summaryrefslogtreecommitdiffstats
path: root/dom/push/PushService.sys.mjs
diff options
context:
space:
mode:
Diffstat (limited to 'dom/push/PushService.sys.mjs')
-rw-r--r--dom/push/PushService.sys.mjs1485
1 files changed, 1485 insertions, 0 deletions
diff --git a/dom/push/PushService.sys.mjs b/dom/push/PushService.sys.mjs
new file mode 100644
index 0000000000..7314e3df54
--- /dev/null
+++ b/dom/push/PushService.sys.mjs
@@ -0,0 +1,1485 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+import { AppConstants } from "resource://gre/modules/AppConstants.sys.mjs";
+
+import { clearTimeout, setTimeout } from "resource://gre/modules/Timer.sys.mjs";
+import { XPCOMUtils } from "resource://gre/modules/XPCOMUtils.sys.mjs";
+
+export var PushServiceWebSocket;
+export var PushServiceHttp2;
+
+const lazy = {};
+
+XPCOMUtils.defineLazyServiceGetter(
+ lazy,
+ "gPushNotifier",
+ "@mozilla.org/push/Notifier;1",
+ "nsIPushNotifier"
+);
+ChromeUtils.defineESModuleGetters(lazy, {
+ PushCrypto: "resource://gre/modules/PushCrypto.sys.mjs",
+ pushBroadcastService: "resource://gre/modules/PushBroadcastService.sys.mjs",
+});
+
+const CONNECTION_PROTOCOLS = (function () {
+ if ("android" != AppConstants.MOZ_WIDGET_TOOLKIT) {
+ ({ PushServiceWebSocket } = ChromeUtils.importESModule(
+ "resource://gre/modules/PushServiceWebSocket.sys.mjs"
+ ));
+ ({ PushServiceHttp2 } = ChromeUtils.importESModule(
+ "resource://gre/modules/PushServiceHttp2.sys.mjs"
+ ));
+ return [PushServiceWebSocket, PushServiceHttp2];
+ }
+ return [];
+})();
+
+ChromeUtils.defineLazyGetter(lazy, "console", () => {
+ let { ConsoleAPI } = ChromeUtils.importESModule(
+ "resource://gre/modules/Console.sys.mjs"
+ );
+ return new ConsoleAPI({
+ maxLogLevelPref: "dom.push.loglevel",
+ prefix: "PushService",
+ });
+});
+
+const prefs = Services.prefs.getBranch("dom.push.");
+
+const PUSH_SERVICE_UNINIT = 0;
+const PUSH_SERVICE_INIT = 1; // No serverURI
+const PUSH_SERVICE_ACTIVATING = 2; // activating db
+const PUSH_SERVICE_CONNECTION_DISABLE = 3;
+const PUSH_SERVICE_ACTIVE_OFFLINE = 4;
+const PUSH_SERVICE_RUNNING = 5;
+
+/**
+ * State is change only in couple of functions:
+ * init - change state to PUSH_SERVICE_INIT if state was PUSH_SERVICE_UNINIT
+ * changeServerURL - change state to PUSH_SERVICE_ACTIVATING if serverURL
+ * present or PUSH_SERVICE_INIT if not present.
+ * changeStateConnectionEnabledEvent - it is call on pref change or during
+ * the service activation and it can
+ * change state to
+ * PUSH_SERVICE_CONNECTION_DISABLE
+ * changeStateOfflineEvent - it is called when offline state changes or during
+ * the service activation and it change state to
+ * PUSH_SERVICE_ACTIVE_OFFLINE or
+ * PUSH_SERVICE_RUNNING.
+ * uninit - change state to PUSH_SERVICE_UNINIT.
+ **/
+
+// This is for starting and stopping service.
+const STARTING_SERVICE_EVENT = 0;
+const CHANGING_SERVICE_EVENT = 1;
+const STOPPING_SERVICE_EVENT = 2;
+const UNINIT_EVENT = 3;
+
+// Returns the backend for the given server URI.
+function getServiceForServerURI(uri) {
+ // Insecure server URLs are allowed for development and testing.
+ let allowInsecure = prefs.getBoolPref(
+ "testing.allowInsecureServerURL",
+ false
+ );
+ if (AppConstants.MOZ_WIDGET_TOOLKIT == "android") {
+ if (uri.scheme == "https" || (allowInsecure && uri.scheme == "http")) {
+ return CONNECTION_PROTOCOLS;
+ }
+ return null;
+ }
+ if (uri.scheme == "wss" || (allowInsecure && uri.scheme == "ws")) {
+ return PushServiceWebSocket;
+ }
+ if (uri.scheme == "https" || (allowInsecure && uri.scheme == "http")) {
+ return PushServiceHttp2;
+ }
+ return null;
+}
+
+/**
+ * Annotates an error with an XPCOM result code. We use this helper
+ * instead of `Components.Exception` because the latter can assert in
+ * `nsXPCComponents_Exception::HasInstance` when inspected at shutdown.
