webpush 0.3.1 → 0.3.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 18e5c11503abaf7212ca277dd336ae64dfede00f
-  data.tar.gz: 10fc83dcbc3f7deb76c1a53e76e031b68aac989c
+  metadata.gz: 94a1cc5374ad048519b130a97e805a863f682636
+  data.tar.gz: 43fda03427649b0fe51fd091859fe6cb32a9104a
 SHA512:
-  metadata.gz: f8a099a95fc658ccc3fa5c84b75e142c65e5b0f34f81c78955c1116b4b6f6c8f83d961c288cacf90b40a7fe0aa6902a235e01af2d3d4f8352b94e97e66f32feb
-  data.tar.gz: e468dd4c140e9e925979e20d27add5c1c74d5e6c49ecbf6ac24260147fc0ceb2a92ec636e6d6905a45fca801851620b5328992c52dca0faaf2a89e833ace9d62
+  metadata.gz: 8e0efe569336570bce2edaf163f22d7fcfb7cfa3dcf6583297d062971d0ea338e58f1545a003f6cabea25243a739d61efa1c129db0d67ab07ec1908f9b612f1f
+  data.tar.gz: edbd2f55346dd918927ee512a4d8097641f934abc4df89f2598ee655650ccefe30eefda863207b319f574f0f7e441af36791b265023757c44fe424ce47f3111f

data/README.md

@@ -28,12 +28,11 @@ Or install it yourself as:
 
 Sending a web push message to a visitor of your website requires a number of steps:
 
-1. Your server has (optionally) generated (one-time) a set of [Voluntary Application server Identification (VAPID)](https://tools.ietf.org/html/draft-ietf-webpush-vapid-01) keys.
-2. To send messages through Chrome, you have registered your site through the [Google Developer Console](https://console.developers.google.com/) and have obtained a GCM sender id. For using Google's deprecated GCM protocol instead of VAPID, a separate GCM API key from your app settings would also be necessary.
-3. A `manifest.json` file, linked from your user's page, identifies your app settings, including the GCM sender ID.
-5. Also in the user's web browser, a `serviceWorker` is installed and activated and its `pushManager` property is subscribed to push events with your VAPID public key, with creates a `subscription` JSON object on the client side.
-6. Your server uses the `webpush` gem to send a notification with the `subscription` obtained from the client and an optional payload (the message).
-7. Your service worker is set up to receive `'push'` events. To trigger a desktop notification, the user has accepted the prompt to receive notifications from your site.
+1. Your server has (optionally) generated (one-time) a set of [Voluntary Application server Identification (VAPID)](https://tools.ietf.org/html/draft-ietf-webpush-vapid-01) keys. Otherwise, to send messages through Chrome, you have registered your site through the [Google Developer Console](https://console.developers.google.com/) and have obtained a GCM sender id and GCM API key from your app settings.
+2. A `manifest.json` file, linked from your user's page, identifies your app settings.
+3. Also in the user's web browser, a `serviceWorker` is installed and activated and its `pushManager` property is subscribed to push events with your VAPID public key, with creates a `subscription` JSON object on the client side.
+4. Your server uses the `webpush` gem to send a notification with the `subscription` obtained from the client and an optional payload (the message).
+5. Your service worker is set up to receive `'push'` events. To trigger a desktop notification, the user has accepted the prompt to receive notifications from your site.
 
 ### Generating VAPID keys
 
@@ -50,7 +49,14 @@ vapid_key.private_key
 
 ### Declaring manifest.json
 
-For Chrome web push, add the GCM sender id to a `manifest.json` file served at the scope of your app (or above), like at the root.
+Check out the [Web Manifest docs](https://developer.mozilla.org/en-US/docs/Web/Manifest) for details on what to include in your `manifest.json` file. If using VAPID, no app credentials are needed.
+
+```javascript
+{
+  "name": "My Website"
+}
+```
+For Chrome web push, add the GCM sender id to a `manifest.json`.
 
 ```javascript
 {
@@ -59,7 +65,7 @@ For Chrome web push, add the GCM sender id to a `manifest.json` file served at t
 }
 ```
 
-And link to it somewhere in the `<head>` tag:
+The file is served within the scope of your service worker script, like at the root, and link to it somewhere in the `<head>` tag:
 
 ```html
 <!-- index.html -->
@@ -141,6 +147,7 @@ $(".webpush-button").on("click", (e) => {
     .then((subscription) => {
       $.post("/push", { subscription: subscription.toJSON(), message: "You clicked a button!" });
     });
+  });
 });
 ```
 
