feat(dm): implement signed direct messaging with web push fallback
This commit is contained in:
parent
1ee2a1cf62
commit
62e55dbaec
@ -0,0 +1,153 @@
|
||||
# Задача 02: Web Push + подписанный API отправки личных сообщений
|
||||
|
||||
## Контекст (по текущему состоянию проекта)
|
||||
- Уже есть JSON WebSocket API для личных сообщений: `SendDirectMessage`, `AckIncomingMessage`, `UpsertPushToken`.
|
||||
- Сейчас серверный fallback-пуш реализован через FCM (`FcmPushSender`) и ключ `fcm.server.key`.
|
||||
- Клиент уже регистрирует service worker и токен Firebase, затем аплоадит push token на сервер.
|
||||
|
||||
## Цель
|
||||
Добавить полностью рабочий сценарий доставки личных сообщений с приоритетом:
|
||||
1) онлайн-доставка в активную WebSocket-сессию;
|
||||
2) если не подтверждено — Web Push;
|
||||
3) поддержать отдельный API отправки без авторизации, где доступ проверяется цифровой подписью Ed25519 по `deviceKey` отправителя.
|
||||
|
||||
---
|
||||
|
||||
## Предварительная спецификация подписанного пакета (v1)
|
||||
> ВАЖНО: финально фиксируется после уточнений по endian/кодировкам/лимитам.
|
||||
|
||||
Пакет (binary):
|
||||
1. `prefix` — ASCII-константа, например `SHINE_MESSAGE`.
|
||||
2. `toLoginLen` — 1 байт.
|
||||
3. `toLogin` — ASCII, длина = `toLoginLen`.
|
||||
4. `fromLoginLen` — 1 байт.
|
||||
5. `fromLogin` — ASCII, длина = `fromLoginLen`.
|
||||
6. `timeMs` — 8 байт (unix ms).
|
||||
7. `nonce32` — 4 байта случайное число.
|
||||
8. `messageType` — 4 байта.
|
||||
9. `targetMode` — 1 байт:
|
||||
- `0` = всем сессиям пользователя,
|
||||
- `1` = конкретной сессии.
|
||||
10. Если `targetMode=1`:
|
||||
- `sessionIdLen` — 1 байт,
|
||||
- `sessionId` — ASCII.
|
||||
11. `messageLen` — 2 байта.
|
||||
12. `messageBytes` — бинарные данные длиной `messageLen`.
|
||||
13. `signature64` — 64 байта, Ed25519 подпись всего блока **без** `signature64`.
|
||||
|
||||
Ограничения (первичный draft):
|
||||
- общий размер пакета ≤ 4000 байт;
|
||||
- логины/префикс/идентификатор сессии — ASCII;
|
||||
- повторы отсекаются по `(fromLogin, timeMs, nonce32)` в окне TTL.
|
||||
|
||||
---
|
||||
|
||||
## Сервер: что доработать
|
||||
|
||||
### 1) Новый endpoint без авторизации
|
||||
Операция (через WS JSON обертку) условно `SendSignedDirectMessage`:
|
||||
- принимает пакет (base64 binary blob);
|
||||
- парсит и валидирует формат;
|
||||
- достает `fromLogin`, поднимает `deviceKey` пользователя;
|
||||
- проверяет подпись Ed25519;
|
||||
- проверяет анти-replay (time window + nonce);
|
||||
- отправляет сообщение по правилам маршрутизации;
|
||||
- пишет результат (messageId, каналы доставки, причины недоставки).
|
||||
|
||||
### 2) Маршрутизация доставки
|
||||
Для `targetMode=1`:
|
||||
- если целевая сессия онлайн и ACK пришел вовремя — успех;
|
||||
- иначе отправка в Web Push этой сессии (если есть subscription).
|
||||
|
||||
Для `targetMode=0`:
|
||||
- обход всех сессий пользователя;
|
||||
- сначала online delivery + ACK;
|
||||
- для непринятых/офлайн — Web Push по соответствующим subscription;
|
||||
- если subscription отсутствует — тихий skip.
|
||||
|
||||
### 3) Миграция от FCM к Web Push
|
||||
- добавить конфиг VAPID (`webpush.public.key`, `webpush.private.key`, `webpush.subject`);
|
||||
- хранить на сервере не только token, а web-push subscription (endpoint + keys);
|
||||
- сделать отправщик Web Push и заменить/расширить текущий `FcmPushSender`.
|
||||
|
||||
### 4) Безопасность
|
||||
- строгая ASCII-валидация логинов/sessionId;
|
||||
- лимиты длины всех полей;
|
||||
- rate limit на endpoint;
|
||||
- audit-лог неуспешных проверок подписи/формата;
|
||||
- защита от replay.
|
||||
|
||||
---
|
||||
|
||||
## Клиент (shine-UI): что доработать
|
||||
|
||||
1. Перейти на стандартный Web Push flow:
|
||||
- регистрация service worker;
|
||||
- `PushManager.subscribe(...)` с VAPID public key;
|
||||
- отправка subscription на сервер (`UpsertPushSubscription` или расширение `UpsertPushToken`).
|
||||
|
||||
2. Service worker:
|
||||
- `push` handler получает payload целиком;
|
||||
- показывает системное уведомление;
|
||||
- при клике открывает/фокусирует нужный чат.
|
||||
|
||||
3. Online-сообщения:
|
||||
- сохранить текущий event-канал `IncomingDirectMessage`;
|
||||
- обязателен ACK (`AckIncomingMessage` уже есть).
|
||||
|
||||
4. Keep-alive:
|
||||
- UI отправляет `Ping` раз в 60 секунд при активной сессии.
|
||||
|
||||
---
|
||||
|
||||
## Документация
|
||||
Сделать отдельный документ настройки Web Push:
|
||||
- как сгенерировать VAPID ключи;
|
||||
- какие параметры прописать на сервере и в UI;
|
||||
- как проверить локально e2e (онлайн + офлайн пуш);
|
||||
- ограничения payload и рекомендации по ретраям.
|
||||
|
||||
---
|
||||
|
||||
## Этапы реализации (предложение)
|
||||
1. Зафиксировать бинарный формат + валидации.
|
||||
2. Реализовать серверный parser/validator/signature verify/replay guard.
|
||||
3. Реализовать Web Push sender + storage subscription.
|
||||
4. Подключить новый endpoint и маршрутизацию доставки.
|
||||
5. Обновить UI (subscription + service worker + ping timer).
|
||||
6. Добавить интеграционные тесты (online ACK / offline push / bad signature / replay / oversize).
|
||||
7. Добавить документацию.
|
||||
|
||||
---
|
||||
|
||||
## Что нужно уточнить до разработки
|
||||
1. Endian для `timeMs/nonce/messageType/messageLen` (big-endian или little-endian).
|
||||
2. Что именно подписывается: строго весь префикс..messageBytes (без подписи) — подтвердить.
|
||||
3. Диапазон допустимых `messageType`.
|
||||
4. TTL окна для анти-replay (например 5 минут / 15 минут).
|
||||
5. Лимиты длин для login/session/message.
|
||||
6. Можно ли временно оставить FCM как fallback, пока не готов Web Push в проде.
|
||||
7. Формат сообщения в `messageBytes`: opaque bytes или UTF-8 строка.
|
||||
|
||||
|
||||
## Статус реализации (12.04.2026)
|
||||
|
||||
### Что уже внедрено в коде
|
||||
- `SendDirectMessage` переведён на signed-binary payload (`blobB64`) без обязательной авторизации WS-сессии.
|
||||
- Внедрён бинарный парсер пакета формата `SHiNE_msg + version(1) + ... + signature64`.
|
||||
- Проверка подписи Ed25519 делается по `deviceKey` отправителя через `shine-server-crypto` (`Ed25519Util`).
|
||||
- Добавлен anti-replay guard `(from_login, time_ms, nonce)` с TTL 15 минут.
|
||||
- Добавлено историческое хранилище `signed_direct_messages_history` с сырым пакетом `raw_packet`.
|
||||
- Логика доставки: сначала WS+ACK, затем fallback на Web Push (по подписке конкретной session).
|
||||
- Поле типа сообщения переведено на `uint16`, пока поддерживается только `1`.
|
||||
- Для `targetMode=1` при несуществующей сессии возвращается `success` с `sessionNotFound=true` и `delivered=0`.
|
||||
- UI переведён с Firebase/FCM на браузерный `PushManager.subscribe` + Service Worker `push`.
