Auto-generate VAPID keys upon startup using py-vapid, and add pywebpush to requirements, drop obsolete script
This commit is contained in:
+3
-1
@@ -4,4 +4,6 @@ certs
|
|||||||
build
|
build
|
||||||
.venv
|
.venv
|
||||||
__pycache__
|
__pycache__
|
||||||
.pyc
|
.pycvapid.json
|
||||||
|
Web/vapid.json
|
||||||
|
Web/vapid_*.pem
|
||||||
|
|||||||
@@ -16,11 +16,39 @@ import settings as cfg
|
|||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
# VAPID keys for push notifications (should be in environment variables)
|
# VAPID keys for push notifications
|
||||||
VAPID_PUBLIC_KEY = os.getenv('VAPID_PUBLIC_KEY', '')
|
VAPID_PUBLIC_KEY = os.getenv('VAPID_PUBLIC_KEY', '')
|
||||||
VAPID_PRIVATE_KEY = os.getenv('VAPID_PRIVATE_KEY', '')
|
VAPID_PRIVATE_KEY = os.getenv('VAPID_PRIVATE_KEY', '')
|
||||||
VAPID_SUBJECT = os.getenv('VAPID_SUBJECT', f'mailto:admin@{os.getenv("SERVER_NAME", "localhost")}')
|
VAPID_SUBJECT = os.getenv('VAPID_SUBJECT', f'mailto:admin@{os.getenv("SERVER_NAME", "localhost")}')
|
||||||
|
|
||||||
|
VAPID_PRIVATE_PEM = os.path.join(os.path.dirname(__file__), 'vapid_private.pem')
|
||||||
|
VAPID_PUBLIC_PEM = os.path.join(os.path.dirname(__file__), 'vapid_public.pem')
|
||||||
|
|
||||||
|
# Auto-generate VAPID keys if none are provided
|
||||||
|
if not VAPID_PUBLIC_KEY or not VAPID_PRIVATE_KEY:
|
||||||
|
try:
|
||||||
|
from py_vapid import Vapid, b64urlencode
|
||||||
|
from cryptography.hazmat.primitives import serialization
|
||||||
|
|
||||||
|
vapid = Vapid()
|
||||||
|
if not os.path.exists(VAPID_PRIVATE_PEM):
|
||||||
|
vapid.generate_keys()
|
||||||
|
vapid.save_key(VAPID_PRIVATE_PEM)
|
||||||
|
vapid.save_public_key(VAPID_PUBLIC_PEM)
|
||||||
|
logger.info("Auto-generated new VAPID keys")
|
||||||
|
else:
|
||||||
|
vapid = Vapid.from_file(VAPID_PRIVATE_PEM)
|
||||||
|
|
||||||
|
raw_pub = vapid.public_key.public_bytes(
|
||||||
|
serialization.Encoding.X962,
|
||||||
|
serialization.PublicFormat.UncompressedPoint
|
||||||
|
)
|
||||||
|
|
||||||
|
VAPID_PUBLIC_KEY = b64urlencode(raw_pub)
|
||||||
|
VAPID_PRIVATE_KEY = VAPID_PRIVATE_PEM
|
||||||
|
except Exception as e:
|
||||||
|
logger.error(f'Could not load or generate VAPID keys: {e}')
|
||||||
|
|
||||||
# Push service endpoint (typically Firebase or Web Push Service)
|
# Push service endpoint (typically Firebase or Web Push Service)
|
||||||
PUSH_SERVICE_URL = 'https://fcm.googleapis.com/fcm/send' # Firebase Cloud Messaging
|
PUSH_SERVICE_URL = 'https://fcm.googleapis.com/fcm/send' # Firebase Cloud Messaging
|
||||||
FCM_API_KEY = os.getenv('FCM_API_KEY', '') # Firebase API key
|
FCM_API_KEY = os.getenv('FCM_API_KEY', '') # Firebase API key
|
||||||
|
|||||||
@@ -13,4 +13,4 @@ redis
|
|||||||
reportlab
|
reportlab
|
||||||
python-barcode
|
python-barcode
|
||||||
openpyxl
|
openpyxl
|
||||||
cryptography
|
cryptographypywebpush
|
||||||
|
|||||||
@@ -1,81 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
# VAPID Key Generation Script for Web Push Notifications
|
|
||||||
# Generates VAPID (Voluntary Application Server Identification) keys required for push notifications
|
|
||||||
|
|
||||||
echo "==========================================="
|
|
||||||
echo "VAPID Key Generation for Inventarsystem"
|
|
||||||
echo "==========================================="
|
|
||||||
echo ""
|
|
||||||
|
|
||||||
# Check if Python is available
|
|
||||||
if ! command -v python3 &> /dev/null; then
|
|
||||||
echo "❌ Error: Python 3 is required but not installed."
