Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: remove certfile and keyfile from APNS configurations #183

Merged
merged 3 commits into from
Jan 9, 2021
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 3 additions & 2 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,9 @@
/doc
erl_crash.dump
*.ez
*.pem
*.p8
cert.pem
key_unencrypted.pem
AuthKey.p8
*.p12
secrets.tar
scratchpad.txt
Expand Down
9 changes: 9 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,15 @@
**Changed**

- Default JSON library set to Jason.
([#182](https://github.com/codedge-llc/pigeon/pull/182))
- Pigeon application module moved from `Pigeon` to `Pigeon.Application`
([#183](https://github.com/codedge-llc/pigeon/pull/183))

**Removed**

- `:certfile` and `:keyfile` are no longer valid options for APNS configurations.
Instead, read the file before loading (e.g. `cert: File.read!("cert.pem")`)
([#183](https://github.com/codedge-llc/pigeon/pull/183))

## v1.6.0

Expand Down
10 changes: 5 additions & 5 deletions config/test.exs
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,8 @@ config :pigeon, :test,
fcm_key: System.get_env("GCM_KEY"),
valid_fcm_reg_id: System.get_env("VALID_GCM_REG_ID"),
valid_apns_token: System.get_env("VALID_APNS_TOKEN"),
apns_cert: "cert.pem",
apns_key: "key_unencrypted.pem",
apns_cert: File.read!("cert.pem"),
apns_key: File.read!("key_unencrypted.pem"),
apns_topic: System.get_env("APNS_TOPIC")

config :pigeon,
Expand All @@ -24,12 +24,12 @@ config :pigeon, :fcm,

config :pigeon, :apns,
apns_default: %{
cert: "cert.pem",
key: "key_unencrypted.pem",
cert: File.read!("cert.pem"),
key: File.read!("key_unencrypted.pem"),
mode: :dev
},
apns_jwt_static: %{
key: "AuthKey.p8",
key: File.read!("AuthKey.p8"),
key_identifier: System.get_env("APNS_JWT_KEY_IDENTIFIER"),
team_id: System.get_env("APNS_JWT_TEAM_ID"),
mode: :dev
Expand Down
82 changes: 0 additions & 82 deletions lib/pigeon.ex
Original file line number Diff line number Diff line change
Expand Up @@ -3,90 +3,8 @@ defmodule Pigeon do
HTTP2-compliant wrapper for sending iOS and Android push notifications.
"""

use Application

require Logger
import Supervisor.Spec

alias Pigeon.{ADM, APNS, FCM}
alias Pigeon.Http2.Client

@doc false
def start(_type, _args) do
Client.default().start
opts = [strategy: :one_for_one, name: :pigeon]
Supervisor.start_link(workers(), opts)
end

defp workers do
[
adm_workers(),
apns_workers(),
fcm_workers(),
env_workers(),
apns_token_agent(),
task_supervisors()
]
|> List.flatten()
end

defp apns_token_agent do
[worker(APNS.Token, [%{}], restart: :permanent, shutdown: 5_000)]
end

defp task_supervisors do
[supervisor(Task.Supervisor, [[name: Pigeon.Tasks]])]
end

defp env_workers do
case Application.get_env(:pigeon, :workers) do
nil ->
[]

workers ->
Enum.flat_map(workers, fn {mod, fun} ->
mod
|> apply(fun, [])
|> List.wrap()
|> Enum.map(&worker/1)
|> Enum.filter(& &1)
end)
end
end

defp worker(%ADM.Config{} = config) do
worker(ADM.Worker, [config], id: config.name, restart: :temporary)
end

defp worker(config) do
worker(Pigeon.Worker, [config], id: config.name, restart: :temporary)
end

defp adm_workers do
workers_for(:adm, &ADM.Config.new/1, Pigeon.ADM.Worker)
end

defp apns_workers do
workers_for(:apns, &APNS.ConfigParser.parse/1, Pigeon.Worker)
end

defp fcm_workers do
workers_for(:fcm, &FCM.Config.new/1, Pigeon.Worker)
end

defp workers_for(name, config_fn, mod) do
case Application.get_env(:pigeon, name) do
nil ->
[]

workers ->
Enum.map(workers, fn {worker_name, _config} ->
config = config_fn.(worker_name)
worker(mod, [config], id: config.name, restart: :temporary)
end)
end
end

