package pushnotificationserver import ( "bytes" "context" "crypto/ecdsa" "encoding/hex" "github.com/golang/protobuf/proto" "github.com/google/uuid" "github.com/pkg/errors" "go.uber.org/zap" "github.com/status-im/status-go/eth-node/crypto" "github.com/status-im/status-go/eth-node/crypto/ecies" "github.com/status-im/status-go/eth-node/types" "github.com/status-im/status-go/protocol/common" "github.com/status-im/status-go/protocol/protobuf" ) const encryptedPayloadKeyLength = 16 const defaultGorushURL = "https://gorush.status.im" var errUnhandledPushNotificationType = errors.New("unhandled push notification type") type Config struct { Enabled bool // Identity is our identity key Identity *ecdsa.PrivateKey // GorushUrl is the url for the gorush service GorushURL string Logger *zap.Logger } type Server struct { persistence Persistence config *Config messageSender *common.MessageSender // SentRequests keeps track of the requests sent to gorush, for testing only SentRequests int64 } func New(config *Config, persistence Persistence, messageSender *common.MessageSender) *Server { if len(config.GorushURL) == 0 { config.GorushURL = defaultGorushURL } return &Server{persistence: persistence, config: config, messageSender: messageSender} } func (s *Server) Start() error { if s.config.Logger == nil { logger, err := zap.NewDevelopment() if err != nil { return errors.Wrap(err, "failed to create a logger") } s.config.Logger = logger } s.config.Logger.Info("starting push notification server") if s.config.Identity == nil { s.config.Logger.Debug("Identity nil") // Pull identity from database identity, err := s.persistence.GetIdentity() if err != nil { return err } if identity == nil { identity, err = crypto.GenerateKey() if err != nil { return err } if err := s.persistence.SaveIdentity(identity); err != nil { return err } } s.config.Identity = identity } pks, err := s.persistence.GetPushNotificationRegistrationPublicKeys() if err != nil { return err } // listen to all topics for users registered for _, pk := range pks { if err := s.listenToPublicKeyQueryTopic(pk); err != nil { return err } } s.config.Logger.Info("started push notification server", zap.String("identity", types.EncodeHex(crypto.FromECDSAPub(&s.config.Identity.PublicKey)))) return nil } // HandlePushNotificationRegistration builds a response for the registration and sends it back to the user func (s *Server) HandlePushNotificationRegistration(publicKey *ecdsa.PublicKey, payload []byte) error { response := s.buildPushNotificationRegistrationResponse(publicKey, payload) if response == nil { return nil } encodedMessage, err := proto.Marshal(response) if err != nil { return err } rawMessage := common.RawMessage{ Payload: encodedMessage, MessageType: protobuf.ApplicationMetadataMessage_PUSH_NOTIFICATION_REGISTRATION_RESPONSE, // we skip encryption as might be sent from an ephemeral key SkipProtocolLayer: true, } _, err = s.messageSender.SendPrivate(context.Background(), publicKey, &rawMessage) return err } // HandlePushNotificationQuery builds a response for the query and sends it back to the user func (s *Server) HandlePushNotificationQuery(publicKey *ecdsa.PublicKey, messageID []byte, query *protobuf.PushNotificationQuery) error { if query == nil { return nil } response := s.buildPushNotificationQueryResponse(query) if response == nil { return nil } response.MessageId = messageID encodedMessage, err := proto.Marshal(response) if err != nil { return err } rawMessage := common.RawMessage{ Payload: encodedMessage, MessageType: protobuf.ApplicationMetadataMessage_PUSH_NOTIFICATION_QUERY_RESPONSE, // we skip encryption as sent from an ephemeral key SkipProtocolLayer: true, } _, err = s.messageSender.SendPrivate(context.Background(), publicKey, &rawMessage) return err } // HandlePushNotificationRequest will send a gorush notification and send a response back to the user func (s *Server) HandlePushNotificationRequest(publicKey *ecdsa.PublicKey, messageID []byte, request *protobuf.PushNotificationRequest) error { s.config.Logger.Debug("handling pn request", zap.Binary("message-id", messageID)) // This is at-most-once semantic for now exists, err := s.persistence.PushNotificationExists(messageID) if err != nil { return err } if exists { s.config.Logger.Debug("already handled") return nil } response, requestsAndRegistrations := s.buildPushNotificationRequestResponse(request) //AndSendNotification(&request) if response == nil { return nil } err = s.sendPushNotification(requestsAndRegistrations) if