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Check if pywebpush is installed
|
|
||||||
echo "Checking for pywebpush..."
|
|
||||||
python3 -c "import pywebpush" 2>/dev/null
|
|
||||||
|
|
||||||
if [ $? -ne 0 ]; then
|
|
||||||
echo "Installing pywebpush..."
|
|
||||||
pip3 install pywebpush
|
|
||||||
if [ $? -ne 0 ]; then
|
|
||||||
echo "❌ Error: Failed to install pywebpush"
|
|
||||||
echo "Please install manually: pip3 install pywebpush"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "✓ pywebpush is installed"
|
|
||||||
echo ""
|
|
||||||
|
|
||||||
# Generate VAPID keys
|
|
||||||
echo "Generating VAPID keys..."
|
|
||||||
python3 << 'EOF'
|
|
||||||
from pywebpush import generate_keys
|
|
||||||
|
|
||||||
try:
|
|
||||||
keys = generate_keys()
|
|
||||||
print("✓ VAPID Keys generated successfully!")
|
|
||||||
print("")
|
|
||||||
print("PUBLIC KEY (share with browsers):")
|
|
||||||
print(keys['public_key'])
|
|
||||||
print("")
|
|
||||||
print("PRIVATE KEY (keep secret!):")
|
|
||||||
print(keys['private_key'])
|
|
||||||
print("")
|
|
||||||
print("==========================================="
|
|
||||||
print("Add these to your environment variables:")
|
|
||||||
print("==========================================="
|
|
||||||
print("")
|
|
||||||
print("export VAPID_PUBLIC_KEY='" + keys['public_key'] + "'")
|
|
||||||
print("export VAPID_PRIVATE_KEY='" + keys['private_key'] + "'")
|
|
||||||
print("export VAPID_SUBJECT='mailto:admin@yourdomain.com'")
|
|
||||||
print("")
|
|
||||||
print("Or add to your .env file:")
|
|
||||||
print("")
|
|
||||||
print("VAPID_PUBLIC_KEY=" + keys['public_key'])
|
|
||||||
print("VAPID_PRIVATE_KEY=" + keys['private_key'])
|
|
||||||
print("VAPID_SUBJECT=mailto:admin@yourdomain.com")
|
|
||||||
print("")
|
|
||||||
print("⚠️ IMPORTANT: Keep the PRIVATE KEY secret!")
|
|
||||||
print("==========================================="
|
|
||||||
|
|
||||||
except Exception as e:
|
|
||||||
print(f"❌ Error generating VAPID keys: {e}")
|
|
||||||
exit(1)
|
|
||||||
EOF
|
|
||||||
|
|
||||||
if [ $? -eq 0 ]; then
|
|
||||||
echo ""
|
|
||||||
echo "✓ Next steps:"
|
|
||||||
echo "1. Copy the PUBLIC KEY to your browser-side code"
|
|
||||||
echo "2. Set the PRIVATE KEY in your server environment"
|
|
||||||
echo "3. Update config.json with your email address"
|
|
||||||
echo "4. Test with: curl http://localhost:5000/api/push/vapid-key"
|
|
||||||
else
|
|
||||||
echo "❌ Error generating keys"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
+1
-1
@@ -13,4 +13,4 @@ reportlab
|
|||||||
python-barcode
|
python-barcode
|
||||||
openpyxl
|
openpyxl
|
||||||
cryptography
|
cryptography
|
||||||
pywebpush
|
pywebpushpywebpush
|
||||||
|
|||||||
Reference in New Issue
Block a user