Merge pull request #183 from gauntface/vapid-chrome

Moving Chrome to using VAPID

Author: marco-c

README.md

@@ -23,7 +23,6 @@ Send a Push notification to an endpoint. *params* contains optional parameters:
 Note that, in order to encrypt the *payload*, *userPublicKey* and *userAuth* are required.
 
 The properties of the *vapid* objects are:
-- *audience*, the origin of the application server;
 - *subject*, a contact URI for the application server (either 'mailto:' or 'https:');
 - *privateKey*;
 - *publicKey*.

index.js

@@ -37,6 +37,46 @@ function generateVAPIDKeys() {
   };
 }
 
+function getVapidHeaders(vapid) {
+  if (!vapid.audience) {
+    throw new Error('No audience set in vapid.audience');
+  }
+
+  if (!vapid.subject) {
+    throw new Error('No subject set in vapid.subject');
+  }
+
+  if (!vapid.publicKey) {
+    throw new Error('No key set vapid.publicKey');
+  }
+
+  if (!vapid.privateKey) {
+    throw new Error('No key set in vapid.privateKey');
+  }
+
+  var header = {
+    typ: 'JWT',
+    alg: 'ES256'
+  };
+
+  var jwtPayload = {
+    aud: vapid.audience,
+    exp: Math.floor(Date.now() / 1000) + 86400,
+    sub: vapid.subject,
+  };
+
+  var jwt = jws.sign({
+    header: header,
+    payload: jwtPayload,
+    privateKey: toPEM(vapid.privateKey),
+  });
+
+  return {
+    Authorization: 'Bearer ' + jwt,
+    'Crypto-Key': 'p256ecdsa=' + urlBase64.encode(vapid.publicKey)
+  };
+}
+
 function WebPushError(message, statusCode, headers, body) {
   Error.captureStackTrace(this, this.constructor);
 
@@ -152,30 +192,15 @@ function sendNotification(endpoint, params) {
 
       if (vapid && !isGCM) {
         // VAPID isn't supported by GCM.
+        vapid.audience = urlParts.protocol + '//' + urlParts.hostname;
 
-        var header = {
-          typ: 'JWT',
-          alg: 'ES256'
-        };
-
-        var jwtPayload = {
-          aud: vapid.audience,
-          exp: Math.floor(Date.now() / 1000) + 86400,
-          sub: vapid.subject,
-        };
-
-        var jwt = jws.sign({
-          header: header,
-          payload: jwtPayload,
-          privateKey: toPEM(vapid.privateKey),
-        });
+        const vapidHeaders = getVapidHeaders(vapid);
 
-        options.headers['Authorization'] = 'Bearer ' + jwt;
-        var key = 'p256ecdsa=' + urlBase64.encode(vapid.publicKey);
+        options.headers['Authorization'] = vapidHeaders.Authorization;
         if (options.headers['Crypto-Key']) {
-          options.headers['Crypto-Key'] += ';' + key;
+          options.headers['Crypto-Key'] += ';' + vapidHeaders['Crypto-Key'];
         } else {
-          options.headers['Crypto-Key'] = key;
+          options.headers['Crypto-Key'] = vapidHeaders['Crypto-Key'];
         }
       }
 

test/data/demo/index.html

@@ -5,7 +5,22 @@
   <link rel="manifest" href="manifest.json">
 </head>
 <body>
+  <h1>Test Page</h1>
+
 <script type="text/javascript">
+function base64UrlToUint8Array(base64UrlData) {
+  const padding = '='.repeat((4 - base64UrlData.length % 4) % 4);
+  const base64 = (base64UrlData + padding)
+    .replace(/\-/g, '+')
+    .replace(/_/g, '/');
+  const rawData = atob(base64);
+  const buffer = new Uint8Array(rawData.length);
+  for (let i = 0; i < rawData.length; ++i) {
+    buffer[i] = rawData.charCodeAt(i);
+  }
+  return buffer;
+}
+
 (function() {
   if (!('serviceWorker' in navigator)) {
     return;
@@ -23,9 +38,21 @@
     }
     reg.active.postMessage('setup', [channel.port2]);
 