err != nil { s.config.Logger.Error("failed to send go rush notification", zap.Error(err)) return err } encodedMessage, err := proto.Marshal(response) if err != nil { return err } rawMessage := common.RawMessage{ Payload: encodedMessage, MessageType: protobuf.ApplicationMetadataMessage_PUSH_NOTIFICATION_RESPONSE, // We skip encryption here as the message has been sent from an ephemeral key SkipProtocolLayer: true, } _, err = s.messageSender.SendPrivate(context.Background(), publicKey, &rawMessage) return err } // buildGrantSignatureMaterial builds a grant for a specific server. // We use 3 components: // 1) The client public key. Not sure this applies to our signature scheme, but best to be conservative. https://crypto.stackexchange.com/questions/15538/given-a-message-and-signature-find-a-public-key-that-makes-the-signature-valid // 2) The server public key // 3) The access token // By verifying this signature, a client can trust the server was instructed to store this access token. func (s *Server) buildGrantSignatureMaterial(clientPublicKey *ecdsa.PublicKey, serverPublicKey *ecdsa.PublicKey, accessToken string) []byte { var signatureMaterial []byte signatureMaterial = append(signatureMaterial, crypto.CompressPubkey(clientPublicKey)...) signatureMaterial = append(signatureMaterial, crypto.CompressPubkey(serverPublicKey)...) signatureMaterial = append(signatureMaterial, []byte(accessToken)...) a := crypto.Keccak256(signatureMaterial) return a } func (s *Server) verifyGrantSignature(clientPublicKey *ecdsa.PublicKey, accessToken string, grant []byte) error { signatureMaterial := s.buildGrantSignatureMaterial(clientPublicKey, &s.config.Identity.PublicKey, accessToken) recoveredPublicKey, err := crypto.SigToPub(signatureMaterial, grant) if err != nil { return err } if !common.IsPubKeyEqual(recoveredPublicKey, clientPublicKey) { return errors.New("pubkey mismatch") } return nil } func (s *Server) generateSharedKey(publicKey *ecdsa.PublicKey) ([]byte, error) { return ecies.ImportECDSA(s.config.Identity).GenerateShared( ecies.ImportECDSAPublic(publicKey), encryptedPayloadKeyLength, encryptedPayloadKeyLength, ) } func (s *Server) validateUUID(u string) error { if len(u) == 0 { return errors.New("empty uuid") } _, err := uuid.Parse(u) return err } func (s *Server) decryptRegistration(publicKey *ecdsa.PublicKey, payload []byte) ([]byte, error) { sharedKey, err := s.generateSharedKey(publicKey) if err != nil { return nil, err } return common.Decrypt(payload, sharedKey) } // validateRegistration validates a new message against the last one received for a given installationID and and public key // and return the decrypted message func (s *Server) validateRegistration(publicKey *ecdsa.PublicKey, payload []byte) (*protobuf.PushNotificationRegistration, error) { if payload == nil { return nil, ErrEmptyPushNotificationRegistrationPayload } if publicKey == nil { return nil, ErrEmptyPushNotificationRegistrationPublicKey } decryptedPayload, err := s.decryptRegistration(publicKey, payload) if err != nil { return nil, err } registration := &protobuf.PushNotificationRegistration{} if err := proto.Unmarshal(decryptedPayload, registration); err != nil { return nil, ErrCouldNotUnmarshalPushNotificationRegistration } if registration.Version < 1 { return nil, ErrInvalidPushNotificationRegistrationVersion } if err := s.validateUUID(registration.InstallationId); err != nil { return nil, ErrMalformedPushNotificationRegistrationInstallationID } previousVersion, err := s.persistence.GetPushNotificationRegistrationVersion(common.HashPublicKey(publicKey), registration.InstallationId) if err != nil { return nil, err } if registration.Version <= previousVersion { return nil, ErrInvalidPushNotificationRegistrationVersion } // unregistering message if registration.Unregister { return registration, nil } if err := s.validateUUID(registration.AccessToken); err != nil { return nil, ErrMalformedPushNotificationRegistrationAccessToken } if len(registration.Grant) == 0 { return nil, ErrMalformedPushNotificationRegistrationGrant } if err := s.verifyGrantSignature(publicKey, registration.AccessToken, registration.Grant); err != nil { s.config.Logger.Error("failed to verify grant", zap.Error(err)) return nil, ErrMalformedPushNotificationRegistrationGrant } if len(registration.DeviceToken) == 0 { return nil, ErrMalformedPushNotificationRegistrationDeviceToken } if registration.TokenType == protobuf.PushNotificationRegistration_UNKNOWN_TOKEN_TYPE { return