diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml index efe700e0b7..0837ee4d78 100644 --- a/.rubocop_todo.yml +++ b/.rubocop_todo.yml @@ -40,7 +40,6 @@ Style/FetchEnvVar: - 'config/initializers/cache_buster.rb' - 'config/initializers/devise.rb' - 'config/initializers/paperclip.rb' - - 'config/initializers/vapid.rb' - 'lib/tasks/repo.rake' # This cop supports safe autocorrection (--autocorrect). diff --git a/app/lib/web_push_request.rb b/app/lib/web_push_request.rb index 85e8ab6bb5..416a629429 100644 --- a/app/lib/web_push_request.rb +++ b/app/lib/web_push_request.rb @@ -79,8 +79,8 @@ class WebPushRequest def vapid_key @vapid_key ||= Webpush::VapidKey.from_keys( - Rails.configuration.x.vapid_public_key, - Rails.configuration.x.vapid_private_key + Rails.configuration.x.vapid.public_key, + Rails.configuration.x.vapid.private_key ) end diff --git a/app/serializers/rest/application_serializer.rb b/app/serializers/rest/application_serializer.rb index 1a7b9265f1..96573c94f2 100644 --- a/app/serializers/rest/application_serializer.rb +++ b/app/serializers/rest/application_serializer.rb @@ -18,6 +18,6 @@ class REST::ApplicationSerializer < ActiveModel::Serializer end def vapid_key - Rails.configuration.x.vapid_public_key + Rails.configuration.x.vapid.public_key end end diff --git a/app/serializers/rest/instance_serializer.rb b/app/serializers/rest/instance_serializer.rb index 3ad142007a..910e74b911 100644 --- a/app/serializers/rest/instance_serializer.rb +++ b/app/serializers/rest/instance_serializer.rb @@ -65,7 +65,7 @@ class REST::InstanceSerializer < ActiveModel::Serializer }, vapid: { - public_key: Rails.configuration.x.vapid_public_key, + public_key: Rails.configuration.x.vapid.public_key, }, accounts: { diff --git a/app/serializers/rest/web_push_subscription_serializer.rb b/app/serializers/rest/web_push_subscription_serializer.rb index 01825a3bb0..11893f7c48 100644 --- a/app/serializers/rest/web_push_subscription_serializer.rb +++ b/app/serializers/rest/web_push_subscription_serializer.rb @@ -10,7 +10,7 @@ class REST::WebPushSubscriptionSerializer < ActiveModel::Serializer end def server_key - Rails.configuration.x.vapid_public_key + Rails.configuration.x.vapid.public_key end def policy diff --git a/app/views/shared/_web_app.html.haml b/app/views/shared/_web_app.html.haml index 25bd7926ce..5e6815165f 100644 --- a/app/views/shared/_web_app.html.haml +++ b/app/views/shared/_web_app.html.haml @@ -3,7 +3,7 @@ - if user_signed_in? %meta{ name: 'initialPath', content: request.path } - %meta{ name: 'applicationServerKey', content: Rails.configuration.x.vapid_public_key } + %meta{ name: 'applicationServerKey', content: Rails.configuration.x.vapid.public_key } = render_initial_state = vite_typescript_tag 'application.ts', crossorigin: 'anonymous' diff --git a/config/application.rb b/config/application.rb index 675a3c0c19..0ae34282c9 100644 --- a/config/application.rb +++ b/config/application.rb @@ -106,6 +106,7 @@ module Mastodon config.x.captcha = config_for(:captcha) config.x.mastodon = config_for(:mastodon) config.x.translation = config_for(:translation) + config.x.vapid = config_for(:vapid) if ENV.fetch('QUERY_LOG_TAGS_ENABLED', 'false') == 'true' config.active_record.query_log_tags_enabled = ENV.fetch('QUERY_LOG_TAGS_ENABLED', 'false') == 'true' diff --git a/config/environments/development.rb b/config/environments/development.rb index 4f43259d7d..ca9e876e26 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -40,10 +40,10 @@ Rails.application.configure do # Override default file logging in favor of STDOUT logging in dev environment config.logger = ActiveSupport::TaggedLogging.logger($stdout, formatter: config.log_formatter) - # Generate random VAPID keys + # Generate random VAPID keys when needed Webpush.generate_key.tap do |vapid_key| - config.x.vapid_private_key = vapid_key.private_key - config.x.vapid_public_key = vapid_key.public_key + config.x.vapid.private_key ||= vapid_key.private_key + config.x.vapid.public_key ||= vapid_key.public_key end # Don't care if the mailer can't send. diff --git a/config/environments/test.rb b/config/environments/test.rb index ccd4bf7dcf..0c4f1de41e 100644 --- a/config/environments/test.rb +++ b/config/environments/test.rb @@ -48,10 +48,11 @@ Rails.application.configure do # Print deprecation notices to the stderr. config.active_support.deprecation = :stderr - # Generate random VAPID keys - vapid_key = Webpush.generate_key - config.x.vapid_private_key = vapid_key.private_key - config.x.vapid_public_key = vapid_key.public_key + # Generate random VAPID keys when needed + Webpush.generate_key.tap do |vapid_key| + config.x.vapid.private_key ||= vapid_key.private_key + config.x.vapid.public_key ||= vapid_key.public_key + end # Raise exceptions when a reorder occurs in in_batches config.active_record.error_on_ignored_order = true