firebase via REST (less dependencies)

2022-11-20 17:19:11 +01:00
parent 08a93551e7
commit d30e2cefc0
15 changed files with 519 additions and 396 deletions
--- a/server/firebase/FBOAuth.go
+++ b/server/firebase/FBOAuth.go
@@ -0,0 +1,179 @@
+package firebase
+
+import (
+	"context"
+	"crypto"
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/sha256"
+	"crypto/x509"
+	"encoding/base64"
+	"encoding/json"
+	"encoding/pem"
+	"errors"
+	"fmt"
+	"github.com/gin-gonic/gin"
+	"gogs.mikescher.com/BlackForestBytes/goext/langext"
+	"gogs.mikescher.com/BlackForestBytes/goext/timeext"
+	"io"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+)
+
+type FBOAuth2 struct {
+	client *http.Client
+
+	scopes       []string
+	tokenURL     string
+	privateKeyID string
+	clientMail   string
+
+	currToken   *string
+	tokenExpiry *time.Time
+	privateKey  *rsa.PrivateKey
+}
+
+func NewAuth(tokenURL string, privKeyID string, cmail string, pemstr string) (*FBOAuth2, error) {
+
+	pkey, err := decodePemKey(pemstr)
+	if err != nil {
+		return nil, err
+	}
+
+	return &FBOAuth2{
+		client:       &http.Client{Timeout: 3 * time.Second},
+		tokenURL:     tokenURL,
+		privateKey:   pkey,
+		privateKeyID: privKeyID,
+		clientMail:   cmail,
+		scopes: []string{
+			"https://www.googleapis.com/auth/cloud-platform",
+			"https://www.googleapis.com/auth/datastore",
+			"https://www.googleapis.com/auth/devstorage.full_control",
+			"https://www.googleapis.com/auth/firebase",
+			"https://www.googleapis.com/auth/identitytoolkit",
+			"https://www.googleapis.com/auth/userinfo.email",
+		},
+	}, nil
+}
+
+func decodePemKey(pemstr string) (*rsa.PrivateKey, error) {
+	var raw []byte
+
+	block, _ := pem.Decode([]byte(pemstr))
+
+	if block != nil {
+		raw = block.Bytes
+	} else {
+		raw = []byte(pemstr)
+	}
+
+	pkey8, err1 := x509.ParsePKCS8PrivateKey(raw)
+	if err1 == nil {
+		privkey, ok := pkey8.(*rsa.PrivateKey)
+		if !ok {
+			return nil, errors.New("private key is invalid")
+		}
+		return privkey, nil
+	}
+
+	pkey1, err2 := x509.ParsePKCS1PrivateKey(raw)
+	if err2 == nil {
+		return pkey1, nil
+	}
+
+	return nil, errors.New(fmt.Sprintf("failed to parse private-key: [ %v | %v ]", err1, err2))
+}
+
+func (a *FBOAuth2) Token(ctx context.Context) (string, error) {
+	if a.currToken == nil || a.tokenExpiry == nil || a.tokenExpiry.Before(time.Now()) {
+		err := a.Refresh(ctx)
+		if err != nil {
+			return "", err
+		}
+	}
+
+	return *a.currToken, nil
+}
+
+func (a *FBOAuth2) Refresh(ctx context.Context) error {
+
+	assertion, err := a.encodeAssertion(a.privateKey)
+	if err != nil {
+		return err
+	}
+
+	body := url.Values{
+		"assertion":  []string{assertion},
+		"grant_type": []string{"urn:ietf:params:oauth:grant-type:jwt-bearer"},
+	}.Encode()
+
+	req, err := http.NewRequestWithContext(ctx, "POST", a.tokenURL, strings.NewReader(body))
+	if err != nil {
+		return err
+	}
+
+	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+
+	reqNow := time.Now()
+
+	resp, err := a.client.Do(req)
+	if err != nil {
+		return err
+	}
+	defer func() { _ = resp.Body.Close() }()
+
+	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
+		if bstr, err := io.ReadAll(resp.Body); err == nil {
+			return errors.New(fmt.Sprintf("Auth-Request returned %d: %s", resp.StatusCode, string(bstr)))
+		} else {
+			return errors.New(fmt.Sprintf("Auth-Request returned %d", resp.StatusCode))
+		}
+	}
+
+	respBodyBin, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return err
+	}
+
+	var respBody struct {
+		AccessToken string `json:"access_token"`
+		TokenType   string `json:"token_type"`
+		ExpiresIn   int    `json:"expires_in"`
+	}
+	if err := json.Unmarshal(respBodyBin, &respBody); err != nil {
+		return err
+	}
+
+	a.currToken = langext.Ptr(respBody.AccessToken)
+	a.tokenExpiry = langext.Ptr(reqNow.Add(timeext.FromSeconds(respBody.ExpiresIn)))
+
+	return nil
+}
+
+func (a *FBOAuth2) encodeAssertion(key *rsa.PrivateKey) (string, error) {
+	headBin, err := json.Marshal(gin.H{"alg": "RS256", "typ": "JWT", "kid": a.privateKeyID})
+	if err != nil {
+		return "", err
+	}
+	head := base64.RawURLEncoding.EncodeToString(headBin)
+
+	now := time.Now().Add(-10 * time.Second) // jwt hack against unsynced clocks
+
+	claimBin, err := json.Marshal(gin.H{"iss": a.clientMail, "scope": strings.Join(a.scopes, " "), "aud": a.tokenURL, "exp": now.Add(time.Hour).Unix(), "iat": now.Unix()})
+	if err != nil {
+		return "", err
+	}
+	claim := base64.RawURLEncoding.EncodeToString(claimBin)
+
+	checksum := sha256.New()
+	checksum.Write([]byte(head + "." + claim))
+	sig, err := rsa.SignPKCS1v15(rand.Reader, key, crypto.SHA256, checksum.Sum(nil))
+	if err != nil {
+		return "", err
+	}
+
+	return head + "." + claim + "." + base64.RawURLEncoding.EncodeToString(sig), nil
+}
--- a/server/firebase/firebase.go
+++ b/server/firebase/firebase.go
@@ -1,40 +1,44 @@
 package firebase

