web-push 1.0.0

data/spec/web_push/request_spec.rb

@@ -0,0 +1,162 @@
+require 'spec_helper'
+
+describe WebPush::Request do
+  describe '#headers' do
+    let(:request) { build_request }
+
+    it { expect(request.headers['Content-Type']).to eq('application/octet-stream') }
+    it { expect(request.headers['Ttl']).to eq('2419200') }
+    it { expect(request.headers['Urgency']).to eq('normal') }
+
+    describe 'from :message' do
+      it 'inserts encryption headers for valid payload' do
+        allow(WebPush::Encryption).to receive(:encrypt).and_return('encrypted')
+        request = build_request(message: 'Hello')
+
+        expect(request.headers['Content-Encoding']).to eq('aes128gcm')
+        expect(request.headers['Content-Length']).to eq('9')
+      end
+    end
+
+    describe 'from :api_key' do
+      def build_request_with_api_key(endpoint, options = {})
+        subscription = {
+          endpoint: endpoint,
+          keys: {
+            p256dh: 'p256dh',
+            auth: 'auth'
+          }
+        }
+        WebPush::Request.new(message: '', subscription: subscription, vapid: {}, **options)
+      end
+
+      it 'inserts Authorization header when api_key present, and endpoint is for Chrome\'s non-standards-compliant GCM endpoints' do
+        request = build_request_with_api_key('https://gcm-http.googleapis.com/gcm/xyz', api_key: 'api_key')
+
+        expect(request.headers['Authorization']).to eq('key=api_key')
+      end
+
+      it 'insert Authorization header for Chrome\'s new standards-compliant endpoints, even if api_key is present' do
+        request = build_request_with_api_key('https://fcm.googleapis.com/fcm/send/ABCD1234', api_key: 'api_key')
+
+        expect(request.headers['Authorization']).to eq('key=api_key')
+      end
+
+      it 'does not insert Authorization header when endpoint is not for Chrome, even if api_key is present' do
+        request = build_request_with_api_key('https://some.random.endpoint.com/xyz', api_key: 'api_key')
+
+        expect(request.headers['Authorization']).to be_nil
+      end
+
+      it 'does not insert Authorization header when api_key blank' do
+        request = build_request_with_api_key('endpoint', api_key: nil)
+
+        expect(request.headers['Authorization']).to be_nil
+
+        request = build_request_with_api_key('endpoint', api_key: '')
+
+        expect(request.headers['Authorization']).to be_nil
+
+        request = build_request_with_api_key('endpoint')
+
+        expect(request.headers['Authorization']).to be_nil
+      end
+    end
+
+    describe 'from :ttl' do
+      it 'can override Ttl with :ttl option with string' do
+        request = build_request(ttl: '300')
+
+        expect(request.headers['Ttl']).to eq('300')
+      end
+
+      it 'can override Ttl with :ttl option with fixnum' do
+        request = build_request(ttl: 60 * 5)
+
+        expect(request.headers['Ttl']).to eq('300')
+      end
+    end
+
+    describe 'from :urgency' do
+      it 'can override Urgency with :urgency option' do
+        request = build_request(urgency: 'high')
+
+        expect(request.headers['Urgency']).to eq('high')
+      end
+    end
+  end
+
+  describe '#build_vapid_header' do
+    it 'returns the VAPID header' do
+      time = Time.at(1_476_150_897)
+      jwt_payload = {
+        aud: 'https://fcm.googleapis.com',
+        exp: time.to_i + 24 * 60 * 60,
+        sub: 'mailto:sender@example.com'
+      }
+      jwt_header_fields = { "typ": "JWT", "alg": "ES256" }
+
+      vapid_key = WebPush::VapidKey.from_keys(vapid_public_key, vapid_private_key)
+      expect(Time).to receive(:now).and_return(time)
+      expect(WebPush::VapidKey).to receive(:from_keys).with(vapid_public_key, vapid_private_key).and_return(vapid_key)
+      expect(JWT).to receive(:encode).with(jwt_payload, vapid_key.curve, 'ES256', jwt_header_fields).and_return('jwt.encoded.payload')
+
+      request = build_request
+      header = request.build_vapid_header
+
+      expect(header).to eq("vapid t=jwt.encoded.payload,k=#{vapid_public_key.delete('=')}")
+    end
+
+    it 'supports PEM format' do
+      pem = WebPush::VapidKey.new.to_pem
+      expect(WebPush::VapidKey).to receive(:from_pem).with(pem).and_call_original
+      request = build_request(vapid: { subject: 'mailto:sender@example.com', pem: pem })
+      request.build_vapid_header
+    end
+  end
+
+  describe '#body' do
+    it 'is set to the payload if a message is provided' do
+      allow(WebPush::Encryption).to receive(:encrypt).and_return('encrypted')
+
+      request = build_request(message: 'Hello')
+
+      expect(request.body).to eq('encrypted')
+    end
+
+    it 'is empty string when no message is provided' do
+      request = build_request
+
+      expect(request.body).to eq('')
+    end
+  end
+
+  describe '#proxy_options' do
+    it 'returns an array of proxy options' do
+      request = build_request(proxy: 'http://user:password@proxy_addr:8080')
+
+      expect(request.proxy_options).to eq(['proxy_addr', 8080, 'user', 'password'])
+    end
+
+    it 'returns empty array' do
+      request = build_request
+
+      expect(request.proxy_options).to be_empty
+    end
+  end
+
+  def build_request(options = {})
+    subscription = {
+      endpoint: endpoint,
+      keys: {
+        p256dh: 'p256dh',
+        auth: 'auth'
+      }
+    }
+    WebPush::Request.new(message: '', subscription: subscription, vapid: vapid_options, **options)
+  end
+
+  def endpoint
+    'https://fcm.googleapis.com/gcm/send/subscription-id'
+  end
+end

