Auto-generate VAPID keys upon startup using py-vapid, and add pywebpush to requirements, drop obsolete script

This commit is contained in:
2026-04-19 15:34:13 +02:00
parent c42ba39882
commit 50c4096f3f
5 changed files with 34 additions and 85 deletions
+3 -1
View File
@@ -4,4 +4,6 @@ certs
build build
.venv .venv
__pycache__ __pycache__
.pyc .pycvapid.json
Web/vapid.json
Web/vapid_*.pem
+29 -1
View File
@@ -16,11 +16,39 @@ import settings as cfg
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
# VAPID keys for push notifications (should be in environment variables) # VAPID keys for push notifications
VAPID_PUBLIC_KEY = os.getenv('VAPID_PUBLIC_KEY', '') VAPID_PUBLIC_KEY = os.getenv('VAPID_PUBLIC_KEY', '')
VAPID_PRIVATE_KEY = os.getenv('VAPID_PRIVATE_KEY', '') VAPID_PRIVATE_KEY = os.getenv('VAPID_PRIVATE_KEY', '')
VAPID_SUBJECT = os.getenv('VAPID_SUBJECT', f'mailto:admin@{os.getenv("SERVER_NAME", "localhost")}') VAPID_SUBJECT = os.getenv('VAPID_SUBJECT', f'mailto:admin@{os.getenv("SERVER_NAME", "localhost")}')
VAPID_PRIVATE_PEM = os.path.join(os.path.dirname(__file__), 'vapid_private.pem')
VAPID_PUBLIC_PEM = os.path.join(os.path.dirname(__file__), 'vapid_public.pem')
# Auto-generate VAPID keys if none are provided
if not VAPID_PUBLIC_KEY or not VAPID_PRIVATE_KEY:
try:
from py_vapid import Vapid, b64urlencode
from cryptography.hazmat.primitives import serialization
vapid = Vapid()
if not os.path.exists(VAPID_PRIVATE_PEM):
vapid.generate_keys()
vapid.save_key(VAPID_PRIVATE_PEM)
vapid.save_public_key(VAPID_PUBLIC_PEM)
logger.info("Auto-generated new VAPID keys")
else:
vapid = Vapid.from_file(VAPID_PRIVATE_PEM)
raw_pub = vapid.public_key.public_bytes(
serialization.Encoding.X962,
serialization.PublicFormat.UncompressedPoint
)
VAPID_PUBLIC_KEY = b64urlencode(raw_pub)
VAPID_PRIVATE_KEY = VAPID_PRIVATE_PEM
except Exception as e:
logger.error(f'Could not load or generate VAPID keys: {e}')
# Push service endpoint (typically Firebase or Web Push Service) # Push service endpoint (typically Firebase or Web Push Service)
PUSH_SERVICE_URL = 'https://fcm.googleapis.com/fcm/send' # Firebase Cloud Messaging PUSH_SERVICE_URL = 'https://fcm.googleapis.com/fcm/send' # Firebase Cloud Messaging
FCM_API_KEY = os.getenv('FCM_API_KEY', '') # Firebase API key FCM_API_KEY = os.getenv('FCM_API_KEY', '') # Firebase API key
+1 -1
View File
@@ -13,4 +13,4 @@ redis
reportlab reportlab
python-barcode python-barcode
openpyxl openpyxl
cryptography cryptographypywebpush
-81
View File
@@ -1,81 +0,0 @@
#!/bin/bash
# VAPID Key Generation Script for Web Push Notifications
# Generates VAPID (Voluntary Application Server Identification) keys required for push notifications
echo "==========================================="
echo "VAPID Key Generation for Inventarsystem"
echo "==========================================="
echo ""
# Check if Python is available
if ! command -v python3 &> /dev/null; then
echo "❌ Error: Python 3 is required but not installed."
exit 1
fi
# Check if pywebpush is installed
echo "Checking for pywebpush..."
python3 -c "import pywebpush" 2>/dev/null
if [ $? -ne 0 ]; then
echo "Installing pywebpush..."
pip3 install pywebpush
if [ $? -ne 0 ]; then
echo "❌ Error: Failed to install pywebpush"
echo "Please install manually: pip3 install pywebpush"
exit 1
fi
fi
echo "✓ pywebpush is installed"
echo ""
# Generate VAPID keys
echo "Generating VAPID keys..."
python3 << 'EOF'
from pywebpush import generate_keys
try:
keys = generate_keys()
print("✓ VAPID Keys generated successfully!")
print("")
print("PUBLIC KEY (share with browsers):")
print(keys['public_key'])
print("")
print("PRIVATE KEY (keep secret!):")
print(keys['private_key'])
print("")
print("==========================================="
print("Add these to your environment variables:")
print("==========================================="
print("")
print("export VAPID_PUBLIC_KEY='" + keys['public_key'] + "'")
print("export VAPID_PRIVATE_KEY='" + keys['private_key'] + "'")
print("export VAPID_SUBJECT='mailto:admin@yourdomain.com'")
print("")
print("Or add to your .env file:")
print("")
print("VAPID_PUBLIC_KEY=" + keys['public_key'])
print("VAPID_PRIVATE_KEY=" + keys['private_key'])
print("VAPID_SUBJECT=mailto:admin@yourdomain.com")
print("")
print("⚠️ IMPORTANT: Keep the PRIVATE KEY secret!")
print("==========================================="
except Exception as e:
print(f"❌ Error generating VAPID keys: {e}")
exit(1)
EOF
if [ $? -eq 0 ]; then
echo ""
echo "✓ Next steps:"
echo "1. Copy the PUBLIC KEY to your browser-side code"
echo "2. Set the PRIVATE KEY in your server environment"
echo "3. Update config.json with your email address"
echo "4. Test with: curl http://localhost:5000/api/push/vapid-key"
else
echo "❌ Error generating keys"
exit 1
fi
+1 -1
View File
@@ -13,4 +13,4 @@ reportlab
python-barcode python-barcode
openpyxl openpyxl
cryptography cryptography
pywebpush pywebpushpywebpush