RubyGems - webpush - Versions diffs - 0.3.0 → 0.3.1 - Mend

webpush 0.3.0 → 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: ef85cc1d7d9a39a57426c5d1d20b89c0c5069407
-  data.tar.gz: 5b964e6fb1bec69c5bb3f331d139ab4b848d063e
+  metadata.gz: 18e5c11503abaf7212ca277dd336ae64dfede00f
+  data.tar.gz: 10fc83dcbc3f7deb76c1a53e76e031b68aac989c
 SHA512:
-  metadata.gz: ca808369991e12634181e0a748ea1c3f8a918ec370f14f7709820a9004305c041dab21b571d610d3db71fdd4ac382f2166641f1375ca345b267db134fbb351be
-  data.tar.gz: 0e95d566e542ce200ee670c12a932d8de8b76f69df13115785fc59d10a8b897df9734b48382656ac97263cbbea23003e92bb4df00fe55e2f214af88964743ae1
+  metadata.gz: f8a099a95fc658ccc3fa5c84b75e142c65e5b0f34f81c78955c1116b4b6f6c8f83d961c288cacf90b40a7fe0aa6902a235e01af2d3d4f8352b94e97e66f32feb
+  data.tar.gz: e468dd4c140e9e925979e20d27add5c1c74d5e6c49ecbf6ac24260147fc0ceb2a92ec636e6d6905a45fca801851620b5328992c52dca0faaf2a89e833ace9d62

data/.travis.yml CHANGED

@@ -1,5 +1,6 @@
 language: ruby
 rvm:
+  - 2.2.5
   - 2.3.0
 before_install: gem install bundler -v 1.11.2
 script: "bundle exec rake spec"

data/README.md CHANGED

@@ -30,7 +30,7 @@ Sending a web push message to a visitor of your website requires a number of ste
 1. Your server has (optionally) generated (one-time) a set of [Voluntary Application server Identification (VAPID)](https://tools.ietf.org/html/draft-ietf-webpush-vapid-01) keys.
 2. To send messages through Chrome, you have registered your site through the [Google Developer Console](https://console.developers.google.com/) and have obtained a GCM sender id. For using Google's deprecated GCM protocol instead of VAPID, a separate GCM API key from your app settings would also be necessary.
-3. A 'manifest.json' file, linked from your user's page, identifies your app settings, including the GCM sender ID.
+3. A `manifest.json` file, linked from your user's page, identifies your app settings, including the GCM sender ID.
 5. Also in the user's web browser, a `serviceWorker` is installed and activated and its `pushManager` property is subscribed to push events with your VAPID public key, with creates a `subscription` JSON object on the client side.
 6. Your server uses the `webpush` gem to send a notification with the `subscription` obtained from the client and an optional payload (the message).
 7. Your service worker is set up to receive `'push'` events. To trigger a desktop notification, the user has accepted the prompt to receive notifications from your site.
@@ -75,9 +75,9 @@ Your application javascript must register a service worker script at an appropri
 // Register the serviceWorker script at /serviceworker.js from your server if supported
 if (navigator.serviceWorker) {
   navigator.serviceWorker.register('/serviceworker.js')
-    .then(function(reg) {
-       console.log('Service worker change, registered the service worker');
-    });
+  .then(function(reg) {
+     console.log('Service worker change, registered the service worker');
+  });
 }
 // Otherwise, no push notifications :(
 else {
@@ -87,13 +87,15 @@ else {
 ### Subscribing to push notifications
+#### With VAPID
 The VAPID public key you generated earlier is made available to the client as a `UInt8Array`. To do this, one way would be to expose the urlsafe-decoded bytes from Ruby to JavaScript when rendering the HTML template. (Global variables used here for simplicity).
 ```javascript
 window.vapidPublicKey = new Uint8Array(<%= Base64.urlsafe_decode64(ENV['VAPID_PUBLIC_KEY']).bytes %>);
 ```
-Your application javascript would then use the `navigator.serviceWorker.pushManager` to subscribe to push notifications, passing the VAPID public key to the subscription settings.
+Your application javascript uses the `navigator.serviceWorker.pushManager` to subscribe to push notifications, passing the VAPID public key to the subscription settings.
 ```javascript
 // application.js
@@ -108,9 +110,21 @@ navigator.serviceWorker.ready.then((serviceWorkerRegistration) => {
 });
 ```
-Note: If you will not be sending VAPID details, then there is no need generate VAPID
-keys, and the `applicationServerKey` parameter may be omitted from the
-`pushManager.subscribe` call.
+#### Without VAPID
+If you will not be sending VAPID details, then there is no need generate VAPID keys, and the `applicationServerKey` parameter may be omitted from the `pushManager.subscribe` call.
+```javascript
+// application.js
+// When serviceWorker is supported, installed, and activated,
+// subscribe the pushManager property with the vapidPublicKey
+navigator.serviceWorker.ready.then((serviceWorkerRegistration) => {
+  serviceWorkerRegistration.pushManager
+  .subscribe({
+    userVisibleOnly: true
+  });
+});
+```
 ### Triggering a web push notification
@@ -156,7 +170,7 @@ generated without the `applicationServerKey` parameter described earlier.
 ### Receiving the push event
-Your `/serviceworker.js` script can respond to `'push'` events. One action it can take is to trigger  desktop notifications by calling `showNotification` on the `registration` property.
+Your `/serviceworker.js` script may respond to `'push'` events. One action it can take is to trigger desktop notifications by calling `showNotification` on the `registration` property.
 ```javascript
 // serviceworker.js
@@ -222,11 +236,6 @@ Webpush.payload_send(
   p256dh: "BO/aG9nYXNkZmFkc2ZmZHNmYWRzZmFl...",
   auth: "aW1hcmthcmFpa3V6ZQ==",
   ttl: 600 #optional, ttl in seconds, defaults to 2419200 (4 weeks),
-  vapid: {
-    subject: "mailto:sender@example.com",
-    public_key: ENV['VAPID_PUBLIC_KEY'],
-    private_key: ENV['VAPID_PRIVATE_KEY']
-  }
 )
 ```
@@ -235,10 +244,29 @@ Webpush.payload_send(
 ```ruby
 Webpush.payload_send(
   endpoint: "https://fcm.googleapis.com/gcm/send/eah7hak....",
-  ttl: 600 #optional, ttl in seconds, defaults to 2419200 (4 weeks)
+  p256dh: "BO/aG9nYXNkZmFkc2ZmZHNmYWRzZmFl...",
+  auth: "aW1hcmthcmFpa3V6ZQ=="
 )
 ```
+### With VAPID
+VAPID details are given as a hash with `:subject`, `:public_key`, and
+`:private_key`. The `:subject` is a contact URI for the application server as either a "mailto:" or an "https:" address. The `:public_key` and `:private_key` should be passed as the base64-encoded values generated with `Webpush.generate_key`.
+```ruby
+Webpush.payload_send(
+  endpoint: "https://fcm.googleapis.com/gcm/send/eah7hak....",
+  message: "A message",
+  p256dh: "BO/aG9nYXNkZmFkc2ZmZHNmYWRzZmFl...",
+  auth: "aW1hcmthcmFpa3V6ZQ==",
+  vapid: {
+    subject: "mailto:sender@example.com"
+    public_key: ENV['VAPID_PUBLIC_KEY'],
+    private_key: ENV['VAPID_PRIVATE_KEY']
+  }
+)
 ### ServiceWorker sample
 see. https://github.com/zaru/web-push-sample