+ */
+function errorWithResult(message, result = Cr.NS_ERROR_FAILURE) {
+ let error = new Error(message);
+ error.result = result;
+ return error;
+}
+
+/**
+ * The implementation of the push system. It uses WebSockets
+ * (PushServiceWebSocket) to communicate with the server and PushDB (IndexedDB)
+ * for persistence.
+ */
+export var PushService = {
+ _service: null,
+ _state: PUSH_SERVICE_UNINIT,
+ _db: null,
+ _options: null,
+ _visibleNotifications: new Map(),
+
+ // Callback that is called after attempting to
+ // reduce the quota for a record. Used for testing purposes.
+ _updateQuotaTestCallback: null,
+
+ // Set of timeout ID of tasks to reduce quota.
+ _updateQuotaTimeouts: new Set(),
+
+ // When serverURI changes (this is used for testing), db is cleaned up and a
+ // a new db is started. This events must be sequential.
+ _stateChangeProcessQueue: null,
+ _stateChangeProcessEnqueue(op) {
+ if (!this._stateChangeProcessQueue) {
+ this._stateChangeProcessQueue = Promise.resolve();
+ }
+
+ this._stateChangeProcessQueue = this._stateChangeProcessQueue
+ .then(op)
+ .catch(error => {
+ lazy.console.error(
+ "stateChangeProcessEnqueue: Error transitioning state",
+ error
+ );
+ return this._shutdownService();
+ })
+ .catch(error => {
+ lazy.console.error(
+ "stateChangeProcessEnqueue: Error shutting down service",
+ error
+ );
+ });
+ return this._stateChangeProcessQueue;
+ },
+
+ // Pending request. If a worker try to register for the same scope again, do
+ // not send a new registration request. Therefore we need queue of pending
+ // register requests. This is the list of scopes which pending registration.
+ _pendingRegisterRequest: {},
+ _notifyActivated: null,
+ _activated: null,
+ _checkActivated() {
+ if (this._state < PUSH_SERVICE_ACTIVATING) {
+ return Promise.reject(new Error("Push service not active"));
+ }
+ if (this._state > PUSH_SERVICE_ACTIVATING) {
+ return Promise.resolve();
+ }
+ if (!this._activated) {
+ this._activated = new Promise((resolve, reject) => {
+ this._notifyActivated = { resolve, reject };
+ });
+ }
+ return this._activated;
+ },
+
+ _makePendingKey(aPageRecord) {
+ return aPageRecord.scope + "|" + aPageRecord.originAttributes;
+ },
+
+ _lookupOrPutPendingRequest(aPageRecord) {
+ let key = this._makePendingKey(aPageRecord);
+ if (this._pendingRegisterRequest[key]) {
+ return this._pendingRegisterRequest[key];
+ }
+
+ return (this._pendingRegisterRequest[key] =
+ this._registerWithServer(aPageRecord));
+ },
+
+ _deletePendingRequest(aPageRecord) {
+ let key = this._makePendingKey(aPageRecord);
+ if (this._pendingRegisterRequest[key]) {
+ delete this._pendingRegisterRequest[key];
+ }
+ },
+
+ _setState(aNewState) {
+ lazy.console.debug(
+ "setState()",
+ "new state",
+ aNewState,
+ "old state",
+ this._state
+ );
+
+ if (this._state == aNewState) {
+ return;
+ }
+
+ if (this._state == PUSH_SERVICE_ACTIVATING) {
+ // It is not important what is the new state as soon as we leave
+ // PUSH_SERVICE_ACTIVATING
+ if (this._notifyActivated) {
+ if (aNewState < PUSH_SERVICE_ACTIVATING) {
+ this._notifyActivated.reject(new Error("Push service not active"));
+ } else {
+ this._notifyActivated.resolve();
+ }
+ }
+ this._notifyActivated = null;
+ this._activated = null;
+ }
+ this._state = aNewState;
+ },
+
+ async _changeStateOfflineEvent(offline, calledFromConnEnabledEvent) {
+ lazy.console.debug("changeStateOfflineEvent()", offline);
+
+ if (
+ this._state < PUSH_SERVICE_ACTIVE_OFFLINE &&
+ this._state != PUSH_SERVICE_ACTIVATING &&
+ !calledFromConnEnabledEvent
+ ) {
+ return;
+ }
+
+ if (offline) {
+ if (this._state == PUSH_SERVICE_RUNNING) {
+ this._service.disconnect();
+ }
+ this._setState(PUSH_SERVICE_ACTIVE_OFFLINE);
+ return;
+ }
+
+ if (this._state == PUSH_SERVICE_RUNNING) {
+ // PushService was not in the offline state, but got notification to
+ // go online (a offline notification has not been sent).