 import (
+	scn "blackforestbytes.com/simplecloudnotifier"
 	"blackforestbytes.com/simplecloudnotifier/models"
+	"bytes"
 	"context"
 	_ "embed"
-	fb "firebase.google.com/go"
-	"firebase.google.com/go/messaging"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"github.com/gin-gonic/gin"
 	"github.com/rs/zerolog/log"
 	"gogs.mikescher.com/BlackForestBytes/goext/langext"
-	"google.golang.org/api/option"
+	"io"
+	"net/http"
 	"strconv"
+	"time"
 )

-//go:embed scnserviceaccountkey.json
-var scnserviceaccountkey []byte
+// https://firebase.google.com/docs/cloud-messaging/send-message#rest
+// https://firebase.google.com/docs/cloud-messaging/auth-server

-type App struct {
-	app       *fb.App
-	messaging *messaging.Client
+type FBConnector struct {
+	fbProject string
+	client    http.Client
+	auth      *FBOAuth2
 }

-func NewFirebaseApp() App {
-	opt := option.WithCredentialsJSON(scnserviceaccountkey)
-	app, err := fb.NewApp(context.Background(), nil, opt)
+func NewFirebase(conf scn.Config) (*FBConnector, error) {
+
+	fbauth, err := NewAuth(conf.FirebaseTokenURI, conf.FirebaseProjectID, conf.FirebaseClientMail, conf.FirebasePrivateKey)
 	if err != nil {
-		log.Error().Err(err).Msg("failed to init firebase app")
-	}
-	msg, err := app.Messaging(context.Background())
-	if err != nil {
-		log.Error().Err(err).Msg("failed to init messaging client")
-	}
-	log.Info().Msg("Initialized Firebase")
-	return App{
-		app:       app,
-		messaging: msg,
+		return nil, err
 	}
+
+	return &FBConnector{
+		fbProject: conf.FirebaseProjectID,
+		client:    http.Client{Timeout: 5 * time.Second},
+		auth:      fbauth,
+	}, nil
 }

 type Notification struct {
@@ -46,10 +50,12 @@ type Notification struct {
 	Priority int
 }

