diff --git a/keyserver/flow-typed/npm/@parse/node-apn_vx.x.x.js b/keyserver/flow-typed/npm/@parse/node-apn_vx.x.x.js --- a/keyserver/flow-typed/npm/@parse/node-apn_vx.x.x.js +++ b/keyserver/flow-typed/npm/@parse/node-apn_vx.x.x.js @@ -27,11 +27,23 @@ pushType: NotificationPushType; threadId: string; payload: any; - badge: number; + badge: ?number; sound: string; contentAvailable: boolean; mutableContent: boolean; urlArgs: string[]; + // Detailed explanation of this field can be found here: + // https://developer.apple.com/documentation/usernotifications/setting_up_a_remote_notification_server/generating_a_remote_notification?language=objc#2943363 + // More fields can be added here, if they ever need to + // be accessed from apn.Notification instance + aps: { + +badge: string | number, + +alert: string, + +'thread-id': string, + +'mutable-content': boolean, + +sound: string, + ... + }; } declare type ProviderToken = {| diff --git a/keyserver/src/push/crypto.js b/keyserver/src/push/crypto.js new file mode 100644 --- /dev/null +++ b/keyserver/src/push/crypto.js @@ -0,0 +1,106 @@ +// @flow + +import apn from '@parse/node-apn'; +import invariant from 'invariant'; + +import { encryptAndUpdateOlmSession } from '../updaters/olm-session-updater.js'; + +async function encryptIOSNotification( + cookieID: string, + notification: apn.Notification, +): Promise { + invariant( + !notification.collapseId, + 'Collapsible notifications encryption currently not implemented', + ); + + const encryptedNotification = new apn.Notification(); + + encryptedNotification.id = notification.id; + encryptedNotification.payload.id = notification.id; + encryptedNotification.topic = notification.topic; + encryptedNotification.sound = notification.aps.sound; + encryptedNotification.pushType = 'alert'; + + invariant( + notification.aps['mutable-content'], + 'Notification decryption impossible without mutableContent set to true', + ); + encryptedNotification.mutableContent = true; + + const { id, ...payloadSansId } = notification.payload; + let notificationFieldsToEncrypt = { + badge: notification.aps.badge.toString(), + ...payloadSansId, + }; + + if (notification.body) { + notificationFieldsToEncrypt = { + merged: notification.body, + ...notificationFieldsToEncrypt, + }; + } + + let encryptedFields; + try { + encryptedFields = await encryptAndUpdateOlmSession( + cookieID, + 'notifications', + notificationFieldsToEncrypt, + ); + } catch (e) { + console.log('Notification encryption failed: ' + e); + + encryptedNotification.body = notification.aps.alert; + + invariant( + typeof notification.aps.badge === 'number', + 'Unencrypted notification must have badge as a number', + ); + encryptedNotification.badge = notification.aps.badge; + + encryptedNotification.threadId = notification.aps['thread-id']; + encryptedNotification.payload = { + ...encryptedNotification.payload, + ...notification.payload, + encrypted: 0, + }; + return encryptedNotification; + } + + const { merged, threadID, badge, ...restPayload } = encryptedFields; + // node-apn library does not allow to store + // strings in 'badge' property. It will be + // restored in NSE on the device. + encryptedNotification.badge = undefined; + encryptedNotification.payload.badge = badge.body; + + if (threadID) { + encryptedNotification.threadId = threadID.body; + encryptedNotification.payload.threadID = threadID.body; + } + + if (merged) { + encryptedNotification.body = merged.body; + } + + for (const payloadField in restPayload) { + encryptedNotification.payload[payloadField] = + restPayload[payloadField].body; + } + + encryptedNotification.payload.encrypted = 1; + return encryptedNotification; +} + +function prepareEncryptedIOSNotifications( + cookieIDs: $ReadOnlyArray, + notification: apn.Notification, +): Promise> { + const notificationPromises = cookieIDs.map(cookieID => + encryptIOSNotification(cookieID, notification), + ); + return Promise.all(notificationPromises); +} + +export { prepareEncryptedIOSNotifications };