move server/* to scnserver/*

2022-12-21 12:35:56 +01:00
parent 2b4d77bab4
commit bbf7962e29
123 changed files with 0 additions and 0 deletions
--- a/scnserver/push/dummy.go
+++ b/scnserver/push/dummy.go
@@ -0,0 +1,17 @@
+package push
+
+import (
+	"blackforestbytes.com/simplecloudnotifier/models"
+	"context"
+	_ "embed"
+)
+
+type DummyConnector struct{}
+
+func NewDummy() NotificationClient {
+	return &DummyConnector{}
+}
+
+func (d DummyConnector) SendNotification(ctx context.Context, client models.Client, msg models.Message) (string, error) {
+	return "%DUMMY%", nil
+}
--- a/scnserver/push/firebase.go
+++ b/scnserver/push/firebase.go
@@ -0,0 +1,128 @@
+package push
+
+import (
+	scn "blackforestbytes.com/simplecloudnotifier"
+	"blackforestbytes.com/simplecloudnotifier/models"
+	"bytes"
+	"context"
+	_ "embed"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"github.com/gin-gonic/gin"
+	"github.com/rs/zerolog/log"
+	"gogs.mikescher.com/BlackForestBytes/goext/langext"
+	"io"
+	"net/http"
+	"strconv"
+	"time"
+)
+
+// https://firebase.google.com/docs/cloud-messaging/send-message#rest
+// https://firebase.google.com/docs/cloud-messaging/auth-server
+
+type FirebaseConnector struct {
+	fbProject string
+	client    http.Client
+	auth      *FirebaseOAuth2
+}
+
+func NewFirebaseConn(conf scn.Config) (NotificationClient, error) {
+
+	fbauth, err := NewAuth(conf.FirebaseTokenURI, conf.FirebaseProjectID, conf.FirebaseClientMail, conf.FirebasePrivateKey)
+	if err != nil {
+		return nil, err
+	}
+
+	return &FirebaseConnector{
+		fbProject: conf.FirebaseProjectID,
+		client:    http.Client{Timeout: 5 * time.Second},
+		auth:      fbauth,
+	}, nil
+}
+
+type Notification struct {
+	Id       string
+	Token    string
+	Platform string
+	Title    string
+	Body     string
+	Priority int
+}
+
+func (fb FirebaseConnector) SendNotification(ctx context.Context, client models.Client, msg models.Message) (string, error) {
+
+	uri := "https://fcm.googleapis.com/v1/projects/" + fb.fbProject + "/messages:send"
+
+	jsonBody := gin.H{
+		"data": gin.H{
+			"scn_msg_id": msg.SCNMessageID.String(),
+			"usr_msg_id": langext.Coalesce(msg.UserMessageID, ""),
+			"client_id":  client.ClientID.String(),
+			"timestamp":  strconv.FormatInt(msg.Timestamp().Unix(), 10),
+			"priority":   strconv.Itoa(msg.Priority),
+			"trimmed":    langext.Conditional(msg.NeedsTrim(), "true", "false"),
+			"title":      msg.Title,
+			"body":       langext.Coalesce(msg.TrimmedContent(), ""),
+		},
+		"token": *client.FCMToken,
+		"android": gin.H{
+			"priority": "high",
+		},
+		"apns": gin.H{},
+	}
+	if client.Type == models.ClientTypeIOS {
+		jsonBody["notification"] = gin.H{
+			"title": msg.Title,
+			"body":  msg.ShortContent(),
+		}
+	}
+
+	bytesBody, err := json.Marshal(gin.H{"message": jsonBody})
+	if err != nil {
+		return "", err
+	}
+
+	request, err := http.NewRequestWithContext(ctx, "POST", uri, bytes.NewBuffer(bytesBody))
+	if err != nil {
+		return "", err
+	}
+
+	tok, err := fb.auth.Token(ctx)
+	if err != nil {
+		log.Err(err).Msg("Refreshing FB token failed")
+		return "", err
+	}
+
+	request.Header.Set("Authorization", "Bearer "+tok)
+	request.Header.Set("Content-Type", "application/json")
+	request.Header.Set("Accept", "application/json")
+