@@ -152,10 +159,10 @@ Imagine a Ruby app endpoint that responds to the request by triggering notificat
 # the message, subscription values, and vapid options
 post "/push" do
   Webpush.payload_send(
-    message: params[:message]
+    message: params[:message],
     endpoint: params[:subscription][:endpoint],
     p256dh: params[:subscription][:keys][:p256dh],
-    auth: params[:subscription][:keys][:p256dh],
+    auth: params[:subscription][:keys][:auth],
     vapid: {
       subject: "mailto:sender@example.com",
       public_key: ENV['VAPID_PUBLIC_KEY'],
@@ -166,7 +173,9 @@ end
 ```
 
 Note: the VAPID options should be omitted if the client-side subscription was
-generated without the `applicationServerKey` parameter described earlier.
+generated without the `applicationServerKey` parameter described earlier. You
+would instead pass the GCM api key along with the api request as shown in the
+Usage section below.
 
 ### Receiving the push event
 
@@ -266,6 +275,19 @@ Webpush.payload_send(
     private_key: ENV['VAPID_PRIVATE_KEY']
   }
 )
+```
+
+### With GCM api key
+
+```ruby
+Webpush.payload_send(
+  endpoint: "https://fcm.googleapis.com/gcm/send/eah7hak....",
+  message: "A message",
+  p256dh: "BO/aG9nYXNkZmFkc2ZmZHNmYWRzZmFl...",
+  auth: "aW1hcmthcmFpa3V6ZQ==",
+  api_key: "<GCM API KEY>"
+)
+```
 
 ### ServiceWorker sample
 

data/lib/webpush.rb

@@ -42,8 +42,10 @@ module Webpush
       ).perform
     end
 
-    # public_key: vapid_key.public_key.to_bn.to_s(2)
-    # private_key: vapid_key.private_key.to_s(2)
+    # Generate a VapidKey instance to obtain base64 encoded public and private keys
+    # suitable for VAPID protocol JSON web token signing
+    #
+    # @return [Webpush::VapidKey] a new VapidKey instance
     def generate_key
       VapidKey.new
     end

data/lib/webpush/errors.rb

@@ -3,7 +3,21 @@ module Webpush
 
   class ConfigurationError < Error; end
 
-  class ResponseError < Error; end
+  class ResponseError < Error;
+    attr_reader :response, :host
+
+    def initialize(response, host)
+      @response = response
+      @host = host
+      super "host: #{host}, #{@response.inspect}\nbody:\n#{@response.body}"
+    end
+  end
 
   class InvalidSubscription < ResponseError; end
+
+  class ExpiredSubscription < ResponseError; end
+
+  class PayloadTooLarge < ResponseError; end
+
+  class TooManyRequests < ResponseError; end
 end

data/lib/webpush/request.rb

@@ -24,9 +24,15 @@ module Webpush
 
       if resp.is_a?(Net::HTTPGone) ||   #Firefox unsubscribed response
           (resp.is_a?(Net::HTTPBadRequest) && resp.message == "UnauthorizedRegistration")  #Chrome unsubscribed response
-        raise InvalidSubscription.new(resp.inspect)
-      elsif !resp.is_a?(Net::HTTPSuccess)  #unknown/unhandled response error
-        raise ResponseError.new "host: #{uri.host}, #{resp.inspect}\nbody:\n#{resp.body}"
+        raise InvalidSubscription.new(resp, uri.host)
+      elsif resp.is_a?(Net::HTTPNotFound) # 404
+        raise ExpiredSubscription.new(resp, uri.host)
+      elsif resp.is_a?(Net::HTTPRequestEntityTooLarge) # 413
+        raise PayloadTooLarge.new(resp, uri.host)
+      elsif resp.is_a?(Net::HTTPTooManyRequests) # 429, try again later!
+        raise TooManyRequests.new(resp, uri.host)
+      elsif !resp.is_a?(Net::HTTPSuccess)  # unknown/unhandled response error
+        raise ResponseError.new(resp, uri.host)
       end
 
       resp

data/lib/webpush/vapid_key.rb

@@ -1,5 +1,11 @@
 module Webpush
+  # Class for abstracting the generation and encoding of elliptic curve public and private keys for use with the VAPID protocol
+  #
+  # @attr_reader [OpenSSL::PKey::EC] :curve the OpenSSL elliptic curve instance
   class VapidKey
+    # Create a VapidKey instance from encoded elliptic curve public and private keys
+    #
+    # @return [Webpush::VapidKey] a VapidKey instance for the given public and private keys
     def self.from_keys(public_key, private_key)
       key = new
       key.public_key = public_key
@@ -15,30 +21,33 @@ module Webpush
       @curve.generate_key
     end
 
-    # Retrieve the encoded EC public key for server-side storage
-    # @return encoded binary representaion of 65-byte VAPID public key
+    # Retrieve the encoded elliptic curve public key for VAPID protocol
+    #
+    # @return [String] encoded binary representation of 65-byte VAPID public key
     def public_key
       encode64(curve.public_key.to_bn.to_s(2))
     end
 
-    # Retrieve EC public key for Web Push
-    # @return the encoded VAPID public key suitable for Web Push transport
+    # Retrieve the encoded elliptic curve public key suitable for the Web Push request
+    #
+    # @return [String] the encoded VAPID public key for us in 'Encryption' header
     def public_key_for_push_header
       trim_encode64(curve.public_key.to_bn.to_s(2))
     end
 
-    # Convenience
-    # @return base64 urlsafe-encoded binary representaion of 32-byte VAPID private key
+    # Retrive the encoded elliptic curve private key for VAPID protocol
+    #
+    # @return [String] base64 urlsafe-encoded binary representation of 32-byte VAPID private key
     def private_key
-      Webpush.encode64(curve.private_key.to_s(2))
+      encode64(curve.private_key.to_s(2))
     end
 
     def public_key=(key)
-      @curve.public_key = OpenSSL::PKey::EC::Point.new(group, to_big_num(key))
+      curve.public_key = OpenSSL::PKey::EC::Point.new(group, to_big_num(key))
     end
 
     def private_key=(key)
-      @curve.private_key = to_big_num(key)
+      curve.private_key = to_big_num(key)
     end
 
     def curve_name

data/lib/webpush/version.rb

@@ -1,3 +1,3 @@
 module Webpush
-  VERSION = "0.3.1"
+  VERSION = "0.3.2"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: webpush
 version: !ruby/object:Gem::Version
-  version: 0.3.1
+  version: 0.3.2
 platform: ruby
 authors:
 - zaru@sakuraba
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2016-10-24 00:00:00.000000000 Z
+date: 2017-07-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: hkdf