data/spec/web_push/vapid_key_spec.rb

@@ -0,0 +1,66 @@
+require 'spec_helper'
+
+describe WebPush::VapidKey do
+  it 'generates an elliptic curve' do
+    key = WebPush::VapidKey.new
+    expect(key.curve).to be_a(OpenSSL::PKey::EC)
+    expect(key.curve_name).to eq('prime256v1')
+  end
+
+  it 'returns an encoded public key' do
+    key = WebPush::VapidKey.new
+
+    expect(Base64.urlsafe_decode64(key.public_key).bytesize).to eq(65)
+  end
+
+  it 'returns an encoded private key' do
+    key = WebPush::VapidKey.new
+
+    expect(Base64.urlsafe_decode64(key.private_key).bytesize).to eq(32)
+  end
+
+  it 'pretty prints encoded keys' do
+    key = WebPush::VapidKey.new
+    printed = key.inspect
+
+    expect(printed).to match(/public_key=#{key.public_key}/)
+    expect(printed).to match(/private_key=#{key.private_key}/)
+  end
+
+  it 'returns hash of public and private keys' do
+    key = WebPush::VapidKey.new
+    hash = key.to_h
+
+    expect(hash[:public_key]).to eq(key.public_key)
+    expect(hash[:private_key]).to eq(key.private_key)
+  end
+
+  it 'returns pem of public and private keys' do
+    key = WebPush::VapidKey.new
+    pem = key.to_pem
+
+    expect(pem).to include('-----BEGIN EC PRIVATE KEY-----')
+    expect(pem).to include('-----BEGIN PUBLIC KEY-----')
+  end
+
+  it 'imports pem of public and private keys' do
+    pem = WebPush::VapidKey.new.to_pem
+    key = WebPush::VapidKey.from_pem pem
+
+    expect(key.to_pem).to eq(pem)
+  end
+
+  describe 'self.from_keys' do
+    it 'returns an encoded public key' do
+      key = WebPush::VapidKey.from_keys(vapid_public_key, vapid_private_key)
+
+      expect(key.public_key).to eq(vapid_public_key)
+    end
+
+    it 'returns an encoded private key' do
+      key = WebPush::VapidKey.from_keys(vapid_public_key, vapid_private_key)
+
+      expect(key.private_key).to eq(vapid_private_key)
+    end
+  end
+end

