diff --git a/keyserver/src/push/crypto.js b/keyserver/src/push/crypto.js index 29e987c1c..cb4516822 100644 --- a/keyserver/src/push/crypto.js +++ b/keyserver/src/push/crypto.js @@ -1,495 +1,502 @@ // @flow import type { EncryptResult } from '@commapp/olm'; import apn from '@parse/node-apn'; import crypto from 'crypto'; import invariant from 'invariant'; import _cloneDeep from 'lodash/fp/cloneDeep.js'; import type { PlainTextWebNotification, PlainTextWebNotificationPayload, WebNotification, PlainTextWNSNotification, PlainTextWNSNotificationPayload, WNSNotification, } from 'lib/types/notif-types.js'; import { toBase64URL } from 'lib/utils/base64.js'; import type { AndroidNotification, AndroidNotificationPayload, AndroidNotificationRescind, NotificationTargetDevice, } from './types.js'; import { encryptAndUpdateOlmSession } from '../updaters/olm-session-updater.js'; import { encrypt, generateKey } from '../utils/aes-crypto-utils.js'; import { getOlmUtility } from '../utils/olm-utils.js'; async function encryptAPNsNotification( cookieID: string, notification: apn.Notification, codeVersion?: ?number, notificationSizeValidator?: apn.Notification => boolean, + blobHolder?: ?string, ): Promise<{ +notification: apn.Notification, +payloadSizeExceeded: boolean, +encryptedPayloadHash?: string, +encryptionOrder?: number, }> { invariant( !notification.collapseId, `Collapse ID can't be directly stored in apn.Notification object due ` + `to security reasons. Please put it in payload property`, ); const encryptedNotification = new apn.Notification(); encryptedNotification.id = notification.id; encryptedNotification.payload.id = notification.id; + + if (blobHolder) { + encryptedNotification.payload.blobHolder = blobHolder; + } + encryptedNotification.payload.keyserverID = notification.payload.keyserverID; encryptedNotification.topic = notification.topic; encryptedNotification.sound = notification.aps.sound; encryptedNotification.pushType = 'alert'; encryptedNotification.mutableContent = true; const { id, keyserverID, ...payloadSansUnencryptedData } = notification.payload; const unencryptedPayload = { ...payloadSansUnencryptedData, badge: notification.aps.badge.toString(), merged: notification.body, }; try { const unencryptedSerializedPayload = JSON.stringify(unencryptedPayload); let dbPersistCondition; if (notificationSizeValidator) { dbPersistCondition = ({ serializedPayload, }: { +[string]: EncryptResult, }) => { const notifCopy = _cloneDeep(encryptedNotification); notifCopy.payload.encryptedPayload = serializedPayload.body; return notificationSizeValidator(notifCopy); }; } const { encryptedMessages: { serializedPayload }, dbPersistConditionViolated, encryptionOrder, } = await encryptAndUpdateOlmSession( cookieID, 'notifications', { serializedPayload: unencryptedSerializedPayload, }, dbPersistCondition, ); encryptedNotification.payload.encryptedPayload = serializedPayload.body; if (codeVersion && codeVersion >= 254 && codeVersion % 2 === 0) { encryptedNotification.aps = { alert: { body: 'ENCRYPTED' }, ...encryptedNotification.aps, }; } const encryptedPayloadHash = getOlmUtility().sha256(serializedPayload.body); return { notification: encryptedNotification, payloadSizeExceeded: !!dbPersistConditionViolated, encryptedPayloadHash, encryptionOrder, }; } catch (e) { console.log('Notification encryption failed: ' + e); encryptedNotification.body = notification.body; encryptedNotification.threadId = notification.payload.threadID; invariant( typeof notification.aps.badge === 'number', 'Unencrypted notification must have badge as a number', ); encryptedNotification.badge = notification.aps.badge; encryptedNotification.payload = { ...encryptedNotification.payload, ...notification.payload, encryptionFailed: 1, }; return { notification: encryptedNotification, payloadSizeExceeded: notificationSizeValidator ? notificationSizeValidator(_cloneDeep(encryptedNotification)) : false, }; } } async function encryptAndroidNotificationPayload( cookieID: string, unencryptedPayload: T, payloadSizeValidator?: (T | { +encryptedPayload: string }) => boolean, ): Promise<{ +resultPayload: T | { +encryptedPayload: string }, +payloadSizeExceeded: boolean, +encryptionOrder?: number, }> { try { const unencryptedSerializedPayload = JSON.stringify(unencryptedPayload); if (!unencryptedSerializedPayload) { return { resultPayload: unencryptedPayload, payloadSizeExceeded: payloadSizeValidator ? payloadSizeValidator(unencryptedPayload) : false, }; } let dbPersistCondition; if (payloadSizeValidator) { dbPersistCondition = ({ serializedPayload, }: { +[string]: EncryptResult, }) => payloadSizeValidator({ encryptedPayload: serializedPayload.body }); } const { encryptedMessages: { serializedPayload }, dbPersistConditionViolated, encryptionOrder, } = await encryptAndUpdateOlmSession( cookieID, 'notifications', { serializedPayload: unencryptedSerializedPayload, }, dbPersistCondition, ); return { resultPayload: { encryptedPayload: serializedPayload.body }, payloadSizeExceeded: !!dbPersistConditionViolated, encryptionOrder, }; } catch (e) { console.log('Notification encryption failed: ' + e); const resultPayload = { encryptionFailed: '1', ...unencryptedPayload, }; return { resultPayload, payloadSizeExceeded: payloadSizeValidator ? payloadSizeValidator(resultPayload) : false, }; } } async function encryptAndroidNotification( cookieID: string, notification: AndroidNotification, notificationSizeValidator?: AndroidNotification => boolean, ): Promise<{ +notification: AndroidNotification, +payloadSizeExceeded: boolean, +encryptionOrder?: number, }> { const { id, keyserverID, badgeOnly, ...unencryptedPayload } = notification.data; let unencryptedData = { badgeOnly, keyserverID }; if (id) { unencryptedData = { ...unencryptedData, id }; } let payloadSizeValidator; if (notificationSizeValidator) { payloadSizeValidator = ( payload: AndroidNotificationPayload | { +encryptedPayload: string }, ) => { return notificationSizeValidator({ data: { ...unencryptedData, ...payload }, }); }; } const { resultPayload, payloadSizeExceeded, encryptionOrder } = await encryptAndroidNotificationPayload( cookieID, unencryptedPayload, payloadSizeValidator, ); return { notification: { data: { ...unencryptedData, ...resultPayload, }, }, payloadSizeExceeded, encryptionOrder, }; } async function encryptAndroidNotificationRescind( cookieID: string, notification: AndroidNotificationRescind, ): Promise { // We don't validate payload size for rescind // since they are expected to be small and // never exceed any FCM limit const { keyserverID, ...unencryptedPayload } = notification.data; const { resultPayload } = await encryptAndroidNotificationPayload( cookieID, unencryptedPayload, ); return { data: { keyserverID, ...resultPayload }, }; } async function encryptBasicPayload( cookieID: string, basicPayload: T, ): Promise< | { +encryptedPayload: string, +encryptionOrder?: number } | { ...T, +encryptionFailed: '1' }, > { const unencryptedSerializedPayload = JSON.stringify(basicPayload); if (!unencryptedSerializedPayload) { return { ...basicPayload, encryptionFailed: '1' }; } try { const { encryptedMessages: { serializedPayload }, encryptionOrder, } = await encryptAndUpdateOlmSession(cookieID, 'notifications', { serializedPayload: unencryptedSerializedPayload, }); return { encryptedPayload: serializedPayload.body, encryptionOrder, }; } catch (e) { console.log('Notification encryption failed: ' + e); return { ...basicPayload, encryptionFailed: '1', }; } } async function encryptWebNotification( cookieID: string, notification: PlainTextWebNotification, ): Promise<{ +notification: WebNotification, +encryptionOrder?: number }> { const { id, keyserverID, ...payloadSansId } = notification; const { encryptionOrder, ...encryptionResult } = await encryptBasicPayload( cookieID, payloadSansId, ); return { notification: { id, keyserverID, ...encryptionResult }, encryptionOrder, }; } async function encryptWNSNotification( cookieID: string, notification: PlainTextWNSNotification, ): Promise<{ +notification: WNSNotification, +encryptionOrder?: number }> { const { keyserverID, ...payloadSansKeyserverID } = notification; const { encryptionOrder, ...encryptionResult } = await encryptBasicPayload( cookieID, payloadSansKeyserverID, ); return { notification: { keyserverID, ...encryptionResult }, encryptionOrder, }; } function prepareEncryptedAPNsNotifications( devices: $ReadOnlyArray, notification: apn.Notification, codeVersion?: ?number, notificationSizeValidator?: apn.Notification => boolean, ): Promise< $ReadOnlyArray<{ +cookieID: string, +deviceToken: string, +notification: apn.Notification, +payloadSizeExceeded: boolean, +encryptedPayloadHash?: string, +encryptionOrder?: number, }>, > { const notificationPromises = devices.map( - async ({ cookieID, deviceToken }) => { + async ({ cookieID, deviceToken, blobHolder }) => { const notif = await encryptAPNsNotification( cookieID, notification, codeVersion, notificationSizeValidator, + blobHolder, ); return { cookieID, deviceToken, ...notif }; }, ); return Promise.all(notificationPromises); } function prepareEncryptedIOSNotificationRescind( devices: $ReadOnlyArray, notification: apn.Notification, codeVersion?: ?number, ): Promise< $ReadOnlyArray<{ +cookieID: string, +deviceToken: string, +notification: apn.Notification, }>, > { const notificationPromises = devices.map( async ({ deviceToken, cookieID }) => { const { notification: notif } = await encryptAPNsNotification( cookieID, notification, codeVersion, ); return { deviceToken, cookieID, notification: notif }; }, ); return Promise.all(notificationPromises); } function prepareEncryptedAndroidNotifications( devices: $ReadOnlyArray, notification: AndroidNotification, notificationSizeValidator?: (notification: AndroidNotification) => boolean, ): Promise< $ReadOnlyArray<{ +cookieID: string, +deviceToken: string, +notification: AndroidNotification, +payloadSizeExceeded: boolean, +encryptionOrder?: number, }>, > { const notificationPromises = devices.map( async ({ deviceToken, cookieID }) => { const notif = await encryptAndroidNotification( cookieID, notification, notificationSizeValidator, ); return { deviceToken, cookieID, ...notif }; }, ); return Promise.all(notificationPromises); } function prepareEncryptedAndroidNotificationRescinds( devices: $ReadOnlyArray, notification: AndroidNotificationRescind, ): Promise< $ReadOnlyArray<{ +cookieID: string, +deviceToken: string, +notification: AndroidNotificationRescind, +encryptionOrder?: number, }>, > { const notificationPromises = devices.map( async ({ deviceToken, cookieID }) => { const notif = await encryptAndroidNotificationRescind( cookieID, notification, ); return { deviceToken, cookieID, notification: notif }; }, ); return Promise.all(notificationPromises); } function prepareEncryptedWebNotifications( devices: $ReadOnlyArray, notification: PlainTextWebNotification, ): Promise< $ReadOnlyArray<{ +deviceToken: string, +notification: WebNotification, +encryptionOrder?: number, }>, > { const notificationPromises = devices.map( async ({ deviceToken, cookieID }) => { const notif = await encryptWebNotification(cookieID, notification); return { ...notif, deviceToken }; }, ); return Promise.all(notificationPromises); } function prepareEncryptedWNSNotifications( devices: $ReadOnlyArray, notification: PlainTextWNSNotification, ): Promise< $ReadOnlyArray<{ +deviceToken: string, +notification: WNSNotification, +encryptionOrder?: number, }>, > { const notificationPromises = devices.map( async ({ deviceToken, cookieID }) => { const notif = await encryptWNSNotification(cookieID, notification); return { ...notif, deviceToken }; }, ); return Promise.all(notificationPromises); } async function encryptBlobPayload(payload: string): Promise<{ +encryptionKey: string, +encryptedPayload: Blob, +encryptedPayloadHash: string, }> { const encryptionKey = await generateKey(); const encryptedPayload = await encrypt( encryptionKey, new TextEncoder().encode(payload), ); const encryptedPayloadBuffer = Buffer.from(encryptedPayload); const blobHashBase64 = await crypto .createHash('sha256') .update(encryptedPayloadBuffer) .digest('base64'); const blobHash = toBase64URL(blobHashBase64); const payloadBlob = new Blob([encryptedPayloadBuffer]); const encryptionKeyString = Buffer.from(encryptionKey).toString('base64'); return { encryptionKey: encryptionKeyString, encryptedPayload: payloadBlob, encryptedPayloadHash: blobHash, }; } export { prepareEncryptedAPNsNotifications, prepareEncryptedIOSNotificationRescind, prepareEncryptedAndroidNotifications, prepareEncryptedAndroidNotificationRescinds, prepareEncryptedWebNotifications, prepareEncryptedWNSNotifications, encryptBlobPayload, }; diff --git a/keyserver/src/push/send.js b/keyserver/src/push/send.js index 367fec2eb..41beb975c 100644 --- a/keyserver/src/push/send.js +++ b/keyserver/src/push/send.js @@ -1,1887 +1,1900 @@ // @flow import type { ResponseFailure } from '@parse/node-apn'; import apn from '@parse/node-apn'; import invariant from 'invariant'; import _cloneDeep from 'lodash/fp/cloneDeep.js'; import _flow from 'lodash/fp/flow.js'; import _groupBy from 'lodash/fp/groupBy.js'; import _mapValues from 'lodash/fp/mapValues.js'; import _pickBy from 'lodash/fp/pickBy.js'; import type { QueryResults } from 'mysql'; import t from 'tcomb'; import uuidv4 from 'uuid/v4.js'; import { oldValidUsernameRegex } from 'lib/shared/account-utils.js'; import { isUserMentioned } from 'lib/shared/mention-utils.js'; import { createMessageInfo, shimUnsupportedRawMessageInfos, sortMessageInfoList, } from 'lib/shared/message-utils.js'; import { messageSpecs } from 'lib/shared/messages/message-specs.js'; import { notifTextsForMessageInfo } from 'lib/shared/notif-utils.js'; import { rawThreadInfoFromServerThreadInfo, threadInfoFromRawThreadInfo, } from 'lib/shared/thread-utils.js'; import { hasMinCodeVersion, NEXT_CODE_VERSION, } from 'lib/shared/version-utils.js'; import type { Platform, PlatformDetails } from 'lib/types/device-types.js'; import { messageTypes } from 'lib/types/message-types-enum.js'; import { type MessageData, type RawMessageInfo, rawMessageInfoValidator, } from 'lib/types/message-types.js'; import type { ThreadInfo } from 'lib/types/minimally-encoded-thread-permissions-types.js'; import type { ResolvedNotifTexts } from 'lib/types/notif-types.js'; import { resolvedNotifTextsValidator } from 'lib/types/notif-types.js'; import type { ServerThreadInfo } from 'lib/types/thread-types.js'; import { updateTypes } from 'lib/types/update-types-enum.js'; import { type GlobalUserInfo } from 'lib/types/user-types.js'; import { values } from 'lib/utils/objects.js'; import { tID, tPlatformDetails, tShape } from 'lib/utils/validation-utils.js'; import { prepareEncryptedAndroidNotifications, prepareEncryptedAPNsNotifications, prepareEncryptedWebNotifications, prepareEncryptedWNSNotifications, } from './crypto.js'; import { getAPNsNotificationTopic } from './providers.js'; import { rescindPushNotifs } from './rescind.js'; import type { AndroidNotification, NotificationTargetDevice, TargetedAndroidNotification, TargetedAPNsNotification, TargetedWebNotification, TargetedWNSNotification, } from './types.js'; import { apnMaxNotificationPayloadByteSize, apnPush, fcmMaxNotificationPayloadByteSize, fcmPush, getUnreadCounts, webPush, type WebPushError, wnsMaxNotificationPayloadByteSize, wnsPush, type WNSPushError, blobServiceUpload, } from './utils.js'; import createIDs from '../creators/id-creator.js'; import { createUpdates } from '../creators/update-creator.js'; import { dbQuery, mergeOrConditions, SQL } from '../database/database.js'; import type { CollapsableNotifInfo } from '../fetchers/message-fetchers.js'; import { fetchCollapsableNotifs } from '../fetchers/message-fetchers.js'; import { fetchServerThreadInfos } from '../fetchers/thread-fetchers.js'; import { fetchUserInfos } from '../fetchers/user-fetchers.js'; import type { Viewer } from '../session/viewer.js'; import { thisKeyserverID } from '../user/identity.js'; import { getENSNames } from '../utils/ens-cache.js'; import { validateOutput } from '../utils/validation-utils.js'; export type Device = { +platform: Platform, +deviceToken: string, +cookieID: string, +codeVersion: ?number, +stateVersion: ?number, +majorDesktopVersion: ?number, }; export type PushUserInfo = { +devices: Device[], // messageInfos and messageDatas have the same key +messageInfos: RawMessageInfo[], +messageDatas: MessageData[], }; type Delivery = PushDelivery | { collapsedInto: string }; type NotificationRow = { +dbID: string, +userID: string, +threadID?: ?string, +messageID?: ?string, +collapseKey?: ?string, +deliveries: Delivery[], }; export type PushInfo = { [userID: string]: PushUserInfo }; async function sendPushNotifs(pushInfo: PushInfo) { if (Object.keys(pushInfo).length === 0) { return; } const keyserverID = await thisKeyserverID(); const [ unreadCounts, { usersToCollapsableNotifInfo, serverThreadInfos, userInfos }, dbIDs, ] = await Promise.all([ getUnreadCounts(Object.keys(pushInfo)), fetchInfos(pushInfo), createDBIDs(pushInfo), ]); const preparePromises: Array>> = []; const notifications: Map = new Map(); for (const userID in usersToCollapsableNotifInfo) { const threadInfos = _flow( _mapValues((serverThreadInfo: ServerThreadInfo) => { const rawThreadInfo = rawThreadInfoFromServerThreadInfo( serverThreadInfo, userID, { minimallyEncodePermissions: true }, ); if (!rawThreadInfo) { return null; } invariant( rawThreadInfo.minimallyEncoded, 'rawThreadInfo from rawThreadInfoFromServerThreadInfo must be ' + 'minimallyEncoded when minimallyEncodePermissions option is set', ); return threadInfoFromRawThreadInfo(rawThreadInfo, userID, userInfos); }), _pickBy(threadInfo => threadInfo), )(serverThreadInfos); for (const notifInfo of usersToCollapsableNotifInfo[userID]) { preparePromises.push( preparePushNotif({ keyserverID, notifInfo, userID, pushUserInfo: pushInfo[userID], unreadCount: unreadCounts[userID], threadInfos, userInfos, dbIDs, rowsToSave: notifications, }), ); } } const prepareResults = await Promise.all(preparePromises); const flattenedPrepareResults = prepareResults.filter(Boolean).flat(); const deliveryResults = await deliverPushNotifsInEncryptionOrder( flattenedPrepareResults, ); const cleanUpPromise = (async () => { if (dbIDs.length === 0) { return; } const query = SQL`DELETE FROM ids WHERE id IN (${dbIDs})`; await dbQuery(query); })(); await Promise.all([ cleanUpPromise, saveNotifResults(deliveryResults, notifications, true), ]); } type PreparePushResult = { +platform: Platform, +notificationInfo: NotificationInfo, +notification: | TargetedAPNsNotification | TargetedAndroidNotification | TargetedWebNotification | TargetedWNSNotification, }; async function preparePushNotif(input: { keyserverID: string, notifInfo: CollapsableNotifInfo, userID: string, pushUserInfo: PushUserInfo, unreadCount: number, threadInfos: { +[threadID: string]: ThreadInfo, }, userInfos: { +[userID: string]: GlobalUserInfo }, dbIDs: string[], // mutable rowsToSave: Map, // mutable }): Promise> { const { keyserverID, notifInfo, userID, pushUserInfo, unreadCount, threadInfos, userInfos, dbIDs, rowsToSave, } = input; const hydrateMessageInfo = (rawMessageInfo: RawMessageInfo) => createMessageInfo(rawMessageInfo, userID, userInfos, threadInfos); const newMessageInfos = []; const newRawMessageInfos = []; for (const newRawMessageInfo of notifInfo.newMessageInfos) { const newMessageInfo = hydrateMessageInfo(newRawMessageInfo); if (newMessageInfo) { newMessageInfos.push(newMessageInfo); newRawMessageInfos.push(newRawMessageInfo); } } if (newMessageInfos.length === 0) { return null; } const existingMessageInfos = notifInfo.existingMessageInfos .map(hydrateMessageInfo) .filter(Boolean); const allMessageInfos = sortMessageInfoList([ ...newMessageInfos, ...existingMessageInfos, ]); const [firstNewMessageInfo, ...remainingNewMessageInfos] = newMessageInfos; const { threadID } = firstNewMessageInfo; const threadInfo = threadInfos[threadID]; const parentThreadInfo = threadInfo.parentThreadID ? threadInfos[threadInfo.parentThreadID] : null; const updateBadge = threadInfo.currentUser.subscription.home; const displayBanner = threadInfo.currentUser.subscription.pushNotifs; const username = userInfos[userID] && userInfos[userID].username; let resolvedUsername; if (getENSNames) { const userInfosWithENSNames = await getENSNames([userInfos[userID]]); resolvedUsername = userInfosWithENSNames[0].username; } const userWasMentioned = username && threadInfo.currentUser.role && oldValidUsernameRegex.test(username) && newMessageInfos.some(newMessageInfo => { const unwrappedMessageInfo = newMessageInfo.type === messageTypes.SIDEBAR_SOURCE ? newMessageInfo.sourceMessage : newMessageInfo; return ( unwrappedMessageInfo.type === messageTypes.TEXT && (isUserMentioned(username, unwrappedMessageInfo.text) || (resolvedUsername && isUserMentioned(resolvedUsername, unwrappedMessageInfo.text))) ); }); if (!updateBadge && !displayBanner && !userWasMentioned) { return null; } const badgeOnly = !displayBanner && !userWasMentioned; const notifTargetUserInfo = { id: userID, username }; const notifTexts = await notifTextsForMessageInfo( allMessageInfos, threadInfo, parentThreadInfo, notifTargetUserInfo, getENSNames, ); if (!notifTexts) { return null; } const dbID = dbIDs.shift(); invariant(dbID, 'should have sufficient DB IDs'); const byPlatform = getDevicesByPlatform(pushUserInfo.devices); const firstMessageID = firstNewMessageInfo.id; invariant(firstMessageID, 'RawMessageInfo.id should be set on server'); const notificationInfo = { source: 'new_message', dbID, userID, threadID, messageID: firstMessageID, collapseKey: notifInfo.collapseKey, }; const preparePromises: Array>> = []; const iosVersionsToTokens = byPlatform.get('ios'); if (iosVersionsToTokens) { for (const [versionKey, devices] of iosVersionsToTokens) { const { codeVersion, stateVersion } = stringToVersionKey(versionKey); const platformDetails: PlatformDetails = { platform: 'ios', codeVersion, stateVersion, }; const shimmedNewRawMessageInfos = shimUnsupportedRawMessageInfos( newRawMessageInfos, platformDetails, ); const preparePromise: Promise<$ReadOnlyArray> = (async () => { const targetedNotifications = await prepareAPNsNotification( { keyserverID, notifTexts, newRawMessageInfos: shimmedNewRawMessageInfos, threadID: threadInfo.id, collapseKey: notifInfo.collapseKey, badgeOnly, unreadCount, platformDetails, }, devices, ); return targetedNotifications.map(notification => ({ notification, platform: 'ios', notificationInfo: { ...notificationInfo, codeVersion, stateVersion, }, })); })(); preparePromises.push(preparePromise); } } const androidVersionsToTokens = byPlatform.get('android'); if (androidVersionsToTokens) { for (const [versionKey, devices] of androidVersionsToTokens) { const { codeVersion, stateVersion } = stringToVersionKey(versionKey); const platformDetails = { platform: 'android', codeVersion, stateVersion, }; const shimmedNewRawMessageInfos = shimUnsupportedRawMessageInfos( newRawMessageInfos, platformDetails, ); const preparePromise: Promise<$ReadOnlyArray> = (async () => { const targetedNotifications = await prepareAndroidNotification( { keyserverID, notifTexts, newRawMessageInfos: shimmedNewRawMessageInfos, threadID: threadInfo.id, collapseKey: notifInfo.collapseKey, badgeOnly, unreadCount, platformDetails, dbID, }, devices, ); return targetedNotifications.map(notification => ({ notification, platform: 'android', notificationInfo: { ...notificationInfo, codeVersion, stateVersion, }, })); })(); preparePromises.push(preparePromise); } } const webVersionsToTokens = byPlatform.get('web'); if (webVersionsToTokens) { for (const [versionKey, devices] of webVersionsToTokens) { const { codeVersion, stateVersion } = stringToVersionKey(versionKey); const platformDetails = { platform: 'web', codeVersion, stateVersion, }; const preparePromise: Promise<$ReadOnlyArray> = (async () => { const targetedNotifications = await prepareWebNotification( { notifTexts, threadID: threadInfo.id, keyserverID, unreadCount, platformDetails, }, devices, ); return targetedNotifications.map(notification => ({ notification, platform: 'web', notificationInfo: { ...notificationInfo, codeVersion, stateVersion, }, })); })(); preparePromises.push(preparePromise); } } const macosVersionsToTokens = byPlatform.get('macos'); if (macosVersionsToTokens) { for (const [versionKey, devices] of macosVersionsToTokens) { const { codeVersion, stateVersion, majorDesktopVersion } = stringToVersionKey(versionKey); const platformDetails = { platform: 'macos', codeVersion, stateVersion, majorDesktopVersion, }; const shimmedNewRawMessageInfos = shimUnsupportedRawMessageInfos( newRawMessageInfos, platformDetails, ); const preparePromise: Promise<$ReadOnlyArray> = (async () => { const targetedNotifications = await prepareAPNsNotification( { keyserverID, notifTexts, newRawMessageInfos: shimmedNewRawMessageInfos, threadID: threadInfo.id, collapseKey: notifInfo.collapseKey, badgeOnly, unreadCount, platformDetails, }, devices, ); return targetedNotifications.map(notification => ({ notification, platform: 'macos', notificationInfo: { ...notificationInfo, codeVersion, stateVersion, }, })); })(); preparePromises.push(preparePromise); } } const windowsVersionsToTokens = byPlatform.get('windows'); if (windowsVersionsToTokens) { for (const [versionKey, devices] of windowsVersionsToTokens) { const { codeVersion, stateVersion, majorDesktopVersion } = stringToVersionKey(versionKey); const platformDetails = { platform: 'windows', codeVersion, stateVersion, majorDesktopVersion, }; const preparePromise: Promise<$ReadOnlyArray> = (async () => { const targetedNotifications = await prepareWNSNotification(devices, { notifTexts, threadID: threadInfo.id, keyserverID, unreadCount, platformDetails, }); return targetedNotifications.map(notification => ({ notification, platform: 'windows', notificationInfo: { ...notificationInfo, codeVersion, stateVersion, }, })); })(); preparePromises.push(preparePromise); } } for (const newMessageInfo of remainingNewMessageInfos) { const newDBID = dbIDs.shift(); invariant(newDBID, 'should have sufficient DB IDs'); const messageID = newMessageInfo.id; invariant(messageID, 'RawMessageInfo.id should be set on server'); rowsToSave.set(newDBID, { dbID: newDBID, userID, threadID: newMessageInfo.threadID, messageID, collapseKey: notifInfo.collapseKey, deliveries: [{ collapsedInto: dbID }], }); } const prepareResults = await Promise.all(preparePromises); return prepareResults.flat(); } // For better readability we don't differentiate between // encrypted and unencrypted notifs and order them together function compareEncryptionOrder( pushNotif1: PreparePushResult, pushNotif2: PreparePushResult, ): number { const order1 = pushNotif1.notification.encryptionOrder ?? 0; const order2 = pushNotif2.notification.encryptionOrder ?? 0; return order1 - order2; } async function deliverPushNotifsInEncryptionOrder( preparedPushNotifs: $ReadOnlyArray, ): Promise<$ReadOnlyArray> { const deliveryPromises: Array>> = []; const groupedByDevice = _groupBy( preparedPushNotif => preparedPushNotif.deviceToken, )(preparedPushNotifs); for (const preparedPushNotifsForDevice of values(groupedByDevice)) { const orderedPushNotifsForDevice = preparedPushNotifsForDevice.sort( compareEncryptionOrder, ); const deviceDeliveryPromise = (async () => { const deliveries = []; for (const preparedPushNotif of orderedPushNotifsForDevice) { const { platform, notification, notificationInfo } = preparedPushNotif; let delivery: PushResult; if (platform === 'ios' || platform === 'macos') { delivery = await sendAPNsNotification( platform, [notification], notificationInfo, ); } else if (platform === 'android') { delivery = await sendAndroidNotification( [notification], notificationInfo, ); } else if (platform === 'web') { delivery = await sendWebNotifications( [notification], notificationInfo, ); } else if (platform === 'windows') { delivery = await sendWNSNotification( [notification], notificationInfo, ); } if (delivery) { deliveries.push(delivery); } } return deliveries; })(); deliveryPromises.push(deviceDeliveryPromise); } const deliveryResults = await Promise.all(deliveryPromises); return deliveryResults.flat(); } async function sendRescindNotifs(rescindInfo: PushInfo) { if (Object.keys(rescindInfo).length === 0) { return; } const usersToCollapsableNotifInfo = await fetchCollapsableNotifs(rescindInfo); const promises = []; for (const userID in usersToCollapsableNotifInfo) { for (const notifInfo of usersToCollapsableNotifInfo[userID]) { for (const existingMessageInfo of notifInfo.existingMessageInfos) { const rescindCondition = SQL` n.user = ${userID} AND n.thread = ${existingMessageInfo.threadID} AND n.message = ${existingMessageInfo.id} `; promises.push(rescindPushNotifs(rescindCondition)); } } } await Promise.all(promises); } // The results in deliveryResults will be combined with the rows // in rowsToSave and then written to the notifications table async function saveNotifResults( deliveryResults: $ReadOnlyArray, inputRowsToSave: Map, rescindable: boolean, ) { const rowsToSave = new Map(inputRowsToSave); const allInvalidTokens = []; for (const deliveryResult of deliveryResults) { const { info, delivery, invalidTokens } = deliveryResult; const { dbID, userID } = info; const curNotifRow = rowsToSave.get(dbID); if (curNotifRow) { curNotifRow.deliveries.push(delivery); } else { // Ternary expressions for Flow const threadID = info.threadID ? info.threadID : null; const messageID = info.messageID ? info.messageID : null; const collapseKey = info.collapseKey ? info.collapseKey : null; rowsToSave.set(dbID, { dbID, userID, threadID, messageID, collapseKey, deliveries: [delivery], }); } if (invalidTokens) { allInvalidTokens.push({ userID, tokens: invalidTokens, }); } } const notificationRows = []; for (const notification of rowsToSave.values()) { notificationRows.push([ notification.dbID, notification.userID, notification.threadID, notification.messageID, notification.collapseKey, JSON.stringify(notification.deliveries), Number(!rescindable), ]); } const dbPromises: Array> = []; if (allInvalidTokens.length > 0) { dbPromises.push(removeInvalidTokens(allInvalidTokens)); } if (notificationRows.length > 0) { const query = SQL` INSERT INTO notifications (id, user, thread, message, collapse_key, delivery, rescinded) VALUES ${notificationRows} `; dbPromises.push(dbQuery(query)); } if (dbPromises.length > 0) { await Promise.all(dbPromises); } } async function fetchInfos(pushInfo: PushInfo) { const usersToCollapsableNotifInfo = await fetchCollapsableNotifs(pushInfo); const threadIDs = new Set(); const threadWithChangedNamesToMessages = new Map>(); const addThreadIDsFromMessageInfos = (rawMessageInfo: RawMessageInfo) => { const threadID = rawMessageInfo.threadID; threadIDs.add(threadID); const messageSpec = messageSpecs[rawMessageInfo.type]; if (messageSpec.threadIDs) { for (const id of messageSpec.threadIDs(rawMessageInfo)) { threadIDs.add(id); } } if ( rawMessageInfo.type === messageTypes.CHANGE_SETTINGS && rawMessageInfo.field === 'name' ) { const messages = threadWithChangedNamesToMessages.get(threadID); if (messages) { messages.push(rawMessageInfo.id); } else { threadWithChangedNamesToMessages.set(threadID, [rawMessageInfo.id]); } } }; for (const userID in usersToCollapsableNotifInfo) { for (const notifInfo of usersToCollapsableNotifInfo[userID]) { for (const rawMessageInfo of notifInfo.existingMessageInfos) { addThreadIDsFromMessageInfos(rawMessageInfo); } for (const rawMessageInfo of notifInfo.newMessageInfos) { addThreadIDsFromMessageInfos(rawMessageInfo); } } } // These threadInfos won't have currentUser set const threadPromise = fetchServerThreadInfos({ threadIDs }); const oldNamesPromise: Promise = (async () => { if (threadWithChangedNamesToMessages.size === 0) { return undefined; } const typesThatAffectName = [ messageTypes.CHANGE_SETTINGS, messageTypes.CREATE_THREAD, ]; const oldNameQuery = SQL` SELECT IF( JSON_TYPE(JSON_EXTRACT(m.content, "$.name")) = 'NULL', "", JSON_UNQUOTE(JSON_EXTRACT(m.content, "$.name")) ) AS name, m.thread FROM ( SELECT MAX(id) AS id FROM messages WHERE type IN (${typesThatAffectName}) AND JSON_EXTRACT(content, "$.name") IS NOT NULL AND`; const threadClauses = []; for (const [threadID, messages] of threadWithChangedNamesToMessages) { threadClauses.push( SQL`(thread = ${threadID} AND id NOT IN (${messages}))`, ); } oldNameQuery.append(mergeOrConditions(threadClauses)); oldNameQuery.append(SQL` GROUP BY thread ) x LEFT JOIN messages m ON m.id = x.id `); return await dbQuery(oldNameQuery); })(); const [threadResult, oldNames] = await Promise.all([ threadPromise, oldNamesPromise, ]); const serverThreadInfos = { ...threadResult.threadInfos }; if (oldNames) { const [result] = oldNames; for (const row of result) { const threadID = row.thread.toString(); serverThreadInfos[threadID] = { ...serverThreadInfos[threadID], name: row.name, }; } } const userInfos = await fetchNotifUserInfos( serverThreadInfos, usersToCollapsableNotifInfo, ); return { usersToCollapsableNotifInfo, serverThreadInfos, userInfos }; } async function fetchNotifUserInfos( serverThreadInfos: { +[threadID: string]: ServerThreadInfo }, usersToCollapsableNotifInfo: { +[userID: string]: CollapsableNotifInfo[] }, ) { const missingUserIDs = new Set(); for (const threadID in serverThreadInfos) { const serverThreadInfo = serverThreadInfos[threadID]; for (const member of serverThreadInfo.members) { missingUserIDs.add(member.id); } } const addUserIDsFromMessageInfos = (rawMessageInfo: RawMessageInfo) => { missingUserIDs.add(rawMessageInfo.creatorID); const userIDs = messageSpecs[rawMessageInfo.type].userIDs?.(rawMessageInfo) ?? []; for (const userID of userIDs) { missingUserIDs.add(userID); } }; for (const userID in usersToCollapsableNotifInfo) { missingUserIDs.add(userID); for (const notifInfo of usersToCollapsableNotifInfo[userID]) { for (const rawMessageInfo of notifInfo.existingMessageInfos) { addUserIDsFromMessageInfos(rawMessageInfo); } for (const rawMessageInfo of notifInfo.newMessageInfos) { addUserIDsFromMessageInfos(rawMessageInfo); } } } return await fetchUserInfos([...missingUserIDs]); } async function createDBIDs(pushInfo: PushInfo): Promise { let numIDsNeeded = 0; for (const userID in pushInfo) { numIDsNeeded += pushInfo[userID].messageInfos.length; } return await createIDs('notifications', numIDsNeeded); } type VersionKey = { +codeVersion: number, +stateVersion: number, +majorDesktopVersion?: number, }; const versionKeyRegex: RegExp = new RegExp(/^-?\d+\|-?\d+(\|-?\d+)?$/); function versionKeyToString(versionKey: VersionKey): string { const baseStringVersionKey = `${versionKey.codeVersion}|${versionKey.stateVersion}`; if (!versionKey.majorDesktopVersion) { return baseStringVersionKey; } return `${baseStringVersionKey}|${versionKey.majorDesktopVersion}`; } function stringToVersionKey(versionKeyString: string): VersionKey { invariant( versionKeyRegex.test(versionKeyString), 'should pass correct version key string', ); const [codeVersion, stateVersion, majorDesktopVersion] = versionKeyString .split('|') .map(Number); return { codeVersion, stateVersion, majorDesktopVersion }; } function getDevicesByPlatform( devices: $ReadOnlyArray, ): Map>> { const byPlatform = new Map< Platform, Map>, >(); for (const device of devices) { let innerMap = byPlatform.get(device.platform); if (!innerMap) { innerMap = new Map>(); byPlatform.set(device.platform, innerMap); } const codeVersion: number = device.codeVersion !== null && device.codeVersion !== undefined ? device.codeVersion : -1; const stateVersion: number = device.stateVersion ?? -1; let versionsObject = { codeVersion, stateVersion }; if (device.majorDesktopVersion) { versionsObject = { ...versionsObject, majorDesktopVersion: device.majorDesktopVersion, }; } const versionKey = versionKeyToString(versionsObject); let innerMostArrayTmp: ?Array = innerMap.get(versionKey); if (!innerMostArrayTmp) { innerMostArrayTmp = []; innerMap.set(versionKey, innerMostArrayTmp); } const innerMostArray = innerMostArrayTmp; innerMostArray.push({ cookieID: device.cookieID, deviceToken: device.deviceToken, }); } return byPlatform; } type APNsNotifInputData = { +keyserverID: string, +notifTexts: ResolvedNotifTexts, +newRawMessageInfos: RawMessageInfo[], +threadID: string, +collapseKey: ?string, +badgeOnly: boolean, +unreadCount: number, +platformDetails: PlatformDetails, }; const apnsNotifInputDataValidator = tShape({ keyserverID: t.String, notifTexts: resolvedNotifTextsValidator, newRawMessageInfos: t.list(rawMessageInfoValidator), threadID: tID, collapseKey: t.maybe(t.String), badgeOnly: t.Boolean, unreadCount: t.Number, platformDetails: tPlatformDetails, }); async function prepareAPNsNotification( inputData: APNsNotifInputData, devices: $ReadOnlyArray, ): Promise<$ReadOnlyArray> { const convertedData = await validateOutput( inputData.platformDetails, apnsNotifInputDataValidator, inputData, ); const { keyserverID, notifTexts, newRawMessageInfos, threadID, collapseKey, badgeOnly, unreadCount, platformDetails, } = convertedData; const canDecryptNonCollapsibleTextIOSNotifs = platformDetails.codeVersion && platformDetails.codeVersion > 222; const isNonCollapsibleTextNotification = newRawMessageInfos.every( newRawMessageInfo => newRawMessageInfo.type === messageTypes.TEXT, ) && !collapseKey; const canDecryptAllIOSNotifs = platformDetails.codeVersion && platformDetails.codeVersion >= 267; const canDecryptIOSNotif = platformDetails.platform === 'ios' && (canDecryptAllIOSNotifs || (isNonCollapsibleTextNotification && canDecryptNonCollapsibleTextIOSNotifs)); const canDecryptMacOSNotifs = platformDetails.platform === 'macos' && hasMinCodeVersion(platformDetails, { web: 47, majorDesktop: 9, }); const shouldBeEncrypted = canDecryptIOSNotif || canDecryptMacOSNotifs; const uniqueID = uuidv4(); const notification = new apn.Notification(); notification.topic = getAPNsNotificationTopic(platformDetails); const { merged, ...rest } = notifTexts; // We don't include alert's body on macos because we // handle displaying the notification ourselves and // we don't want macOS to display it automatically. if (!badgeOnly && platformDetails.platform !== 'macos') { notification.body = merged; notification.sound = 'default'; } notification.payload = { ...notification.payload, ...rest, }; notification.badge = unreadCount; notification.threadId = threadID; notification.id = uniqueID; notification.pushType = 'alert'; notification.payload.id = uniqueID; notification.payload.threadID = threadID; notification.payload.keyserverID = keyserverID; if (platformDetails.codeVersion && platformDetails.codeVersion > 198) { notification.mutableContent = true; } if (collapseKey && (canDecryptAllIOSNotifs || canDecryptMacOSNotifs)) { notification.payload.collapseID = collapseKey; } else if (collapseKey) { notification.collapseId = collapseKey; } const messageInfos = JSON.stringify(newRawMessageInfos); // We make a copy before checking notification's length, because calling // length compiles the notification and makes it immutable. Further // changes to its properties won't be reflected in the final plaintext // data that is sent. const copyWithMessageInfos = _cloneDeep(notification); copyWithMessageInfos.payload = { ...copyWithMessageInfos.payload, messageInfos, }; const notificationSizeValidator = (notif: apn.Notification) => notif.length() <= apnMaxNotificationPayloadByteSize; if (!shouldBeEncrypted) { const notificationToSend = notificationSizeValidator( _cloneDeep(copyWithMessageInfos), ) ? copyWithMessageInfos : notification; return devices.map(({ deviceToken }) => ({ notification: notificationToSend, deviceToken, })); } // The `messageInfos` field in notification payload is // not used on MacOS so we can return early. if (platformDetails.platform === 'macos') { const macOSNotifsWithoutMessageInfos = await prepareEncryptedAPNsNotifications( devices, notification, platformDetails.codeVersion, ); return macOSNotifsWithoutMessageInfos.map( ({ notification: notif, deviceToken }) => ({ notification: notif, deviceToken, }), ); } const notifsWithMessageInfos = await prepareEncryptedAPNsNotifications( devices, copyWithMessageInfos, platformDetails.codeVersion, notificationSizeValidator, ); - const devicesWithExcessiveSize = notifsWithMessageInfos + const devicesWithExcessiveSizeNoHolders = notifsWithMessageInfos .filter(({ payloadSizeExceeded }) => payloadSizeExceeded) .map(({ deviceToken, cookieID }) => ({ deviceToken, cookieID })); - if (devicesWithExcessiveSize.length === 0) { + if (devicesWithExcessiveSizeNoHolders.length === 0) { return notifsWithMessageInfos.map( ({ notification: notif, deviceToken, encryptedPayloadHash, encryptionOrder, }) => ({ notification: notif, deviceToken, encryptedPayloadHash, encryptionOrder, }), ); } const canQueryBlobService = hasMinCodeVersion(platformDetails, { native: NEXT_CODE_VERSION, }); - let blobHash, encryptionKey, blobUploadError; + let blobHash, blobHolders, encryptionKey, blobUploadError; if (canQueryBlobService) { - ({ blobHash, encryptionKey, blobUploadError } = await blobServiceUpload( - copyWithMessageInfos.compile(), - )); + ({ blobHash, blobHolders, encryptionKey, blobUploadError } = + await blobServiceUpload( + copyWithMessageInfos.compile(), + devicesWithExcessiveSizeNoHolders.length, + )); } if (blobUploadError) { console.warn( `Failed to upload payload of notification: ${uniqueID} ` + `due to error: ${blobUploadError}`, ); } - if (blobHash && encryptionKey) { + let devicesWithExcessiveSize = devicesWithExcessiveSizeNoHolders; + if ( + blobHash && + encryptionKey && + blobHolders && + blobHolders.length === devicesWithExcessiveSize.length + ) { notification.payload = { ...notification.payload, blobHash, encryptionKey, }; + + devicesWithExcessiveSize = blobHolders.map((holder, idx) => ({ + ...devicesWithExcessiveSize[idx], + blobHolder: holder, + })); } const notifsWithoutMessageInfos = await prepareEncryptedAPNsNotifications( devicesWithExcessiveSize, notification, platformDetails.codeVersion, ); const targetedNotifsWithMessageInfos = notifsWithMessageInfos .filter(({ payloadSizeExceeded }) => !payloadSizeExceeded) .map( ({ notification: notif, deviceToken, encryptedPayloadHash, encryptionOrder, }) => ({ notification: notif, deviceToken, encryptedPayloadHash, encryptionOrder, }), ); const targetedNotifsWithoutMessageInfos = notifsWithoutMessageInfos.map( ({ notification: notif, deviceToken, encryptedPayloadHash, encryptionOrder, }) => ({ notification: notif, deviceToken, encryptedPayloadHash, encryptionOrder, }), ); return [ ...targetedNotifsWithMessageInfos, ...targetedNotifsWithoutMessageInfos, ]; } type AndroidNotifInputData = { ...APNsNotifInputData, +dbID: string, }; const androidNotifInputDataValidator = tShape({ ...apnsNotifInputDataValidator.meta.props, dbID: t.String, }); async function prepareAndroidNotification( inputData: AndroidNotifInputData, devices: $ReadOnlyArray, ): Promise<$ReadOnlyArray> { const convertedData = await validateOutput( inputData.platformDetails, androidNotifInputDataValidator, inputData, ); const { keyserverID, notifTexts, newRawMessageInfos, threadID, collapseKey, badgeOnly, unreadCount, platformDetails: { codeVersion }, dbID, } = convertedData; const canDecryptNonCollapsibleTextNotifs = codeVersion && codeVersion > 228; const isNonCollapsibleTextNotif = newRawMessageInfos.every( newRawMessageInfo => newRawMessageInfo.type === messageTypes.TEXT, ) && !collapseKey; const canDecryptAllNotifTypes = codeVersion && codeVersion >= 267; const shouldBeEncrypted = canDecryptAllNotifTypes || (canDecryptNonCollapsibleTextNotifs && isNonCollapsibleTextNotif); const { merged, ...rest } = notifTexts; const notification = { data: { keyserverID, badge: unreadCount.toString(), ...rest, threadID, }, }; let notifID; if (collapseKey && canDecryptAllNotifTypes) { notifID = dbID; notification.data = { ...notification.data, collapseKey, }; } else if (collapseKey) { notifID = collapseKey; } else { notifID = dbID; } // The reason we only include `badgeOnly` for newer clients is because older // clients don't know how to parse it. The reason we only include `id` for // newer clients is that if the older clients see that field, they assume // the notif has a full payload, and then crash when trying to parse it. // By skipping `id` we allow old clients to still handle in-app notifs and // badge updating. if (!badgeOnly || (codeVersion && codeVersion >= 69)) { notification.data = { ...notification.data, id: notifID, badgeOnly: badgeOnly ? '1' : '0', }; } const messageInfos = JSON.stringify(newRawMessageInfos); const copyWithMessageInfos = { ...notification, data: { ...notification.data, messageInfos }, }; if (!shouldBeEncrypted) { const notificationToSend = Buffer.byteLength(JSON.stringify(copyWithMessageInfos)) <= fcmMaxNotificationPayloadByteSize ? copyWithMessageInfos : notification; return devices.map(({ deviceToken }) => ({ notification: notificationToSend, deviceToken, })); } const notificationsSizeValidator = (notif: AndroidNotification) => { const serializedNotif = JSON.stringify(notif); return ( !serializedNotif || Buffer.byteLength(serializedNotif) <= fcmMaxNotificationPayloadByteSize ); }; const notifsWithMessageInfos = await prepareEncryptedAndroidNotifications( devices, copyWithMessageInfos, notificationsSizeValidator, ); const devicesWithExcessiveSize = notifsWithMessageInfos .filter(({ payloadSizeExceeded }) => payloadSizeExceeded) .map(({ cookieID, deviceToken }) => ({ cookieID, deviceToken })); if (devicesWithExcessiveSize.length === 0) { return notifsWithMessageInfos.map( ({ notification: notif, deviceToken, encryptionOrder }) => ({ notification: notif, deviceToken, encryptionOrder, }), ); } const notifsWithoutMessageInfos = await prepareEncryptedAndroidNotifications( devicesWithExcessiveSize, notification, ); const targetedNotifsWithMessageInfos = notifsWithMessageInfos .filter(({ payloadSizeExceeded }) => !payloadSizeExceeded) .map(({ notification: notif, deviceToken, encryptionOrder }) => ({ notification: notif, deviceToken, encryptionOrder, })); const targetedNotifsWithoutMessageInfos = notifsWithoutMessageInfos.map( ({ notification: notif, deviceToken, encryptionOrder }) => ({ notification: notif, deviceToken, encryptionOrder, }), ); return [ ...targetedNotifsWithMessageInfos, ...targetedNotifsWithoutMessageInfos, ]; } type WebNotifInputData = { +notifTexts: ResolvedNotifTexts, +threadID: string, +keyserverID: string, +unreadCount: number, +platformDetails: PlatformDetails, }; const webNotifInputDataValidator = tShape({ notifTexts: resolvedNotifTextsValidator, threadID: tID, keyserverID: t.String, unreadCount: t.Number, platformDetails: tPlatformDetails, }); async