationTitle(
|
|
ctx context.Context,
|
|
subscription *gtsmodel.WebPushSubscription,
|
|
notification *gtsmodel.Notification,
|
|
apiNotification *apimodel.Notification,
|
|
) string {
|
|
displayNameOrAcct := apiNotification.Account.DisplayName
|
|
if displayNameOrAcct == "" {
|
|
displayNameOrAcct = apiNotification.Account.Acct
|
|
}
|
|
|
|
switch notification.NotificationType {
|
|
case gtsmodel.NotificationFollow:
|
|
return fmt.Sprintf("%s followed you", displayNameOrAcct)
|
|
case gtsmodel.NotificationFollowRequest:
|
|
return fmt.Sprintf("%s requested to follow you", displayNameOrAcct)
|
|
case gtsmodel.NotificationMention:
|
|
return fmt.Sprintf("%s mentioned you", displayNameOrAcct)
|
|
case gtsmodel.NotificationReblog:
|
|
return fmt.Sprintf("%s boosted your post", displayNameOrAcct)
|
|
case gtsmodel.NotificationFavourite:
|
|
return fmt.Sprintf("%s faved your post", displayNameOrAcct)
|
|
case gtsmodel.NotificationPoll:
|
|
if subscription.AccountID == notification.TargetAccountID {
|
|
return "Your poll has ended"
|
|
} else {
|
|
return fmt.Sprintf("%s's poll has ended", displayNameOrAcct)
|
|
}
|
|
case gtsmodel.NotificationStatus:
|
|
return fmt.Sprintf("%s posted", displayNameOrAcct)
|
|
case gtsmodel.NotificationAdminSignup:
|
|
return fmt.Sprintf("%s requested to sign up", displayNameOrAcct)
|
|
case gtsmodel.NotificationPendingFave:
|
|
return fmt.Sprintf("%s faved your post, which requires your approval", displayNameOrAcct)
|
|
case gtsmodel.NotificationPendingReply:
|
|
return fmt.Sprintf("%s mentioned you, which requires your approval", displayNameOrAcct)
|
|
case gtsmodel.NotificationPendingReblog:
|
|
return fmt.Sprintf("%s boosted your post, which requires your approval", displayNameOrAcct)
|
|
case gtsmodel.NotificationAdminReport:
|
|
return fmt.Sprintf("%s submitted a report", displayNameOrAcct)
|
|
case gtsmodel.NotificationUpdate:
|
|
return fmt.Sprintf("%s updated their post", displayNameOrAcct)
|
|
default:
|
|
log.Warnf(ctx, "Unknown notification type: %d", notification.NotificationType)
|
|
return fmt.Sprintf(
|
|
"%s did something (unknown notification type %d)",
|
|
displayNameOrAcct,
|
|
notification.NotificationType,
|
|
)
|
|
}
|
|
}
|
|
|
|
// formatNotificationBody creates a body for a Web Push notification,
|
|
// from the CW or beginning of the body text of the status, if there is one,
|
|
// or the beginning of the bio text of the related account.
|
|
func formatNotificationBody(apiNotification *apimodel.Notification) string {
|
|
// bodyMaxLen is a polite maximum length for a Web Push notification's body text, in bytes. Note that this isn't
|
|
// limited per se, but Web Push servers may reject anything with a total request body size over 4k.
|
|
const bodyMaxLen = 3000
|
|
|
|
var body string
|
|
if apiNotification.Status != nil {
|
|
if apiNotification.Status.SpoilerText != "" {
|
|
body = apiNotification.Status.SpoilerText
|
|
} else {
|
|
body = text.SanitizeToPlaintext(apiNotification.Status.Content)
|
|
}
|
|
} else {
|
|
body = text.SanitizeToPlaintext(apiNotification.Account.Note)
|
|
}
|
|
return firstNBytesTrimSpace(body, bodyMaxLen)
|
|
}
|
|
|
|
// firstNBytesTrimSpace returns the first N bytes of a string, trimming leading and trailing whitespace.
|
|
func firstNBytesTrimSpace(s string, n int) string {
|
|
return strings.TrimSpace(text.FirstNBytesByWords(strings.TrimSpace(s), n))
|
|
}
|
|
|
|
// gtsHTTPClientRoundTripper helps wrap a GtS HTTP client back into a regular HTTP client,
|
|
// so that webpush-go can use our IP filters, bad hosts list, and retries.
|
|
type gtsHTTPClientRoundTripper struct {
|
|
httpClient *httpclient.Client
|
|
}
|
|
|
|
func (r *gtsHTTPClientRoundTripper) RoundTrip(request *http.Request) (*http.Response, error) {
|
|
return r.httpClient.Do(request)
|
|
}
|