+ // Disconnect first.
+ this._service.disconnect();
+ }
+
+ let broadcastListeners = await lazy.pushBroadcastService.getListeners();
+
+ // In principle, a listener could be added to the
+ // pushBroadcastService here, after we have gotten listeners and
+ // before we're RUNNING, but this can't happen in practice because
+ // the only caller that can add listeners is PushBroadcastService,
+ // and it waits on the same promise we are before it can add
+ // listeners. If PushBroadcastService gets woken first, it will
+ // update the value that is eventually returned from
+ // getListeners.
+ this._setState(PUSH_SERVICE_RUNNING);
+
+ this._service.connect(broadcastListeners);
+ },
+
+ _changeStateConnectionEnabledEvent(enabled) {
+ lazy.console.debug("changeStateConnectionEnabledEvent()", enabled);
+
+ if (
+ this._state < PUSH_SERVICE_CONNECTION_DISABLE &&
+ this._state != PUSH_SERVICE_ACTIVATING
+ ) {
+ return Promise.resolve();
+ }
+
+ if (enabled) {
+ return this._changeStateOfflineEvent(Services.io.offline, true);
+ }
+
+ if (this._state == PUSH_SERVICE_RUNNING) {
+ this._service.disconnect();
+ }
+ this._setState(PUSH_SERVICE_CONNECTION_DISABLE);
+ return Promise.resolve();
+ },
+
+ // Used for testing.
+ changeTestServer(url, options = {}) {
+ lazy.console.debug("changeTestServer()");
+
+ return this._stateChangeProcessEnqueue(_ => {
+ if (this._state < PUSH_SERVICE_ACTIVATING) {
+ lazy.console.debug("changeTestServer: PushService not activated?");
+ return Promise.resolve();
+ }
+
+ return this._changeServerURL(url, CHANGING_SERVICE_EVENT, options);
+ });
+ },
+
+ observe: function observe(aSubject, aTopic, aData) {
+ switch (aTopic) {
+ /*
+ * We need to call uninit() on shutdown to clean up things that modules
+ * aren't very good at automatically cleaning up, so we don't get shutdown
+ * leaks on browser shutdown.
+ */
+ case "quit-application":
+ this.uninit();
+ break;
+ case "network:offline-status-changed":
+ this._stateChangeProcessEnqueue(_ =>
+ this._changeStateOfflineEvent(aData === "offline", false)
+ );
+ break;
+
+ case "nsPref:changed":
+ if (aData == "serverURL") {
+ lazy.console.debug(
+ "observe: dom.push.serverURL changed for websocket",
+ prefs.getStringPref("serverURL")
+ );
+ this._stateChangeProcessEnqueue(_ =>
+ this._changeServerURL(
+ prefs.getStringPref("serverURL"),
+ CHANGING_SERVICE_EVENT
+ )
+ );
+ } else if (aData == "connection.enabled") {
+ this._stateChangeProcessEnqueue(_ =>
+ this._changeStateConnectionEnabledEvent(
+ prefs.getBoolPref("connection.enabled")
+ )
+ );
+ }
+ break;
+
+ case "idle-daily":
+ this._dropExpiredRegistrations().catch(error => {
+ lazy.console.error(
+ "Failed to drop expired registrations on idle",
+ error
+ );
+ });
+ break;
+
+ case "perm-changed":
+ this._onPermissionChange(aSubject, aData).catch(error => {
+ lazy.console.error(
+ "onPermissionChange: Error updating registrations:",
+ error
+ );
+ });
+ break;
+
+ case "clear-origin-attributes-data":
+ this._clearOriginData(aData).catch(error => {
+ lazy.console.error(
+ "clearOriginData: Error clearing origin data:",
+ error
+ );
+ });
+ break;
+ }
+ },
+
+ _clearOriginData(data) {
+ lazy.console.log("clearOriginData()");
+
+ if (!data) {
+ return Promise.resolve();
+ }
+
+ let pattern = JSON.parse(data);
+ return this._dropRegistrationsIf(record =>
+ record.matchesOriginAttributes(pattern)
+ );
+ },
+
+ /**
+ * Sends an unregister request to the server in the background. If the
+ * service is not connected, this function is a no-op.
