The version available on npm has the line:
const encrypt = require('./encrypt').encrypt;
which should be:
const encrypt = require('./encrypt');

This prevents the package from functioning and is fixed in master but not pushed to npm. I would greatly appreciate it if this change could be pushed to npm.

(Sorry if this isn't the appropriate place for this kind of question)

Thanks!

please create gitter chat.

If I try to send a push message to a client who has unsubscribed, the promise is fulfilled and I have to look at the response returned. I expected the promise to be rejected and then catch the error there.

webpush.sendWebPush(message, subscription, gcmKey)
.then(function(resp) {
  // May have sent or may not have
})
.catch(function(resp) {
  // Expected this to be called if the message wan't sent
});

• Link to spec/guides/etc. from README
• Document the actual API

I have used this module to send a payload with my push notification. I get the pushEvent object at my service worker and in there I find that the data attribute isn't null anymore, so some payload is actually send.

However, my issue is that I do not know how to read the message from the payload. I have tried using JSON.stringify the data attribute but it returns "{}"

webpush used from the server

    webpush.setGCMAPIKey('AIzaSyB71PDpHDx_zNqtMzidfzSp7CqCKV0Y8');
    webpush.sendWebPush('My title', subscription);

service worker file

self.addEventListener('push', function(event) {
  console.log('Push message', event);
  data = {}
  if (event.data) {
    console.log('rawdata', event.data);
    //console.log('data', event.data.json());
    //data = event.data.json();
    data = event.data
    dataString = JSON.stringify(data);
    console.log(dataString);
  }
  title = data.title || 'title'
  body = data.body || 'decription'

  event.waitUntil(
    self.registration.showNotification(title, {
     body: body,
     icon: '../images/icons/icon-192x192.png',
     tag: 'my-tag'
   }));
});

google Chrome developer console:

I'm the developer of https://github.com/marco-c/web-push, which is another server-side Node.js library for Web Push.
In my library, I've implemented push notifications for Firefox (with and without payloads) and Chrome (old GCM method, so without payload).
I'm planning to add support for payloads in Chrome (web-push-libs/web-push#114).

I'm also adding support for VAPID in Firefox (web-push-libs/web-push#112), and I'm looking forward to Chrome supporting it (https://bugs.chromium.org/p/chromium/issues/detail?id=583753).

I think the two libraries serve the same purpose, and we could merge them to avoid duplicating our efforts.

[Subscription Restrictions] - https://tools.ietf.org/html/draft-thomson-webpush-vapid-02

Something we'll need to consider how to manage.

Details

• Client library will need to get the public key from the server to subscribe
• Server will need to create a JWT signed with the private key

When I sent without payload and encryption, it worked.

{"multicast_id":734392...,"success":1,"failure":0,"canonical_ids":0,"results":[{"message_id":"0:14609..."}]}

But when I sent via sendWebPush with same authToken, it returned 400 error like below.

{ statusCode: 400,
  statusMessage: 'UnauthorizedRegistration',
  body: '<HTML>\n<HEAD>\n<TITLE>UnauthorizedRegistration</TITLE>\n</HEAD>\n<BODY BGCOLOR="#FFFFFF" TEXT="#000000">\n<H1>UnauthorizedRegistration</H1>\n<H2>Error 400</H2>\n</BODY>\n</HTML>\n' }

When do I get 'UnauthorizedRegistration' 400 error? ;-(

It would be helpful to developers considering using this library if the README documented the browsers and protocols currently supported by the library, and the configurations that are expected to be supported in the future. (Maybe the version of Node, too.)

Something like:

Browsers in italics have not been released as of April 2016.

Hey guys,

I'd just like to request that you update the docs as you change the API. I've had it break on me a couple of times now. The latest change seems to require that we call webpush.setGCMAPIKey(apiKey) instead of passing the key in with webpush.sendWebPush().

Cheers,
Ryan

It's unclear today what the subscription object in readme is supposed to be.

Weirdly I'm getting an error that this package doesn't exist in the NPM registry... Any ideas?

