225 lines
7.2 KiB
ReStructuredText
225 lines
7.2 KiB
ReStructuredText
|Build Status| |Requirements Status|
|
||
|
||
Webpush Data encryption library for Python
|
||
==========================================
|
||
|
||
This is a work in progress. This library is available on `pypi as
|
||
pywebpush <https://pypi.python.org/pypi/pywebpush>`__. Source is
|
||
available on `github <https://github.com/mozilla-services/pywebpush>`__.
|
||
|
||
Installation
|
||
------------
|
||
|
||
You’ll need to run ``python virtualenv``. Then
|
||
|
||
::
|
||
|
||
bin/pip install -r requirements.txt
|
||
bin/python setup.py develop
|
||
|
||
Usage
|
||
-----
|
||
|
||
In the browser, the promise handler for
|
||
`registration.pushManager.subscribe() <https://developer.mozilla.org/en-US/docs/Web/API/PushManager/subscribe>`__
|
||
returns a
|
||
`PushSubscription <https://developer.mozilla.org/en-US/docs/Web/API/PushSubscription>`__
|
||
object. This object has a .toJSON() method that will return a JSON
|
||
object that contains all the info we need to encrypt and push data.
|
||
|
||
As illustration, a ``subscription_info`` object may look like:
|
||
|
||
.. code:: json
|
||
|
||
{"endpoint": "https://updates.push.services.mozilla.com/push/v1/gAA...", "keys": {"auth": "k8J...", "p256dh": "BOr..."}}
|
||
|
||
How you send the PushSubscription data to your backend, store it
|
||
referenced to the user who requested it, and recall it when there’s a
|
||
new push subscription update is left as an exercise for the reader.
|
||
|
||
Sending Data using ``webpush()`` One Call
|
||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||
|
||
In many cases, your code will be sending a single message to many
|
||
recipients. There’s a “One Call” function which will make things easier.
|
||
|
||
.. code:: python
|
||
|
||
from pywebpush import webpush
|
||
|
||
webpush(subscription_info,
|
||
data,
|
||
vapid_private_key="Private Key or File Path[1]",
|
||
vapid_claims={"sub": "mailto:YourEmailAddress"})
|
||
|
||
This will encode ``data``, add the appropriate VAPID auth headers if
|
||
required and send it to the push server identified in the
|
||
``subscription_info`` block.
|
||
|
||
**Parameters**
|
||
|
||
*subscription_info* - The ``dict`` of the subscription info (described
|
||
above).
|
||
|
||
*data* - can be any serial content (string, bit array, serialized JSON,
|
||
etc), but be sure that your receiving application is able to parse and
|
||
understand it. (e.g. ``data = "Mary had a little lamb."``)
|
||
|
||
*content_type* - specifies the form of Encryption to use, either
|
||
``'aes128gcm'`` or the deprecated ``'aesgcm'``. NOTE that not all User
|
||
Agents can decrypt ``'aesgcm'``, so the library defaults to the RFC 8188
|
||
standard form.
|
||
|
||
*vapid_claims* - a ``dict`` containing the VAPID claims required for
|
||
authorization (See
|
||
`py_vapid <https://github.com/web-push-libs/vapid/tree/master/python>`__
|
||
for more details). If ``aud`` is not specified, pywebpush will attempt
|
||
to auto-fill from the ``endpoint``.
|
||
|
||
*vapid_private_key* - Either a path to a VAPID EC2 private key PEM file,
|
||
or a string containing the DER representation. (See
|
||
`py_vapid <https://github.com/web-push-libs/vapid/tree/master/python>`__
|
||
for more details.) The ``private_key`` may be a base64 encoded DER
|
||
formatted private key, or the path to an OpenSSL exported private key
|
||
file.
|
||
|
||
e.g. the output of:
|
||
|
||
::
|
||
|
||
openssl ecparam -name prime256v1 -genkey -noout -out private_key.pem
|
||
|
||
**Example**
|
||
|
||
.. code:: python
|
||
|
||
from pywebpush import webpush, WebPushException
|
||
|
||
try:
|
||
webpush(
|
||
subscription_info={
|
||
"endpoint": "https://push.example.com/v1/12345",
|
||
"keys": {
|
||
"p256dh": "0123abcde...",
|
||
"auth": "abc123..."