+ *
+ * @param {PushRecord} record The record to unregister.
+ * @param {Number} reason An `nsIPushErrorReporter` unsubscribe reason,
+ * indicating why this record was removed.
+ */
+ _backgroundUnregister(record, reason) {
+ lazy.console.debug("backgroundUnregister()");
+
+ if (!this._service.isConnected() || !record) {
+ return;
+ }
+
+ lazy.console.debug("backgroundUnregister: Notifying server", record);
+ this._sendUnregister(record, reason)
+ .then(() => {
+ lazy.gPushNotifier.notifySubscriptionModified(
+ record.scope,
+ record.principal
+ );
+ })
+ .catch(e => {
+ lazy.console.error("backgroundUnregister: Error notifying server", e);
+ });
+ },
+
+ _findService(serverURL) {
+ lazy.console.debug("findService()");
+
+ if (!serverURL) {
+ lazy.console.warn("findService: No dom.push.serverURL found");
+ return [];
+ }
+
+ let uri;
+ try {
+ uri = Services.io.newURI(serverURL);
+ } catch (e) {
+ lazy.console.warn(
+ "findService: Error creating valid URI from",
+ "dom.push.serverURL",
+ serverURL
+ );
+ return [];
+ }
+
+ let service = getServiceForServerURI(uri);
+ return [service, uri];
+ },
+
+ _changeServerURL(serverURI, event, options = {}) {
+ lazy.console.debug("changeServerURL()");
+
+ switch (event) {
+ case UNINIT_EVENT:
+ return this._stopService(event);
+
+ case STARTING_SERVICE_EVENT: {
+ let [service, uri] = this._findService(serverURI);
+ if (!service) {
+ this._setState(PUSH_SERVICE_INIT);
+ return Promise.resolve();
+ }
+ return this._startService(service, uri, options).then(_ =>
+ this._changeStateConnectionEnabledEvent(
+ prefs.getBoolPref("connection.enabled")
+ )
+ );
+ }
+ case CHANGING_SERVICE_EVENT:
+ let [service, uri] = this._findService(serverURI);
+ if (service) {
+ if (this._state == PUSH_SERVICE_INIT) {
+ this._setState(PUSH_SERVICE_ACTIVATING);
+ // The service has not been running - start it.
+ return this._startService(service, uri, options).then(_ =>
+ this._changeStateConnectionEnabledEvent(
+ prefs.getBoolPref("connection.enabled")
+ )
+ );
+ }
+ this._setState(PUSH_SERVICE_ACTIVATING);
+ // If we already had running service - stop service, start the new
+ // one and check connection.enabled and offline state(offline state
+ // check is called in changeStateConnectionEnabledEvent function)
+ return this._stopService(CHANGING_SERVICE_EVENT)
+ .then(_ => this._startService(service, uri, options))
+ .then(_ =>
+ this._changeStateConnectionEnabledEvent(
+ prefs.getBoolPref("connection.enabled")
+ )
+ );
+ }
+ if (this._state == PUSH_SERVICE_INIT) {
+ return Promise.resolve();
+ }
+ // The new serverUri is empty or misconfigured - stop service.
+ this._setState(PUSH_SERVICE_INIT);
+ return this._stopService(STOPPING_SERVICE_EVENT);
+
+ default:
+ lazy.console.error("Unexpected event in _changeServerURL", event);
+ return Promise.reject(new Error(`Unexpected event ${event}`));
+ }
+ },
+
+ /**
+ * PushService initialization is divided into 4 parts:
+ * init() - start listening for quit-application and serverURL changes.
+ * state is change to PUSH_SERVICE_INIT
+ * startService() - if serverURL is present this function is called. It starts
+ * listening for broadcasted messages, starts db and
+ * PushService connection (WebSocket).
+ * state is change to PUSH_SERVICE_ACTIVATING.
+ * startObservers() - start other observers.
+ * changeStateConnectionEnabledEvent - checks prefs and offline state.
+ * It changes state to:
+ * PUSH_SERVICE_RUNNING,
+ * PUSH_SERVICE_ACTIVE_OFFLINE or
+ * PUSH_SERVICE_CONNECTION_DISABLE.
+ */
+ async init(options = {}) {
+ lazy.console.debug("init()");
+
+ if (this._state > PUSH_SERVICE_UNINIT) {
+ return;
+ }
+
+ this._setState(PUSH_SERVICE_ACTIVATING);
+
+ prefs.addObserver("serverURL", this);
+ Services.obs.addObserver(this, "quit-application");
+
+ if (options.serverURI) {
+ // this is use for xpcshell test.