nil, ErrUnknownPushNotificationRegistrationTokenType } return registration, nil } // buildPushNotificationQueryResponse check if we have the client information and send them back func (s *Server) buildPushNotificationQueryResponse(query *protobuf.PushNotificationQuery) *protobuf.PushNotificationQueryResponse { s.config.Logger.Debug("handling push notification query") response := &protobuf.PushNotificationQueryResponse{} if query == nil || len(query.PublicKeys) == 0 { return response } registrations, err := s.persistence.GetPushNotificationRegistrationByPublicKeys(query.PublicKeys) if err != nil { s.config.Logger.Error("failed to retrieve registration", zap.Error(err)) return response } for _, idAndResponse := range registrations { registration := idAndResponse.Registration info := &protobuf.PushNotificationQueryInfo{ PublicKey: idAndResponse.ID, Grant: registration.Grant, Version: registration.Version, InstallationId: registration.InstallationId, } // if instructed to only allow from contacts, send back a list if registration.AllowFromContactsOnly { info.AllowedKeyList = registration.AllowedKeyList } else { info.AccessToken = registration.AccessToken } response.Info = append(response.Info, info) } response.Success = true return response } func (s *Server) contains(list [][]byte, chatID []byte) bool { for _, list := range list { if bytes.Equal(list, chatID) { return true } } return false } type reportResult struct { sendNotification bool report *protobuf.PushNotificationReport } // buildPushNotificationReport checks the request against the registration and // returns whether we should send the notification and what the response should be func (s *Server) buildPushNotificationReport(pn *protobuf.PushNotification, registration *protobuf.PushNotificationRegistration) (*reportResult, error) { response := &reportResult{} report := &protobuf.PushNotificationReport{ PublicKey: pn.PublicKey, InstallationId: pn.InstallationId, } if pn.Type == protobuf.PushNotification_UNKNOWN_PUSH_NOTIFICATION_TYPE { s.config.Logger.Warn("unhandled type") return nil, errUnhandledPushNotificationType } if registration == nil { s.config.Logger.Warn("empty registration") report.Error = protobuf.PushNotificationReport_NOT_REGISTERED } else if registration.AccessToken != pn.AccessToken { s.config.Logger.Debug("invalid token") report.Error = protobuf.PushNotificationReport_WRONG_TOKEN } else if (s.isMessageNotification(pn) && !s.isValidMessageNotification(pn, registration)) || (s.isMentionNotification(pn) && !s.isValidMentionNotification(pn, registration)) || (s.isRequestToJoinCommunityNotification(pn) && !s.isValidRequestToJoinCommunityNotification(pn, registration)) { s.config.Logger.Debug("filtered notification") // We report as successful but don't send the notification // for privacy reasons, as otherwise we would disclose that // the sending client has been blocked or that the registering // client has not joined a given public chat report.Success = true } else { response.sendNotification = true s.config.Logger.Debug("sending push notification") report.Success = true } response.report = report return response, nil } // buildPushNotificationRequestResponse will build a response func (s *Server) buildPushNotificationRequestResponse(request *protobuf.PushNotificationRequest) (*protobuf.PushNotificationResponse, []*RequestAndRegistration) { response := &protobuf.PushNotificationResponse{} // We don't even send a response in this case if request == nil || len(request.MessageId) == 0 { s.config.Logger.Warn("empty message id") return nil, nil } response.MessageId = request.MessageId // collect successful requests & registrations var requestAndRegistrations []*RequestAndRegistration for _, pn := range request.Requests { registration, err := s.persistence.GetPushNotificationRegistrationByPublicKeyAndInstallationID(pn.PublicKey, pn.InstallationId) var report *protobuf.PushNotificationReport if err != nil { report = &protobuf.PushNotificationReport{ PublicKey: pn.PublicKey, Error: protobuf.PushNotificationReport_UNKNOWN_ERROR_TYPE, InstallationId: pn.InstallationId, } } else { response, err := s.buildPushNotificationReport(pn, registration) if err != nil { s.config.Logger.Warn("unhandled type") continue } if response.sendNotification { requestAndRegistrations = append(requestAndRegistrations, &RequestAndRegistration{ Request: pn, Registration: registration, }) } report = response.report } response.Reports = append(response.Reports, report) } s.config.Logger.Debug("built pn request") if