Hi!
It would be great if there would be a chance to apply custom headers for given request. For example Firefox requires TTL header to be set when pushing to their push service so every request to them receives 400 status code if device is not currently connected to the internet. I think there may be some other cases where setting some custom headers could be potentially required.

I got to this repo from the readme, but if it was also in package.json it would tie the two together in the usual way.

Is it not possible to get the actual status of the push ? It says Status: 201 - Created... How would I verify the push was sent? Every other document clearly indicates you should be lookign at the status to determine if the push was successfully sent

Here is my little test script that is supposed to send the chrome notification:

import * as chromePusher from 'web-push-encryption';

export function sendChromeNotification() {
  let subscription = {
     "endpoint":"https://android.googleapis.com/gcm/send/**********",
     "keys":{"p256dh":"***********-*********=",
     "auth":"*******=="}
  };

  chromePusher.setGCMAPIKey("**********");

  let dataPayload = "test string";
  chromePusher.sendWebPush(dataPayload, subscription)
    .then((response) => console.log("push response=", JSON.stringify(response)))
    .catch((err) => console.log("push error=", JSON.stringify(err)));
}

This is the response printed in console:
"push response= {\"statusCode\":201,\"statusMessage\":\"Created\",\"body\":\"\"}

But no notification is received in the browser.

But but, if I set dataPayload to blank, then the notification is received. Except of course it defeats the purpose.

Don't know if this is a library problem or GCM but any pointers would help.

This whole setup is running on localhost, not sure if that could be a problem for the browser to reject the notification and how to fix it.

At the moment we add the minimum padding buffer, we should dynamically alter based on the input.

At the moment, the sendWebPush() method expects a payload and throws and error if there is no payload.

There are a few scenarios where this may not be desirable:

1.) Using existing subscription objects that dont have keys
2.) Desire to use tickles and not send payload for some messages
3.) Make it easier to drop in the library

@wibblymat thoughts on this?

Looking briefly through code, it would be a case of just checking input data and picking either sendWebPushTickle() sendWebPushWithData() OR single method (same as now), but switch between which headers are set.

@petele @paullewis @owencm thoughts on this?

Also i got such response from GCM

{ statusCode: 200,
  statusMessage: 'OK',
  body: '{"multicast_id":6777736059144782845,"success":0,"failure":1,"canonical_ids":0,"results":[{"error":"MessageTooBig"}]}' }

For simple payload - "Hello". Encoded payload is too big, any way to resolve it? I understand that encrypted payload is big, but how to pass normal data in this case? But sometimes for same payload it works...

cc @wibblymat @petele @PaulKinlan @beverloo

At the moment the output of encrypt are buffers, given that some fields need to be url safe base64 encoded and some don't (I can't recall which) and given this is accessible on the index object, it feels a bit unfriendly to return a buffer.

We could by default return a string for ciphertext, salt and serverpublickey and have an option on the encrypt method to return buffer (just a boolean) that if set to true will return the buffer (useful for internal usage of encrypt).

var message = library.encrypt('Hello, World', subscription);
console.log(message);

// Prints
{
  ciphertext: <Buffer 5d c6 c4 eb 1d 15 38 34 68 1c 32 f4 dd 46 b9 1e 32 4e 3b ff 17 b7 74 e2 87 54 81 f1 64 c1>,
  salt: <Buffer 29 d8 5c b5 46 36 49 58 4f 89 b7 3f f0 e9 28 7c>,
  serverPublicKey: <Buffer 04 f6 80 3b 42 ec 2a 67 a8 9a eb 3e 91 06 7f c7 e1 4f f4 28 41 9b 6a f8 ef 53 6a c8 17 97 52 f1 9e 1e d0 6e bc b8 4a e3 47 7d 73 5f 5b 3d d0 9d c1 f9 ... >
}

From Server am using: webpush.sendWebPush('my push messsage', subscription).then(function(resolve,reject){
console.log('chrome resolve: ', resolve);
console.log('chrome reject: ', reject);
});

result of resolve: { statusCode: 201, statusMessage: 'Created', body: '' }

on client getting push event: {data: PushMessageData, type: "push", target: ServiceWorkerGlobalScope, currentTarget: ServiceWorkerGlobalScope, eventPhase: 2…}

i always found empty object: PushMessageData {}

Does anyone have a plane to make a complete PHP LIB? If someone have a project, I love to help. Or if someone have the same idea do begin with, NEW, Im here. Just make in touch!