data/spec/web_push_spec.rb

@@ -0,0 +1,253 @@
+require 'spec_helper'
+
+describe WebPush do
+  it 'has a version number' do
+    expect(WebPush::VERSION).not_to be nil
+  end
+
+  shared_examples 'web push protocol standard error handling' do
+    it 'raises InvalidSubscription if the API returns a 404 Error' do
+      stub_request(:post, expected_endpoint)
+        .to_return(status: 404, body: '', headers: {})
+      expect { subject }.to raise_error(WebPush::InvalidSubscription)
+    end
+
+    it 'raises ExpiredSubscription if the API returns a 410 Error' do
+      stub_request(:post, expected_endpoint)
+        .to_return(status: 410, body: '', headers: {})
+      expect { subject }.to raise_error(WebPush::ExpiredSubscription)
+    end
+
+    it 'raises Unauthorized if the API returns a 401 Error, a 403 Error or 400 with specific message' do
+      stub_request(:post, expected_endpoint)
+        .to_return(status: 401, body: '', headers: {})
+      expect { subject }.to raise_error(WebPush::Unauthorized)
+
+      stub_request(:post, expected_endpoint)
+        .to_return(status: 403, body: '', headers: {})
+      expect { subject }.to raise_error(WebPush::Unauthorized)
+
+      stub_request(:post, expected_endpoint)
+        .to_return(status: [400, 'UnauthorizedRegistration'], body: '', headers: {})
+      expect { subject }.to raise_error(WebPush::Unauthorized)
+    end
+
+    it 'raises PayloadTooLarge if the API returns a 413 Error' do
+      stub_request(:post, expected_endpoint)
+        .to_return(status: 413, body: '', headers: {})
+      expect { subject }.to raise_error(WebPush::PayloadTooLarge)
+    end
+
+    it 'raises TooManyRequests if the API returns a 429 Error' do
+      stub_request(:post, expected_endpoint)
+        .to_return(status: 429, body: '', headers: {})
+      expect { subject }.to raise_error(WebPush::TooManyRequests)
+    end
+
+    it 'raises PushServiceError if the API returns a 5xx Error' do
+      stub_request(:post, expected_endpoint)
+        .to_return(status: 500, body: '', headers: {})
+      expect { subject }.to raise_error(WebPush::PushServiceError)
+
+      stub_request(:post, expected_endpoint)
+        .to_return(status: 503, body: '', headers: {})
+      expect { subject }.to raise_error(WebPush::PushServiceError)
+    end
+
+    it 'raises ResponseError for unsuccessful status code by default' do
+      stub_request(:post, expected_endpoint)
+        .to_return(status: 401, body: '', headers: {})
+
+      expect { subject }.to raise_error(WebPush::ResponseError)
+    end
+
+    it 'supplies the original status code on the ResponseError' do
+      stub_request(:post, expected_endpoint)
+        .to_return(status: 401, body: 'Oh snap', headers: {})
+
+      expect { subject }.to raise_error { |error|
+        expect(error).to be_a(WebPush::ResponseError)
+        expect(error.response.code).to eq '401'
+        expect(error.response.body).to eq 'Oh snap'
+      }
+    end
+
+    it 'sets the error message to be the host + stringified response' do
+      stub_request(:post, expected_endpoint)
+        .to_return(status: 401, body: 'Oh snap', headers: {})
+
+      host = URI.parse(expected_endpoint).host
+
+      expect { subject }.to raise_error { |error|
+        expect(error.message).to eq(
+          "host: #{host}, #<Net::HTTPUnauthorized 401  readbody=true>\nbody:\nOh snap"
+        )
+      }
+    end
+
+    it 'raises exception on error by default' do
+      stub_request(:post, expected_endpoint).to_raise(StandardError)
+
+      expect { subject }.to raise_error(StandardError)
+    end
+  end
+
+  shared_examples 'request headers with VAPID' do
+    let(:message) { JSON.generate(body: 'body') }
+    let(:p256dh) { 'BN4GvZtEZiZuqFxSKVZfSfluwKBD7UxHNBmWkfiZfCtgDE8Bwh-_MtLXbBxTBAWH9r7IPKL0lhdcaqtL1dfxU5E=' }
+    let(:auth) { 'Q2BoAjC09xH3ywDLNJr-dA==' }
+    let(:payload) { "encrypted" }
+    let(:expected_body) { payload }
+    let(:expected_headers) do
+      {
+        'Accept' => '*/*',
+        'Accept-Encoding' => 'gzip;q=1.0,deflate;q=0.6,identity;q=0.3',
+        'Content-Encoding' => 'aes128gcm',
+        'Content-Type' => 'application/octet-stream',
+        'Ttl' => '2419200',
+        'Urgency' => 'normal',
+        'User-Agent' => 'Ruby'
+      }
+    end
+
+    let(:vapid_header) { "vapid t=jwt.encoded.payload,k=#{vapid_public_key.delete('=')}" }
+
+    before do
+      allow(WebPush::Encryption).to receive(:encrypt).and_return(payload)