@doc """
Returns the configured JSON encoding library for Pigeon.
To customize the JSON library, include the following in your config/config.exs:
Expand Down
95 changes: 31 additions & 64 deletions lib/pigeon/apns/config.ex
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,10 @@ defmodule Pigeon.APNS.Config do
"""

defstruct cert: nil,
certfile: nil,
key: nil,
keyfile: nil,
name: nil,
port: 443,
ping_period: 600_000,
reconnect: true,
uri: nil

@typedoc ~S"""
Expand All @@ -23,23 +20,17 @@ defmodule Pigeon.APNS.Config do

%Pigeon.APNS.Config{
name: :apns_default,
reconnect: true,
cert: nil,
certfile: "cert.pem",
key: nil,
keyfile: "key.pem",
cert: "certificate_content",
key: "key_content",
uri: "api.push.apple.com",
port: 443,
ping_period: 600_000
}
"""
@type t :: %__MODULE__{
name: atom | nil,
reconnect: boolean,
cert: binary | nil,
certfile: binary | nil,
key: binary | nil,
keyfile: binary | nil,
uri: binary | nil,
port: pos_integer,
ping_period: pos_integer
Expand All @@ -51,28 +42,20 @@ defmodule Pigeon.APNS.Config do
## Configuration Options
- `:name` - Registered worker name.
- `:mode` - If set to `:dev` or `:prod`, will set the appropriate `:uri`
- `:cert` - Push certificate. Can be one of three options:
- Static file path
- Full-text string of the file contents (useful for environment variables)
- `{:my_app, "certs/cert.pem"}` (indicates path relative to the `priv`
folder of the given application)
- `:key` - Push private key. Same as `:cert`
- `:cert` - Push certificate. Must be the full-text string of the file contents.
- `:key` - Push private key. Must be the full-text string of the file contents.
- `:uri` - Push server uri. If set, overrides uri defined by `:mode`.
Useful for test environments.
- `:port` - Push server port. Can be any value, but APNS only accepts
`443` and `2197`
- `:ping_period` - Interval between server pings. Necessary to keep long
running APNS connections alive. Defaults to 10 minutes.

## Deprecated Options
- `:reconnect` - No longer used as of `v1.2.0`.
"""
@type config_opts :: [
name: atom | nil,
mode: :dev | :prod | nil,
cert: binary | {atom, binary},
key: binary | {atom, binary},
reconnect: boolean,
cert: binary,
key: binary,
ping_period: pos_integer,
port: pos_integer,
uri: binary,
Expand All @@ -96,57 +79,49 @@ defmodule Pigeon.APNS.Config do
iex> Pigeon.APNS.Config.new(
...> name: :test,
...> mode: :prod,
...> cert: "test/support/test_cert.pem-mock",
...> key: "test/support/test_key.pem-mock",
...> cert: File.read!("test/support/FakeAPNSCert.pem"),
...> key: File.read!("test/support/FakeAPNSKey.pem"),
...> port: 2197,
...> ping_period: 300_000
...> )
%Pigeon.APNS.Config{uri: "api.push.apple.com", name: :test,
certfile: Path.expand("test/support/test_cert.pem-mock"),
keyfile: Path.expand("test/support/test_key.pem-mock"),
ping_period: 300000, port: 2197, reconnect: false}
%Pigeon.APNS.Config{
cert: "test/support/FakeAPNSCert.pem" |> File.read!() |> Pigeon.APNS.Config.decode_pem(),
key: "test/support/FakeAPNSKey.pem" |> File.read!() |> Pigeon.APNS.Config.decode_pem(),
name: :test,
ping_period: 300000,
port: 2197,
uri: "api.push.apple.com"
}

iex> config = Pigeon.APNS.Config.new(:apns_default)
iex> %{config | certfile: nil, keyfile: nil} # Hide for testing
iex> %{config | cert: nil, key: nil} # Hide for testing
iex> match? %_{uri: "api.development.push.apple.com",
...> name: :apns_default, ping_period: 600_000, port: 443}, config
true
"""
def new(opts) when is_list(opts) do
%__MODULE__{
name: opts[:name],
reconnect: Keyword.get(opts, :reconnect, false),
cert: cert(opts[:cert]),
certfile: ConfigParser.file_path(opts[:cert]),
key: key(opts[:key]),
keyfile: ConfigParser.file_path(opts[:key]),
uri: Keyword.get(opts, :uri, ConfigParser.uri_for_mode(opts[:mode])),
name: Keyword.get(opts, :name),
cert: opts |> Keyword.get(:cert) |> decode_pem(),
key: opts |> Keyword.get(:key) |> decode_pem(),
ping_period: Keyword.get(opts, :ping_period, 600_000),
port: Keyword.get(opts, :port, 443),
ping_period: Keyword.get(opts, :ping_period, 600_000)
uri: Keyword.get(opts, :uri, ConfigParser.uri_for_mode(opts[:mode]))
}
|> ConfigParser.strip_errors(:cert, :certfile)
|> ConfigParser.strip_errors(:key, :keyfile)
end