diff --git a/config/initializers/vapid.rb b/config/initializers/vapid.rb deleted file mode 100644 index 551ede34fb..0000000000 --- a/config/initializers/vapid.rb +++ /dev/null @@ -1,16 +0,0 @@ -# frozen_string_literal: true - -Rails.application.configure do - # You can generate the keys using the following command (first is the private key, second is the public one) - # You should only generate this once per instance. If you later decide to change it, all push subscription will - # be invalidated, requiring the users to access the website again to resubscribe. - # - # Generate with `bundle exec rails mastodon:webpush:generate_vapid_key` task (`docker-compose run --rm web bundle exec rails mastodon:webpush:generate_vapid_key` if you use docker compose) - # - # For more information visit https://rossta.net/blog/using-the-web-push-api-with-vapid.html - - if Rails.env.production? - config.x.vapid_private_key = ENV['VAPID_PRIVATE_KEY'] - config.x.vapid_public_key = ENV['VAPID_PUBLIC_KEY'] - end -end diff --git a/config/vapid.yml b/config/vapid.yml new file mode 100644 index 0000000000..c3ee806fd6 --- /dev/null +++ b/config/vapid.yml @@ -0,0 +1,17 @@ +# You can generate the private and public keys using the following task. You +# should only generate this once per instance. If you later decide to change it, +# all push subscriptions will be invalidated, requiring users to access the +# website again to resubscribe. +# +# Generate on the CLI: +# `bundle exec rails mastodon:webpush:generate_vapid_key` +# +# Generate via Docker Compose: +# `docker-compose run --rm web bundle exec rails mastodon:webpush:generate_vapid_key` +# +# For more information visit +# https://rossta.net/blog/using-the-web-push-api-with-vapid.html +# +shared: + private_key: <%= ENV.fetch('VAPID_PRIVATE_KEY', nil) %> + public_key: <%= ENV.fetch('VAPID_PUBLIC_KEY', nil) %> diff --git a/spec/requests/api/v1/apps/credentials_spec.rb b/spec/requests/api/v1/apps/credentials_spec.rb index 3aca53ed0a..8c0292d8c3 100644 --- a/spec/requests/api/v1/apps/credentials_spec.rb +++ b/spec/requests/api/v1/apps/credentials_spec.rb @@ -29,7 +29,7 @@ RSpec.describe 'Credentials' do redirect_uris: token.application.redirect_uris, # Deprecated properties as of 4.3: redirect_uri: token.application.redirect_uri.split.first, - vapid_key: Rails.configuration.x.vapid_public_key + vapid_key: Rails.configuration.x.vapid.public_key ) ) end @@ -69,7 +69,7 @@ RSpec.describe 'Credentials' do redirect_uris: token.application.redirect_uris, # Deprecated properties as of 4.3: redirect_uri: token.application.redirect_uri.split.first, - vapid_key: Rails.configuration.x.vapid_public_key + vapid_key: Rails.configuration.x.vapid.public_key ) ) end diff --git a/spec/requests/api/v1/apps_spec.rb b/spec/requests/api/v1/apps_spec.rb index 3120ab9c64..d8ff0a83d8 100644 --- a/spec/requests/api/v1/apps_spec.rb +++ b/spec/requests/api/v1/apps_spec.rb @@ -49,7 +49,7 @@ RSpec.describe 'Apps' do redirect_uris: redirect_uris, # Deprecated properties as of 4.3: redirect_uri: redirect_uri, - vapid_key: Rails.configuration.x.vapid_public_key + vapid_key: Rails.configuration.x.vapid.public_key ) ) end diff --git a/spec/serializers/rest/instance_serializer_spec.rb b/spec/serializers/rest/instance_serializer_spec.rb index 2d8d14e39a..59c7480ec3 100644 --- a/spec/serializers/rest/instance_serializer_spec.rb +++ b/spec/serializers/rest/instance_serializer_spec.rb @@ -15,7 +15,7 @@ RSpec.describe REST::InstanceSerializer do describe 'configuration' do it 'returns the VAPID public key' do expect(serialization['configuration']['vapid']).to eq({ - 'public_key' => Rails.configuration.x.vapid_public_key, + 'public_key' => Rails.configuration.x.vapid.public_key, }) end diff --git a/spec/workers/web/push_notification_worker_spec.rb b/spec/workers/web/push_notification_worker_spec.rb index 6ee8ae53f8..d18d6c4d68 100644 --- a/spec/workers/web/push_notification_worker_spec.rb +++ b/spec/workers/web/push_notification_worker_spec.rb @@ -38,13 +38,13 @@ RSpec.describe Web::PushNotificationWorker do describe 'perform' do around do |example| - original_private = Rails.configuration.x.vapid_private_key - original_public = Rails.configuration.x.vapid_public_key - Rails.configuration.x.vapid_private_key = vapid_private_key - Rails.configuration.x.vapid_public_key = vapid_public_key + original_private = Rails.configuration.x.vapid.private_key + original_public = Rails.configuration.x.vapid.public_key + Rails.configuration.x.vapid.private_key = vapid_private_key + Rails.configuration.x.vapid.public_key = vapid_public_key example.run - Rails.configuration.x.vapid_private_key = original_private - Rails.configuration.x.vapid_public_key = original_public + Rails.configuration.x.vapid.private_key = original_private + Rails.configuration.x.vapid.public_key = original_public end before do