feat: Implement VAPID key generation and configuration for Web Push notifications

Author: dev-bre

cmd/generate-vapid-keys/main.go

@@ -0,0 +1,26 @@
+package main
+
+import (
+	"fmt"
+	"log"
+
+	"trakrlog/internal/auth"
+)
+
+func main() {
+	// Generate VAPID keys
+	keys, err := auth.GenerateVAPIDKeys()
+	if err != nil {
+		log.Fatalf("Failed to generate VAPID keys: %v", err)
+	}
+
+	fmt.Println("=== VAPID Keys Generated ===")
+	fmt.Println("\nAdd these to your environment variables (.env file):")
+	fmt.Println()
+	fmt.Printf("VAPID_PUBLIC_KEY=%s\n", keys.PublicKey)
+	fmt.Printf("VAPID_PRIVATE_KEY=%s\n", keys.PrivateKey)
+	fmt.Printf("VAPID_SUBJECT=mailto:[email protected]\n")
+	fmt.Println()
+	fmt.Println("Note: Replace '[email protected]' with your actual email or website URL")
+	fmt.Println("Example: mailto:[email protected] or https://trakrlog.com")
+}

go.mod

@@ -5,6 +5,7 @@ go 1.25.4
 require (
 	github.com/gin-contrib/cors v1.7.6
 	github.com/gin-gonic/gin v1.11.0
+	github.com/gorilla/sessions v1.1.1
 	github.com/joho/godotenv v1.5.1
 	github.com/testcontainers/testcontainers-go v0.40.0
 	github.com/testcontainers/testcontainers-go/modules/mongodb v0.40.0
@@ -17,7 +18,6 @@ require (
 	github.com/gorilla/context v1.1.1 // indirect
 	github.com/gorilla/mux v1.6.2 // indirect
 	github.com/gorilla/securecookie v1.1.1 // indirect
-	github.com/gorilla/sessions v1.1.1 // indirect
 	golang.org/x/oauth2 v0.33.0 // indirect
 )
 
@@ -44,7 +44,7 @@ require (
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/gabriel-vasile/mimetype v1.4.11 // indirect
 	github.com/gin-contrib/sse v1.1.0 // indirect
-	github.com/gin-contrib/static v1.1.5 // indirect
+	github.com/gin-contrib/static v1.1.5
 	github.com/go-logr/logr v1.4.3 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-ole/go-ole v1.2.6 // indirect
@@ -54,7 +54,7 @@ require (
 	github.com/goccy/go-json v0.10.5 // indirect
 	github.com/goccy/go-yaml v1.18.0 // indirect
 	github.com/golang/snappy v1.0.0 // indirect
-	github.com/google/uuid v1.6.0 // indirect
+	github.com/google/uuid v1.6.0
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.3 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/klauspost/compress v1.18.0 // indirect
@@ -85,7 +85,7 @@ require (
 	github.com/quic-go/quic-go v0.57.1 // indirect
 	github.com/shirou/gopsutil/v4 v4.25.6 // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
-	github.com/stretchr/testify v1.11.1 // indirect
+	github.com/stretchr/testify v1.11.1
 	github.com/tklauser/go-sysconf v0.3.12 // indirect
 	github.com/tklauser/numcpus v0.6.1 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect

go.sum

@@ -235,8 +235,6 @@ golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY=
 golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU=
-golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI=
-golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU=
 golang.org/x/oauth2 v0.33.0 h1:4Q+qn+E5z8gPRJfmRy7C2gGG3T4jIprK6aSYgTXGRpo=
 golang.org/x/oauth2 v0.33.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=