+      allow(JWT).to receive(:encode).and_return('jwt.encoded.payload')
+    end
+
+    subject do
+      WebPush.payload_send(
+        message: message,
+        endpoint: endpoint,
+        p256dh: p256dh,
+        auth: auth,
+        vapid: vapid_options
+      )
+    end
+
+    it 'calls the relevant service with the correct headers' do
+      expect(WebPush::Encryption).to receive(:encrypt).and_return(payload)
+
+      expected_headers['Authorization'] = vapid_header
+
+      stub_request(:post, expected_endpoint)
+        .with(body: expected_body, headers: expected_headers)
+        .to_return(status: 201, body: '', headers: {})
+
+      result = subject
+
+      expect(result).to be_a(Net::HTTPCreated)
+      expect(result.code).to eql('201')
+    end
+
+    include_examples 'web push protocol standard error handling'
+
+    it 'message is optional' do
+      expect(WebPush::Encryption).to_not receive(:encrypt)
+
+      expected_headers.delete('Crypto-Key')
+      expected_headers.delete('Content-Encoding')
+      expected_headers.delete('Encryption')
+
+      stub_request(:post, expected_endpoint)
+        .with(body: nil, headers: expected_headers)
+        .to_return(status: 201, body: '', headers: {})
+
+      WebPush.payload_send(endpoint: endpoint)
+    end
+
+    it 'vapid options are optional' do
+      expect(WebPush::Encryption).to receive(:encrypt).and_return(payload)
+
+      expected_headers.delete('Crypto-Key')
+      expected_headers.delete('Authorization')
+
+      stub_request(:post, expected_endpoint)
+        .with(body: expected_body, headers: expected_headers)
+        .to_return(status: 201, body: '', headers: {})
+
+      result = WebPush.payload_send(
+        message: message,
+        endpoint: endpoint,
+        p256dh: p256dh,
+        auth: auth
+      )
+
+      expect(result).to be_a(Net::HTTPCreated)
+      expect(result.code).to eql('201')
+    end
+  end
+
+  context 'chrome FCM endpoint' do
+    let(:endpoint) { 'https://fcm.googleapis.com/gcm/send/subscription-id' }
+    let(:expected_endpoint) { endpoint }
+
+    include_examples 'request headers with VAPID'
+  end
+
+  context 'firefox endpoint' do
+    let(:endpoint) { 'https://updates.push.services.mozilla.com/push/v1/subscription-id' }
+    let(:expected_endpoint) { endpoint }
+
+    include_examples 'request headers with VAPID'
+  end
+
+  context 'chrome GCM endpoint: request headers with GCM api key' do
+    let(:endpoint) { 'https://android.googleapis.com/gcm/send/subscription-id' }
+    let(:expected_endpoint) { 'https://fcm.googleapis.com/fcm/subscription-id' }
+
+    let(:message) { JSON.generate(body: 'body') }
+    let(:p256dh) { 'BN4GvZtEZiZuqFxSKVZfSfluwKBD7UxHNBmWkfiZfCtgDE8Bwh-_MtLXbBxTBAWH9r7IPKL0lhdcaqtL1dfxU5E=' }
+    let(:auth) { 'Q2BoAjC09xH3ywDLNJr-dA==' }
+    let(:payload) { "encrypted" }
+    let(:expected_body) { payload }
+    let(:expected_headers) do
+      {
+        'Accept' => '*/*',
+        'Accept-Encoding' => 'gzip;q=1.0,deflate;q=0.6,identity;q=0.3',
+        'Content-Encoding' => 'aes128gcm',
+        'Content-Type' => 'application/octet-stream',
+        'Ttl' => '2419200',
+        'Urgency' => 'normal',
+        'User-Agent' => 'Ruby'
+      }
+    end
+
+    let(:subscription) {}
+
+    before do
+      allow(WebPush::Encryption).to receive(:encrypt).and_return(payload)
+    end
+
+    subject { WebPush.payload_send(message: message, endpoint: endpoint, p256dh: p256dh, auth: auth, api_key: 'GCM_API_KEY') }
+
+    it 'calls the relevant service with the correct headers' do
+      expect(WebPush::Encryption).to receive(:encrypt).and_return(payload)
+
+      stub_request(:post, expected_endpoint)
+        .with(body: expected_body, headers: expected_headers)
+        .to_return(status: 201, body: '', headers: {})
+
+      result = subject
+
+      expect(result).to be_a(Net::HTTPCreated)
+      expect(result.code).to eql('201')
+    end
+
+    include_examples 'web push protocol standard error handling'
+
+    it 'message and encryption keys are optional' do
+      expect(WebPush::Encryption).to_not receive(:encrypt)
+
+      expected_headers.delete('Content-Encoding')
+
+      stub_request(:post, expected_endpoint)
+        .with(body: nil, headers: expected_headers)
+        .to_return(status: 201, body: '', headers: {})
+
+      WebPush.payload_send(endpoint: endpoint, api_key: 'GCM_API_KEY')
+    end
+  end
+end