def new(name) when is_atom(name), do: ConfigParser.parse(name)

defp cert(bin) when is_binary(bin) do
@doc false
def decode_pem(bin) when is_binary(bin) do
case :public_key.pem_decode(bin) do
[{:Certificate, cert, _}] -> cert
_ -> {:error, {:invalid, bin}}
end
end

defp cert(other), do: {:error, {:invalid, other}}

defp key(bin) when is_binary(bin) do
case :public_key.pem_decode(bin) do
[{:RSAPrivateKey, key, _}] -> {:RSAPrivateKey, key}
_ -> {:error, {:invalid, bin}}
end
end

defp key(other), do: {:error, {:invalid, other}}
def decode_pem(other), do: {:error, {:invalid, other}}
end

defimpl Pigeon.Configurable, for: Pigeon.APNS.Config do
Expand All @@ -170,8 +145,8 @@ defimpl Pigeon.Configurable, for: Pigeon.APNS.Config do
@spec connect(any) :: {:ok, sock} | {:error, String.t()}
def connect(%{uri: uri} = config) do
uri = to_charlist(uri)

options = connect_socket_options(config)

Pigeon.Http2.Client.default().connect(uri, :https, options)
end

Expand All @@ -187,13 +162,13 @@ defimpl Pigeon.Configurable, for: Pigeon.APNS.Config do
defdelegate close(config), to: Shared

@spec validate!(Config.t()) :: :ok | no_return
def validate!(%Config{cert: {:error, _}, certfile: {:error, _}} = config) do
def validate!(%Config{cert: {:error, _}} = config) do
raise Pigeon.ConfigError,
reason: "attempted to start without valid certificate",
config: ConfigParser.redact(config)
end

def validate!(%Config{key: {:error, _}, keyfile: {:error, _}} = config) do
def validate!(%Config{key: {:error, _}} = config) do
raise Pigeon.ConfigError,
reason: "attempted to start without valid key",
config: ConfigParser.redact(config)
Expand All @@ -204,10 +179,10 @@ defimpl Pigeon.Configurable, for: Pigeon.APNS.Config do
end

@spec connect_socket_options(Config.t()) :: socket_opts
def connect_socket_options(config) do
def connect_socket_options(%{cert: cert, key: key} = config) do
[
cert_option(config),
key_option(config),
{:cert, cert},
{:key, key},
{:password, ''},
{:packet, 0},
{:reuseaddr, true},
Expand All @@ -216,12 +191,4 @@ defimpl Pigeon.Configurable, for: Pigeon.APNS.Config do
]
|> Shared.add_port(config)
end

@spec cert_option(Config.t()) :: {:cert, binary} | {:certfile, binary}
def cert_option(%{cert: cert, certfile: nil}), do: {:cert, cert}
def cert_option(%{cert: nil, certfile: file}), do: {:certfile, file}

@spec key_option(Config.t()) :: {:key, binary} | {:keyfile, binary}
def key_option(%{key: key, keyfile: nil}), do: {:key, key}
def key_option(%{key: nil, keyfile: file}), do: {:keyfile, file}
end
9 changes: 0 additions & 9 deletions lib/pigeon/apns/config_parser.ex
Original file line number Diff line number Diff line change
Expand Up @@ -72,15 +72,6 @@ defmodule Pigeon.APNS.ConfigParser do
end)
end

@doc false
def strip_errors(config, key1, key2) do
case {Map.get(config, key1), Map.get(config, key2)} do
{{:error, _}, {:error, _}} -> config
{{:error, _}, _} -> Map.put(config, key1, nil)
{_, {:error, _}} -> Map.put(config, key2, nil)
end
end

@spec uri_for_mode(atom) :: binary | nil
def uri_for_mode(:dev), do: @apns_development_api_uri
def uri_for_mode(:prod), do: @apns_production_api_uri
Expand Down
Loading