Set up infrastructure for push message subscriptions.

A subscription allows an application server (here, the Pilcrow server) to send web push messages to a user agent.

On the server, Pilcrow records subscriptions verbatim, in the clear. Each subscription has an associated key, which will be used to encrypt messages for the corresponding client, but we store them in the clear, for the same broad reason that we store the VAPID key in the clear. They allow anyone who obtains them to impersonate the server and send push messages to clients, but they're rotated regularly - clients must rotate them whenever the server's VAPID key changes.

On the client, we monitor VAPID key change events to drive automatic subscription management, once the user sets up an initial subscription manually (which we must do as it can involve a user-interaction-only prompt for permission to send notifications). This isn't the final UI, but rather a bare-minimum version to let us move on with testing push notifications.

Merges push-subscribe into push-notify.

3 files changed, 334 insertions, 0 deletions

diff --git a/src/push/handlers/mod.rs b/src/push/handlers/mod.rs
new file mode 100644
index 0000000..86eeea0
--- /dev/null
+++ b/src/push/handlers/mod.rs
@@ -0,0 +1,3 @@
+mod subscribe;
+
+pub use subscribe::handler as subscribe;
diff --git a/src/push/handlers/subscribe/mod.rs b/src/push/handlers/subscribe/mod.rs
new file mode 100644
index 0000000..d142df6
--- /dev/null
+++ b/src/push/handlers/subscribe/mod.rs
@@ -0,0 +1,95 @@
+use axum::{
+    extract::{Json, State},
+    http::StatusCode,
+    response::{IntoResponse, Response},
+};
+use p256::ecdsa::VerifyingKey;
+use web_push::SubscriptionInfo;
+
+use crate::{
+    error::Internal,
+    push::{app, app::Push},
+    token::extract::Identity,
+};
+
+#[cfg(test)]
+mod test;
+
+#[derive(Clone, serde::Deserialize)]
+pub struct Request {
+    subscription: Subscription,
+    #[serde(with = "crate::vapid::ser::key")]
+    vapid: VerifyingKey,
+}
+
+// This structure is described in <https://w3c.github.io/push-api/#dom-pushsubscription-tojson>.
+#[derive(Clone, serde::Deserialize)]
+pub struct Subscription {
+    endpoint: String,
+    keys: Keys,
+}
+
+// This structure is described in <https://w3c.github.io/push-api/#dom-pushsubscription-tojson>.
+#[derive(Clone, serde::Deserialize)]
+pub struct Keys {
+    p256dh: String,
+    auth: String,
+}
+
+pub async fn handler(
+    State(push): State<Push>,
+    identity: Identity,
+    Json(request): Json<Request>,
+) -> Result<StatusCode, Error> {
+    let Request {
+        subscription,
+        vapid,
+    } = request;
+
+    push.subscribe(&identity, &subscription.into(), &vapid)
+        .await?;
+
+    Ok(StatusCode::CREATED)
+}
+
+impl From<Subscription> for SubscriptionInfo {
+    fn from(request: Subscription) -> Self {
+        let Subscription {
+            endpoint,
+            keys: Keys { p256dh, auth },
+        } = request;
+        let info = SubscriptionInfo::new(endpoint, p256dh, auth);
+        info
+    }
+}
+
+#[derive(Debug, thiserror::Error)]
+#[error(transparent)]
+pub struct Error(#[from] app::SubscribeError);
+
+impl IntoResponse for Error {
+    fn into_response(self) -> Response {
+        let Self(err) = self;
+
+        match err {
+            app::SubscribeError::StaleVapidKey(key) => {
+                let body = StaleVapidKey {
+                    message: err.to_string(),
+                    key,
+                };
+                (StatusCode::BAD_REQUEST, Json(body)).into_response()
+            }
+            app::SubscribeError::Duplicate => {
+                (StatusCode::CONFLICT, err.to_string()).into_response()
+            }
+            other => Internal::from(other).into_response(),
+        }
+    }
+}
+
+#[derive(serde::Serialize)]
+struct StaleVapidKey {
+    message: String,