|
||
}},
|
||
data="Mary had a little lamb, with a nice mint jelly",
|
||
vapid_private_key="path/to/vapid_private.pem",
|
||
vapid_claims={
|
||
"sub": "mailto:YourNameHere@example.org",
|
||
}
|
||
)
|
||
except WebPushException as ex:
|
||
print("I'm sorry, Dave, but I can't do that: {}", repr(ex))
|
||
# Mozilla returns additional information in the body of the response.
|
||
if ex.response and ex.response.json():
|
||
extra = ex.response.json()
|
||
print("Remote service replied with a {}:{}, {}",
|
||
extra.code,
|
||
extra.errno,
|
||
extra.message
|
||
)
|
||
|
||
Methods
|
||
~~~~~~~
|
||
|
||
If you expect to resend to the same recipient, or have more needs than
|
||
just sending data quickly, you can pass just
|
||
``wp = WebPusher(subscription_info)``. This will return a ``WebPusher``
|
||
object.
|
||
|
||
The following methods are available:
|
||
|
||
``.send(data, headers={}, ttl=0, gcm_key="", reg_id="", content_encoding="aes128gcm", curl=False, timeout=None)``
|
||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||
|
||
Send the data using additional parameters. On error, returns a
|
||
``WebPushException``
|
||
|
||
**Parameters**
|
||
|
||
*data* Binary string of data to send
|
||
|
||
*headers* A ``dict`` containing any additional headers to send
|
||
|
||
*ttl* Message Time To Live on Push Server waiting for the client to
|
||
reconnect (in seconds)
|
||
|
||
*gcm_key* Google Cloud Messaging key (if using the older GCM push
|
||
system) This is the API key obtained from the Google Developer Console.
|
||
|
||
*reg_id* Google Cloud Messaging registration ID (will be extracted from
|
||
endpoint if not specified)
|
||
|
||
*content_encoding* ECE content encoding type (defaults to “aes128gcm”)
|
||
|
||
*curl* Do not execute the POST, but return as a ``curl`` command. This
|
||
will write the encrypted content to a local file named
|
||
``encrpypted.data``. This command is meant to be used for debugging
|
||
purposes.
|
||
|
||
*timeout* timeout for requests POST query. See `requests
|
||
documentation <http://docs.python-requests.org/en/master/user/quickstart/#timeouts>`__.
|
||
|
||
**Example**
|
||
|
||
to send from Chrome using the old GCM mode:
|
||
|
||
.. code:: python
|
||
|
||
WebPusher(subscription_info).send(data, headers, ttl, gcm_key)
|
||
|
||
``.encode(data, content_encoding="aes128gcm")``
|
||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||
|
||
Encode the ``data`` for future use. On error, returns a
|
||
``WebPushException``
|
||
|
||
**Parameters**
|
||
|
||
*data* Binary string of data to send
|
||
|
||
*content_encoding* ECE content encoding type (defaults to “aes128gcm”)
|
||
|
||
**Example**
|
||
|
||
.. code:: python
|
||
|
||
encoded_data = WebPush(subscription_info).encode(data)
|
||
|
||
Stand Alone Webpush
|
||
-------------------
|
||
|
||
If you’re not really into coding your own solution, there’s also a
|
||
“stand-alone” ``pywebpush`` command in the ./bin directory.
|
||
|
||
This uses two files: \* the *data* file, which contains the message to
|
||
send, in whatever form you like. \* the *subscription info* file, which
|
||
contains the subscription information as JSON encoded data. This is
|
||
usually returned by the Push ``subscribe`` method and looks something
|
||
like:
|
||
|
||
.. code:: json
|
||
|
||
{"endpoint": "https://push...",
|
||
"keys": {
|
||
"auth": "ab01...",
|
||
"p256dh": "aa02..."
|
||
}}
|
||
|
||
If you’re interested in just testing your applications WebPush
|
||
interface, you could use the Command Line:
|
||
|
||
.. code:: bash
|
||
|
||
./bin/pywebpush --data stuff_to_send.data --info subscription.info
|
||
|
||
which will encrypt and send the contents of ``stuff_to_send.data``.
|
||
|
||
See ``./bin/pywebpush --help`` for available commands and options.
|
||
|
||
.. |Build Status| image:: https://travis-ci.org/web-push-libs/pywebpush.svg?branch=main
|
||
:target: https://travis-ci.org/web-push-libs/pywebpush
|
||
.. |Requirements Status| image:: https://requires.io/github/web-push-libs/pywebpush/requirements.svg?branch=main
|
||
:target: https://requires.io/github/web-push-libs/pywebpush/requirements/?branch=main
|