|
||||
- Добавлен keep-alive ping из UI раз в 60 секунд при авторизованной сессии.
|
||||
|
||||
### Что настроить в окружении
|
||||
- В `application.properties` задать:
|
||||
- `webpush.vapid.public`
|
||||
- `webpush.vapid.private`
|
||||
- `webpush.vapid.subject`
|
||||
- В `shine-UI/index.html` задать публичный VAPID ключ в `window.__SHINE_WEBPUSH_VAPID_PUBLIC_KEY__`.
|
||||
|
||||
@ -1,30 +1,20 @@
|
||||
/* global importScripts, firebase */
|
||||
importScripts('https://www.gstatic.com/firebasejs/10.12.2/firebase-app-compat.js');
|
||||
importScripts('https://www.gstatic.com/firebasejs/10.12.2/firebase-messaging-compat.js');
|
||||
|
||||
self.addEventListener('install', () => self.skipWaiting());
|
||||
self.addEventListener('activate', (event) => event.waitUntil(self.clients.claim()));
|
||||
|
||||
// Заполните теми же значениями, что и в shine-UI/index.html
|
||||
const FIREBASE_CONFIG = {
|
||||
apiKey: '',
|
||||
authDomain: '',
|
||||
projectId: '',
|
||||
messagingSenderId: '',
|
||||
appId: '',
|
||||
};
|
||||
|
||||
if (FIREBASE_CONFIG.apiKey && firebase && firebase.messaging) {
|
||||
if (!firebase.apps.length) {
|
||||
firebase.initializeApp(FIREBASE_CONFIG);
|
||||
self.addEventListener('push', (event) => {
|
||||
let body = 'Новое сообщение SHiNE';
|
||||
try {
|
||||
if (event.data) {
|
||||
const text = event.data.text();
|
||||
body = text || body;
|
||||
}
|
||||
} catch {
|
||||
// ignore
|
||||
}
|
||||
const messaging = firebase.messaging();
|
||||
messaging.onBackgroundMessage((payload) => {
|
||||
const title = payload?.notification?.title || 'Новое сообщение';
|
||||
const options = {
|
||||
body: payload?.notification?.body || '',
|
||||
data: payload?.data || {},
|
||||
};
|
||||
self.registration.showNotification(title, options);
|
||||
});
|
||||
}
|
||||
|
||||
event.waitUntil(self.registration.showNotification('SHiNE: входящее сообщение', {
|
||||
body,
|
||||
tag: 'shine-direct-message',
|
||||
renotify: true,
|
||||
}));
|
||||
});
|
||||
|
||||
@ -27,17 +27,9 @@
|
||||
<div id="toolbar-slot" class="toolbar-slot"></div>
|
||||
</div>
|
||||
<div id="modal-root"></div>
|
||||
<script src="https://www.gstatic.com/firebasejs/10.12.2/firebase-app-compat.js"></script>
|
||||
<script src="https://www.gstatic.com/firebasejs/10.12.2/firebase-messaging-compat.js"></script>
|
||||
<script>
|
||||
window.__SHINE_FIREBASE_CONFIG__ = {
|
||||
apiKey: '',
|
||||
authDomain: '',
|
||||
projectId: '',
|
||||
messagingSenderId: '',
|
||||
appId: ''
|
||||
};
|
||||
window.__SHINE_FIREBASE_VAPID_KEY__ = '';
|
||||
// Public VAPID key for Web Push (Base64URL)
|
||||
window.__SHINE_WEBPUSH_VAPID_PUBLIC_KEY__ = '';
|
||||
</script>
|
||||
<script>
|
||||
(function attachAppWithBuildHash() {
|
||||
|
||||
@ -213,10 +213,22 @@ async function init() {
|
||||
const fromLogin = payload.fromLogin || 'unknown';
|
||||
const messageId = payload.messageId || '';
|
||||
const eventId = payload.eventId || evt?.requestId || '';
|
||||
const added = addIncomingMessage(fromLogin, payload.text || '', messageId);
|
||||
let text = payload.text || '';
|
||||
if (!text && payload.blobB64) {
|
||||
try {
|
||||
const bytes = Uint8Array.from(atob(payload.blobB64), (ch) => ch.charCodeAt(0));
|
||||
const msgLen = (bytes[bytes.length - 66] << 8) | bytes[bytes.length - 65];
|
||||
const msgStart = bytes.length - 64 - msgLen;
|
||||
const msgBytes = bytes.slice(msgStart, msgStart + msgLen);
|
||||
text = new TextDecoder().decode(msgBytes);
|
||||
} catch {
|
||||
text = '[binary message]';
|
||||
}
|
||||
}
|
||||
const added = addIncomingMessage(fromLogin, text, messageId);
|
||||
if (added && Notification.permission === 'granted') {
|
||||
try {
|
||||
new Notification(`Сообщение от ${fromLogin}`, { body: payload.text || '' });
|
||||
new Notification(`Сообщение от ${fromLogin}`, { body: text || '' });
|
||||
} catch {}
|
||||
}
|
||||
if (eventId) {
|
||||
@ -226,6 +238,14 @@ async function init() {
|
||||
await tryAutoLogin();
|
||||
if (state.session.isAuthorized) {
|
||||
await initPwaPush({ authService });
|
||||
window.setInterval(async () => {
|
||||
if (!state.session.isAuthorized) return;
|
||||
try {
|
||||
await authService.ws.request('Ping', { timeMs: Date.now() });
|
||||
} catch {
|
||||
// silent keep-alive
|
||||
}
|
||||
}, 60_000);
|
||||
}
|
||||
|
||||
if (!window.location.hash) {
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
import { renderHeader } from '../components/header.js';
|
||||
import { directMessages } from '../mock-data.js';
|
||||
import { addChatMessage, getChatMessages, authService } from '../state.js';
|
||||
import { addChatMessage, getChatMessages, authService, state } from '../state.js';
|
||||
|
||||
export const pageMeta = { id: 'chat-view', title: 'Чат' };
|
||||
|
||||
@ -66,7 +66,11 @@ export function render({ navigate, route }) {
|
||||
renderLog(log, chatId);
|
||||
|
||||
try {
|
||||
await authService.sendDirectMessage(chatId, text);
|
||||
await authService.sendDirectMessage({
|
||||
toLogin: chatId,
|
||||
text,
|
||||
storagePwd: state.session.storagePwdInMemory,
|
||||
});
|
||||
} catch (e) {
|
||||
addChatMessage(chatId, `Ошибка отправки: ${e.message || 'unknown'}`);
|
||||
renderLog(log, chatId);
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
import { WsJsonClient } from './ws-client.js';
|
||||
import {
|
||||
base64ToBytes,
|
||||
bytesToBase64,
|
||||
deriveEd25519FromPassword,
|
||||
exportEd25519PublicKeyB64,
|
||||
@ -95,6 +96,27 @@ function int64Bytes(value) {
|
||||
return bytes;
|
||||
}
|
||||
|
||||
function uint16Bytes(value) {
|
||||
const bytes = new Uint8Array(2);
|
||||
const view = new DataView(bytes.buffer);
|
||||
view.setUint16(0, Number(value), false);
|
||||
return bytes;
|
||||
}
|
||||
|
||||
function uint32Bytes(value) {
|
||||
const bytes = new Uint8Array(4);
|
||||
const view = new DataView(bytes.buffer);
|
||||
view.setUint32(0, Number(value), false);
|
||||
return bytes;
|
||||
}
|
||||
|
||||
function uint64Bytes(value) {
|
||||
const bytes = new Uint8Array(8);
|
||||
const view = new DataView(bytes.buffer);
|
||||
view.setBigUint64(0, BigInt(value), false);
|
||||
return bytes;
|
||||
}
|
||||
|
||||
function uint8Bytes(value) {
|
||||
return new Uint8Array([Number(value) & 0xff]);
|
||||
}
|
||||
@ -354,14 +376,57 @@ export class AuthService {
|
||||
return this.ws.onEvent(op, handler);
|
||||
}
|
||||
|
||||
async upsertPushToken({ tokenId, token, provider = 'fcm', platform = 'web', userAgent = navigator.userAgent || '' }) {
|
||||
const response = await this.ws.request('UpsertPushToken', { tokenId, token, provider, platform, userAgent });
|
||||
async upsertPushToken({ endpoint, p256dhKey, authKey, sessionId, platform = 'web', userAgent = navigator.userAgent || '' }) {
|
||||
const response = await this.ws.request('UpsertPushToken', { endpoint, p256dhKey, authKey, sessionId, platform, userAgent });
|
||||
if (response.status !== 200) throw opError('UpsertPushToken', response);
|
||||
return response.payload || {};
|
||||
}
|
||||
|
||||
async sendDirectMessage(toLogin, text) {
|
||||
const response = await this.ws.request('SendDirectMessage', { toLogin, text });
|
||||
async sendDirectMessage({ toLogin, text, storagePwd, targetSessionId = null, messageType = 1 }) {
|
||||
const cleanToLogin = String(toLogin || '').trim();
|
||||
const cleanText = String(text || '');
|
||||