len(requestAndRegistrations) == 0 { s.config.Logger.Warn("no request and registration") return response, nil } return response, requestAndRegistrations } func (s *Server) sendPushNotification(requestAndRegistrations []*RequestAndRegistration) error { if len(requestAndRegistrations) == 0 { return nil } s.SentRequests++ goRushRequest := PushNotificationRegistrationToGoRushRequest(requestAndRegistrations) return sendGoRushNotification(goRushRequest, s.config.GorushURL, s.config.Logger) } // listenToPublicKeyQueryTopic listen to a topic derived from the hashed public key func (s *Server) listenToPublicKeyQueryTopic(hashedPublicKey []byte) error { if s.messageSender == nil { return nil } encodedPublicKey := hex.EncodeToString(hashedPublicKey) _, err := s.messageSender.JoinPublic(encodedPublicKey) return err } // buildPushNotificationRegistrationResponse will check the registration is valid, save it, and listen to the topic for the queries func (s *Server) buildPushNotificationRegistrationResponse(publicKey *ecdsa.PublicKey, payload []byte) *protobuf.PushNotificationRegistrationResponse { s.config.Logger.Debug("handling push notification registration") response := &protobuf.PushNotificationRegistrationResponse{ RequestId: common.Shake256(payload), } registration, err := s.validateRegistration(publicKey, payload) if err != nil { if err == ErrInvalidPushNotificationRegistrationVersion { response.Error = protobuf.PushNotificationRegistrationResponse_VERSION_MISMATCH } else { response.Error = protobuf.PushNotificationRegistrationResponse_MALFORMED_MESSAGE } s.config.Logger.Warn("registration did not validate", zap.Error(err)) return response } if registration.Unregister { s.config.Logger.Debug("unregistering client") // We save an empty registration, only keeping version and installation-id if err := s.persistence.UnregisterPushNotificationRegistration(common.HashPublicKey(publicKey), registration.InstallationId, registration.Version); err != nil { response.Error = protobuf.PushNotificationRegistrationResponse_INTERNAL_ERROR s.config.Logger.Error("failed to unregister ", zap.Error(err)) return response } } else if err := s.persistence.SavePushNotificationRegistration(common.HashPublicKey(publicKey), registration); err != nil { response.Error = protobuf.PushNotificationRegistrationResponse_INTERNAL_ERROR s.config.Logger.Error("failed to save registration", zap.Error(err)) return response } if err := s.listenToPublicKeyQueryTopic(common.HashPublicKey(publicKey)); err != nil { response.Error = protobuf.PushNotificationRegistrationResponse_INTERNAL_ERROR s.config.Logger.Error("failed to listen to topic", zap.Error(err)) return response } response.Success = true s.config.Logger.Debug("handled push notification registration successfully") return response } func (s *Server) isMentionNotification(pn *protobuf.PushNotification) bool { return pn.Type == protobuf.PushNotification_MENTION } // isValidMentionNotification checks: // this is a mention // mentions are enabled // the user joined the public chat // the author is not blocked func (s *Server) isValidMentionNotification(pn *protobuf.PushNotification, registration *protobuf.PushNotificationRegistration) bool { return s.isMentionNotification(pn) && !registration.BlockMentions && s.contains(registration.AllowedMentionsChatList, pn.ChatId) && !s.contains(registration.BlockedChatList, pn.Author) } func (s *Server) isMessageNotification(pn *protobuf.PushNotification) bool { return pn.Type == protobuf.PushNotification_MESSAGE } // isValidMessageNotification checks: // this is a message // the chat is not muted // the author is not blocked func (s *Server) isValidMessageNotification(pn *protobuf.PushNotification, registration *protobuf.PushNotificationRegistration) bool { return s.isMessageNotification(pn) && !s.contains(registration.BlockedChatList, pn.ChatId) && !s.contains(registration.MutedChatList, pn.ChatId) && !s.contains(registration.BlockedChatList, pn.Author) } func (s *Server) isRequestToJoinCommunityNotification(pn *protobuf.PushNotification) bool { return pn.Type == protobuf.PushNotification_REQUEST_TO_JOIN_COMMUNITY } // isValidRequestToJoinCommunityNotification checks: // this is a request to join a community // the author is not blocked func (s *Server) isValidRequestToJoinCommunityNotification(pn *protobuf.PushNotification, registration *protobuf.PushNotificationRegistration) bool { return s.isRequestToJoinCommunityNotification(pn) && !s.contains(registration.BlockedChatList, pn.Author) }