+    #[serde(with = "crate::vapid::ser::key")]
+    key: VerifyingKey,
+}
diff --git a/src/push/handlers/subscribe/test.rs b/src/push/handlers/subscribe/test.rs
new file mode 100644
index 0000000..b72624d
--- /dev/null
+++ b/src/push/handlers/subscribe/test.rs
@@ -0,0 +1,236 @@
+use axum::{
+    extract::{Json, State},
+    http::StatusCode,
+};
+
+use crate::{
+    push::app::SubscribeError,
+    test::{fixtures, fixtures::event},
+};
+
+#[tokio::test]
+async fn accepts_new_subscription() {
+    let app = fixtures::scratch_app().await;
+    let subscriber = fixtures::identity::create(&app, &fixtures::now()).await;
+
+    // Issue a VAPID key.
+
+    app.vapid()
+        .refresh_key(&fixtures::now())
+        .await
+        .expect("refreshing the VAPID key always succeeds");
+
+    // Find out what that VAPID key is.
+
+    let boot = app.boot().snapshot().await.expect("boot always succeeds");
+    let vapid = boot
+        .events
+        .into_iter()
+        .filter_map(event::vapid)
+        .filter_map(event::vapid::changed)
+        .next_back()
+        .expect("the application will have a vapid key after a refresh");
+
+    // Create a dummy subscription with that key.
+
+    let request = super::Request {
+        subscription: super::Subscription {
+            endpoint: String::from("https://push.example.com/endpoint"),
+            keys: super::Keys {
+                p256dh: String::from("test-p256dh-value"),
+                auth: String::from("test-auth-value"),
+            },
+        },
+        vapid: vapid.key,
+    };
+    let response = super::handler(State(app.push()), subscriber, Json(request))
+        .await
+        .expect("test request will succeed on a fresh app");
+
+    // Check that the response looks as expected.
+
+    assert_eq!(StatusCode::CREATED, response);
+}
+
+#[tokio::test]
+async fn accepts_repeat_subscription() {
+    let app = fixtures::scratch_app().await;
+    let subscriber = fixtures::identity::create(&app, &fixtures::now()).await;
+
+    // Issue a VAPID key.
+
+    app.vapid()
+        .refresh_key(&fixtures::now())
+        .await
+        .expect("refreshing the VAPID key always succeeds");
+
+    // Find out what that VAPID key is.
+
+    let boot = app.boot().snapshot().await.expect("boot always succeeds");
+    let vapid = boot
+        .events
+        .into_iter()
+        .filter_map(event::vapid)
+        .filter_map(event::vapid::changed)
+        .next_back()
+        .expect("the application will have a vapid key after a refresh");
+
+    // Create a dummy subscription with that key.
+
+    let request = super::Request {
+        subscription: super::Subscription {
+            endpoint: String::from("https://push.example.com/endpoint"),
+            keys: super::Keys {
+                p256dh: String::from("test-p256dh-value"),
+                auth: String::from("test-auth-value"),
+            },
+        },
+        vapid: vapid.key,
+    };
+    let response = super::handler(State(app.push()), subscriber.clone(), Json(request.clone()))
+        .await
+        .expect("test request will succeed on a fresh app");
+
+    // Check that the response looks as expected.
+
+    assert_eq!(StatusCode::CREATED, response);
+
+    // Repeat the request
+
+    let response = super::handler(State(app.push()), subscriber, Json(request))
+        .await
+        .expect("test request will succeed twice on a fresh app");
+
+    // Check that the second response also looks as expected.
+
+    assert_eq!(StatusCode::CREATED, response);
+}
+
+#[tokio::test]
+async fn rejects_duplicate_subscription() {
+    let app = fixtures::scratch_app().await;
+    let subscriber = fixtures::identity::create(&app, &fixtures::now()).await;
+
+    // Issue a VAPID key.
+
+    app.vapid()
+        .refresh_key(&fixtures::now())
+        .await
