diff options
| author | Peter Stone <thepeterstone@gmail.com> | 2026-03-18 23:56:34 +0000 |
|---|---|---|
| committer | Peter Stone <thepeterstone@gmail.com> | 2026-03-18 23:56:34 +0000 |
| commit | 599a26d556df52b364b5b540762a521d22eb5b7b (patch) | |
| tree | 740c141c52764604fc8d4c036733e5f47368b26a /internal/notify | |
| parent | 0db05b0fa6de318f164a1d73ddc55db9c59f1fc3 (diff) | |
| parent | 7df4f06ae0e3ae80bd967bf53cbec36e58b4a3bd (diff) | |
Merge feat/container-execution into master
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Diffstat (limited to 'internal/notify')
| -rw-r--r-- | internal/notify/vapid.go | 16 | ||||
| -rw-r--r-- | internal/notify/vapid_test.go | 21 |
2 files changed, 36 insertions, 1 deletions
diff --git a/internal/notify/vapid.go b/internal/notify/vapid.go index d93a090..684bf4d 100644 --- a/internal/notify/vapid.go +++ b/internal/notify/vapid.go @@ -1,6 +1,10 @@ package notify -import webpush "github.com/SherClockHolmes/webpush-go" +import ( + "encoding/base64" + + webpush "github.com/SherClockHolmes/webpush-go" +) // GenerateVAPIDKeys generates a VAPID key pair for web push notifications. // Returns the base64url-encoded public and private keys. @@ -9,3 +13,13 @@ func GenerateVAPIDKeys() (publicKey, privateKey string, err error) { privateKey, publicKey, err = webpush.GenerateVAPIDKeys() return } + +// ValidateVAPIDPublicKey reports whether key is a valid VAPID public key: +// a base64url-encoded 65-byte uncompressed P-256 point (starts with 0x04). +func ValidateVAPIDPublicKey(key string) bool { + b, err := base64.RawURLEncoding.DecodeString(key) + if err != nil { + return false + } + return len(b) == 65 && b[0] == 0x04 +} diff --git a/internal/notify/vapid_test.go b/internal/notify/vapid_test.go index 6157854..a45047d 100644 --- a/internal/notify/vapid_test.go +++ b/internal/notify/vapid_test.go @@ -5,6 +5,27 @@ import ( "testing" ) +// TestValidateVAPIDPublicKey verifies that ValidateVAPIDPublicKey accepts valid +// public keys and rejects private keys, empty strings, and invalid base64. +func TestValidateVAPIDPublicKey(t *testing.T) { + pub, priv, err := GenerateVAPIDKeys() + if err != nil { + t.Fatalf("GenerateVAPIDKeys: %v", err) + } + if !ValidateVAPIDPublicKey(pub) { + t.Error("valid public key should pass validation") + } + if ValidateVAPIDPublicKey(priv) { + t.Error("private key (32 bytes) should fail public key validation") + } + if ValidateVAPIDPublicKey("") { + t.Error("empty string should fail validation") + } + if ValidateVAPIDPublicKey("notbase64!!!") { + t.Error("invalid base64 should fail validation") + } +} + // TestGenerateVAPIDKeys_PublicKeyIs65Bytes verifies that the public key returned // by GenerateVAPIDKeys is a 65-byte uncompressed P256 EC point (base64url, no padding = 87 chars) // and the private key is 32 bytes (43 chars). Previously the return values were swapped. |