if (!cleanToLogin || !cleanText) throw new Error('Не передан toLogin/text');
|
||||
if (!storagePwd) throw new Error('Не передан storagePwd для подписи');
|
||||
if (!this.ws.login) throw new Error('Нет активной авторизованной сессии');
|
||||
|
||||
const secrets = await loadEncryptedUserSecrets(this.ws.login, storagePwd);
|
||||
const devicePriv = secrets?.deviceKey;
|
||||
if (!devicePriv) throw new Error('Не найден приватный deviceKey');
|
||||
const privateKey = await importPkcs8Ed25519(devicePriv);
|
||||
|
||||
const prefix = utf8Bytes('SHiNE_msg');
|
||||
const version = uint8Bytes(1);
|
||||
const toBytes = utf8Bytes(cleanToLogin);
|
||||
const fromBytes = utf8Bytes(this.ws.login);
|
||||
if (toBytes.length < 1 || toBytes.length > 30) throw new Error('toLogin должен быть 1..30 ASCII-символов');
|
||||
if (fromBytes.length < 1 || fromBytes.length > 30) throw new Error('fromLogin должен быть 1..30 ASCII-символов');
|
||||
if (cleanText.length > 3000) throw new Error('Слишком длинное сообщение');
|
||||
|
||||
const mode = targetSessionId ? 1 : 0;
|
||||
const targetBytes = targetSessionId ? utf8Bytes(String(targetSessionId)) : new Uint8Array(0);
|
||||
if (mode === 1 && (targetBytes.length < 1 || targetBytes.length > 255)) {
|
||||
throw new Error('targetSessionId должен быть 1..255 символов');
|
||||
}
|
||||
const bodyBytes = utf8Bytes(cleanText);
|
||||
|
||||
const preimage = concatBytes(
|
||||
prefix,
|
||||
version,
|
||||
uint8Bytes(toBytes.length), toBytes,
|
||||
uint8Bytes(fromBytes.length), fromBytes,
|
||||
uint64Bytes(Date.now()),
|
||||
uint32Bytes(Math.floor(Math.random() * 0x100000000)),
|
||||
uint16Bytes(messageType),
|
||||
uint8Bytes(mode),
|
||||
mode === 1 ? concatBytes(uint8Bytes(targetBytes.length), targetBytes) : new Uint8Array(0),
|
||||
uint16Bytes(bodyBytes.length),
|
||||
bodyBytes,
|
||||
);
|
||||
const signature = await signBytes(privateKey, preimage);
|
||||
const packet = concatBytes(preimage, signature);
|
||||
const blobB64 = bytesToBase64(packet);
|
||||
|
||||
const response = await this.ws.request('SendDirectMessage', { blobB64 });
|
||||
if (response.status !== 200) throw opError('SendDirectMessage', response);
|
||||
return response.payload || {};
|
||||
}
|
||||
|
||||
@ -1,50 +1,52 @@
|
||||
const LS_KEY = 'shine-ui-fcm-token-v1';
|
||||
const LS_KEY = 'shine-ui-webpush-subscription-v1';
|
||||
|
||||
function urlBase64ToUint8Array(base64String) {
|
||||
const padding = '='.repeat((4 - (base64String.length % 4)) % 4);
|
||||
const base64 = (base64String + padding).replace(/-/g, '+').replace(/_/g, '/');
|
||||
const rawData = window.atob(base64);
|
||||
const outputArray = new Uint8Array(rawData.length);
|
||||
for (let i = 0; i < rawData.length; ++i) {
|
||||
outputArray[i] = rawData.charCodeAt(i);
|
||||
}
|
||||
return outputArray;
|
||||
}
|
||||
|
||||
export async function initPwaPush({ authService }) {
|
||||
if (!('serviceWorker' in navigator)) return;
|
||||
try {
|
||||
await navigator.serviceWorker.register('./firebase-messaging-sw.js');
|
||||
} catch {
|
||||
return;
|
||||
}
|
||||
if (!('serviceWorker' in navigator) || !('PushManager' in window)) return;
|
||||
|
||||
if (!window.firebase || !window.firebase.messaging) return;
|
||||
const vapidPublicKey = window.__SHINE_WEBPUSH_VAPID_PUBLIC_KEY__ || '';
|
||||
if (!vapidPublicKey) return;
|
||||
|
||||
try {
|
||||
const config = window.__SHINE_FIREBASE_CONFIG__ || null;
|
||||
if (!config) return;
|
||||
if (!window.firebase.apps.length) {
|
||||
window.firebase.initializeApp(config);
|
||||
}
|
||||
const messaging = window.firebase.messaging();
|
||||
|
||||
const registration = await navigator.serviceWorker.register('./firebase-messaging-sw.js');
|
||||
const permission = await Notification.requestPermission();
|
||||
if (permission !== 'granted') return;
|
||||
|
||||
const vapidKey = window.__SHINE_FIREBASE_VAPID_KEY__ || '';
|
||||
const token = await messaging.getToken({ vapidKey });
|
||||
if (!token) return;
|
||||
let sub = await registration.pushManager.getSubscription();
|
||||
if (!sub) {
|
||||
sub = await registration.pushManager.subscribe({
|
||||
userVisibleOnly: true,
|
||||
applicationServerKey: urlBase64ToUint8Array(vapidPublicKey),
|
||||
});
|
||||
}
|
||||
|
||||
const prev = localStorage.getItem(LS_KEY);
|
||||
if (prev === token) return;
|
||||
const serialized = JSON.stringify(sub);
|
||||
if (localStorage.getItem(LS_KEY) === serialized) return;
|
||||
localStorage.setItem(LS_KEY, serialized);
|
||||
|
||||
const json = sub.toJSON();
|
||||
const endpoint = json.endpoint || '';
|
||||
const p256dhKey = json.keys?.p256dh || '';
|
||||
const authKey = json.keys?.auth || '';
|
||||
if (!endpoint || !p256dhKey || !authKey) return;
|
||||
|
||||
localStorage.setItem(LS_KEY, token);
|
||||
const tokenId = `tok-${new Date().toISOString().replace(/[-:.TZ]/g, '')}-${Math.random().toString(36).slice(2, 12)}`;
|
||||
await authService.upsertPushToken({
|
||||
tokenId,
|
||||
token,
|
||||
provider: 'fcm',
|
||||
endpoint,
|
||||
p256dhKey,
|
||||
authKey,
|
||||
platform: 'web',
|
||||
userAgent: navigator.userAgent || '',
|
||||
});
|
||||
|
||||
messaging.onMessage((payload) => {
|
||||
const title = payload?.notification?.title || 'Новое сообщение';
|
||||
const body = payload?.notification?.body || '';
|
||||
try {
|
||||
new Notification(title, { body });
|
||||
} catch {}
|
||||
});
|
||||
} catch {
|
||||
// silent for MVP
|
||||
}
|
||||
|
||||
@ -376,6 +376,45 @@ public final class DatabaseInitializer {
|
||||
ON user_push_tokens (login, session_id);
|
||||
""");
|
||||
|
||||
// 11) signed_direct_message_replay (anti-replay window)
|
||||
st.executeUpdate("""
|
||||
CREATE TABLE IF NOT EXISTS signed_direct_message_replay (
|
||||
from_login TEXT NOT NULL,
|
||||
time_ms INTEGER NOT NULL,
|
||||
nonce INTEGER NOT NULL,
|
||||
created_at_ms INTEGER NOT NULL,
|
||||
UNIQUE (from_login, time_ms, nonce)
|
||||
);
|
||||
""");
|
||||
|
||||
st.executeUpdate("""
|
||||
CREATE INDEX IF NOT EXISTS idx_signed_dm_replay_created
|
||||
ON signed_direct_message_replay (created_at_ms);
|
||||
""");
|
||||
|
||||
// 12) signed_direct_messages_history (сырой бинарный пакет + мета)
|
||||
st.executeUpdate("""
|
||||
CREATE TABLE IF NOT EXISTS signed_direct_messages_history (
|
||||
message_id TEXT NOT NULL PRIMARY KEY,
|
||||
from_login TEXT NOT NULL,
|
||||
to_login TEXT NOT NULL,
|
||||
target_mode INTEGER NOT NULL,
|
||||
target_session_id TEXT,
|
||||
message_type INTEGER NOT NULL,
|
||||
time_ms INTEGER NOT NULL,
|
||||
nonce INTEGER NOT NULL,
|
||||
raw_packet BLOB NOT NULL,
|
||||
created_at_ms INTEGER NOT NULL,
|
||||
FOREIGN KEY (from_login) REFERENCES solana_users(login),
|
||||
FOREIGN KEY (to_login) REFERENCES solana_users(login)
|
||||
);
|
||||
""");
|
||||
|
||||
st.executeUpdate("""
|
||||
CREATE INDEX IF NOT EXISTS idx_signed_dm_history_to
|
||||
ON signed_direct_messages_history (to_login, created_at_ms);
|
||||
""");
|
||||
|
||||
DatabaseTriggersInstaller.createAllTriggers(st);
|
||||
}
|
||||
}
|
||||
|
||||
@ -217,6 +217,25 @@ public final class ActiveSessionsDAO {
|
||||
}
|
||||
}
|
||||
|
||||
public void updatePushSubscription(String sessionId, String endpoint, String p256dhKey, String authKey) throws SQLException {
|
||||
try (Connection c = db.getConnection()) {
|
||||
String sql = """
|
||||
UPDATE active_sessions
|
||||
SET push_endpoint = ?,
|
||||
push_p256dh_key = ?,
|
||||
push_auth_key = ?