+        .expect("refreshing the VAPID key always succeeds");
+
+    // Find out what that VAPID key is.
+
+    let boot = app.boot().snapshot().await.expect("boot always succeeds");
+    let vapid = boot
+        .events
+        .into_iter()
+        .filter_map(event::vapid)
+        .filter_map(event::vapid::changed)
+        .next_back()
+        .expect("the application will have a vapid key after a refresh");
+
+    // Create a dummy subscription with that key.
+
+    let request = super::Request {
+        subscription: super::Subscription {
+            endpoint: String::from("https://push.example.com/endpoint"),
+            keys: super::Keys {
+                p256dh: String::from("test-p256dh-value"),
+                auth: String::from("test-auth-value"),
+            },
+        },
+        vapid: vapid.key,
+    };
+    super::handler(State(app.push()), subscriber.clone(), Json(request))
+        .await
+        .expect("test request will succeed on a fresh app");
+
+    // Repeat the request with different keys
+
+    let request = super::Request {
+        subscription: super::Subscription {
+            endpoint: String::from("https://push.example.com/endpoint"),
+            keys: super::Keys {
+                p256dh: String::from("different-test-p256dh-value"),
+                auth: String::from("different-test-auth-value"),
+            },
+        },
+        vapid: vapid.key,
+    };
+    let response = super::handler(State(app.push()), subscriber, Json(request))
+        .await
+        .expect_err("request with duplicate endpoint should fail");
+
+    // Make sure we got the error we expected.
+
+    assert!(matches!(response, super::Error(SubscribeError::Duplicate)));
+}
+
+#[tokio::test]
+async fn rejects_stale_vapid_key() {
+    let app = fixtures::scratch_app().await;
+    let subscriber = fixtures::identity::create(&app, &fixtures::now()).await;
+
+    // Issue a VAPID key.
+
+    app.vapid()
+        .refresh_key(&fixtures::now())
+        .await
+        .expect("refreshing the VAPID key always succeeds");
+
+    // Find out what that VAPID key is.
+
+    let boot = app.boot().snapshot().await.expect("boot always succeeds");
+    let vapid = boot
+        .events
+        .into_iter()
+        .filter_map(event::vapid)
+        .filter_map(event::vapid::changed)
+        .next_back()
+        .expect("the application will have a vapid key after a refresh");
+
+    // Change the VAPID key.
+
+    app.vapid()
+        .rotate_key()
+        .await
+        .expect("key rotation always succeeds");
+    app.vapid()
+        .refresh_key(&fixtures::now())
+        .await
+        .expect("refreshing the VAPID key always succeeds");
+
+    // Find out what the new VAPID key is.
+
+    let boot = app.boot().snapshot().await.expect("boot always succeeds");
+    let fresh_vapid = boot
+        .events
+        .into_iter()
+        .filter_map(event::vapid)
+        .filter_map(event::vapid::changed)
+        .next_back()
+        .expect("the application will have a vapid key after a refresh");
+
+    // Create a dummy subscription with the original key.
+
+    let request = super::Request {
+        subscription: super::Subscription {
+            endpoint: String::from("https://push.example.com/endpoint"),
+            keys: super::Keys {
+                p256dh: String::from("test-p256dh-value"),
+                auth: String::from("test-auth-value"),
+            },
+        },
+        vapid: vapid.key,
+    };
+    let response = super::handler(State(app.push()), subscriber, Json(request))
+        .await
+        .expect_err("test request has a stale vapid key");
+
+    // Check that the response looks as expected.
+
+    assert!(matches!(
+        response,
+        super::Error(SubscribeError::StaleVapidKey(key)) if key == fresh_vapid.key
+    ));
+}