I know that the new PHP 7.1 will come with great improvements in the cryptography algorithms! Will be great!

I have written up a client in Java to do the push encryption. Would this be the right repository to contribute, or should it go somewhere else?

Also, is there a link to conventions, a styleguide etc. when it comes to putting in Java code?

my script is very simple

var webpush = require('web-push-encryption');
webpush.setGCMAPIKey('AIzaSyBuJ2cYQTm1_........');

var subscription = {
  endpoint: "https://android.googleapis.com/gcm/send/eFYgleqGaxQ:APA91bEsz0UJC-C8AsHvemQ…uEUh0zSRiN3C_62QTxb7LZY51zfMY_d3CHqhQ8GSSxJEnkKJLwesNL3QD_CahvrsqBR_W_YUZz",
  keys: {
    p256dh: "BIzynOEufyNOXxLGMFuC9bTYdKTKYuiHjTKq9aotLNfmRxz4J-RkaCRS3cD_GjtluAjG_k_VlK1HFrFZKHL47BE=",
    auth: "yLM9KWWh5rHkyhcoWfbKzA=="
  }
};
var payload = new Buffer('Hello, World!', 'utf8');

var res = webpush.sendWebPush(payload, subscription).then(function(response) {
        console.log(response);
}).catch(function (err) {
        console.log(err);
});

In response i got

{ code: 'expired-subscription',
  statusCode: 400,
  statusMessage: 'UnauthorizedRegistration',
  body: '<HTML>\n<HEAD>\n<TITLE>UnauthorizedRegistration</TITLE>\n</HEAD>\n<BODY BGCOLOR="#FFFFFF" TEXT="#000000">\n<H1>UnauthorizedRegistration</H1>\n<H2>Error 400</H2>\n</BODY>\n</HTML>\n' }

Root cause: payload must be json and also http response header must contains Content-type:application/json

Hi ,
node-gcm allows a proxy parameter, is it possible to also implement it in push-encryption ?

Regards

Florent

cc @wibblymat @petele

At the moment you can make the following request:

library.sendWebPush(gcmSubscription, 'Hello, World!');

The library will switch out the gcm endpoint for the webpush gcm endpoint which is great.

However this will try and make a request without an auth token, i.e. we know that this will fail.

The actual code should be:

library.addAuthToken('https://android.googleapis.com/gcm/send', API_KEY);
library.sendWebPush(gcmSubscription, 'Hello, World!');

This will then add an edditional header 'Authorization'. At the moment I think this is only required for GCM, and Authorization may be specific to GCM Web Push.

My main fears are:

1.) We expect developers to set the pattern
2.) If the developer passes in GCM endpoint as is vs the new web push url, the web push url will fail while the only GCM would work
3.) I don't think this is needed or used for any other push service

This API as a result feels likely to cause confusion / errors.

At the very least I would like the API to error if there is no auth token and the endpoint is for a GCM endpoint.

But I would like to see the addAuthToken be swapped for addGCMAuthToken();

@wibblymat was there a reason for leaving this so generic for all push services?

nvm

This is a minor thing … but it bugs me that the name of the repo is push-encryption-node and the name of the npm package is web-push-encryption. Is there a way to tidy that up somehow? I keep forgetting which is which.

Both for the repo and the node module.

This doesn't just do encryption. We want it to handle tickles, VAPID, etc. So something a little less specific.

We should ensure to throw an error if the keys are provided in the wrong encoding or type, e.g. a string instead of a buffer, non-URL-safe Base64 etc.

This would allow explicit comparisons of error messages thrown and vs expect error messages in the unit tests.