|
||||
WHERE session_id = ?
|
||||
""";
|
||||
try (PreparedStatement ps = c.prepareStatement(sql)) {
|
||||
ps.setString(1, endpoint);
|
||||
ps.setString(2, p256dhKey);
|
||||
ps.setString(3, authKey);
|
||||
ps.setString(4, sessionId);
|
||||
ps.executeUpdate();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// -------------------- DELETE --------------------
|
||||
|
||||
public void deleteBySessionId(Connection c, String sessionId) throws SQLException {
|
||||
|
||||
@ -0,0 +1,47 @@
|
||||
package shine.db.dao;
|
||||
|
||||
import shine.db.SqliteDbController;
|
||||
import shine.db.entities.SignedDirectMessageHistoryEntry;
|
||||
|
||||
import java.sql.Connection;
|
||||
import java.sql.PreparedStatement;
|
||||
|
||||
public final class SignedDirectMessagesHistoryDAO {
|
||||
private static volatile SignedDirectMessagesHistoryDAO instance;
|
||||
private final SqliteDbController db = SqliteDbController.getInstance();
|
||||
|
||||
private SignedDirectMessagesHistoryDAO() {}
|
||||
|
||||
public static SignedDirectMessagesHistoryDAO getInstance() {
|
||||
if (instance == null) {
|
||||
synchronized (SignedDirectMessagesHistoryDAO.class) {
|
||||
if (instance == null) instance = new SignedDirectMessagesHistoryDAO();
|
||||
}
|
||||
}
|
||||
return instance;
|
||||
}
|
||||
|
||||
public void insert(SignedDirectMessageHistoryEntry e) throws Exception {
|
||||
try (Connection c = db.getConnection()) {
|
||||
String sql = """
|
||||
INSERT INTO signed_direct_messages_history (
|
||||
message_id, from_login, to_login, target_mode, target_session_id,
|
||||
message_type, time_ms, nonce, raw_packet, created_at_ms
|
||||
) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
|
||||
""";
|
||||
try (PreparedStatement ps = c.prepareStatement(sql)) {
|
||||
ps.setString(1, e.getMessageId());
|
||||
ps.setString(2, e.getFromLogin());
|
||||
ps.setString(3, e.getToLogin());
|
||||
ps.setInt(4, e.getTargetMode());
|
||||
ps.setString(5, e.getTargetSessionId());
|
||||
ps.setInt(6, e.getMessageType());
|
||||
ps.setLong(7, e.getTimeMs());
|
||||
ps.setLong(8, e.getNonce());
|
||||
ps.setBytes(9, e.getRawPacket());
|
||||
ps.setLong(10, e.getCreatedAtMs());
|
||||
ps.executeUpdate();
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,50 @@
|
||||
package shine.db.dao;
|
||||
|
||||
import shine.db.SqliteDbController;
|
||||
|
||||
import java.sql.Connection;
|
||||
import java.sql.PreparedStatement;
|
||||
|
||||
public final class SignedDmReplayDAO {
|
||||
private static volatile SignedDmReplayDAO instance;
|
||||
private final SqliteDbController db = SqliteDbController.getInstance();
|
||||
|
||||
private SignedDmReplayDAO() {}
|
||||
|
||||
public static SignedDmReplayDAO getInstance() {
|
||||
if (instance == null) {
|
||||
synchronized (SignedDmReplayDAO.class) {
|
||||
if (instance == null) instance = new SignedDmReplayDAO();
|
||||
}
|
||||
}
|
||||
return instance;
|
||||
}
|
||||
|
||||
public boolean registerUnique(String fromLogin, long timeMs, long nonce, long nowMs) throws Exception {
|
||||
cleanupExpired(nowMs - 15L * 60L * 1000L);
|
||||
try (Connection c = db.getConnection()) {
|
||||
String sql = """
|
||||
INSERT OR IGNORE INTO signed_direct_message_replay (
|
||||
from_login, time_ms, nonce, created_at_ms
|
||||
) VALUES (?, ?, ?, ?)
|
||||
""";
|
||||
try (PreparedStatement ps = c.prepareStatement(sql)) {
|
||||
ps.setString(1, fromLogin);
|
||||
ps.setLong(2, timeMs);
|
||||
ps.setLong(3, nonce);
|
||||
ps.setLong(4, nowMs);
|
||||
return ps.executeUpdate() > 0;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public void cleanupExpired(long minCreatedAtMs) throws Exception {
|
||||
try (Connection c = db.getConnection()) {
|
||||
String sql = "DELETE FROM signed_direct_message_replay WHERE created_at_ms < ?";
|
||||
try (PreparedStatement ps = c.prepareStatement(sql)) {
|
||||
ps.setLong(1, minCreatedAtMs);
|
||||
ps.executeUpdate();
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,35 @@
|
||||
package shine.db.entities;
|
||||
|
||||
public class SignedDirectMessageHistoryEntry {
|
||||
private String messageId;
|
||||
private String fromLogin;
|
||||
private String toLogin;
|
||||
private int targetMode;
|
||||
private String targetSessionId;
|
||||
private int messageType;
|
||||
private long timeMs;
|
||||
private long nonce;
|
||||
private byte[] rawPacket;
|
||||
private long createdAtMs;
|
||||
|
||||
public String getMessageId() { return messageId; }
|
||||
public void setMessageId(String messageId) { this.messageId = messageId; }
|
||||
public String getFromLogin() { return fromLogin; }
|
||||
public void setFromLogin(String fromLogin) { this.fromLogin = fromLogin; }
|
||||
public String getToLogin() { return toLogin; }
|
||||
public void setToLogin(String toLogin) { this.toLogin = toLogin; }
|
||||
public int getTargetMode() { return targetMode; }
|
||||
public void setTargetMode(int targetMode) { this.targetMode = targetMode; }
|
||||
public String getTargetSessionId() { return targetSessionId; }
|
||||
public void setTargetSessionId(String targetSessionId) { this.targetSessionId = targetSessionId; }
|
||||
public int getMessageType() { return messageType; }
|
||||
public void setMessageType(int messageType) { this.messageType = messageType; }
|
||||
public long getTimeMs() { return timeMs; }
|
||||
public void setTimeMs(long timeMs) { this.timeMs = timeMs; }
|
||||
public long getNonce() { return nonce; }
|
||||
public void setNonce(long nonce) { this.nonce = nonce; }
|
||||
public byte[] getRawPacket() { return rawPacket; }
|
||||
public void setRawPacket(byte[] rawPacket) { this.rawPacket = rawPacket; }
|
||||
public long getCreatedAtMs() { return createdAtMs; }
|
||||
public void setCreatedAtMs(long createdAtMs) { this.createdAtMs = createdAtMs; }
|
||||
}
|
||||
@ -23,6 +23,7 @@ dependencies {
|
||||
implementation 'com.fasterxml.jackson.core:jackson-databind:2.17.1' // json
|
||||
|
||||
implementation "org.slf4j:slf4j-api:2.0.16" // вызов логгера
|
||||
implementation 'nl.martijndwars:web-push:5.1.1'
|
||||
|
||||
implementation project(':shine-server-config') // модуль с настройками
|
||||
implementation project(":shine-server-log") // модуль логирования и уведомления админов
|
||||
@ -40,4 +41,3 @@ java {
|
||||
targetCompatibility = JavaVersion.VERSION_17
|
||||
}
|
||||
|
||||
|
||||
|
||||
@ -9,18 +9,24 @@ import server.logic.ws_protocol.JSON.entyties.Net_Response;
|
||||
import server.logic.ws_protocol.JSON.handlers.JsonMessageHandler;
|
||||