internal/auth/vapid.go

@@ -0,0 +1,77 @@
+package auth
+
+import (
+	"crypto/ecdsa"
+	"crypto/elliptic"
+	"crypto/rand"
+	"encoding/base64"
+	"fmt"
+	"math/big"
+)
+
+// VapidKeys represents a VAPID public/private key pair
+type VapidKeys struct {
+	PublicKey  string
+	PrivateKey string
+}
+
+// GenerateVAPIDKeys generates a new VAPID key pair for Web Push notifications
+// This should be run once during initial setup and the keys stored securely
+func GenerateVAPIDKeys() (*VapidKeys, error) {
+	// Generate P-256 elliptic curve private key
+	privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+	if err != nil {
+		return nil, fmt.Errorf("failed to generate private key: %w", err)
+	}
+
+	// Encode private key to base64 URL-safe format
+	privateKeyBytes := privateKey.D.Bytes()
+	// Ensure the key is 32 bytes (pad with zeros if needed)
+	if len(privateKeyBytes) < 32 {
+		paddedKey := make([]byte, 32)
+		copy(paddedKey[32-len(privateKeyBytes):], privateKeyBytes)
+		privateKeyBytes = paddedKey
+	}
+	privateKeyEncoded := base64.RawURLEncoding.EncodeToString(privateKeyBytes)
+
+	// Encode public key to base64 URL-safe format (uncompressed format)
+	// First byte is 0x04 (indicating uncompressed point), followed by X and Y coordinates
+	publicKeyBytes := make([]byte, 65)
+	publicKeyBytes[0] = 0x04
+	
+	xBytes := privateKey.PublicKey.X.Bytes()
+	yBytes := privateKey.PublicKey.Y.Bytes()
+	
+	// Ensure X and Y are 32 bytes each (pad with zeros if needed)
+	copy(publicKeyBytes[1+32-len(xBytes):33], xBytes)
+	copy(publicKeyBytes[33+32-len(yBytes):65], yBytes)
+	
+	publicKeyEncoded := base64.RawURLEncoding.EncodeToString(publicKeyBytes)
+
+	return &VapidKeys{
+		PublicKey:  publicKeyEncoded,
+		PrivateKey: privateKeyEncoded,
+	}, nil
+}
+
+// ParseVAPIDPrivateKey parses a base64-encoded VAPID private key into an ECDSA private key
+func ParseVAPIDPrivateKey(encodedKey string) (*ecdsa.PrivateKey, error) {
+	// Decode the base64 URL-safe encoded private key
+	privateKeyBytes, err := base64.RawURLEncoding.DecodeString(encodedKey)
+	if err != nil {
+		return nil, fmt.Errorf("failed to decode private key: %w", err)
+	}
+
+	// Convert bytes to big.Int
+	d := new(big.Int).SetBytes(privateKeyBytes)
+
+	// Create the private key
+	privateKey := new(ecdsa.PrivateKey)
+	privateKey.PublicKey.Curve = elliptic.P256()
+	privateKey.D = d
+
+	// Calculate the public key from the private key
+	privateKey.PublicKey.X, privateKey.PublicKey.Y = privateKey.PublicKey.Curve.ScalarBaseMult(d.Bytes())
+
+	return privateKey, nil
+}

internal/repository/notification_test.go

@@ -17,22 +17,22 @@ import (
 // Helper function to setup test database
 func setupTestDB(t *testing.T) *mongo.Database {
 	ctx := context.Background()
-	
+
 	// Connect to test MongoDB instance
 	client, err := mongo.Connect(ctx, options.Client().ApplyURI("mongodb://localhost:27017"))
 	require.NoError(t, err)
-	
+
 	// Use a test database
 	db := client.Database("trakrlog_test")
-	
+
 	// Clean up function
 	t.Cleanup(func() {
 		err := db.Drop(ctx)
 		assert.NoError(t, err)
 		err = client.Disconnect(ctx)
 		assert.NoError(t, err)
 	})
-	
+
 	return db
 }
 

internal/server/server.go

@@ -22,6 +22,7 @@ type Server struct {
 	projectService *service.ProjectService
 	channelService *service.ChannelService
 	eventService   *service.EventService
+	vapidConfig    *VapidConfig
 }
 
 func New() *http.Server {
@@ -33,6 +34,9 @@ func New() *http.Server {
 	port, _ := strconv.Atoi(os.Getenv("PORT"))
 	log.Printf("[⚡️ Server]: Starting server on port %d\n", port)
 
+	// Load VAPID configuration
+	vapidConfig := LoadVapidConfig()
+
 	// Initialize database
 	db := database.New()
 
@@ -55,6 +59,7 @@ func New() *http.Server {
 		projectService: projectService,
 		channelService: channelService,
 		eventService:   eventService,
+		vapidConfig:    vapidConfig,
 	}
 
 	// Declare Server config

internal/server/vapid.go

@@ -0,0 +1,37 @@
+package server
+
+import (
+	"log"
+	"os"
+)
+
+// VapidConfig holds the VAPID configuration for Web Push notifications
+type VapidConfig struct {
+	PublicKey  string
+	PrivateKey string
+	Subject    string
+}
+
+// LoadVapidConfig loads VAPID configuration from environment variables
+func LoadVapidConfig() *VapidConfig {
+	config := &VapidConfig{
+		PublicKey:  os.Getenv("VAPID_PUBLIC_KEY"),
+		PrivateKey: os.Getenv("VAPID_PRIVATE_KEY"),
+		Subject:    os.Getenv("VAPID_SUBJECT"),
+	}
+
+	// Validate VAPID configuration
+	if config.PublicKey == "" || config.PrivateKey == "" || config.Subject == "" {
+		log.Println("Warning: VAPID configuration incomplete. Push notifications will not be available.")
+		log.Println("Run 'go run cmd/generate-vapid-keys/main.go' to generate VAPID keys.")
+		return config
+	}
+
+	log.Println("[⚡️ Server]: VAPID configuration loaded successfully")
+	return config
+}
+
+// IsValid returns whether the VAPID configuration is complete and valid
+func (c *VapidConfig) IsValid() bool {
+	return c.PublicKey != "" && c.PrivateKey != "" && c.Subject != ""
+}