-func (fb App) SendNotification(ctx context.Context, client models.Client, msg models.Message) (string, error) {
+func (fb FBConnector) SendNotification(ctx context.Context, client models.Client, msg models.Message) (string, error) {

-	n := messaging.Message{
-		Data: map[string]string{
+	uri := "https://fcm.googleapis.com/v1/projects/" + fb.fbProject + "/messages:send"
+
+	jsonBody := gin.H{
+		"data": gin.H{
 			"scn_msg_id": strconv.FormatInt(msg.SCNMessageID, 10),
 			"usr_msg_id": langext.Coalesce(msg.UserMessageID, ""),
 			"client_id":  strconv.FormatInt(client.ClientID, 10),
@@ -59,29 +65,64 @@ func (fb App) SendNotification(ctx context.Context, client models.Client, msg mo
 			"title":      msg.Title,
 			"body":       langext.Coalesce(msg.TrimmedContent(), ""),
 		},
-		Notification: &messaging.Notification{
-			Title: msg.Title,
-			Body:  msg.ShortContent(),
+		"token": *client.FCMToken,
+		"android": gin.H{
+			"priority": "high",
 		},
-		Android:    nil,
-		APNS:       nil,
-		Webpush:    nil,
-		FCMOptions: nil,
-		Token:      *client.FCMToken,
-		Topic:      "",
-		Condition:  "",
+		"apns": gin.H{},
 	}
-
 	if client.Type == models.ClientTypeIOS {
-		n.APNS = nil
-	} else if client.Type == models.ClientTypeAndroid {
-		n.Notification = nil
-		n.Android = &messaging.AndroidConfig{Priority: "high"}
+		jsonBody["notification"] = gin.H{
+			"title": msg.Title,
+			"body":  msg.ShortContent(),
+		}
 	}

-	res, err := fb.messaging.Send(ctx, &n)
+	bytesBody, err := json.Marshal(gin.H{"message": jsonBody})
 	if err != nil {
-		log.Error().Err(err).Msg("failed to send push")
+		return "", err
 	}
-	return res, err
+
+	request, err := http.NewRequestWithContext(ctx, "POST", uri, bytes.NewBuffer(bytesBody))
+	if err != nil {
+		return "", err
+	}
+
+	tok, err := fb.auth.Token(ctx)
+	if err != nil {
+		log.Err(err).Msg("Refreshing FB token failed")
+		return "", err
+	}
+
+	request.Header.Set("Authorization", "Bearer "+tok)
+	request.Header.Set("Content-Type", "application/json")
+	request.Header.Set("Accept", "application/json")
+
+	response, err := fb.client.Do(request)
+	if err != nil {
+		return "", err
+	}
+	defer func() { _ = response.Body.Close() }()
+
+	if response.StatusCode < 200 || response.StatusCode >= 300 {
+		if bstr, err := io.ReadAll(response.Body); err == nil {
+			return "", errors.New(fmt.Sprintf("FCM-Request returned %d: %s", response.StatusCode, string(bstr)))
+		} else {
+			return "", errors.New(fmt.Sprintf("FCM-Request returned %d", response.StatusCode))
+		}
+	}
+
+	respBodyBin, err := io.ReadAll(response.Body)
+	if err != nil {
+		return "", err
+	}
+
+	var respBody struct {
+		Name string `json:"name"`
+	}
+	if err := json.Unmarshal(respBodyBin, &respBody); err != nil {
+		return "", err
+	}
+
+	return respBody.Name, nil
 }