import server.logic.ws_protocol.JSON.messages.entyties.Net_SendDirectMessage_Request;
|
||||
import server.logic.ws_protocol.JSON.messages.entyties.Net_SendDirectMessage_Response;
|
||||
import server.logic.ws_protocol.JSON.push.FcmPushSender;
|
||||
import server.logic.ws_protocol.JSON.push.WebPushSender;
|
||||
import server.logic.ws_protocol.JSON.push.WsEventSender;
|
||||
import server.logic.ws_protocol.JSON.utils.NetExceptionResponseFactory;
|
||||
import server.logic.ws_protocol.JSON.utils.NetIdGenerator;
|
||||
import server.logic.ws_protocol.WireCodes;
|
||||
import shine.db.dao.ActiveSessionsDAO;
|
||||
import shine.db.dao.DirectMessagesDAO;
|
||||
import shine.db.dao.PushTokensDAO;
|
||||
import shine.db.dao.SignedDirectMessagesHistoryDAO;
|
||||
import shine.db.dao.SignedDmReplayDAO;
|
||||
import shine.db.dao.SolanaUsersDAO;
|
||||
import shine.db.entities.ActiveSessionEntry;
|
||||
import shine.db.entities.DirectMessageEntry;
|
||||
import shine.db.entities.PushTokenEntry;
|
||||
import shine.db.entities.SignedDirectMessageHistoryEntry;
|
||||
import shine.db.entities.SolanaUserEntry;
|
||||
import utils.crypto.Ed25519Util;
|
||||
|
||||
import java.nio.charset.StandardCharsets;
|
||||
import java.util.Base64;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
@ -29,102 +35,174 @@ import java.util.concurrent.TimeUnit;
|
||||
|
||||
public class Net_SendDirectMessage_Handler implements JsonMessageHandler {
|
||||
private static final ObjectMapper MAPPER = new ObjectMapper();
|
||||
private static final long REPLAY_TTL_MS = 15L * 60L * 1000L;
|
||||
private static final int MAX_MESSAGE_BYTES = 3000;
|
||||
|
||||
@Override
|
||||
public Net_Response handle(Net_Request baseRequest, ConnectionContext ctx) throws Exception {
|
||||
Net_SendDirectMessage_Request req = (Net_SendDirectMessage_Request) baseRequest;
|
||||
if (ctx == null || !ctx.isAuthenticatedUser()) {
|
||||
return NetExceptionResponseFactory.error(req, WireCodes.Status.UNVERIFIED, "NOT_AUTHENTICATED", "Требуется авторизация");
|
||||
}
|
||||
if (req.getToLogin() == null || req.getToLogin().isBlank() || req.getText() == null || req.getText().isBlank()) {
|
||||
return NetExceptionResponseFactory.error(req, WireCodes.Status.BAD_REQUEST, "BAD_FIELDS", "toLogin и text обязательны");
|
||||
if (req.getBlobB64() == null || req.getBlobB64().isBlank()) {
|
||||
return NetExceptionResponseFactory.error(req, WireCodes.Status.BAD_REQUEST, "BAD_FIELDS", "blobB64 обязателен");
|
||||
}
|
||||
|
||||
String from = ctx.getLogin();
|
||||
String toRequest = req.getToLogin().trim();
|
||||
String text = req.getText().trim();
|
||||
|
||||
SolanaUserEntry targetUser = SolanaUsersDAO.getInstance().getByLogin(toRequest);
|
||||
if (targetUser == null) {
|
||||
return NetExceptionResponseFactory.error(req, 404, "USER_NOT_FOUND", "Пользователь не найден");
|
||||
final byte[] raw;
|
||||
final SignedDirectMessagePacket packet;
|
||||
try {
|
||||
raw = Base64.getDecoder().decode(req.getBlobB64().trim());
|
||||
packet = SignedDirectMessagePacket.parse(raw, MAX_MESSAGE_BYTES);
|
||||
} catch (IllegalArgumentException ex) {
|
||||
return NetExceptionResponseFactory.error(req, WireCodes.Status.BAD_REQUEST, ex.getMessage(), "Некорректный формат пакета");
|
||||
}
|
||||
String to = targetUser.getLogin();
|
||||
|
||||
if (!canSend(from, to)) {
|
||||
return NetExceptionResponseFactory.error(req, WireCodes.Status.UNVERIFIED, "NO_PERMISSION", "Можно писать только контактам или тем, кто уже писал вам");
|
||||
SolanaUserEntry fromUser = SolanaUsersDAO.getInstance().getByLogin(packet.fromLogin);
|
||||
SolanaUserEntry toUser = SolanaUsersDAO.getInstance().getByLogin(packet.toLogin);
|
||||
if (fromUser == null || toUser == null) {
|
||||
return NetExceptionResponseFactory.error(req, 404, "USER_NOT_FOUND", "from/to пользователь не найден");
|
||||
}
|
||||
|
||||
byte[] publicKey32;
|
||||
try {
|
||||
publicKey32 = Ed25519Util.keyFromBase64(fromUser.getDeviceKey());
|
||||
} catch (Exception e) {
|
||||
return NetExceptionResponseFactory.error(req, WireCodes.Status.UNPROCESSABLE, "BAD_DEVICE_KEY", "Некорректный deviceKey отправителя");
|
||||
}
|
||||
if (!Ed25519Util.verify(packet.signedBody, packet.signature64, publicKey32)) {
|
||||
return NetExceptionResponseFactory.error(req, WireCodes.Status.UNPROCESSABLE, "BAD_SIGNATURE", "Подпись не прошла проверку");
|
||||
}
|
||||
|
||||
long now = System.currentTimeMillis();
|
||||
if (Math.abs(now - packet.timeMs) > REPLAY_TTL_MS) {
|
||||
return NetExceptionResponseFactory.error(req, WireCodes.Status.UNPROCESSABLE, "BAD_TIME_WINDOW", "Время сообщения вышло за окно 15 минут");
|
||||
}
|
||||
|
||||
boolean replayOk = SignedDmReplayDAO.getInstance().registerUnique(packet.fromLogin, packet.timeMs, packet.nonce, now);
|
||||
if (!replayOk) {
|
||||
return NetExceptionResponseFactory.error(req, WireCodes.Status.UNPROCESSABLE, "REPLAY", "Повторное сообщение заблокировано");
|
||||
}
|
||||
|
||||
String messageId = NetIdGenerator.eventId("msg");
|
||||
String textForUi = new String(packet.messageBytes, StandardCharsets.UTF_8);
|
||||
|
||||
DirectMessageEntry entry = new DirectMessageEntry();
|
||||
entry.setMessageId(messageId);
|
||||
entry.setFromLogin(from);
|
||||
entry.setToLogin(to);
|
||||
entry.setText(text);
|
||||
entry.setCreatedAtMs(System.currentTimeMillis());
|
||||
entry.setFromLogin(packet.fromLogin);
|
||||
entry.setToLogin(packet.toLogin);
|
||||
entry.setText(textForUi);
|
||||
entry.setCreatedAtMs(now);
|
||||
DirectMessagesDAO.getInstance().insert(entry);
|
||||
|
||||
Set<ConnectionContext> activeSessions = ActiveConnectionsRegistry.getInstance().getByLogin(to);
|
||||
List<PushTokenEntry> tokens = PushTokensDAO.getInstance().listByLogin(to);
|
||||
SignedDirectMessageHistoryEntry history = new SignedDirectMessageHistoryEntry();
|
||||
history.setMessageId(messageId);
|
||||
history.setFromLogin(packet.fromLogin);
|
||||
history.setToLogin(packet.toLogin);
|
||||
history.setTargetMode(packet.targetMode);
|
||||
history.setTargetSessionId(packet.targetSessionId);
|
||||
history.setMessageType(packet.messageType);
|
||||
history.setTimeMs(packet.timeMs);
|
||||
history.setNonce(packet.nonce);
|
||||
history.setRawPacket(packet.rawPacket);
|
||||
history.setCreatedAtMs(now);
|
||||
SignedDirectMessagesHistoryDAO.getInstance().insert(history);
|
||||
|
||||
int wsDelivered = 0;
|
||||
int fcmDelivered = 0;
|
||||
|
||||
Set<String> activeSessionIds = new HashSet<>();
|
||||
for (ConnectionContext targetCtx : activeSessions) {
|
||||