-    return reg.pushManager.subscribe({ userVisibleOnly: true });
+    var subscribeOptions = { userVisibleOnly: true };
+    // Figure out the vapid key
+    var searchParam = window.location.search;
+    vapidRegex = searchParam.match(/vapid=(.[^&]*)/);
+    if (vapidRegex) {
+      // Convert the base 64 encoded string
+      subscribeOptions.applicationServerKey = base64UrlToUint8Array(vapidRegex[1]);
+    }
+
+    console.log(subscribeOptions);
+
+    return reg.pushManager.subscribe(subscribeOptions);
   })
   .then(function(subscription) {
+    console.log(JSON.stringify(subscription));
     window.subscribeSuccess = true;
     window.testSubscription = JSON.stringify(subscription);
   })

test/helpers/create-server.js

@@ -16,7 +16,9 @@ function createServer(options, webPush) {
   var server = http.createServer(function(req, res) {
     try {
       if (req.method === 'GET') {
-        if (req.url === '/') {
+        // Ignore query parameters which are used to inject application keys
+        var urlParts = req.url.split('?');
+        if (urlParts[0] === '/') {
           req.url = '/index.html';
         }
 

test/testSelenium.js

@@ -7,6 +7,7 @@
     return;
   }
 
+  const urlBase64 = require('urlsafe-base64');
   const seleniumAssistant = require('selenium-assistant');
   const webdriver = require('selenium-webdriver');
   const seleniumFirefox = require('selenium-webdriver/firefox');
@@ -23,7 +24,6 @@
 
   const PUSH_TEST_TIMEOUT = 120 * 1000;
   const VAPID_PARAM = {
-    audience: 'https://www.mozilla.org/',
     subject: 'mailto:[email protected]',
     privateKey: new Buffer('H6tqEMswzHOFlPHFi2JPfDQRiKN32ZJIwvSPWZl1VTA=', 'base64'),
     publicKey: new Buffer('BIx6khu9Z/5lBwNEXYNEOQiL70IKYDpDxsTyoiCb82puQ/V4c/NFdyrBFpWdsz3mikmV6sWARNuhRbbbLTMOmB0=', 'base64'),
@@ -50,6 +50,7 @@
     .then(function(server) {
       globalServer = server;
       testServerURL = 'http://127.0.0.1:' + server.port;
+
       if (browser.getSeleniumBrowserId() === 'firefox') {
         // This is based off of: https://bugzilla.mozilla.org/show_bug.cgi?id=1275521
         // Unfortunately it doesn't seem to work :(
@@ -87,6 +88,11 @@
     })
     .then(function(driver) {
       globalDriver = driver;
+
+      if (options.vapid) {
+        testServerURL += '?vapid=' + urlBase64.encode(options.vapid.publicKey);
+      }
+
       // Tests will likely expect a native promise with then and catch
       // Not the web driver promise of then and thenCatch
       return new Promise(function(resolve, reject) {
@@ -128,6 +134,7 @@
         })
         .then(function(subscribeError) {
           if (subscribeError) {
+            console.log('subscribeError: ', subscribeError);
             throw subscribeError;
           }
 

test/testSendNotification.js

@@ -102,7 +102,7 @@ suite('sendNotification', function() {
             var decoded = jws.decode(jwt);
             assert.equal(decoded.header.typ, 'JWT');
             assert.equal(decoded.header.alg, 'ES256');
-            assert.equal(decoded.payload.aud, 'https://www.mozilla.org/');
+            assert.equal(decoded.payload.aud, 'https://127.0.0.1');
             assert(decoded.payload.exp > Date.now() / 1000);
             assert.equal(decoded.payload.sub, 'mailto:[email protected]');
           }
@@ -456,7 +456,6 @@ suite('sendNotification', function() {
         userAuth: urlBase64.encode(userAuth),
         payload: 'hello',
         vapid: {
-          audience: 'https://www.mozilla.org/',
           subject: 'mailto:[email protected]',
           privateKey: vapidKeys.privateKey,
           publicKey: vapidKeys.publicKey,
@@ -486,7 +485,6 @@ suite('sendNotification', function() {
     .then(function() {
       return webPush.sendNotification('https://android.googleapis.com/gcm/send/someSubscriptionID', {
         vapid: {
-          audience: 'https://www.mozilla.org/',
           subject: 'mailto:[email protected]',
           privateKey: vapidKeys.privateKey,
           publicKey: vapidKeys.publicKey,