mastodon/app/lib/web_push_request.rb

# frozen_string_literal: true

class WebPushRequest
  SIGNATURE_ALGORITHM = 'p256ecdsa'
  LEGACY_AUTH_HEADER = 'WebPush'
  STANDARD_AUTH_HEADER = 'vapid'
  PAYLOAD_EXPIRATION = 24.hours
  JWT_ALGORITHM = 'ES256'
  JWT_TYPE = 'JWT'

  attr_reader :web_push_subscription

  delegate(
    :standard,
    :endpoint,
    :key_auth,
    :key_p256dh,
    to: :web_push_subscription
  )

  def initialize(web_push_subscription)
    @web_push_subscription = web_push_subscription
  end

  def audience
    @audience ||= Addressable::URI.parse(endpoint).normalized_site
  end

  def legacy_authorization_header
    [LEGACY_AUTH_HEADER, encoded_json_web_token].join(' ')
  end

  def crypto_key_header
    [SIGNATURE_ALGORITHM, vapid_key.public_key_for_push_header].join('=')
  end

  def legacy_encrypt(payload)
    Webpush::Legacy::Encryption.encrypt(payload, key_p256dh, key_auth)
  end

  def standard_authorization_header
    [STANDARD_AUTH_HEADER, standard_vapid_value].join(' ')
  end

  def standard_encrypt(payload)
    Webpush::Encryption.encrypt(payload, key_p256dh, key_auth)
  end

  def legacy
    !standard
  end

  private

  def standard_vapid_value
    "t=#{encoded_json_web_token},k=#{vapid_key.public_key_for_push_header}"
  end

  def encoded_json_web_token
    JWT.encode(
      web_token_payload,
      vapid_key.curve,
      JWT_ALGORITHM,
      typ: JWT_TYPE
    )
  end

  def web_token_payload
    {
      aud: audience,
      exp: PAYLOAD_EXPIRATION.from_now.to_i,
      sub: payload_subject,
    }
  end

  def payload_subject
    [:mailto, contact_email].join(':')
  end

  def vapid_key
    @vapid_key ||= Webpush::VapidKey.from_keys(
      Rails.configuration.x.vapid_public_key,
      Rails.configuration.x.vapid_private_key
    )
  end

  def contact_email
    @contact_email ||= ::Setting.site_contact_email
  end
end