+	response, err := fb.client.Do(request)
+	if err != nil {
+		return "", err
+	}
+	defer func() { _ = response.Body.Close() }()
+
+	if response.StatusCode < 200 || response.StatusCode >= 300 {
+		if bstr, err := io.ReadAll(response.Body); err == nil {
+			return "", errors.New(fmt.Sprintf("FCM-Request returned %d: %s", response.StatusCode, string(bstr)))
+		} else {
+			return "", errors.New(fmt.Sprintf("FCM-Request returned %d", response.StatusCode))
+		}
+	}
+
+	respBodyBin, err := io.ReadAll(response.Body)
+	if err != nil {
+		return "", err
+	}
+
+	var respBody struct {
+		Name string `json:"name"`
+	}
+	if err := json.Unmarshal(respBodyBin, &respBody); err != nil {
+		return "", err
+	}
+
+	return respBody.Name, nil
+}
--- a/scnserver/push/notificationClient.go
+++ b/scnserver/push/notificationClient.go
@@ -0,0 +1,10 @@
+package push
+
+import (
+	"blackforestbytes.com/simplecloudnotifier/models"
+	"context"
+)
+
+type NotificationClient interface {
+	SendNotification(ctx context.Context, client models.Client, msg models.Message) (string, error)
+}
--- a/scnserver/push/oauth2.go
+++ b/scnserver/push/oauth2.go
@@ -0,0 +1,179 @@
+package push
+
+import (
+	"context"
+	"crypto"
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/sha256"
+	"crypto/x509"
+	"encoding/base64"
+	"encoding/json"
+	"encoding/pem"
+	"errors"
+	"fmt"
+	"github.com/gin-gonic/gin"
+	"gogs.mikescher.com/BlackForestBytes/goext/langext"
+	"gogs.mikescher.com/BlackForestBytes/goext/timeext"
+	"io"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+)
+
+type FirebaseOAuth2 struct {
+	client *http.Client
+
+	scopes       []string
+	tokenURL     string
+	privateKeyID string
+	clientMail   string
+
+	currToken   *string
+	tokenExpiry *time.Time
+	privateKey  *rsa.PrivateKey
+}
+
+func NewAuth(tokenURL string, privKeyID string, cmail string, pemstr string) (*FirebaseOAuth2, error) {
+
+	pkey, err := decodePemKey(pemstr)
+	if err != nil {
+		return nil, err
+	}
+
+	return &FirebaseOAuth2{
+		client:       &http.Client{Timeout: 3 * time.Second},
+		tokenURL:     tokenURL,
+		privateKey:   pkey,
+		privateKeyID: privKeyID,
+		clientMail:   cmail,
+		scopes: []string{
+			"https://www.googleapis.com/auth/cloud-platform",
+			"https://www.googleapis.com/auth/datastore",
+			"https://www.googleapis.com/auth/devstorage.full_control",
+			"https://www.googleapis.com/auth/firebase",
+			"https://www.googleapis.com/auth/identitytoolkit",
+			"https://www.googleapis.com/auth/userinfo.email",
+		},
+	}, nil
+}
+
+func decodePemKey(pemstr string) (*rsa.PrivateKey, error) {
+	var raw []byte
+
+	block, _ := pem.Decode([]byte(pemstr))
+
+	if block != nil {
+		raw = block.Bytes
+	} else {
+		raw = []byte(pemstr)
+	}
+
+	pkey8, err1 := x509.ParsePKCS8PrivateKey(raw)
+	if err1 == nil {
+		privkey, ok := pkey8.(*rsa.PrivateKey)
+		if !ok {
+			return nil, errors.New("private key is invalid")
+		}
+		return privkey, nil
+	}
+
+	pkey1, err2 := x509.ParsePKCS1PrivateKey(raw)
+	if err2 == nil {
+		return pkey1, nil
+	}
+
+	return nil, errors.New(fmt.Sprintf("failed to parse private-key: [ %v | %v ]", err1, err2))
+}
+
+func (a *FirebaseOAuth2) Token(ctx context.Context) (string, error) {
+	if a.currToken == nil || a.tokenExpiry == nil || a.tokenExpiry.Before(time.Now()) {