data/web-push.gemspec

@@ -0,0 +1,25 @@
+require_relative 'lib/web_push/version'
+
+Gem::Specification.new do |spec|
+  spec.name = 'web-push'
+  spec.version = WebPush::VERSION
+  spec.authors = ['zaru', 'collimarco']
+  spec.email = ['support@pushpad.xyz']
+
+  spec.summary = 'Web Push library for Ruby (RFC8030)'
+  spec.homepage = 'https://github.com/pushpad/web-push'
+
+  spec.files = `git ls-files`.split("\n")
+
+  spec.required_ruby_version = '>= 2.2'
+
+  spec.add_dependency 'hkdf', '~> 0.2'
+  spec.add_dependency 'jwt', '~> 2.0'
+
+  spec.add_development_dependency 'bundler', '>= 1.17.3'
+  spec.add_development_dependency 'pry'
+  spec.add_development_dependency 'rake', '>= 10.0'
+  spec.add_development_dependency 'rspec', '~> 3.0'
+  spec.add_development_dependency 'simplecov'
+  spec.add_development_dependency 'webmock', '~> 3.0'
+end

metadata

@@ -0,0 +1,183 @@
+--- !ruby/object:Gem::Specification
+name: web-push
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- zaru
+- collimarco
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2022-11-26 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: hkdf
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.2'
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.17.3
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.17.3
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+description:
+email:
+- support@pushpad.xyz
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".rubocop.yml"
+- ".travis.yml"
+- CHANGELOG.md
+- Gemfile
+- LICENSE
+- README.md
+- Rakefile
+- bin/console
+- bin/rake
+- bin/rspec
+- bin/setup
+- lib/tasks/web_push.rake
+- lib/web-push.rb
+- lib/web_push.rb
+- lib/web_push/encryption.rb
+- lib/web_push/errors.rb
+- lib/web_push/railtie.rb
+- lib/web_push/request.rb
+- lib/web_push/vapid_key.rb
+- lib/web_push/version.rb
+- spec/spec_helper.rb
+- spec/web_push/encryption_spec.rb
+- spec/web_push/request_spec.rb
+- spec/web_push/vapid_key_spec.rb
+- spec/web_push_spec.rb
+- web-push.gemspec
+homepage: https://github.com/pushpad/web-push
+licenses: []
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '2.2'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.0.3.1
+signing_key:
+specification_version: 4
+summary: Web Push library for Ruby (RFC8030)
+test_files: []