Add support for APNs dual env
Drop firebaseProjectIDKey
Log which services are configured on startup
A Web Push gateway to proprietary services such as Firebase Messaging (FCM) and Apple Push Notification service (APNs).
┌────────────┐ ┌─────────────┐
│ │ Subscribe │ │
│ Android ├────────────►│ Application │
│ IRC client │ │ Server │
│ │ │ │
│ │ │ │
└────────────┘ └──────┬──────┘
▲ │
│ │
Push │ │Push
notification │ │notification
│ ▼
┌─────┴─────┐ ┌─────────────┐
│ │ │ │
│ Firebase │◄────────────┤ pushgarden │
│ Messaging │ Push │ │
│ │ notification│ │
└───────────┘ └─────────────┘
Web Push is defined in RFC 8030, RFC 8291 and RFC 8292.
The payloads delivered to Firebase and APNs are encrypted and need to be decrypted on the client side. The decryption process is very similar to the encryption process.
Go to your project settings in the Firebase console, select the "Service
accounts" tab, and download the private key as a JSON file. Set the
GOOGLE_APPLICATION_CREDENTIALS
environment variable to a path to this file,
then start pushgarden.
Sign in to the Apple Developer dashboard, select the "Certificates, IDs, &
Profiles" tab, and download the certificate. Set the APPLE_CERTIFICATE
environment variable to a path to the certificate converted to PKCS#12 (.p12
file extension) without a password, then start pushgarden.
For simple use-cases, a stateless push endpoint is available.
POST /firebase/<project-id>/push?token=<token>
. The
<project-id>
is visible in the project settings. The per-device <token>
can be obtained from the Firebase SDK.POST /apple/<app-id>/<env>/push?token=<token>
. The <app-id>
is
visible in the Apple Developer dashboard. <env>
is either "development" or
"production".pushgarden will send a Firebase or APNs message with the following data:
payload
: contains the encrypted request body.endpoint
: contains the request path.vapid_key
: if the request was signed with a VAPID key, contains the public
key.state
: contains the state
query parameter sent in the request, if any.Alternatively, the stateful endpoint can be used by creating a subscription. This unlocks additional features and improved security:
endpoint
field.<token>
is not disclosed to push notification senders.Currently, only Firebase supports the stateful endpoint.
To create a new subscription, send a request to
POST /firebase/<project-id>/subscribe?token=<token>
. pushgarden will return
a unique push endpoint in a Link
response header, for instance:
Link: </firebase/example-560a6/push/JzLQ3raZJfFBR0aqvOMsLrt54w4rJUsV>; rel="urn:ietf:params:push"
Location: /firebase/example-560a6/subscription/LBhhw0OohO-Wl4Oi971UG
A POST
request to the push endpoint will deliver a new Firebase message (as
explained in the previous section). A DELETE
request on the subscription
endpoint will cancel the subscription.
AGPLv3, see LICENSE.
Copyright (C) 2021 The pushgarden Contributors