data/lib/webpush.rb CHANGED

@@ -47,5 +47,19 @@ module Webpush
     def generate_key
       VapidKey.new
     end
+    def encode64(bytes)
+      Base64.urlsafe_encode64(bytes)
+    end
+    def decode64(str)
+      # For Ruby < 2.3, Base64.urlsafe_decode64 strict decodes and will raise errors if encoded value is not properly padded
+      # Implementation: http://ruby-doc.org/stdlib-2.3.0/libdoc/base64/rdoc/Base64.html#method-i-urlsafe_decode64
+      if !str.end_with?("=") && str.length % 4 != 0
+        str = str.ljust((str.length + 3) & ~3, "=")
+      end
+      Base64.urlsafe_decode64(str)
+    end
   end
 end

data/lib/webpush/encryption.rb CHANGED

@@ -13,12 +13,12 @@ module Webpush
       server_public_key_bn = server.public_key.to_bn
       group = OpenSSL::PKey::EC::Group.new(group_name)
-      client_public_key_bn = OpenSSL::BN.new(Base64.urlsafe_decode64(p256dh), 2)
+      client_public_key_bn = OpenSSL::BN.new(Webpush.decode64(p256dh), 2)
       client_public_key = OpenSSL::PKey::EC::Point.new(group, client_public_key_bn)
       shared_secret = server.dh_compute_key(client_public_key)
-      client_auth_token = Base64.urlsafe_decode64(auth)
+      client_auth_token = Webpush.decode64(auth)
       prk = HKDF.new(shared_secret, salt: client_auth_token, algorithm: 'SHA256', info: "Content-Encoding: auth\0").next_bytes(32)

data/lib/webpush/request.rb CHANGED

@@ -144,7 +144,7 @@ module Webpush
     end
     def trim_encode64(bin)
-      Base64.urlsafe_encode64(bin).delete('=')
+      Webpush.encode64(bin).delete('=')
     end
   end
 end

data/lib/webpush/vapid_key.rb CHANGED

@@ -30,7 +30,7 @@ module Webpush
     # Convenience
     # @return base64 urlsafe-encoded binary representaion of 32-byte VAPID private key
     def private_key
-      Base64.urlsafe_encode64(curve.private_key.to_s(2))
+      Webpush.encode64(curve.private_key.to_s(2))
     end
     def public_key=(key)
@@ -61,11 +61,11 @@ module Webpush
     private
     def to_big_num(key)
-      OpenSSL::BN.new(Base64.urlsafe_decode64(key), 2)
+      OpenSSL::BN.new(Webpush.decode64(key), 2)
     end
     def encode64(bin)
-      Base64.urlsafe_encode64(bin)
+      Webpush.encode64(bin)
     end
     def trim_encode64(bin)

data/lib/webpush/version.rb CHANGED

@@ -1,3 +1,3 @@
 module Webpush
-  VERSION = "0.3.0"
+  VERSION = "0.3.1"
 end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: webpush
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.3.1
 platform: ruby
 authors:
 - zaru@sakuraba
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2016-10-14 00:00:00.000000000 Z
+date: 2016-10-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: hkdf