activeSessionIds.add(targetCtx.getSessionId());
|
||||
String eventId = NetIdGenerator.eventId("evt");
|
||||
CompletableFuture<Boolean> waiter = DeliveryTracker.getInstance().register(eventId);
|
||||
|
||||
ObjectNode payload = MAPPER.createObjectNode();
|
||||
payload.put("eventId", eventId);
|
||||
payload.put("messageId", messageId);
|
||||
payload.put("fromLogin", from);
|
||||
payload.put("toLogin", to);
|
||||
payload.put("text", text);
|
||||
payload.put("timeMs", entry.getCreatedAtMs());
|
||||
|
||||
boolean sent = WsEventSender.sendEvent(targetCtx, "IncomingDirectMessage", eventId, payload);
|
||||
boolean acked = false;
|
||||
if (sent) {
|
||||
try {
|
||||
acked = waiter.get(1200, TimeUnit.MILLISECONDS);
|
||||
} catch (Exception ignored) {
|
||||
acked = false;
|
||||
}
|
||||
}
|
||||
DeliveryTracker.getInstance().remove(eventId);
|
||||
if (acked) {
|
||||
wsDelivered++;
|
||||
continue;
|
||||
}
|
||||
|
||||
for (PushTokenEntry token : tokens) {
|
||||
if (!targetCtx.getSessionId().equals(token.getSessionId())) continue;
|
||||
boolean pushed = FcmPushSender.sendNotification(token.getToken(), "Новое сообщение", text, messageId);
|
||||
if (pushed) {
|
||||
fcmDelivered++;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
for (PushTokenEntry token : tokens) {
|
||||
if (activeSessionIds.contains(token.getSessionId())) continue;
|
||||
boolean pushed = FcmPushSender.sendNotification(token.getToken(), "Новое сообщение", text, messageId);
|
||||
if (pushed) fcmDelivered++;
|
||||
}
|
||||
DeliveryResult delivery = deliver(packet, req.getBlobB64().trim(), messageId, now);
|
||||
|
||||
Net_SendDirectMessage_Response resp = new Net_SendDirectMessage_Response();
|
||||
resp.setOp(req.getOp());
|
||||
resp.setRequestId(req.getRequestId());
|
||||
resp.setStatus(WireCodes.Status.OK);
|
||||
resp.setMessageId(messageId);
|
||||
resp.setDeliveredWsSessions(wsDelivered);
|
||||
resp.setDeliveredFcmSessions(fcmDelivered);
|
||||
resp.setDeliveredWsSessions(delivery.wsDelivered);
|
||||
resp.setDeliveredWebPushSessions(delivery.webPushDelivered);
|
||||
resp.setSessionNotFound(delivery.sessionNotFound);
|
||||
return resp;
|
||||
}
|
||||
|
||||
private boolean canSend(String from, String to) {
|
||||
return from != null && !from.isBlank() && to != null && !to.isBlank();
|
||||
private DeliveryResult deliver(SignedDirectMessagePacket packet, String blobB64, String messageId, long createdAtMs) throws Exception {
|
||||
DeliveryResult result = new DeliveryResult();
|
||||
|
||||
Set<String> selectedSessionIds = new HashSet<>();
|
||||
if (packet.targetMode == SignedDirectMessagePacket.TARGET_ONE_SESSION) {
|
||||
ActiveSessionEntry byId = ActiveSessionsDAO.getInstance().getBySessionId(packet.targetSessionId);
|
||||
if (byId == null || !packet.toLogin.equalsIgnoreCase(byId.getLogin())) {
|
||||
result.sessionNotFound = true;
|
||||
return result;
|
||||
}
|
||||
selectedSessionIds.add(byId.getSessionId());
|
||||
deliverToSession(packet, blobB64, messageId, createdAtMs, byId.getSessionId(), result);
|
||||
return result;
|
||||
}
|
||||
|
||||
List<ActiveSessionEntry> sessions = ActiveSessionsDAO.getInstance().getByLogin(packet.toLogin);
|
||||
for (ActiveSessionEntry s : sessions) {
|
||||
selectedSessionIds.add(s.getSessionId());
|
||||
deliverToSession(packet, blobB64, messageId, createdAtMs, s.getSessionId(), result);
|
||||
}
|
||||
return result;
|
||||
}
|
||||
|
||||
private void deliverToSession(
|
||||
SignedDirectMessagePacket packet,
|
||||
String blobB64,
|
||||
String messageId,
|
||||
long createdAtMs,
|
||||
String sessionId,
|
||||
DeliveryResult result
|
||||
) {
|
||||
ConnectionContext targetCtx = ActiveConnectionsRegistry.getInstance().getBySessionId(sessionId);
|
||||
boolean wsDelivered = false;
|
||||
if (targetCtx != null) {
|
||||
String eventId = NetIdGenerator.eventId("evt");
|
||||
CompletableFuture<Boolean> waiter = DeliveryTracker.getInstance().register(eventId);
|
||||
ObjectNode payload = MAPPER.createObjectNode();
|
||||
payload.put("eventId", eventId);
|
||||
payload.put("messageId", messageId);
|
||||
payload.put("fromLogin", packet.fromLogin);
|
||||
payload.put("toLogin", packet.toLogin);
|
||||
payload.put("blobB64", blobB64);
|
||||
payload.put("text", new String(packet.messageBytes, StandardCharsets.UTF_8));
|
||||
payload.put("timeMs", createdAtMs);
|
||||
|
||||
boolean sent = WsEventSender.sendEvent(targetCtx, "IncomingDirectMessage", eventId, payload);
|
||||
if (sent) {
|
||||
try {
|
||||
wsDelivered = waiter.get(1200, TimeUnit.MILLISECONDS);
|
||||
} catch (Exception ignored) {
|
||||
wsDelivered = false;
|
||||
}
|
||||
}
|
||||
DeliveryTracker.getInstance().remove(eventId);
|
||||
}
|
||||
|
||||
if (wsDelivered) {
|
||||
result.wsDelivered++;
|
||||
return;
|
||||
}
|
||||
|
||||
try {
|
||||
ActiveSessionEntry targetSession = ActiveSessionsDAO.getInstance().getBySessionId(sessionId);
|
||||
if (targetSession == null) return;
|
||||
if (isBlank(targetSession.getPushEndpoint()) || isBlank(targetSession.getPushP256dhKey()) || isBlank(targetSession.getPushAuthKey())) {
|
||||
return;
|
||||
}
|
||||
boolean pushed = WebPushSender.sendBase64Payload(
|
||||
targetSession.getPushEndpoint(),
|
||||
targetSession.getPushP256dhKey(),
|
||||
targetSession.getPushAuthKey(),
|
||||
blobB64
|
||||
);
|
||||
if (pushed) result.webPushDelivered++;
|
||||
} catch (Exception ignored) {
|
||||
// ignore per-session push errors
|
||||
}
|
||||
}
|
||||
|
||||
private boolean isBlank(String s) {
|
||||
return s == null || s.isBlank();
|
||||
}
|
||||
|
||||
private static final class DeliveryResult {
|
||||
int wsDelivered;
|
||||
int webPushDelivered;
|
||||
boolean sessionNotFound;
|
||||
}
|
||||
}
|
||||
|
||||
@ -8,8 +8,7 @@ import server.logic.ws_protocol.JSON.messages.entyties.Net_UpsertPushToken_Reque
|
||||
import server.logic.ws_protocol.JSON.messages.entyties.Net_UpsertPushToken_Response;
|
||||
import server.logic.ws_protocol.JSON.utils.NetExceptionResponseFactory;
|
||||
import server.logic.ws_protocol.WireCodes;
|
||||
import shine.db.dao.PushTokensDAO;
|
||||
import shine.db.entities.PushTokenEntry;
|
||||
import shine.db.dao.ActiveSessionsDAO;
|
||||
|
||||
public class Net_UpsertPushToken_Handler implements JsonMessageHandler {
|
||||
@Override
|
||||
@ -18,27 +17,27 @@ public class Net_UpsertPushToken_Handler implements JsonMessageHandler {
|
||||
if (ctx == null || !ctx.isAuthenticatedUser()) {
|
||||
return NetExceptionResponseFactory.error(req, WireCodes.Status.UNVERIFIED, "NOT_AUTHENTICATED", "Требуется авторизация");
