unifiedpush / common-proxies Goto Github PK

Devices don't need to receive that info anyway + it might expose pushkeys to the wrong device

todo list for myself
Document:

• User Agent
• Multi-Host
• Write a little explainer of splitting

Matrix is enabled by default, I'd expect everything to be disabled by default and then I only need to enable the stuff I actually want to run. Right now I have to manually disable matrix.

L: Uhm, Docker Hub is apparently discontinuing its free tier for teams (is that the same as organizations?): https://hacky.town/@rtyler/110023261891172425

Now, currently the container image is hosted on Docker Hub, and it says that https://hub.docker.com/u/unifiedpush is an organization, so this might be uh, an issue, unless you're paying for that? So, you might want to move to quay.io or GHCR, for example?

The specification https://matrix.org/docs/spec/push_gateway/r0.1.1 requires "A list of all pushkeys given in the notification request that are not valid. [...] May be empty."
So, if no pushkey is invalid it should return {"rejected":[]}.
Currently it returns {"rejected":null} (and gives an error on element-android when it sends itself the notif to troubleshoot).

• The default port could be changed to something > 1024
• The requirement for a config file to exist could be removed, especially since everything is environment variables now

To be able to identify in push providers

Also optionally sending the server hostname might further help for big server debugging

This may sound like a stupid question:
I want to remove my dependency to google Firebase and then run a degooglised android phone. However I couldn't anymore subscribe to push notification of web apps as phenix (firefox android) have no alternative to google firebase yet.

I wanted to know if it is possible either to have a web push->unifiedpush bridge that I could run on a homeserver to subscribe to web push notifications for me and relay on unifiedpush provider like ntfy.sh.

So, my question is, can this proxy handle this goal and make me able to receive web push notification of a website (that I couldn't change the backend to support UP out of the box) with UP provider like ntfy.sh android app ?

Thank you for your help

Rewrite proxies should return TTL: 0 and 201 status code

ATM it is done with the following nginx + lua rule :

server {
   listen 127.0.0.1:1234;
   location / {
       access_by_lua_block{
           local json=require("cjson")
           ngx.req.read_body()
           local args = ngx.req.get_uri_args()
           local token = args["token"]
           local app = args["app"]
           local req = ngx.req.get_body_data()
           local newreq =  { ["to"] = token, ["data"] = { ["body"] = req, ["app"] = app } }
           local body = json.encode(newreq)
           ngx.req.set_body_data(body)
       }

       proxy_set_header         Authorization key=AAAAB<redaced> ;
       proxy_set_header         Content-Type application/json;
       proxy_pass                       https://fcm.googleapis.com/fcm/send;
       proxy_set_header            Host fcm.googleapis.com;

       # Force https
       #if ($scheme = http) {
       #    rewrite ^ https://$server_name$request_uri? permanent;
       # }
   }
 }

We need to make a /v2 endpoint that base64 encodes the request to follow AND_2.0.0 and keeping this one for the old one. It will be easier to do it with common-proxies

https://matrix.to/#/!vwmBiTqilorqNCbGab:matrix.org/$39gAYAsFiYC-gLC0fD8ZjL6ZZmEYBdDj6O5tKTYVYiY?via=libera.chat&via=matrix.org&via=tchncs.de

I run an internal DNS for services (e.g. gotify) which are also externally available.
I think Paranoidhttp prevents the proxy to connect to my gotify instance, as the internal DNS resolves the domain to my internal ip address.
The logs show following error:

panic:
Post "https://push.example.com/UP?token=asdbc1234": bad ip is detected: 192.168.0.10

This repository has moved to https://codeberg.org/UnifiedPush/common-proxies and is a mirrored on github.

Please open pull requests/merge requests and issues on codeberg.

I'm not a go programmer, so pardon my ignorance - but I have everything running on my internal network - no outside IP addresses are used, and the rewriter here is the only thing that appears to work properly with my matrix install - pure proxying with nginx does not work right for me. All clients operate on the network directly or via VPN.

Looking at the docs for paranoidhttp, it does seem to exemplify on the main readme how to allow 127.0.0.1 - which is what I'd love to be able to do...

In my testing, other than having up-rewrite-linux-amd64 reject the IP, everything else is working.

Thank you!

Only when verbose. Should help in debugging which things are enabled and which aren't

The FCM rewrite proxy has a non-backward compatible change: it will be a major release then. We should link https://firebase.google.com/docs/cloud-messaging/migrate-v1 to the release.

BTW, I suggest we remove the gotify rewrite proxy at the same time, what do you think @karmanyaahm ?

I get

curl -O up-rewrite-linux-amd64 https://github.com/UnifiedPush/common-proxies/releases/download/v1.5.0/up-rewrite-linux-amd64
curl: Remote file name has no length!
curl: (23) Failed writing received data to disk/application

and only a "Failed Download" in Firefox, when i try to download the latest release.

With normal priority, applications are not automatically wake from doze mode
Cf. https://firebase.google.com/docs/cloud-messaging/concept-options#setting-the-priority-of-a-message

We should set the priority with the legacy API and HTTPv1 API to avoid issues (https://stackoverflow.com/a/59939658)

{
    "priority": "high", // legacy HTTP protocol (this can also be set to 10)
    "android": {
        "priority": "high" // HTTP v1 protocol
    }
}