function prepareWebNotification( inputData: WebNotifInputData, devices: $ReadOnlyArray, ): Promise<$ReadOnlyArray> { const convertedData = await validateOutput( inputData.platformDetails, webNotifInputDataValidator, inputData, ); const { notifTexts, threadID, unreadCount, keyserverID } = convertedData; const id = uuidv4(); const { merged, ...rest } = notifTexts; const notification = { ...rest, unreadCount, id, threadID, keyserverID, }; const shouldBeEncrypted = hasMinCodeVersion(convertedData.platformDetails, { web: 43, }); if (!shouldBeEncrypted) { return devices.map(({ deviceToken }) => ({ deviceToken, notification })); } return prepareEncryptedWebNotifications(devices, notification); } type WNSNotifInputData = { +notifTexts: ResolvedNotifTexts, +threadID: string, +keyserverID: string, +unreadCount: number, +platformDetails: PlatformDetails, }; const wnsNotifInputDataValidator = tShape({ notifTexts: resolvedNotifTextsValidator, threadID: tID, keyserverID: t.String, unreadCount: t.Number, platformDetails: tPlatformDetails, }); async function prepareWNSNotification( devices: $ReadOnlyArray, inputData: WNSNotifInputData, ): Promise<$ReadOnlyArray> { const convertedData = await validateOutput( inputData.platformDetails, wnsNotifInputDataValidator, inputData, ); const { notifTexts, threadID, unreadCount, keyserverID } = convertedData; const { merged, ...rest } = notifTexts; const notification = { ...rest, unreadCount, threadID, keyserverID, }; if ( Buffer.byteLength(JSON.stringify(notification)) > wnsMaxNotificationPayloadByteSize ) { console.warn('WNS notification exceeds size limit'); } const shouldBeEncrypted = hasMinCodeVersion(inputData.platformDetails, { majorDesktop: 10, }); if (!shouldBeEncrypted) { return devices.map(({ deviceToken }) => ({ deviceToken, notification, })); } return await prepareEncryptedWNSNotifications(devices, notification); } type NotificationInfo = | { +source: 'new_message', +dbID: string, +userID: string, +threadID: string, +messageID: string, +collapseKey: ?string, +codeVersion: number, +stateVersion: number, } | { +source: 'mark_as_unread' | 'mark_as_read' | 'activity_update', +dbID: string, +userID: string, +codeVersion: number, +stateVersion: number, }; type APNsDelivery = { +source: $PropertyType, +deviceType: 'ios' | 'macos', +iosID: string, +deviceTokens: $ReadOnlyArray, +codeVersion: number, +stateVersion: number, +errors?: $ReadOnlyArray, +encryptedPayloadHashes?: $ReadOnlyArray, +deviceTokensToPayloadHash?: { +[deviceToken: string]: string, }, }; type APNsResult = { info: NotificationInfo, delivery: APNsDelivery, invalidTokens?: $ReadOnlyArray, }; async function sendAPNsNotification( platform: 'ios' | 'macos', targetedNotifications: $ReadOnlyArray, notificationInfo: NotificationInfo, ): Promise { const { source, codeVersion, stateVersion } = notificationInfo; const response = await apnPush({ targetedNotifications, platformDetails: { platform, codeVersion }, }); invariant( new Set(targetedNotifications.map(({ notification }) => notification.id)) .size === 1, 'Encrypted versions of the same notification must share id value', ); const iosID = targetedNotifications[0].notification.id; const deviceTokens = targetedNotifications.map( ({ deviceToken }) => deviceToken, ); let delivery: APNsDelivery = { source, deviceType: platform, iosID, deviceTokens, codeVersion, stateVersion, }; if (response.errors) { delivery = { ...delivery, errors: response.errors, }; } const deviceTokensToPayloadHash: { [string]: string } = {}; for (const targetedNotification of targetedNotifications) { if (targetedNotification.encryptedPayloadHash) { deviceTokensToPayloadHash[targetedNotification.deviceToken] = targetedNotification.encryptedPayloadHash; } } if (Object.keys(deviceTokensToPayloadHash).length !== 0) { delivery = { ...delivery, deviceTokensToPayloadHash, }; } const result: APNsResult = { info: notificationInfo, delivery, }; if (response.invalidTokens) { result.invalidTokens = response.invalidTokens; } return result; } type PushResult = AndroidResult | APNsResult | WebResult | WNSResult; type PushDelivery = AndroidDelivery | APNsDelivery | WebDelivery | WNSDelivery; type AndroidDelivery = { source: $PropertyType, deviceType: 'android', androidIDs: $ReadOnlyArray, deviceTokens: $ReadOnlyArray, codeVersion: number, stateVersion: number, errors?: $ReadOnlyArray, }; type AndroidResult = { info: NotificationInfo, delivery: AndroidDelivery, invalidTokens?: $ReadOnlyArray, }; async function sendAndroidNotification( targetedNotifications: $ReadOnlyArray, notificationInfo: NotificationInfo, ): Promise { const collapseKey = notificationInfo.collapseKey ? notificationInfo.collapseKey : null; // for Flow... const { source, codeVersion, stateVersion } = notificationInfo; const response = await fcmPush({ targetedNotifications, collapseKey, codeVersion, }); const deviceTokens = targetedNotifications.map( ({ deviceToken }) => deviceToken, ); const androidIDs = response.fcmIDs ? response.fcmIDs : []; const delivery: AndroidDelivery = { source, deviceType: 'android', androidIDs, deviceTokens, codeVersion, stateVersion, }; if (response.errors) { delivery.errors = response.errors; } const result: AndroidResult = { info: notificationInfo, delivery, }; if (response.invalidTokens) { result.invalidTokens = response.invalidTokens; } return result; } type WebDelivery = { +source: $PropertyType, +deviceType: 'web', +deviceTokens: $ReadOnlyArray, +codeVersion?: number, +stateVersion: number, +errors?: $ReadOnlyArray, }; type WebResult = { +info: NotificationInfo, +delivery: WebDelivery, +invalidTokens?: $ReadOnlyArray, }; async function sendWebNotifications( targetedNotifications: $ReadOnlyArray, notificationInfo: NotificationInfo, ): Promise { const { source, codeVersion, stateVersion } = notificationInfo; const response = await webPush(targetedNotifications); const deviceTokens = targetedNotifications.map( ({ deviceToken }) => deviceToken, ); const delivery: WebDelivery = { source, deviceType: 'web', deviceTokens, codeVersion, errors: response.errors, stateVersion, }; const result: WebResult = { info: notificationInfo, delivery, invalidTokens: response.invalidTokens, }; return result; } type WNSDelivery = { +source: $PropertyType, +deviceType: 'windows', +wnsIDs: $ReadOnlyArray, +deviceTokens: $ReadOnlyArray, +codeVersion?: number, +stateVersion: number, +errors?: $ReadOnlyArray, }; type WNSResult = { +info: NotificationInfo, +delivery: WNSDelivery, +invalidTokens?: $ReadOnlyArray, }; async function sendWNSNotification( targetedNotifications: $ReadOnlyArray, notificationInfo: NotificationInfo, ): Promise { const { source, codeVersion, stateVersion } = notificationInfo; const response = await wnsPush(targetedNotifications); const deviceTokens = targetedNotifications.map( ({ deviceToken }) => deviceToken, ); const wnsIDs = response.wnsIDs ?? []; const delivery: WNSDelivery = { source, deviceType: 'windows', wnsIDs, deviceTokens, codeVersion, errors: response.errors, stateVersion, }; const result: WNSResult = { info: notificationInfo, delivery, invalidTokens: response.invalidTokens, }; return result; } type InvalidToken = { +userID: string, +tokens: $ReadOnlyArray, }; async function removeInvalidTokens( invalidTokens: $ReadOnlyArray, ): Promise { const sqlTuples = invalidTokens.map( invalidTokenUser => SQL`( user = ${invalidTokenUser.userID} AND device_token IN (${invalidTokenUser.tokens}) )`, ); const sqlCondition = mergeOrConditions(sqlTuples); const selectQuery = SQL` SELECT id, user, device_token FROM cookies WHERE `; selectQuery.append(sqlCondition); const [result] = await dbQuery(selectQuery); const userCookiePairsToInvalidDeviceTokens = new Map>(); for (const row of result) { const userCookiePair = `${row.user}|${row.id}`; const existing = userCookiePairsToInvalidDeviceTokens.get(userCookiePair); if (existing) { existing.add(row.device_token); } else { userCookiePairsToInvalidDeviceTokens.set( userCookiePair, new Set([row.device_token]), ); } } const time = Date.now(); const promises: Array> = []; for (const entry of userCookiePairsToInvalidDeviceTokens) { const [userCookiePair, deviceTokens] = entry; const [userID, cookieID] = userCookiePair.split('|'); const updateDatas = [...deviceTokens].map(deviceToken => ({ type: updateTypes.BAD_DEVICE_TOKEN, userID, time, deviceToken, targetCookie: cookieID, })); promises.push(createUpdates(updateDatas)); } const updateQuery = SQL` UPDATE cookies SET device_token = NULL WHERE `; updateQuery.append(sqlCondition); promises.push(dbQuery(updateQuery)); await Promise.all(promises); } async function updateBadgeCount( viewer: Viewer, source: 'mark_as_unread' | 'mark_as_read' | 'activity_update', ) { const { userID } = viewer; const deviceTokenQuery = SQL` SELECT platform, device_token, versions, id FROM cookies WHERE user = ${userID} AND device_token IS NOT NULL `; if (viewer.data.cookieID) { deviceTokenQuery.append(SQL`AND id != ${viewer.cookieID} `); } const [unreadCounts, [deviceTokenResult], [dbID], keyserverID] = await Promise.all([ getUnreadCounts([userID]), dbQuery(deviceTokenQuery), createIDs('notifications', 1), thisKeyserverID(), ]); const unreadCount = unreadCounts[userID]; const devices = deviceTokenResult.map(row => { const versions = JSON.parse(row.versions); return { platform: row.platform, cookieID: row.id, deviceToken: row.device_token, codeVersion: versions?.codeVersion, stateVersion: versions?.stateVersion, }; }); const byPlatform = getDevicesByPlatform(devices); const preparePromises: Array>> = []; const iosVersionsToTokens = byPlatform.get('ios'); if (iosVersionsToTokens) { for (const [versionKey, deviceInfos] of iosVersionsToTokens) { const { codeVersion, stateVersion } = stringToVersionKey(versionKey); const notification = new apn.Notification(); notification.topic = getAPNsNotificationTopic({ platform: 'ios', codeVersion, stateVersion, }); notification.badge = unreadCount; notification.pushType = 'alert'; notification.payload.keyserverID = keyserverID; const preparePromise: Promise = (async () => { let targetedNotifications: $ReadOnlyArray; if (codeVersion > 222) { const notificationsArray = await prepareEncryptedAPNsNotifications( deviceInfos, notification, codeVersion, ); targetedNotifications = notificationsArray.map( ({ notification: notif, deviceToken, encryptionOrder }) => ({ notification: notif, deviceToken, encryptionOrder, }), ); } else { targetedNotifications = deviceInfos.map(({ deviceToken }) => ({ notification, deviceToken, })); } return targetedNotifications.map(targetedNotification => ({ notification: targetedNotification, platform: 'ios', notificationInfo: { source, dbID, userID, codeVersion, stateVersion, }, })); })(); preparePromises.push(preparePromise); } } const androidVersionsToTokens = byPlatform.get('android'); if (androidVersionsToTokens) { for (const [versionKey, deviceInfos] of androidVersionsToTokens) { const { codeVersion, stateVersion } = stringToVersionKey(versionKey); const notificationData = codeVersion < 69 ? { badge: unreadCount.toString() } : { badge: unreadCount.toString(), badgeOnly: '1' }; const notification = { data: { ...notificationData, keyserverID }, }; const preparePromise: Promise = (async () => { let targetedNotifications: $ReadOnlyArray; if (codeVersion > 222) { const notificationsArray = await prepareEncryptedAndroidNotifications( deviceInfos, notification, ); targetedNotifications = notificationsArray.map( ({ notification: notif, deviceToken, encryptionOrder }) => ({ notification: notif, deviceToken, encryptionOrder, }), ); } else { targetedNotifications = deviceInfos.map(({ deviceToken }) => ({ deviceToken, notification, })); } return targetedNotifications.map(targetedNotification => ({ notification: targetedNotification, platform: 'android', notificationInfo: { source, dbID, userID, codeVersion, stateVersion, }, })); })(); preparePromises.push(preparePromise); } } const macosVersionsToTokens = byPlatform.get('macos'); if (macosVersionsToTokens) { for (const [versionKey, deviceInfos] of macosVersionsToTokens) { const { codeVersion, stateVersion, majorDesktopVersion } = stringToVersionKey(versionKey); const notification = new apn.Notification(); notification.topic = getAPNsNotificationTopic({ platform: 'macos', codeVersion, stateVersion, majorDesktopVersion, }); notification.badge = unreadCount; notification.pushType = 'alert'; notification.payload.keyserverID = keyserverID; const preparePromise: Promise = (async () => { const shouldBeEncrypted = hasMinCodeVersion(viewer.platformDetails, { web: 47, majorDesktop: 9, }); let targetedNotifications: $ReadOnlyArray; if (shouldBeEncrypted) { const notificationsArray = await prepareEncryptedAPNsNotifications( deviceInfos, notification, codeVersion, ); targetedNotifications = notificationsArray.map( ({ notification: notif, deviceToken, encryptionOrder }) => ({ notification: notif, deviceToken, encryptionOrder, }), ); } else { targetedNotifications = deviceInfos.map(({ deviceToken }) => ({ deviceToken, notification, })); } return targetedNotifications.map(targetedNotification => ({ notification: targetedNotification, platform: 'macos', notificationInfo: { source, dbID, userID, codeVersion, stateVersion, }, })); })(); preparePromises.push(preparePromise); } } const prepareResults = await Promise.all(preparePromises); const flattenedPrepareResults = prepareResults.filter(Boolean).flat(); const deliveryResults = await deliverPushNotifsInEncryptionOrder( flattenedPrepareResults, ); await saveNotifResults(deliveryResults, new Map(), false); } export { sendPushNotifs, sendRescindNotifs, updateBadgeCount }; diff --git a/keyserver/src/push/types.js b/keyserver/src/push/types.js index 7ed3a3e76..b288e147a 100644 --- a/keyserver/src/push/types.js +++ b/keyserver/src/push/types.js @@ -1,84 +1,85 @@ // @flow import apn from '@parse/node-apn'; import type { WebNotification, WNSNotification, } from 'lib/types/notif-types.js'; export type TargetedAPNsNotification = { +notification: apn.Notification, +deviceToken: string, +encryptedPayloadHash?: string, +encryptionOrder?: number, }; type AndroidNotificationPayloadBase = { +badge: string, +body?: string, +title?: string, +prefix?: string, +threadID?: string, +collapseKey?: string, +encryptionFailed?: '1', }; export type AndroidNotificationPayload = | { ...AndroidNotificationPayloadBase, +messageInfos?: string, } | { ...AndroidNotificationPayloadBase, +blobHash: string, +encryptionKey: string, }; export type AndroidNotification = { +data: { +id?: string, +badgeOnly?: string, +keyserverID: string, ...AndroidNotificationPayload | { +encryptedPayload: string }, }, }; export type AndroidNotificationRescind = { +data: { +keyserverID: string, ... | { +badge: string, +rescind: 'true', +rescindID: string, +setUnreadStatus: 'true', +threadID: string, +encryptionFailed?: string, } | { +encryptedPayload: string }, }, }; export type TargetedAndroidNotification = { +notification: AndroidNotification | AndroidNotificationRescind, +deviceToken: string, +encryptionOrder?: number, }; export type TargetedWebNotification = { +notification: WebNotification, +deviceToken: string, +encryptionOrder?: number, }; export type TargetedWNSNotification = { +notification: WNSNotification, +deviceToken: string, +encryptionOrder?: number, }; export type NotificationTargetDevice = { +cookieID: string, +deviceToken: string, + +blobHolder?: string, }; diff --git a/keyserver/src/push/utils.js b/keyserver/src/push/utils.js index 3bea32343..73c938d6b 100644 --- a/keyserver/src/push/utils.js +++ b/keyserver/src/push/utils.js @@ -1,436 +1,449 @@ // @flow import type { ResponseFailure } from '@parse/node-apn'; import type { FirebaseApp, FirebaseError } from 'firebase-admin'; import invariant from 'invariant'; import nodeFetch from 'node-fetch'; import type { Response } from 'node-fetch'; import uuid from 'uuid'; import webpush from 'web-push'; import type { PlatformDetails } from 'lib/types/device-types.js'; import { threadSubscriptions } from 'lib/types/subscription-types.js'; import { threadPermissions } from 'lib/types/thread-permission-types.js'; import { encryptBlobPayload } from './crypto.js'; import { getAPNPushProfileForCodeVersion, getFCMPushProfileForCodeVersion, getAPNProvider, getFCMProvider, ensureWebPushInitialized, getWNSToken, } from './providers.js'; import type { TargetedAPNsNotification, TargetedAndroidNotification, TargetedWebNotification, TargetedWNSNotification, } from './types.js'; import { dbQuery, SQL } from '../database/database.js'; -import { upload } from '../services/blob.js'; +import { upload, assignHolder } from '../services/blob.js'; const fcmTokenInvalidationErrors = new Set([ 'messaging/registration-token-not-registered', 'messaging/invalid-registration-token', ]); const fcmMaxNotificationPayloadByteSize = 4000; const apnTokenInvalidationErrorCode = 410; const apnBadRequestErrorCode = 400; const apnBadTokenErrorString = 'BadDeviceToken'; const apnMaxNotificationPayloadByteSize = 4096; const webInvalidTokenErrorCodes = [404, 410]; const wnsInvalidTokenErrorCodes = [404, 410]; const wnsMaxNotificationPayloadByteSize = 5000; export type APNPushResult = | { +success: true } | { +errors: $ReadOnlyArray, +invalidTokens?: $ReadOnlyArray, }; async function apnPush({ targetedNotifications, platformDetails, }: { +targetedNotifications: $ReadOnlyArray, +platformDetails: PlatformDetails, }): Promise { const pushProfile = getAPNPushProfileForCodeVersion(platformDetails); const apnProvider = await getAPNProvider(pushProfile); if (!apnProvider && process.env.NODE_ENV === 'development') { console.log(`no keyserver/secrets/${pushProfile}.json so ignoring notifs`); return { success: true }; } invariant(apnProvider, `keyserver/secrets/${pushProfile}.json should exist`); const results = await Promise.all( targetedNotifications.map(({ notification, deviceToken }) => { return apnProvider.send(notification, deviceToken); }), ); const errors: Array = []; for (const result of results) { errors.push(...result.failed); } const invalidTokens: Array = []; for (const error of errors) { /* eslint-disable eqeqeq */ if ( error.status == apnTokenInvalidationErrorCode || (error.status == apnBadRequestErrorCode && error.response.reason === apnBadTokenErrorString) ) { invalidTokens.push(error.device); } /* eslint-enable eqeqeq */ } if (invalidTokens.length > 0) { return { errors, invalidTokens }; } else if (errors.length > 0) { return { errors }; } else { return { success: true }; } } type WritableFCMPushResult = { success?: true, fcmIDs?: $ReadOnlyArray, errors?: $ReadOnlyArray, invalidTokens?: $ReadOnlyArray, }; export type FCMPushResult = $ReadOnly; async function fcmPush({ targetedNotifications, collapseKey, codeVersion, }: { +targetedNotifications: $ReadOnlyArray, +codeVersion: ?number, +collapseKey?: ?string, }): Promise { const pushProfile = getFCMPushProfileForCodeVersion(codeVersion); const fcmProvider = await getFCMProvider(pushProfile); if (!fcmProvider && process.env.NODE_ENV === 'development') { console.log(`no keyserver/secrets/${pushProfile}.json so ignoring notifs`); return { success: true }; } invariant(fcmProvider, `keyserver/secrets/${pushProfile}.json should exist`); const options: Object = { priority: 'high', }; if (collapseKey) { options.collapseKey = collapseKey; } // firebase-admin is extremely barebones and has a lot of missing or poorly // thought-out functionality. One of the issues is that if you send a // multicast messages and one of the device tokens is invalid, the resultant // won't explain which of the device tokens is invalid. So we're forced to // avoid the multicast functionality and call it once per deviceToken. const results = await Promise.all( targetedNotifications.map(({ notification, deviceToken }) => { return fcmSinglePush(fcmProvider, notification, deviceToken, options); }), ); const errors = []; const ids = []; const invalidTokens = []; for (let i = 0; i < results.length; i++) { const pushResult = results[i]; for (const error of pushResult.errors) { errors.push(error.error); const errorCode = error.type === 'firebase_error' ? error.error.errorInfo.code : undefined; if (errorCode && fcmTokenInvalidationErrors.has(errorCode)) { invalidTokens.push(targetedNotifications[i].deviceToken); } } for (const id of pushResult.fcmIDs) { ids.push(id); } } const result: WritableFCMPushResult = {}; if (ids.length > 0) { result.fcmIDs = ids; } if (errors.length > 0) { result.errors = errors; } else { result.success = true; } if (invalidTokens.length > 0) { result.invalidTokens = invalidTokens; } return result; } type FCMSinglePushError = | { +type: 'firebase_error', +error: FirebaseError } | { +type: 'exception', +error: mixed }; type FCMSinglePushResult = { +fcmIDs: $ReadOnlyArray, +errors: $ReadOnlyArray, }; async function fcmSinglePush( provider: FirebaseApp, notification: Object, deviceToken: string, options: Object, ): Promise { try { const deliveryResult = await provider .messaging() .sendToDevice(deviceToken, notification, options); const errors = []; const ids = []; for (const fcmResult of deliveryResult.results) { if (fcmResult.error) { errors.push({ type: 'firebase_error', error: fcmResult.error }); } else if (fcmResult.messageId) { ids.push(fcmResult.messageId); } } return { fcmIDs: ids, errors }; } catch (e) { return { fcmIDs: [], errors: [{ type: 'exception', error: e }] }; } } async function getUnreadCounts( userIDs: string[], ): Promise<{ [userID: string]: number }> { const visPermissionExtractString = `$.${threadPermissions.VISIBLE}.value`; const notificationExtractString = `$.${threadSubscriptions.home}`; const query = SQL` SELECT user, COUNT(thread) AS unread_count FROM memberships WHERE user IN (${userIDs}) AND last_message > last_read_message AND role > 0 AND JSON_EXTRACT(permissions, ${visPermissionExtractString}) AND JSON_EXTRACT(subscription, ${notificationExtractString}) GROUP BY user `; const [result] = await dbQuery(query); const usersToUnreadCounts: { [string]: number } = {}; for (const row of result) { usersToUnreadCounts[row.user.toString()] = row.unread_count; } for (const userID of userIDs) { if (usersToUnreadCounts[userID] === undefined) { usersToUnreadCounts[userID] = 0; } } return usersToUnreadCounts; } export type WebPushError = { +statusCode: number, +headers: { +[string]: string }, +body: string, }; type WritableWebPushResult = { success?: true, errors?: $ReadOnlyArray, invalidTokens?: $ReadOnlyArray, }; type WebPushResult = $ReadOnly; type WebPushAttempt = { +error?: WebPushError, }; async function webPush( targetedNotifications: $ReadOnlyArray, ): Promise { await ensureWebPushInitialized(); const pushResults: $ReadOnlyArray = await Promise.all( targetedNotifications.map( async ({ notification, deviceToken: deviceTokenString }) => { const deviceToken: PushSubscriptionJSON = JSON.parse(deviceTokenString); const notificationString = JSON.stringify(notification); try { await webpush.sendNotification(deviceToken, notificationString); } catch (error) { return ({ error }: WebPushAttempt); } return {}; }, ), ); const errors = []; const invalidTokens = []; const deviceTokens = targetedNotifications.map( ({ deviceToken }) => deviceToken, ); for (let i = 0; i < pushResults.length; i++) { const pushResult = pushResults[i]; const { error } = pushResult; if (error) { errors.push(error); if (webInvalidTokenErrorCodes.includes(error.statusCode)) { invalidTokens.push(deviceTokens[i]); } } } const result: WritableWebPushResult = {}; if (errors.length > 0) { result.errors = errors; } else { result.success = true; } if (invalidTokens.length > 0) { result.invalidTokens = invalidTokens; } return result; } export type WNSPushError = any | string | Response; type WritableWNSPushResult = { success?: true, wnsIDs?: $ReadOnlyArray, errors?: $ReadOnlyArray, invalidTokens?: $ReadOnlyArray, }; type WNSPushResult = $ReadOnly; async function wnsPush( targetedNotifications: $ReadOnlyArray, ): Promise { const token = await getWNSToken(); if (!token && process.env.NODE_ENV === 'development') { console.log(`no keyserver/secrets/wns_config.json so ignoring notifs`); return { success: true }; } invariant(token, `keyserver/secrets/wns_config.json should exist`); const pushResults = targetedNotifications.map(async targetedNotification => { const notificationString = JSON.stringify( targetedNotification.notification, ); try { return await wnsSinglePush( token, notificationString, targetedNotification.deviceToken, ); } catch (error) { return { error }; } }); const errors = []; const notifIDs = []; const invalidTokens = []; const deviceTokens = targetedNotifications.map( ({ deviceToken }) => deviceToken, ); for (let i = 0; i < pushResults.length; i++) { const pushResult = await pushResults[i]; if (pushResult.error) { errors.push(pushResult.error); if ( pushResult.error === 'invalidDomain' || wnsInvalidTokenErrorCodes.includes(pushResult.error?.status) ) { invalidTokens.push(deviceTokens[i]); } } else { notifIDs.push(pushResult.wnsID); } } const result: WritableWNSPushResult = {}; if (notifIDs.length > 0) { result.wnsIDs = notifIDs; } if (errors.length > 0) { result.errors = errors; } else { result.success = true; } if (invalidTokens.length > 0) { result.invalidTokens = invalidTokens; } return result; } async function wnsSinglePush(token: string, notification: string, url: string) { const parsedURL = new URL(url); const domain = parsedURL.hostname.split('.').slice(-3); if ( domain[0] !== 'notify' || domain[1] !== 'windows' || domain[2] !== 'com' ) { return { error: 'invalidDomain' }; } try { const result = await nodeFetch(url, { method: 'POST', headers: { 'Content-Type': 'application/octet-stream', 'X-WNS-Type': 'wns/raw', 'Authorization': `Bearer ${token}`, }, body: notification, }); if (!result.ok) { return { error: result }; } const wnsID = result.headers.get('X-WNS-MSG-ID'); invariant(wnsID, 'Missing WNS ID'); return { wnsID }; } catch (err) { return { error: err }; } } -async function blobServiceUpload(payload: string): Promise< +async function blobServiceUpload( + payload: string, + numberOfHolders: number, +): Promise< | { + +blobHolders: $ReadOnlyArray, +blobHash: string, +encryptionKey: string, } | { +blobUploadError: string }, > { - const blobHolder = uuid.v4(); + const blobHolders = Array.from({ length: numberOfHolders }, () => uuid.v4()); try { const { encryptionKey, encryptedPayload, encryptedPayloadHash } = await encryptBlobPayload(payload); - await upload(encryptedPayload, { + const [blobHolder, ...additionalHolders] = blobHolders; + + const uploadPromise = upload(encryptedPayload, { hash: encryptedPayloadHash, holder: blobHolder, }); + + const additionalHoldersPromises = additionalHolders.map(holder => + assignHolder({ hash: encryptedPayloadHash, holder }), + ); + + await Promise.all([uploadPromise, Promise.all(additionalHoldersPromises)]); return { blobHash: encryptedPayloadHash, + blobHolders, encryptionKey, }; } catch (e) { return { blobUploadError: e.message, }; } } export { apnPush, blobServiceUpload, fcmPush, webPush, wnsPush, getUnreadCounts, apnMaxNotificationPayloadByteSize, fcmMaxNotificationPayloadByteSize, wnsMaxNotificationPayloadByteSize, }; diff --git a/native/ios/Comm/AppDelegate.mm b/native/ios/Comm/AppDelegate.mm index ef1424cb8..fec613384 100644 --- a/native/ios/Comm/AppDelegate.mm +++ b/native/ios/Comm/AppDelegate.mm @@ -1,437 +1,456 @@ #import "AppDelegate.h" #import #import #import #import #if RCT_NEW_ARCH_ENABLED #import #import #import #import #import #import #import static NSString *const kRNConcurrentRoot = @"concurrentRoot"; @interface AppDelegate () < RCTCxxBridgeDelegate, RCTTurboModuleManagerDelegate> { RCTTurboModuleManager *_turboModuleManager; RCTSurfacePresenterBridgeAdapter *_bridgeAdapter; std::shared_ptr _reactNativeConfig; facebook::react::ContextContainer::Shared _contextContainer; } @end #endif #import "CommIOSNotifications.h" #import "Orientation.h" #import #import #import #import #import #import #import #import #import "CommConstants.h" #import "CommCoreModule.h" +#import "CommIOSBlobClient.h" #import "CommMMKV.h" #import "CommRustModule.h" #import "CommUtilsModule.h" #import "GlobalDBSingleton.h" #import "Logger.h" #import "MessageOperationsUtilities.h" #import "TemporaryMessageStorage.h" #import "ThreadOperations.h" #import "Tools.h" #import #import #import #import #import #import NSString *const setUnreadStatusKey = @"setUnreadStatus"; NSString *const threadIDKey = @"threadID"; NSString *const newMessageInfosNSNotification = @"app.comm.ns_new_message_infos"; CFStringRef newMessageInfosDarwinNotification = CFSTR("app.comm.darwin_new_message_infos"); void didReceiveNewMessageInfosDarwinNotification( CFNotificationCenterRef center, void *observer, CFStringRef name, const void *object, CFDictionaryRef userInfo) { [[NSNotificationCenter defaultCenter] postNotificationName:newMessageInfosNSNotification object:nil]; } @interface AppDelegate () < RCTCxxBridgeDelegate, RCTTurboModuleManagerDelegate> { } @end @implementation AppDelegate - (BOOL)application:(UIApplication *)application willFinishLaunchingWithOptions:(NSDictionary *)launchOptions { [self attemptDatabaseInitialization]; [self registerForNewMessageInfosNotifications]; comm::CommMMKV::initialize(); return YES; } - (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary *)launchOptions { RCTAppSetupPrepareApp(application); [self moveMessagesToDatabase:NO]; + [self scheduleNSEBlobsDeletion]; [[AVAudioSession sharedInstance] setCategory:AVAudioSessionCategoryAmbient error:nil]; RCTBridge *bridge = [self.reactDelegate createBridgeWithDelegate:self launchOptions:launchOptions]; #if RCT_NEW_ARCH_ENABLED _contextContainer = std::make_shared(); _reactNativeConfig = std::make_shared(); _contextContainer->insert("ReactNativeConfig", _reactNativeConfig); _bridgeAdapter = [[RCTSurfacePresenterBridgeAdapter alloc] initWithBridge:bridge contextContainer:_contextContainer]; bridge.surfacePresenter = _bridgeAdapter.surfacePresenter; #endif NSDictionary *initProps = [self prepareInitialProps]; UIView *rootView = [self.reactDelegate createRootViewWithBridge:bridge moduleName:@"Comm" initialProperties:initProps]; if (@available(iOS 13.0, *)) { rootView.backgroundColor = [UIColor systemBackgroundColor]; } else { rootView.backgroundColor = [UIColor whiteColor]; } self.window = [[UIWindow alloc] initWithFrame:[UIScreen mainScreen].bounds]; UIViewController *rootViewController = [self.reactDelegate createRootViewController]; rootViewController.view = rootView; self.window.rootViewController = rootViewController; [self.window makeKeyAndVisible]; [super application:application didFinishLaunchingWithOptions:launchOptions]; // This prevents a very small flicker from occurring before expo-splash-screen // is able to display UIView *launchScreenView = [[UIStoryboard storyboardWithName:@"SplashScreen" bundle:nil] instantiateInitialViewController] .view; launchScreenView.frame = self.window.bounds; ((RCTRootView *)rootView).loadingView = launchScreenView; ((RCTRootView *)rootView).loadingViewFadeDelay = 0; ((RCTRootView *)rootView).loadingViewFadeDuration = 0.001; return YES; } - (BOOL)application:(UIApplication *)application openURL:(NSURL *)url options: (NSDictionary *)options { return [RCTLinkingManager application:application openURL:url options:options]; } - (BOOL)application:(UIApplication *)application continueUserActivity:(nonnull NSUserActivity *)userActivity restorationHandler: (nonnull void (^)(NSArray> *_Nullable)) restorationHandler { return [RCTLinkingManager application:application continueUserActivity:userActivity restorationHandler:restorationHandler]; } - (NSArray> *)extraModulesForBridge:(RCTBridge *)bridge { // If you'd like to export some custom RCTBridgeModules that are not Expo // modules, add them here! return @[]; } /// This method controls whether the `concurrentRoot`feature of React18 is /// turned on or off. /// /// @see: https://reactjs.org/blog/2022/03/29/react-v18.html /// @note: This requires to be rendering on Fabric (i.e. on the New /// Architecture). /// @return: `true` if the `concurrentRoot` feture is enabled. Otherwise, it /// returns `false`. - (BOOL)concurrentRootEnabled { // Switch this bool to turn on and off the concurrent root return true; } - (NSDictionary *)prepareInitialProps { NSMutableDictionary *initProps = [NSMutableDictionary new]; #ifdef RCT_NEW_ARCH_ENABLED initProps[kRNConcurrentRoot] = @([self concurrentRootEnabled]); #endif return initProps; } - (void)application:(UIApplication *)application didRegisterForRemoteNotificationsWithDeviceToken:(NSData *)deviceToken { [CommIOSNotifications didRegisterForRemoteNotificationsWithDeviceToken:deviceToken]; } - (void)application:(UIApplication *)application didFailToRegisterForRemoteNotificationsWithError:(NSError *)error { [CommIOSNotifications didFailToRegisterForRemoteNotificationsWithError:error]; } // Required for the notification event. You must call the completion handler // after handling the remote notification. - (void)application:(UIApplication *)application didReceiveRemoteNotification:(NSDictionary *)notification fetchCompletionHandler: (void (^)(UIBackgroundFetchResult))completionHandler { [CommIOSNotifications didReceiveRemoteNotification:notification fetchCompletionHandler:completionHandler]; } - (UIInterfaceOrientationMask)application:(UIApplication *)application supportedInterfaceOrientationsForWindow:(UIWindow *)window { return [Orientation getOrientation]; } - (NSURL *)sourceURLForBridge:(RCTBridge *)bridge { #if DEBUG return [[RCTBundleURLProvider sharedSettings] jsBundleURLForBundleRoot:@"index"]; #else return [[NSBundle mainBundle] URLForResource:@"main" withExtension:@"jsbundle"]; #endif } #if RCT_NEW_ARCH_ENABLED #pragma mark - RCTCxxBridgeDelegate - (std::unique_ptr) jsExecutorFactoryForBridge:(RCTBridge *)bridge { _turboModuleManager = [[RCTTurboModuleManager alloc] initWithBridge:bridge delegate:self jsInvoker:bridge.jsCallInvoker]; return RCTAppSetupDefaultJsExecutorFactory(bridge, _turboModuleManager); } #pragma mark RCTTurboModuleManagerDelegate - (Class)getModuleClassFromName:(const char *)name { return RCTCoreModulesClassProvider(name); } - (std::shared_ptr) getTurboModule:(const std::string &)name jsInvoker:(std::shared_ptr)jsInvoker { return nullptr; } - (std::shared_ptr) getTurboModule:(const std::string &)name initParams: (const facebook::react::ObjCTurboModule::InitParams &)params { return nullptr; } - (id)getModuleInstanceFromClass:(Class)moduleClass { return RCTAppSetupDefaultModuleFromClass(moduleClass); } #endif using JSExecutorFactory = facebook::react::JSExecutorFactory; using HermesExecutorFactory = facebook::react::HermesExecutorFactory; using Runtime = facebook::jsi::Runtime; - (std::unique_ptr)jsExecutorFactoryForBridge: (RCTBridge *)bridge { __weak __typeof(self) weakSelf = self; const auto commRuntimeInstaller = [weakSelf, bridge](facebook::jsi::Runtime &rt) { if (!bridge) { return; } __typeof(self) strongSelf = weakSelf; if (strongSelf) { std::shared_ptr coreNativeModule = std::make_shared(bridge.jsCallInvoker); std::shared_ptr utilsNativeModule = std::make_shared(bridge.jsCallInvoker); std::shared_ptr rustNativeModule = std::make_shared(bridge.jsCallInvoker); std::shared_ptr nativeConstants = std::make_shared(); rt.global().setProperty( rt, facebook::jsi::PropNameID::forAscii(rt, "CommCoreModule"), facebook::jsi::Object::createFromHostObject(rt, coreNativeModule)); rt.global().setProperty( rt, facebook::jsi::PropNameID::forAscii(rt, "CommUtilsModule"), facebook::jsi::Object::createFromHostObject(rt, utilsNativeModule)); rt.global().setProperty( rt, facebook::jsi::PropNameID::forAscii(rt, "CommRustModule"), facebook::jsi::Object::createFromHostObject(rt, rustNativeModule)); rt.global().setProperty( rt, facebook::jsi::PropNameID::forAscii(rt, "CommConstants"), facebook::jsi::Object::createFromHostObject(rt, nativeConstants)); } }; const auto installer = reanimated::REAJSIExecutorRuntimeInstaller(bridge, commRuntimeInstaller); return std::make_unique( facebook::react::RCTJSIExecutorRuntimeInstaller(installer), JSIExecutor::defaultTimeoutInvoker, makeRuntimeConfig(3072)); } - (void)attemptDatabaseInitialization { std::string sqliteFilePath = std::string([[Tools getSQLiteFilePath] UTF8String]); // Previous Comm versions used app group location for SQLite // database, so that NotificationService was able to acces it directly. // Unfortunately it caused errores related to system locks. The code // below re-migrates SQLite from app group to app specific location // on devices where previous Comm version was installed. NSString *appGroupSQLiteFilePath = [Tools getAppGroupSQLiteFilePath]; if ([NSFileManager.defaultManager fileExistsAtPath:appGroupSQLiteFilePath] && std::rename( std::string([appGroupSQLiteFilePath UTF8String]).c_str(), sqliteFilePath.c_str())) { throw std::runtime_error( "Failed to move SQLite database from app group to default location"); } comm::GlobalDBSingleton::instance.scheduleOrRun([&sqliteFilePath]() { comm::DatabaseManager::initializeQueryExecutor(sqliteFilePath); }); } - (void)moveMessagesToDatabase:(BOOL)sendBackgroundMessagesInfosToJS { TemporaryMessageStorage *temporaryStorage = [[TemporaryMessageStorage alloc] init]; NSArray *messages = [temporaryStorage readAndClearMessages]; if (sendBackgroundMessagesInfosToJS && messages && messages.count) { [CommIOSNotifications didReceiveBackgroundMessageInfos:@{@"messageInfosArray" : messages}]; } for (NSString *message in messages) { std::string messageInfos = std::string([message UTF8String]); comm::GlobalDBSingleton::instance.scheduleOrRun([messageInfos]() mutable { comm::MessageOperationsUtilities::storeMessageInfos(messageInfos); }); } TemporaryMessageStorage *temporaryRescindsStorage = [[TemporaryMessageStorage alloc] initForRescinds]; NSArray *rescindMessages = [temporaryRescindsStorage readAndClearMessages]; for (NSString *rescindMessage in rescindMessages) { NSData *binaryRescindMessage = [rescindMessage dataUsingEncoding:NSUTF8StringEncoding]; NSError *jsonError = nil; NSDictionary *rescindPayload = [NSJSONSerialization JSONObjectWithData:binaryRescindMessage options:0 error:&jsonError]; if (jsonError) { comm::Logger::log( "Failed to deserialize persisted rescind payload. Details: " + std::string([jsonError.localizedDescription UTF8String])); continue; } if (!(rescindPayload[setUnreadStatusKey] && rescindPayload[threadIDKey])) { continue; } std::string threadID = std::string([rescindPayload[threadIDKey] UTF8String]); comm::GlobalDBSingleton::instance.scheduleOrRun([threadID]() mutable { comm::ThreadOperations::updateSQLiteUnreadStatus(threadID, false); }); } } - (void)didReceiveNewMessageInfosNSNotification:(NSNotification *)notification { [self moveMessagesToDatabase:YES]; + [self scheduleNSEBlobsDeletion]; } - (void)registerForNewMessageInfosNotifications { [[NSNotificationCenter defaultCenter] addObserver:self selector:@selector(didReceiveNewMessageInfosNSNotification:) name:newMessageInfosNSNotification object:nil]; CFNotificationCenterAddObserver( CFNotificationCenterGetDarwinNotifyCenter(), (__bridge const void *)(self), didReceiveNewMessageInfosDarwinNotification, newMessageInfosDarwinNotification, NULL, CFNotificationSuspensionBehaviorDeliverImmediately); } +// NSE has limited time to process notifications. Therefore +// deferable and low priority networking such as fetched +// blob deletion from blob service should be handled by the +// main app on a low priority background thread. + +- (void)scheduleNSEBlobsDeletion { + dispatch_async( + dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_BACKGROUND, 0), ^{ + [CommIOSBlobClient.sharedInstance deleteStoredBlobs]; + }); +} + +- (void)applicationWillResignActive:(UIApplication *)application { + [[CommIOSBlobClient sharedInstance] cancelOngoingRequests]; +} + // Copied from // ReactAndroid/src/main/java/com/facebook/hermes/reactexecutor/OnLoad.cpp static ::hermes::vm::RuntimeConfig makeRuntimeConfig(::hermes::vm::gcheapsize_t heapSizeMB) { namespace vm = ::hermes::vm; auto gcConfigBuilder = vm::GCConfig::Builder() .withName("RN") // For the next two arguments: avoid GC before TTI by initializing the // runtime to allocate directly in the old generation, but revert to // normal operation when we reach the (first) TTI point. .withAllocInYoung(false) .withRevertToYGAtTTI(true); if (heapSizeMB > 0) { gcConfigBuilder.withMaxHeapSize(heapSizeMB << 20); } #if DEBUG return vm::RuntimeConfig::Builder() .withGCConfig(gcConfigBuilder.build()) .withEnableSampleProfiling(true) .build(); #else return vm::RuntimeConfig::Builder() .withGCConfig(gcConfigBuilder.build()) .build(); #endif } @end diff --git a/native/ios/Comm/CommIOSServices/CommIOSBlobClient.h b/native/ios/Comm/CommIOSServices/CommIOSBlobClient.h index 040831fe2..f57f9a9c6 100644 --- a/native/ios/Comm/CommIOSServices/CommIOSBlobClient.h +++ b/native/ios/Comm/CommIOSServices/CommIOSBlobClient.h @@ -1,6 +1,14 @@ #import @interface CommIOSBlobClient : NSObject + (id)sharedInstance; - (NSData *)getBlobSync:(NSString *)blobHash orSetError:(NSError **)error; +- (void)deleteBlobAsyncWithHash:(NSString *)blobHash + andHolder:(NSString *)blobHolder + withSuccessHandler:(void (^)())successHandler + andFailureHandler:(void (^)(NSError *))failureHandler; +- (void)storeBlobForDeletionWithHash:(NSString *)blobHash + andHolder:(NSString *)blobHolder; +- (void)deleteStoredBlobs; +- (void)cancelOngoingRequests; @end diff --git a/native/ios/Comm/CommIOSServices/CommIOSBlobClient.mm b/native/ios/Comm/CommIOSServices/CommIOSBlobClient.mm index cf028e8b7..55846845d 100644 --- a/native/ios/Comm/CommIOSServices/CommIOSBlobClient.mm +++ b/native/ios/Comm/CommIOSServices/CommIOSBlobClient.mm @@ -1,168 +1,297 @@ #import "CommIOSBlobClient.h" +#import "CommMMKV.h" #import "CommSecureStore.h" #import "Logger.h" #ifdef DEBUG NSString const *blobServiceAddress = @"https://blob.staging.commtechnologies.org"; #else NSString const *blobServiceAddress = @"https://blob.commtechnologies.org"; #endif int const blobServiceQueryTimeLimit = 15; +const std::string mmkvBlobHolderPrefix = "BLOB_HOLDER."; +// The blob service expects slightly different keys in +// delete reuqest payload than we use in notif payload +NSString *const blobServiceHashKey = @"blob_hash"; +NSString *const blobServiceHolderKey = @"holder"; @interface CommIOSBlobClient () @property(nonatomic, strong) NSURLSession *sharedBlobServiceSession; @end @implementation CommIOSBlobClient + (id)sharedInstance { static CommIOSBlobClient *sharedBlobServiceClient = nil; static dispatch_once_t onceToken; dispatch_once(&onceToken, ^{ NSURLSessionConfiguration *config = [NSURLSessionConfiguration ephemeralSessionConfiguration]; [config setTimeoutIntervalForRequest:blobServiceQueryTimeLimit]; NSURLSession *session = [NSURLSession sessionWithConfiguration:config delegate:nil delegateQueue:[NSOperationQueue mainQueue]]; sharedBlobServiceClient = [[self alloc] init]; sharedBlobServiceClient.sharedBlobServiceSession = session; }); return sharedBlobServiceClient; } - (NSData *)getBlobSync:(NSString *)blobHash orSetError:(NSError **)error { NSError *authTokenError = nil; NSString *authToken = [CommIOSBlobClient _getAuthTokenOrSetError:&authTokenError]; if (authTokenError) { *error = authTokenError; return nil; } NSString *blobUrlStr = [blobServiceAddress stringByAppendingString:[@"/blob/" stringByAppendingString:blobHash]]; NSURL *blobUrl = [NSURL URLWithString:blobUrlStr]; NSMutableURLRequest *blobRequest = [NSMutableURLRequest requestWithURL:blobUrl]; // This is slightly against Apple docs: // https://developer.apple.com/documentation/foundation/nsurlrequest?language=objc#1776617 // but apparently there is no other way to // do this and even Apple staff members // advice to set this field manually to // achieve token based authentication: // https://developer.apple.com/forums/thread/89811 [blobRequest setValue:authToken forHTTPHeaderField:@"Authorization"]; __block NSError *requestError = nil; __block NSData *blobContent = nil; dispatch_semaphore_t semaphore = dispatch_semaphore_create(0); NSURLSessionDataTask *task = [self.sharedBlobServiceSession dataTaskWithRequest:blobRequest completionHandler:^( NSData *_Nullable data, NSURLResponse *_Nullable response, NSError *_Nullable error) { @try { NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *)response; if (httpResponse.statusCode > 299) { NSString *errorMessage = [@"Fetching blob failed with the following reason: " stringByAppendingString:[NSHTTPURLResponse localizedStringForStatusCode: httpResponse.statusCode]]; requestError = [NSError errorWithDomain:@"app.comm" code:httpResponse.statusCode userInfo:@{NSLocalizedDescriptionKey : errorMessage}]; return; } if (error) { requestError = error; return; } blobContent = data; } @catch (NSException *exception) { comm::Logger::log( "Received exception when fetching blob. Details: " + std::string([exception.reason UTF8String])); } @finally { dispatch_semaphore_signal(semaphore); } }]; [task resume]; dispatch_semaphore_wait( semaphore, dispatch_time( DISPATCH_TIME_NOW, (int64_t)(blobServiceQueryTimeLimit * NSEC_PER_SEC))); if (requestError) { *error = requestError; return nil; } return blobContent; } +- (void)deleteBlobAsyncWithHash:(NSString *)blobHash + andHolder:(NSString *)blobHolder + withSuccessHandler:(void (^)())successHandler + andFailureHandler:(void (^)(NSError *))failureHandler { + NSError *authTokenError = nil; + NSString *authToken = + [CommIOSBlobClient _getAuthTokenOrSetError:&authTokenError]; + + if (authTokenError) { + comm::Logger::log( + "Failed to create blob service auth token. Reason: " + + std::string([authTokenError.localizedDescription UTF8String])); + return; + } + + NSString *blobUrlStr = [blobServiceAddress stringByAppendingString:@"/blob"]; + NSURL *blobUrl = [NSURL URLWithString:blobUrlStr]; + + NSMutableURLRequest *deleteRequest = + [NSMutableURLRequest requestWithURL:blobUrl]; + + [deleteRequest setValue:authToken forHTTPHeaderField:@"Authorization"]; + [deleteRequest setValue:@"application/json" + forHTTPHeaderField:@"content-type"]; + + deleteRequest.HTTPMethod = @"DELETE"; + deleteRequest.HTTPBody = [NSJSONSerialization dataWithJSONObject:@{ + blobServiceHolderKey : blobHolder, + blobServiceHashKey : blobHash + } + options:0 + error:nil]; + + NSURLSessionDataTask *task = [self.sharedBlobServiceSession + dataTaskWithRequest:deleteRequest + completionHandler:^( + NSData *_Nullable data, + NSURLResponse *_Nullable response, + NSError *_Nullable error) { + NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *)response; + + if (httpResponse.statusCode > 299) { + NSString *errorMessage = + [@"Deleting blob failed with the following reason: " + stringByAppendingString:[NSHTTPURLResponse + localizedStringForStatusCode: + httpResponse.statusCode]]; + failureHandler([NSError + errorWithDomain:@"app.comm" + code:httpResponse.statusCode + userInfo:@{NSLocalizedDescriptionKey : errorMessage}]); + return; + } + + if (error) { + failureHandler(error); + return; + } + + successHandler(); + }]; + + [task resume]; +} + +- (void)storeBlobForDeletionWithHash:(NSString *)blobHash + andHolder:(NSString *)blobHolder { + std::string blobHashCpp = std::string([blobHash UTF8String]); + std::string blobHolderCpp = std::string([blobHolder UTF8String]); + + std::string mmkvBlobHolderKey = mmkvBlobHolderPrefix + blobHolderCpp; + comm::CommMMKV::setString(mmkvBlobHolderKey, blobHashCpp); +} + +- (void)deleteStoredBlobs { + std::vector allKeys = comm::CommMMKV::getAllKeys(); + NSMutableArray *blobsDataForDeletion = + [[NSMutableArray alloc] init]; + + for (const auto &key : allKeys) { + if (key.size() <= mmkvBlobHolderPrefix.size() || + key.compare(0, mmkvBlobHolderPrefix.size(), mmkvBlobHolderPrefix)) { + continue; + } + + std::optional blobHash = comm::CommMMKV::getString(key); + if (!blobHash.has_value()) { + continue; + } + std::string blobHolder = key.substr(mmkvBlobHolderPrefix.size()); + + NSString *blobHolderObjC = + [NSString stringWithCString:blobHolder.c_str() + encoding:NSUTF8StringEncoding]; + NSString *blobHashObjC = + [NSString stringWithCString:blobHash.value().c_str() + encoding:NSUTF8StringEncoding]; + + [self deleteBlobAsyncWithHash:blobHashObjC + andHolder:blobHolderObjC + withSuccessHandler:^{ + std::string mmkvBlobHolderKey = mmkvBlobHolderPrefix + blobHolder; + comm::CommMMKV::removeKeys({mmkvBlobHolderKey}); + } + andFailureHandler:^(NSError *error) { + comm::Logger::log( + "Failed to delete blob hash " + blobHash.value() + + " from blob service. Details: " + + std::string([error.localizedDescription UTF8String])); + }]; + } +} + +- (void)cancelOngoingRequests { + [self.sharedBlobServiceSession + getAllTasksWithCompletionHandler:^( + NSArray<__kindof NSURLSessionTask *> *_Nonnull tasks) { + for (NSURLSessionTask *task in tasks) { + [task cancel]; + } + }]; +} + + (NSString *)_getAuthTokenOrSetError:(NSError **)error { // Authentication data are retrieved on every request // since they might change while NSE process is running // so we should not rely on caching them in memory. auto accessToken = comm::CommSecureStore::get( comm::CommSecureStore::commServicesAccessToken); auto userID = comm::CommSecureStore::get(comm::CommSecureStore::userID); auto deviceID = comm::CommSecureStore::get(comm::CommSecureStore::deviceID); NSString *userIDObjC = userID.hasValue() ? [NSString stringWithCString:userID.value().c_str() encoding:NSUTF8StringEncoding] : @""; NSString *accessTokenObjC = accessToken.hasValue() ? [NSString stringWithCString:accessToken.value().c_str() encoding:NSUTF8StringEncoding] : @""; NSString *deviceIDObjC = deviceID.hasValue() ? [NSString stringWithCString:deviceID.value().c_str() encoding:NSUTF8StringEncoding] : @""; NSDictionary *jsonAuthObject = @{ @"userID" : userIDObjC, @"accessToken" : accessTokenObjC, @"deviceID" : deviceIDObjC, }; NSData *binaryAuthObject = nil; NSError *jsonError = nil; @try { binaryAuthObject = [NSJSONSerialization dataWithJSONObject:jsonAuthObject options:0 error:&jsonError]; } @catch (NSException *e) { *error = [NSError errorWithDomain:@"app.comm" code:NSFormattingError userInfo:@{NSLocalizedDescriptionKey : e.reason}]; return nil; } if (jsonError) { *error = jsonError; return nil; } return [@"Bearer " stringByAppendingString:[binaryAuthObject base64EncodedStringWithOptions:0]]; } @end diff --git a/native/ios/NotificationService/NotificationService.mm b/native/ios/NotificationService/NotificationService.mm index b70ef85f4..3fcfce557 100644 --- a/native/ios/NotificationService/NotificationService.mm +++ b/native/ios/NotificationService/NotificationService.mm @@ -1,914 +1,919 @@ #import "NotificationService.h" #import "AESCryptoModuleObjCCompat.h" #import "CommIOSBlobClient.h" #import "CommMMKV.h" #import "Logger.h" #import "NotificationsCryptoModule.h" #import "StaffUtils.h" #import "TemporaryMessageStorage.h" #import #include #include NSString *const backgroundNotificationTypeKey = @"backgroundNotifType"; NSString *const messageInfosKey = @"messageInfos"; NSString *const encryptedPayloadKey = @"encryptedPayload"; NSString *const encryptionFailureKey = @"encryptionFailure"; NSString *const collapseIDKey = @"collapseID"; NSString *const keyserverIDKey = @"keyserverID"; NSString *const blobHashKey = @"blobHash"; +NSString *const blobHolderKey = @"blobHolder"; NSString *const encryptionKeyLabel = @"encryptionKey"; // Those and future MMKV-related constants should match // similar constants in CommNotificationsHandler.java const std::string mmkvKeySeparator = "."; const std::string mmkvKeyserverPrefix = "KEYSERVER"; const std::string mmkvUnreadCountSuffix = "UNREAD_COUNT"; // The context for this constant can be found here: // https://linear.app/comm/issue/ENG-3074#comment-bd2f5e28 int64_t const notificationRemovalDelay = (int64_t)(0.1 * NSEC_PER_SEC); // Apple gives us about 30 seconds to process single notification, // se we let any semaphore wait for at most 20 seconds int64_t const semaphoreAwaitTimeLimit = (int64_t)(20 * NSEC_PER_SEC); CFStringRef newMessageInfosDarwinNotification = CFSTR("app.comm.darwin_new_message_infos"); // Implementation below was inspired by the // following discussion with Apple staff member: // https://developer.apple.com/forums/thread/105088 size_t getMemoryUsageInBytes() { task_vm_info_data_t vmInfo; mach_msg_type_number_t count = TASK_VM_INFO_COUNT; kern_return_t result = task_info(mach_task_self(), TASK_VM_INFO, (task_info_t)&vmInfo, &count); if (result != KERN_SUCCESS) { return -1; } size_t memory_usage = static_cast(vmInfo.phys_footprint); return memory_usage; } std::string joinStrings( const std::string &separator, const std::vector &array) { std::ostringstream joinedStream; std::copy( array.begin(), array.end(), std::ostream_iterator(joinedStream, separator.c_str())); std::string joined = joinedStream.str(); return joined.empty() ? joined : joined.substr(0, joined.size() - 1); } @interface NotificationService () @property(strong) NSMutableDictionary *contentHandlers; @property(strong) NSMutableDictionary *contents; @end @implementation NotificationService - (void)didReceiveNotificationRequest:(UNNotificationRequest *)request withContentHandler: (void (^)(UNNotificationContent *_Nonnull)) contentHandler { // Set-up methods are idempotent [NotificationService setUpNSEProcess]; [self setUpNSEInstance]; NSString *contentHandlerKey = [request.identifier copy]; UNMutableNotificationContent *content = [request.content mutableCopy]; [self putContent:content withHandler:contentHandler forKey:contentHandlerKey]; UNNotificationContent *publicUserContent = content; // Step 1: notification decryption. std::unique_ptr statefulDecryptResultPtr; BOOL decryptionExecuted = NO; if ([self shouldBeDecrypted:content.userInfo]) { std::optional notifID; NSString *objcNotifID = content.userInfo[@"id"]; if (objcNotifID) { notifID = std::string([objcNotifID UTF8String]); } std::string decryptErrorMessage; try { @try { statefulDecryptResultPtr = [self decryptContentInPlace:content]; decryptionExecuted = YES; } @catch (NSException *e) { decryptErrorMessage = "NSE: Received Obj-C exception: " + std::string([e.name UTF8String]) + " during notification decryption."; if (notifID.has_value()) { decryptErrorMessage += " Notif ID: " + notifID.value(); } } } catch (const std::exception &e) { decryptErrorMessage = "NSE: Received C++ exception: " + std::string(e.what()) + " during notification decryption."; if (notifID.has_value()) { decryptErrorMessage += " Notif ID: " + notifID.value(); } } if (decryptErrorMessage.size()) { NSString *errorMessage = [NSString stringWithUTF8String:decryptErrorMessage.c_str()]; if (notifID.has_value() && [self isAppShowingNotificationWith: [NSString stringWithCString:notifID.value().c_str() encoding:NSUTF8StringEncoding]]) { errorMessage = [errorMessage stringByAppendingString:@" App shows notif with this ID."]; } [self callContentHandlerForKey:contentHandlerKey onErrorMessage:errorMessage withPublicUserContent:[[UNNotificationContent alloc] init]]; return; } } else if ([self shouldAlertUnencryptedNotification:content.userInfo]) { // In future this will be replaced by notification content // modification for DEV environment and staff members comm::Logger::log("NSE: Received erroneously unencrypted notitication."); } NSMutableArray *errorMessages = [[NSMutableArray alloc] init]; // Step 2: notification persistence in a temporary storage std::string persistErrorMessage; try { @try { [self persistMessagePayload:content.userInfo]; } @catch (NSException *e) { persistErrorMessage = "Obj-C exception: " + std::string([e.name UTF8String]) + " during notification persistence."; } } catch (const std::exception &e) { persistErrorMessage = "C++ exception: " + std::string(e.what()) + " during notification persistence."; } if (persistErrorMessage.size()) { [errorMessages addObject:[NSString stringWithUTF8String:persistErrorMessage.c_str()]]; } // Step 3: Cumulative unread count calculation if (content.badge) { std::string unreadCountCalculationError; try { @try { [self calculateTotalUnreadCountInPlace:content]; } @catch (NSException *e) { unreadCountCalculationError = "Obj-C exception: " + std::string([e.name UTF8String]) + " during unread count calculation."; } } catch (const std::exception &e) { unreadCountCalculationError = "C++ exception: " + std::string(e.what()) + " during unread count calculation."; } if (unreadCountCalculationError.size() && comm::StaffUtils::isStaffRelease()) { [errorMessages addObject:[NSString stringWithUTF8String:unreadCountCalculationError .c_str()]]; } } // Step 4: (optional) rescind read notifications // Message payload persistence is a higher priority task, so it has // to happen prior to potential notification center clearing. if ([self isRescind:content.userInfo]) { std::string rescindErrorMessage; try { @try { [self removeNotificationsWithCondition:^BOOL( UNNotification *_Nonnull notif) { return [content.userInfo[@"notificationId"] isEqualToString:notif.request.content.userInfo[@"id"]]; }]; } @catch (NSException *e) { rescindErrorMessage = "Obj-C exception: " + std::string([e.name UTF8String]) + " during notification rescind."; } } catch (const std::exception &e) { rescindErrorMessage = "C++ exception: " + std::string(e.what()) + " during notification rescind."; } if (rescindErrorMessage.size()) { [errorMessages addObject:[NSString stringWithUTF8String:persistErrorMessage.c_str()]]; } publicUserContent = [[UNNotificationContent alloc] init]; } // Step 5: (optional) execute notification coalescing if ([self isCollapsible:content.userInfo]) { std::string coalescingErrorMessage; try { @try { [self displayLocalNotificationFromContent:content forCollapseKey:content .userInfo[collapseIDKey]]; } @catch (NSException *e) { coalescingErrorMessage = "Obj-C exception: " + std::string([e.name UTF8String]) + " during notification coalescing."; } } catch (const std::exception &e) { coalescingErrorMessage = "C++ exception: " + std::string(e.what()) + " during notification coalescing."; } if (coalescingErrorMessage.size()) { [errorMessages addObject:[NSString stringWithUTF8String:coalescingErrorMessage.c_str()]]; // Even if we fail to execute coalescing then public users // should still see the original message. publicUserContent = content; } else { publicUserContent = [[UNNotificationContent alloc] init]; } } // Step 6: (optional) create empty notification that // only provides badge count. if ([self needsSilentBadgeUpdate:content.userInfo]) { UNMutableNotificationContent *badgeOnlyContent = [[UNMutableNotificationContent alloc] init]; badgeOnlyContent.badge = content.badge; publicUserContent = badgeOnlyContent; } // Step 7: (optional) download notification paylaod // from blob service in case it is large notification if ([self isLargeNotification:content.userInfo]) { std::string processLargeNotificationError; try { @try { [self fetchAndPersistLargeNotifPayload:content]; } @catch (NSException *e) { processLargeNotificationError = "Obj-C exception: " + std::string([e.name UTF8String]) + " during large notification processing."; } } catch (const std::exception &e) { processLargeNotificationError = "C++ exception: " + std::string(e.what()) + " during large notification processing."; } if (processLargeNotificationError.size()) { [errorMessages addObject:[NSString stringWithUTF8String:processLargeNotificationError .c_str()]]; } } // Step 8: notify main app that there is data // to transfer to SQLite and redux. [self sendNewMessageInfosNotification]; if (NSString *currentMemoryEventMessage = [NotificationService getAndSetMemoryEventMessage:nil]) { [errorMessages addObject:currentMemoryEventMessage]; } if (errorMessages.count) { NSString *cumulatedErrorMessage = [@"NSE: Received " stringByAppendingString:[errorMessages componentsJoinedByString:@" "]]; [self callContentHandlerForKey:contentHandlerKey onErrorMessage:cumulatedErrorMessage withPublicUserContent:publicUserContent]; return; } [self callContentHandlerForKey:contentHandlerKey withContent:publicUserContent]; if (decryptionExecuted) { comm::NotificationsCryptoModule::flushState( std::move(statefulDecryptResultPtr)); } } - (void)serviceExtensionTimeWillExpire { // Called just before the extension will be terminated by the system. // Use this as an opportunity to deliver your "best attempt" at modified // content, otherwise the original push payload will be used. NSMutableArray *allHandlers = [[NSMutableArray alloc] init]; NSMutableArray *allContents = [[NSMutableArray alloc] init]; @synchronized(self.contentHandlers) { for (NSString *key in self.contentHandlers) { [allHandlers addObject:self.contentHandlers[key]]; [allContents addObject:self.contents[key]]; } [self.contentHandlers removeAllObjects]; [self.contents removeAllObjects]; } for (int i = 0; i < allContents.count; i++) { UNNotificationContent *content = allContents[i]; void (^handler)(UNNotificationContent *_Nonnull) = allHandlers[i]; if ([self isRescind:content.userInfo]) { // If we get to this place it means we were unable to // remove relevant notification from notification center in // in time given to NSE to process notification. // It is an extremely unlikely to happen. if (!comm::StaffUtils::isStaffRelease()) { handler([[UNNotificationContent alloc] init]); continue; } NSString *errorMessage = @"NSE: Exceeded time limit to rescind a notification."; UNNotificationContent *errorContent = [self buildContentForError:errorMessage]; handler(errorContent); continue; } if ([self isCollapsible:content.userInfo]) { // If we get to this place it means we were unable to // execute notification coalescing with local notification // mechanism in time given to NSE to process notification. if (!comm::StaffUtils::isStaffRelease()) { handler(content); continue; } NSString *errorMessage = @"NSE: Exceeded time limit to collapse a notitication."; UNNotificationContent *errorContent = [self buildContentForError:errorMessage]; handler(errorContent); continue; } if ([self shouldBeDecrypted:content.userInfo] && !content.userInfo[@"successfullyDecrypted"]) { // If we get to this place it means we were unable to // decrypt encrypted notification content in time // given to NSE to process notification. if (!comm::StaffUtils::isStaffRelease()) { handler([[UNNotificationContent alloc] init]); continue; } NSString *errorMessage = @"NSE: Exceeded time limit to decrypt a notification."; UNNotificationContent *errorContent = [self buildContentForError:errorMessage]; handler(errorContent); continue; } // At this point we know that the content is at least // correctly decrypted so we can display it to the user. // Another operation, like persistence, had failed. if ([self needsSilentBadgeUpdate:content.userInfo]) { UNNotificationContent *badgeOnlyContent = [self getBadgeOnlyContentFor:content]; handler(badgeOnlyContent); continue; } handler(content); } } - (void)removeNotificationsWithCondition: (BOOL (^)(UNNotification *_Nonnull))condition { dispatch_semaphore_t semaphore = dispatch_semaphore_create(0); void (^delayedSemaphorePostCallback)() = ^() { dispatch_time_t timeToPostSemaphore = dispatch_time(DISPATCH_TIME_NOW, notificationRemovalDelay); dispatch_after(timeToPostSemaphore, dispatch_get_main_queue(), ^{ dispatch_semaphore_signal(semaphore); }); }; [UNUserNotificationCenter.currentNotificationCenter getDeliveredNotificationsWithCompletionHandler:^( NSArray *_Nonnull notifications) { NSMutableArray *notificationsToRemove = [[NSMutableArray alloc] init]; for (UNNotification *notif in notifications) { if (condition(notif)) { [notificationsToRemove addObject:notif.request.identifier]; } } [UNUserNotificationCenter.currentNotificationCenter removeDeliveredNotificationsWithIdentifiers:notificationsToRemove]; delayedSemaphorePostCallback(); }]; dispatch_semaphore_wait( semaphore, dispatch_time(DISPATCH_TIME_NOW, semaphoreAwaitTimeLimit)); } - (void)displayLocalNotificationFromContent:(UNNotificationContent *)content forCollapseKey:(NSString *)collapseKey { UNMutableNotificationContent *localNotifContent = [[UNMutableNotificationContent alloc] init]; localNotifContent.title = content.title; localNotifContent.body = content.body; localNotifContent.badge = content.badge; localNotifContent.userInfo = content.userInfo; UNNotificationRequest *localNotifRequest = [UNNotificationRequest requestWithIdentifier:collapseKey content:localNotifContent trigger:nil]; [self displayLocalNotificationFor:localNotifRequest]; } - (void)persistMessagePayload:(NSDictionary *)payload { if (payload[messageInfosKey]) { TemporaryMessageStorage *temporaryStorage = [[TemporaryMessageStorage alloc] init]; [temporaryStorage writeMessage:payload[messageInfosKey]]; return; } if (![self isRescind:payload]) { return; } NSError *jsonError = nil; NSData *binarySerializedRescindPayload = [NSJSONSerialization dataWithJSONObject:payload options:0 error:&jsonError]; if (jsonError) { comm::Logger::log( "NSE: Failed to serialize rescind payload. Details: " + std::string([jsonError.localizedDescription UTF8String])); return; } NSString *serializedRescindPayload = [[NSString alloc] initWithData:binarySerializedRescindPayload encoding:NSUTF8StringEncoding]; TemporaryMessageStorage *temporaryRescindsStorage = [[TemporaryMessageStorage alloc] initForRescinds]; [temporaryRescindsStorage writeMessage:serializedRescindPayload]; } - (BOOL)isRescind:(NSDictionary *)payload { return payload[backgroundNotificationTypeKey] && [payload[backgroundNotificationTypeKey] isEqualToString:@"CLEAR"]; } - (void)calculateTotalUnreadCountInPlace: (UNMutableNotificationContent *)content { if (!content.userInfo[keyserverIDKey]) { throw std::runtime_error("Received badge update without keyserver ID."); } std::string senderKeyserverID = std::string([content.userInfo[keyserverIDKey] UTF8String]); std::string senderKeyserverUnreadCountKey = joinStrings( mmkvKeySeparator, {mmkvKeyserverPrefix, senderKeyserverID, mmkvUnreadCountSuffix}); int senderKeyserverUnreadCount = [content.badge intValue]; comm::CommMMKV::setInt( senderKeyserverUnreadCountKey, senderKeyserverUnreadCount); int totalUnreadCount = 0; std::vector allKeys = comm::CommMMKV::getAllKeys(); for (const auto &key : allKeys) { if (key.size() < mmkvKeyserverPrefix.size() + mmkvUnreadCountSuffix.size() || key.compare(0, mmkvKeyserverPrefix.size(), mmkvKeyserverPrefix) || key.compare( key.size() - mmkvUnreadCountSuffix.size(), mmkvUnreadCountSuffix.size(), mmkvUnreadCountSuffix)) { continue; } std::optional unreadCount = comm::CommMMKV::getInt(key, -1); if (!unreadCount.has_value()) { continue; } totalUnreadCount += unreadCount.value(); } content.badge = @(totalUnreadCount); } - (void)fetchAndPersistLargeNotifPayload: (UNMutableNotificationContent *)content { NSString *blobHash = content.userInfo[blobHashKey]; NSData *encryptionKey = [[NSData alloc] initWithBase64EncodedString:content.userInfo[encryptionKeyLabel] options:0]; __block NSError *fetchError = nil; NSData *largePayloadBinary = [CommIOSBlobClient.sharedInstance getBlobSync:blobHash orSetError:&fetchError]; if (fetchError) { comm::Logger::log( "Failed to fetch notif payload from blob service. Details: " + std::string([fetchError.localizedDescription UTF8String])); return; } NSDictionary *largePayload = [NotificationService aesDecryptAndParse:largePayloadBinary withKey:encryptionKey]; [self persistMessagePayload:largePayload]; + [CommIOSBlobClient.sharedInstance + storeBlobForDeletionWithHash:blobHash + andHolder:content.userInfo[blobHolderKey]]; } - (BOOL)needsSilentBadgeUpdate:(NSDictionary *)payload { // TODO: refactor this check by introducing // badgeOnly property in iOS notification payload if (!payload[@"threadID"]) { // This notif only contains a badge update. We could let it go through // normally, but for internal builds we set the BODY to "ENCRYPTED" for // debugging purposes. So instead of letting the badge-only notif go // through, we construct another notif that doesn't have a body. return true; } // If the notif is a rescind, then we'll filter it out. So we need another // notif to update the badge count. return [self isRescind:payload]; } - (BOOL)isCollapsible:(NSDictionary *)payload { return payload[collapseIDKey]; } - (BOOL)isLargeNotification:(NSDictionary *)payload { - return payload[blobHashKey] && payload[encryptionKeyLabel]; + return payload[blobHashKey] && payload[encryptionKeyLabel] && + payload[blobHolderKey]; } - (UNNotificationContent *)getBadgeOnlyContentFor: (UNNotificationContent *)content { UNMutableNotificationContent *badgeOnlyContent = [[UNMutableNotificationContent alloc] init]; badgeOnlyContent.badge = content.badge; return badgeOnlyContent; } - (void)sendNewMessageInfosNotification { CFNotificationCenterPostNotification( CFNotificationCenterGetDarwinNotifyCenter(), newMessageInfosDarwinNotification, (__bridge const void *)(self), nil, TRUE); } - (BOOL)shouldBeDecrypted:(NSDictionary *)payload { return payload[encryptedPayloadKey]; } - (BOOL)shouldAlertUnencryptedNotification:(NSDictionary *)payload { return payload[encryptionFailureKey] && [payload[encryptionFailureKey] isEqualToNumber:@(1)]; } - (std::unique_ptr) decryptContentInPlace:(UNMutableNotificationContent *)content { std::string encryptedData = std::string([content.userInfo[encryptedPayloadKey] UTF8String]); if (!content.userInfo[keyserverIDKey]) { throw std::runtime_error( "Received encrypted notification without keyserverID."); } std::string senderKeyserverID = std::string([content.userInfo[keyserverIDKey] UTF8String]); auto decryptResult = comm::NotificationsCryptoModule::statefulDecrypt( senderKeyserverID, encryptedData, comm::NotificationsCryptoModule::olmEncryptedTypeMessage); NSString *decryptedSerializedPayload = [NSString stringWithUTF8String:decryptResult->getDecryptedData().c_str()]; NSDictionary *decryptedPayload = [NSJSONSerialization JSONObjectWithData:[decryptedSerializedPayload dataUsingEncoding:NSUTF8StringEncoding] options:0 error:nil]; NSMutableDictionary *mutableUserInfo = [content.userInfo mutableCopy]; NSMutableDictionary *mutableAps = nil; if (mutableUserInfo[@"aps"]) { mutableAps = [mutableUserInfo[@"aps"] mutableCopy]; } NSString *body = decryptedPayload[@"merged"]; if (body) { content.body = body; if (mutableAps && mutableAps[@"alert"]) { mutableAps[@"alert"] = body; } } NSString *threadID = decryptedPayload[@"threadID"]; if (threadID) { content.threadIdentifier = threadID; mutableUserInfo[@"threadID"] = threadID; if (mutableAps) { mutableAps[@"thread-id"] = threadID; } } NSString *badgeStr = decryptedPayload[@"badge"]; if (badgeStr) { NSNumber *badge = @([badgeStr intValue]); content.badge = badge; if (mutableAps) { mutableAps[@"badge"] = badge; } } // The rest have been already decrypted and handled. static NSArray *handledKeys = @[ @"merged", @"badge", @"threadID" ]; for (NSString *payloadKey in decryptedPayload) { if ([handledKeys containsObject:payloadKey]) { continue; } mutableUserInfo[payloadKey] = decryptedPayload[payloadKey]; } if (mutableAps) { mutableUserInfo[@"aps"] = mutableAps; } [mutableUserInfo removeObjectForKey:encryptedPayloadKey]; mutableUserInfo[@"successfullyDecrypted"] = @(YES); content.userInfo = mutableUserInfo; return decryptResult; } // Apple documentation for NSE does not explicitly state // that single NSE instance will be used by only one thread // at a time. Even though UNNotificationServiceExtension API // suggests that it could be the case we don't trust it // and keep a synchronized collection of handlers and contents. // We keep reports of events that strongly suggest there is // parallelism in notifications processing. In particular we // have see notifications not being decrypted when access // to encryption keys had not been correctly implemented. // Similar behaviour is adopted by other apps such as Signal, // Telegram or Element. - (void)setUpNSEInstance { @synchronized(self) { if (self.contentHandlers) { return; } self.contentHandlers = [[NSMutableDictionary alloc] init]; self.contents = [[NSMutableDictionary alloc] init]; } } - (void)putContent:(UNNotificationContent *)content withHandler:(void (^)(UNNotificationContent *_Nonnull))handler forKey:(NSString *)key { @synchronized(self.contentHandlers) { [self.contentHandlers setObject:handler forKey:key]; [self.contents setObject:content forKey:key]; } } - (void)callContentHandlerForKey:(NSString *)key withContent:(UNNotificationContent *)content { void (^handler)(UNNotificationContent *_Nonnull); @synchronized(self.contentHandlers) { handler = [self.contentHandlers objectForKey:key]; [self.contentHandlers removeObjectForKey:key]; [self.contents removeObjectForKey:key]; } if (!handler) { return; } handler(content); } - (UNNotificationContent *)buildContentForError:(NSString *)error { UNMutableNotificationContent *content = [[UNMutableNotificationContent alloc] init]; content.body = error; return content; } - (void)callContentHandlerForKey:(NSString *)key onErrorMessage:(NSString *)errorMessage withPublicUserContent:(UNNotificationContent *)publicUserContent { comm::Logger::log(std::string([errorMessage UTF8String])); if (comm::StaffUtils::isStaffRelease()) { NSString *errorNotifId = [@"error_for_" stringByAppendingString:key]; UNNotificationContent *content = [self buildContentForError:errorMessage]; UNNotificationRequest *localNotifRequest = [UNNotificationRequest requestWithIdentifier:errorNotifId content:content trigger:nil]; [self displayLocalNotificationFor:localNotifRequest]; } [self callContentHandlerForKey:key withContent:publicUserContent]; } - (void)displayLocalNotificationFor:(UNNotificationRequest *)localNotifRequest { // We must wait until local notif display completion // handler returns. Context: // https://developer.apple.com/forums/thread/108340?answerId=331640022#331640022 dispatch_semaphore_t localNotifDisplaySemaphore = dispatch_semaphore_create(0); __block NSError *localNotifDisplayError = nil; [UNUserNotificationCenter.currentNotificationCenter addNotificationRequest:localNotifRequest withCompletionHandler:^(NSError *_Nullable error) { if (error) { localNotifDisplayError = error; } dispatch_semaphore_signal(localNotifDisplaySemaphore); }]; dispatch_semaphore_wait( localNotifDisplaySemaphore, dispatch_time(DISPATCH_TIME_NOW, semaphoreAwaitTimeLimit)); if (localNotifDisplayError) { throw std::runtime_error( std::string([localNotifDisplayError.localizedDescription UTF8String])); } } - (BOOL)isAppShowingNotificationWith:(NSString *)identifier { dispatch_semaphore_t getAllDeliveredNotifsSemaphore = dispatch_semaphore_create(0); __block BOOL foundNotification = NO; [UNUserNotificationCenter.currentNotificationCenter getDeliveredNotificationsWithCompletionHandler:^( NSArray *_Nonnull notifications) { for (UNNotification *notif in notifications) { if (notif.request.content.userInfo[@"id"] && [notif.request.content.userInfo[@"id"] isEqualToString:identifier]) { foundNotification = YES; break; } } dispatch_semaphore_signal(getAllDeliveredNotifsSemaphore); }]; dispatch_semaphore_wait( getAllDeliveredNotifsSemaphore, dispatch_time(DISPATCH_TIME_NOW, semaphoreAwaitTimeLimit)); return foundNotification; } // Monitor memory usage + (NSString *)getAndSetMemoryEventMessage:(NSString *)message { static NSString *memoryEventMessage = nil; static NSLock *memoryEventLock = [[NSLock alloc] init]; @try { if (![memoryEventLock tryLock]) { return nil; } NSString *currentMemoryEventMessage = memoryEventMessage ? [memoryEventMessage copy] : nil; memoryEventMessage = [message copy]; return currentMemoryEventMessage; } @finally { [memoryEventLock unlock]; } } + (dispatch_source_t)registerForMemoryEvents { dispatch_source_t memorySource = dispatch_source_create( DISPATCH_SOURCE_TYPE_MEMORYPRESSURE, 0L, DISPATCH_MEMORYPRESSURE_CRITICAL, dispatch_get_main_queue()); dispatch_block_t eventHandler = ^{ NSString *criticalMemoryEventMessage = [NSString stringWithFormat: @"NSE: Received CRITICAL memory event. Memory usage: %ld bytes", getMemoryUsageInBytes()]; comm::Logger::log(std::string([criticalMemoryEventMessage UTF8String])); if (!comm::StaffUtils::isStaffRelease()) { // If it is not a staff release we don't set // memoryEventMessage variable since it will // not be displayed to the client anyway return; } [NotificationService getAndSetMemoryEventMessage:criticalMemoryEventMessage]; }; dispatch_source_set_event_handler(memorySource, eventHandler); dispatch_activate(memorySource); return memorySource; } // AES Cryptography static AESCryptoModuleObjCCompat *_aesCryptoModule = nil; + (AESCryptoModuleObjCCompat *)processLocalAESCryptoModule { return _aesCryptoModule; } + (NSDictionary *)aesDecryptAndParse:(NSData *)sealedData withKey:(NSData *)key { NSError *decryptError = nil; NSInteger destinationLength = [[NotificationService processLocalAESCryptoModule] decryptedLength:sealedData]; NSMutableData *destination = [NSMutableData dataWithLength:destinationLength]; [[NotificationService processLocalAESCryptoModule] decryptWithKey:key sealedData:sealedData destination:destination withError:&decryptError]; if (decryptError) { comm::Logger::log( "NSE: Notification aes decryption failure. Details: " + std::string([decryptError.localizedDescription UTF8String])); return nil; } NSString *decryptedSerializedPayload = [[NSString alloc] initWithData:destination encoding:NSUTF8StringEncoding]; return [NSJSONSerialization JSONObjectWithData:[decryptedSerializedPayload dataUsingEncoding:NSUTF8StringEncoding] options:0 error:nil]; } // Process-local initialization code NSE may use different threads and instances // of this class to process notifs, but it usually keeps the same process for // extended period of time. Objects that can be initialized once and reused on // each notif should be declared in a method below to avoid wasting resources + (void)setUpNSEProcess { static dispatch_source_t memoryEventSource; static dispatch_once_t onceToken; dispatch_once(&onceToken, ^{ _aesCryptoModule = [[AESCryptoModuleObjCCompat alloc] init]; memoryEventSource = [NotificationService registerForMemoryEvents]; }); } @end