|
||||
}
|
||||
if (req.getTokenId() == null || req.getTokenId().isBlank() || req.getToken() == null || req.getToken().isBlank()) {
|
||||
return NetExceptionResponseFactory.error(req, WireCodes.Status.BAD_REQUEST, "BAD_FIELDS", "tokenId и token обязательны");
|
||||
if (req.getEndpoint() == null || req.getEndpoint().isBlank()
|
||||
|| req.getP256dhKey() == null || req.getP256dhKey().isBlank()
|
||||
|| req.getAuthKey() == null || req.getAuthKey().isBlank()) {
|
||||
return NetExceptionResponseFactory.error(req, WireCodes.Status.BAD_REQUEST, "BAD_FIELDS", "endpoint/p256dhKey/authKey обязательны");
|
||||
}
|
||||
|
||||
PushTokenEntry e = new PushTokenEntry();
|
||||
e.setTokenId(req.getTokenId().trim());
|
||||
e.setLogin(ctx.getLogin());
|
||||
e.setSessionId((req.getSessionId() == null || req.getSessionId().isBlank()) ? ctx.getSessionId() : req.getSessionId().trim());
|
||||
e.setProvider(req.getProvider() == null || req.getProvider().isBlank() ? "fcm" : req.getProvider().trim());
|
||||
e.setToken(req.getToken().trim());
|
||||
e.setPlatform(req.getPlatform());
|
||||
e.setUserAgent(req.getUserAgent());
|
||||
e.setUpdatedAtMs(System.currentTimeMillis());
|
||||
PushTokensDAO.getInstance().upsert(e);
|
||||
String sessionId = (req.getSessionId() == null || req.getSessionId().isBlank()) ? ctx.getSessionId() : req.getSessionId().trim();
|
||||
long now = System.currentTimeMillis();
|
||||
ActiveSessionsDAO.getInstance().updatePushSubscription(
|
||||
sessionId,
|
||||
req.getEndpoint().trim(),
|
||||
req.getP256dhKey().trim(),
|
||||
req.getAuthKey().trim()
|
||||
);
|
||||
|
||||
Net_UpsertPushToken_Response resp = new Net_UpsertPushToken_Response();
|
||||
resp.setOp(req.getOp());
|
||||
resp.setRequestId(req.getRequestId());
|
||||
resp.setStatus(WireCodes.Status.OK);
|
||||
resp.setTokenId(e.getTokenId());
|
||||
resp.setUpdatedAtMs(e.getUpdatedAtMs());
|
||||
resp.setTokenId(sessionId);
|
||||
resp.setUpdatedAtMs(now);
|
||||
return resp;
|
||||
}
|
||||
}
|
||||
|
||||
@ -0,0 +1,134 @@
|
||||
package server.logic.ws_protocol.JSON.messages;
|
||||
|
||||
import java.nio.ByteBuffer;
|
||||
import java.nio.ByteOrder;
|
||||
import java.nio.charset.StandardCharsets;
|
||||
import java.util.Arrays;
|
||||
|
||||
final class SignedDirectMessagePacket {
|
||||
static final byte[] PREFIX = "SHiNE_msg".getBytes(StandardCharsets.US_ASCII);
|
||||
static final int VERSION = 1;
|
||||
static final int MESSAGE_TYPE_DIRECT = 1;
|
||||
static final int TARGET_ALL_SESSIONS = 0;
|
||||
static final int TARGET_ONE_SESSION = 1;
|
||||
|
||||
final int version;
|
||||
final String toLogin;
|
||||
final String fromLogin;
|
||||
final long timeMs;
|
||||
final long nonce;
|
||||
final int messageType;
|
||||
final int targetMode;
|
||||
final String targetSessionId;
|
||||
final byte[] messageBytes;
|
||||
final byte[] signedBody;
|
||||
final byte[] signature64;
|
||||
final byte[] rawPacket;
|
||||
|
||||
private SignedDirectMessagePacket(
|
||||
int version,
|
||||
String toLogin,
|
||||
String fromLogin,
|
||||
long timeMs,
|
||||
long nonce,
|
||||
int messageType,
|
||||
int targetMode,
|
||||
String targetSessionId,
|
||||
byte[] messageBytes,
|
||||
byte[] signedBody,
|
||||
byte[] signature64,
|
||||
byte[] rawPacket
|
||||
) {
|
||||
this.version = version;
|
||||
this.toLogin = toLogin;
|
||||
this.fromLogin = fromLogin;
|
||||
this.timeMs = timeMs;
|
||||
this.nonce = nonce;
|
||||
this.messageType = messageType;
|
||||
this.targetMode = targetMode;
|
||||
this.targetSessionId = targetSessionId;
|
||||
this.messageBytes = messageBytes;
|
||||
this.signedBody = signedBody;
|
||||
this.signature64 = signature64;
|
||||
this.rawPacket = rawPacket;
|
||||
}
|
||||
|
||||
static SignedDirectMessagePacket parse(byte[] raw, int maxMessageBytes) {
|
||||
if (raw == null || raw.length < PREFIX.length + 1 + 1 + 1 + 8 + 4 + 2 + 1 + 2 + 64) {
|
||||
throw new IllegalArgumentException("BAD_LEN");
|
||||
}
|
||||
if (raw.length > 4096) {
|
||||
throw new IllegalArgumentException("PAYLOAD_TOO_LARGE");
|
||||
}
|
||||
|
||||
ByteBuffer bb = ByteBuffer.wrap(raw).order(ByteOrder.BIG_ENDIAN);
|
||||
byte[] prefixBytes = new byte[PREFIX.length];
|
||||
bb.get(prefixBytes);
|
||||
if (!Arrays.equals(prefixBytes, PREFIX)) {
|
||||
throw new IllegalArgumentException("BAD_PREFIX");
|
||||
}
|
||||
|
||||
int version = Byte.toUnsignedInt(bb.get());
|
||||
if (version != VERSION) {
|
||||
throw new IllegalArgumentException("BAD_VERSION");
|
||||
}
|
||||
|
||||
String toLogin = readAscii(bb, 1, 30, "BAD_TO_LOGIN");
|
||||
String fromLogin = readAscii(bb, 1, 30, "BAD_FROM_LOGIN");
|
||||
|
||||
long timeMs = bb.getLong();
|
||||
if (timeMs < 0) throw new IllegalArgumentException("BAD_TIME");
|
||||
|
||||
long nonce = Integer.toUnsignedLong(bb.getInt());
|
||||
|
||||
int messageType = Short.toUnsignedInt(bb.getShort());
|
||||
if (messageType != MESSAGE_TYPE_DIRECT) {
|
||||
throw new IllegalArgumentException("BAD_MESSAGE_TYPE");
|
||||
}
|
||||
|
||||
int targetMode = Byte.toUnsignedInt(bb.get());
|
||||
if (targetMode != TARGET_ALL_SESSIONS && targetMode != TARGET_ONE_SESSION) {
|
||||
throw new IllegalArgumentException("BAD_TARGET_MODE");
|
||||
}
|
||||
|
||||
String targetSessionId = null;
|
||||
if (targetMode == TARGET_ONE_SESSION) {
|
||||
targetSessionId = readAscii(bb, 1, 255, "BAD_SESSION_ID");
|
||||
}
|
||||
|
||||
int msgLen = Short.toUnsignedInt(bb.getShort());
|
||||
if (msgLen < 1 || msgLen > maxMessageBytes) {
|
||||
throw new IllegalArgumentException("BAD_MESSAGE_LEN");
|
||||
}
|
||||
if (bb.remaining() != msgLen + 64) {
|
||||
throw new IllegalArgumentException("BAD_LEN");
|
||||
}
|
||||
|
||||
byte[] messageBytes = new byte[msgLen];
|
||||
bb.get(messageBytes);
|
||||
|
||||
byte[] signature64 = new byte[64];
|
||||
bb.get(signature64);
|
||||
|
||||
byte[] signedBody = Arrays.copyOf(raw, raw.length - 64);
|
||||
|
||||
return new SignedDirectMessagePacket(
|
||||
version, toLogin, fromLogin, timeMs, nonce, messageType, targetMode,
|
||||
targetSessionId, messageBytes, signedBody, signature64, raw
|
||||
);
|
||||
}
|
||||
|
||||
private static String readAscii(ByteBuffer bb, int minLen, int maxLen, String code) {
|
||||
if (!bb.hasRemaining()) throw new IllegalArgumentException(code);
|
||||
int len = Byte.toUnsignedInt(bb.get());
|
||||
if (len < minLen || len > maxLen || bb.remaining() < len) {
|
||||
throw new IllegalArgumentException(code);
|
||||
}
|
||||
byte[] bytes = new byte[len];
|