+		err := a.Refresh(ctx)
+		if err != nil {
+			return "", err
+		}
+	}
+
+	return *a.currToken, nil
+}
+
+func (a *FirebaseOAuth2) Refresh(ctx context.Context) error {
+
+	assertion, err := a.encodeAssertion(a.privateKey)
+	if err != nil {
+		return err
+	}
+
+	body := url.Values{
+		"assertion":  []string{assertion},
+		"grant_type": []string{"urn:ietf:params:oauth:grant-type:jwt-bearer"},
+	}.Encode()
+
+	req, err := http.NewRequestWithContext(ctx, "POST", a.tokenURL, strings.NewReader(body))
+	if err != nil {
+		return err
+	}
+
+	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+
+	reqNow := time.Now()
+
+	resp, err := a.client.Do(req)
+	if err != nil {
+		return err
+	}
+	defer func() { _ = resp.Body.Close() }()
+
+	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
+		if bstr, err := io.ReadAll(resp.Body); err == nil {
+			return errors.New(fmt.Sprintf("Auth-Request returned %d: %s", resp.StatusCode, string(bstr)))
+		} else {
+			return errors.New(fmt.Sprintf("Auth-Request returned %d", resp.StatusCode))
+		}
+	}
+
+	respBodyBin, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return err
+	}
+
+	var respBody struct {
+		AccessToken string `json:"access_token"`
+		TokenType   string `json:"token_type"`
+		ExpiresIn   int    `json:"expires_in"`
+	}
+	if err := json.Unmarshal(respBodyBin, &respBody); err != nil {
+		return err
+	}
+
+	a.currToken = langext.Ptr(respBody.AccessToken)
+	a.tokenExpiry = langext.Ptr(reqNow.Add(timeext.FromSeconds(respBody.ExpiresIn)))
+
+	return nil
+}
+
+func (a *FirebaseOAuth2) encodeAssertion(key *rsa.PrivateKey) (string, error) {
+	headBin, err := json.Marshal(gin.H{"alg": "RS256", "typ": "JWT", "kid": a.privateKeyID})
+	if err != nil {
+		return "", err
+	}
+	head := base64.RawURLEncoding.EncodeToString(headBin)
+
+	now := time.Now().Add(-10 * time.Second) // jwt hack against unsynced clocks
+
+	claimBin, err := json.Marshal(gin.H{"iss": a.clientMail, "scope": strings.Join(a.scopes, " "), "aud": a.tokenURL, "exp": now.Add(time.Hour).Unix(), "iat": now.Unix()})
+	if err != nil {
+		return "", err
+	}
+	claim := base64.RawURLEncoding.EncodeToString(claimBin)
+
+	checksum := sha256.New()
+	checksum.Write([]byte(head + "." + claim))
+	sig, err := rsa.SignPKCS1v15(rand.Reader, key, crypto.SHA256, checksum.Sum(nil))
+	if err != nil {
+		return "", err
+	}
+
+	return head + "." + claim + "." + base64.RawURLEncoding.EncodeToString(sig), nil
+}
--- a/scnserver/push/testSink.go
+++ b/scnserver/push/testSink.go
@@ -0,0 +1,41 @@
+package push
+
+import (
+	"blackforestbytes.com/simplecloudnotifier/models"
+	"context"
+	_ "embed"
+	"gogs.mikescher.com/BlackForestBytes/goext/langext"
+)
+
+type SinkData struct {
+	Message models.Message
+	Client  models.Client
+}
+
+type TestSink struct {
+	Data []SinkData
+}
+
+func NewTestSink() NotificationClient {
+	return &TestSink{}
+}
+
+func (d *TestSink) Last() SinkData {
+	return d.Data[len(d.Data)-1]
+}
+
+func (d *TestSink) SendNotification(ctx context.Context, client models.Client, msg models.Message) (string, error) {
+	id, err := langext.NewHexUUID()
+	if err != nil {
+		return "", err
+	}
+
+	key := "TestSink[" + id + "]"
+
+	d.Data = append(d.Data, SinkData{
+		Message: msg,
+		Client:  client,
+	})
+
+	return key, nil
+}