||||
bb.get(bytes);
|
||||
for (byte b : bytes) {
|
||||
if (b < 0x20 || b > 0x7E) throw new IllegalArgumentException(code);
|
||||
}
|
||||
return new String(bytes, StandardCharsets.US_ASCII);
|
||||
}
|
||||
}
|
||||
@ -3,11 +3,8 @@ package server.logic.ws_protocol.JSON.messages.entyties;
|
||||
import server.logic.ws_protocol.JSON.entyties.Net_Request;
|
||||
|
||||
public class Net_SendDirectMessage_Request extends Net_Request {
|
||||
private String toLogin;
|
||||
private String text;
|
||||
private String blobB64;
|
||||
|
||||
public String getToLogin() { return toLogin; }
|
||||
public void setToLogin(String toLogin) { this.toLogin = toLogin; }
|
||||
public String getText() { return text; }
|
||||
public void setText(String text) { this.text = text; }
|
||||
public String getBlobB64() { return blobB64; }
|
||||
public void setBlobB64(String blobB64) { this.blobB64 = blobB64; }
|
||||
}
|
||||
|
||||
@ -5,12 +5,15 @@ import server.logic.ws_protocol.JSON.entyties.Net_Response;
|
||||
public class Net_SendDirectMessage_Response extends Net_Response {
|
||||
private String messageId;
|
||||
private int deliveredWsSessions;
|
||||
private int deliveredFcmSessions;
|
||||
private int deliveredWebPushSessions;
|
||||
private boolean sessionNotFound;
|
||||
|
||||
public String getMessageId() { return messageId; }
|
||||
public void setMessageId(String messageId) { this.messageId = messageId; }
|
||||
public int getDeliveredWsSessions() { return deliveredWsSessions; }
|
||||
public void setDeliveredWsSessions(int deliveredWsSessions) { this.deliveredWsSessions = deliveredWsSessions; }
|
||||
public int getDeliveredFcmSessions() { return deliveredFcmSessions; }
|
||||
public void setDeliveredFcmSessions(int deliveredFcmSessions) { this.deliveredFcmSessions = deliveredFcmSessions; }
|
||||
public int getDeliveredWebPushSessions() { return deliveredWebPushSessions; }
|
||||
public void setDeliveredWebPushSessions(int deliveredWebPushSessions) { this.deliveredWebPushSessions = deliveredWebPushSessions; }
|
||||
public boolean isSessionNotFound() { return sessionNotFound; }
|
||||
public void setSessionNotFound(boolean sessionNotFound) { this.sessionNotFound = sessionNotFound; }
|
||||
}
|
||||
|
||||
@ -3,21 +3,21 @@ package server.logic.ws_protocol.JSON.messages.entyties;
|
||||
import server.logic.ws_protocol.JSON.entyties.Net_Request;
|
||||
|
||||
public class Net_UpsertPushToken_Request extends Net_Request {
|
||||
private String tokenId;
|
||||
private String sessionId;
|
||||
private String provider;
|
||||
private String token;
|
||||
private String endpoint;
|
||||
private String p256dhKey;
|
||||
private String authKey;
|
||||
private String platform;
|
||||
private String userAgent;
|
||||
|
||||
public String getTokenId() { return tokenId; }
|
||||
public void setTokenId(String tokenId) { this.tokenId = tokenId; }
|
||||
public String getSessionId() { return sessionId; }
|
||||
public void setSessionId(String sessionId) { this.sessionId = sessionId; }
|
||||
public String getProvider() { return provider; }
|
||||
public void setProvider(String provider) { this.provider = provider; }
|
||||
public String getToken() { return token; }
|
||||
public void setToken(String token) { this.token = token; }
|
||||
public String getEndpoint() { return endpoint; }
|
||||
public void setEndpoint(String endpoint) { this.endpoint = endpoint; }
|
||||
public String getP256dhKey() { return p256dhKey; }
|
||||
public void setP256dhKey(String p256dhKey) { this.p256dhKey = p256dhKey; }
|
||||
public String getAuthKey() { return authKey; }
|
||||
public void setAuthKey(String authKey) { this.authKey = authKey; }
|
||||
public String getPlatform() { return platform; }
|
||||
public void setPlatform(String platform) { this.platform = platform; }
|
||||
public String getUserAgent() { return userAgent; }
|
||||
|
||||
@ -0,0 +1,57 @@
|
||||
package server.logic.ws_protocol.JSON.push;
|
||||
|
||||
import nl.martijndwars.webpush.Notification;
|
||||
import nl.martijndwars.webpush.PushService;
|
||||
import nl.martijndwars.webpush.Subscription;
|
||||
import org.jose4j.lang.JoseException;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import utils.config.AppConfig;
|
||||
|
||||
import java.nio.charset.StandardCharsets;
|
||||
import java.security.GeneralSecurityException;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.util.Base64;
|
||||
|
||||
public final class WebPushSender {
|
||||
private static final Logger log = LoggerFactory.getLogger(WebPushSender.class);
|
||||
private static volatile PushService service;
|
||||
|
||||
private WebPushSender() {}
|
||||
|
||||
private static PushService service() throws GeneralSecurityException, JoseException {
|
||||
if (service != null) return service;
|
||||
synchronized (WebPushSender.class) {
|
||||
if (service != null) return service;
|
||||
AppConfig cfg = AppConfig.getInstance();
|
||||
String pub = cfg.getStringOrEmpty("webpush.vapid.public");
|
||||
String priv = cfg.getStringOrEmpty("webpush.vapid.private");
|
||||
String subject = cfg.getStringOrEmpty("webpush.vapid.subject");
|
||||
if (pub.isBlank() || priv.isBlank() || subject.isBlank()) {
|
||||
throw new IllegalStateException("webpush.vapid.* is not configured");
|
||||
}
|
||||
service = new PushService(pub, priv, subject);
|
||||
return service;
|
||||
}
|
||||
}
|
||||
|
||||
public static boolean sendBase64Payload(String endpoint, String p256dhKey, String authKey, String payloadB64) {
|
||||
try {
|
||||
Subscription subscription = new Subscription(
|
||||
endpoint,
|
||||
new Subscription.Keys(p256dhKey, authKey)
|
||||
);
|
||||
byte[] payloadBytes = Base64.getDecoder().decode(payloadB64);
|
||||
Notification notification = new Notification(subscription, payloadBytes);
|
||||
var response = service().send(notification);
|
||||
int code = response.getStatusLine().getStatusCode();
|
||||
return code >= 200 && code < 300;
|
||||
} catch (NoSuchAlgorithmException e) {
|
||||
log.warn("WebPush crypto unsupported", e);
|
||||
return false;
|
||||
} catch (Exception e) {
|
||||
log.warn("WebPush send failed: {}", e.getMessage());
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -13,5 +13,7 @@ server.info.description=
|
||||
server.info.origin=
|
||||
server.info.extraInfo=
|
||||
|
||||
# FCM (legacy HTTP)
|
||||
fcm.server.key=
|
||||
# Web Push (VAPID)
|
||||
webpush.vapid.public=
|
||||
webpush.vapid.private=
|
||||
webpush.vapid.subject=mailto:admin@shine.local
|
||||
|
||||
Loading…
Reference in New Issue
Block a user