+
+ await this._stateChangeProcessEnqueue(_ =>
+ this._changeServerURL(
+ options.serverURI,
+ STARTING_SERVICE_EVENT,
+ options
+ )
+ );
+ } else {
+ // This is only used for testing. Different tests require connecting to
+ // slightly different URLs.
+ await this._stateChangeProcessEnqueue(_ =>
+ this._changeServerURL(
+ prefs.getStringPref("serverURL"),
+ STARTING_SERVICE_EVENT
+ )
+ );
+ }
+ },
+
+ _startObservers() {
+ lazy.console.debug("startObservers()");
+
+ if (this._state != PUSH_SERVICE_ACTIVATING) {
+ return;
+ }
+
+ Services.obs.addObserver(this, "clear-origin-attributes-data");
+
+ // The offline-status-changed event is used to know
+ // when to (dis)connect. It may not fire if the underlying OS changes
+ // networks; in such a case we rely on timeout.
+ Services.obs.addObserver(this, "network:offline-status-changed");
+
+ // Used to monitor if the user wishes to disable Push.
+ prefs.addObserver("connection.enabled", this);
+
+ // Prunes expired registrations and notifies dormant service workers.
+ Services.obs.addObserver(this, "idle-daily");
+
+ // Prunes registrations for sites for which the user revokes push
+ // permissions.
+ Services.obs.addObserver(this, "perm-changed");
+ },
+
+ _startService(service, serverURI, options) {
+ lazy.console.debug("startService()");
+
+ if (this._state != PUSH_SERVICE_ACTIVATING) {
+ return Promise.reject();
+ }
+
+ this._service = service;
+
+ this._db = options.db;
+ if (!this._db) {
+ this._db = this._service.newPushDB();
+ }
+
+ return this._service.init(options, this, serverURI).then(() => {
+ this._startObservers();
+ return this._dropExpiredRegistrations();
+ });
+ },
+
+ /**
+ * PushService uninitialization is divided into 3 parts:
+ * stopObservers() - stot observers started in startObservers.
+ * stopService() - It stops listening for broadcasted messages, stops db and
+ * PushService connection (WebSocket).
+ * state is changed to PUSH_SERVICE_INIT.
+ * uninit() - stop listening for quit-application and serverURL changes.
+ * state is change to PUSH_SERVICE_UNINIT
+ */
+ _stopService(event) {
+ lazy.console.debug("stopService()");
+
+ if (this._state < PUSH_SERVICE_ACTIVATING) {
+ return Promise.resolve();
+ }
+
+ this._stopObservers();
+
+ this._service.disconnect();
+ this._service.uninit();
+ this._service = null;
+
+ this._updateQuotaTimeouts.forEach(timeoutID => clearTimeout(timeoutID));
+ this._updateQuotaTimeouts.clear();
+
+ if (!this._db) {
+ return Promise.resolve();
+ }
+ if (event == UNINIT_EVENT) {
+ // If it is uninitialized just close db.
+ this._db.close();
+ this._db = null;
+ return Promise.resolve();
+ }
+
+ return this.dropUnexpiredRegistrations().then(
+ _ => {
+ this._db.close();
+ this._db = null;
+ },
+ err => {
+ this._db.close();
+ this._db = null;
+ }
+ );
+ },
+
+ _stopObservers() {
+ lazy.console.debug("stopObservers()");
+
+ if (this._state < PUSH_SERVICE_ACTIVATING) {
+ return;
+ }
+
+ prefs.removeObserver("connection.enabled", this);
+
+ Services.obs.removeObserver(this, "network:offline-status-changed");
+ Services.obs.removeObserver(this, "clear-origin-attributes-data");
+ Services.obs.removeObserver(this, "idle-daily");
+ Services.obs.removeObserver(this, "perm-changed");
+ },
+
+ _shutdownService() {
+ let promiseChangeURL = this._changeServerURL("", UNINIT_EVENT);
+ this._setState(PUSH_SERVICE_UNINIT);
+ lazy.console.debug("shutdownService: shutdown complete!");
+ return promiseChangeURL;
+ },
+
+ async uninit() {
+ lazy.console.debug("uninit()");
+
+ if (this._state == PUSH_SERVICE_UNINIT) {
+ return;
+ }
+
+ prefs.removeObserver("serverURL", this);
+ Services.obs.removeObserver(this, "quit-application");
+
+ await this._stateChangeProcessEnqueue(_ => this._shutdownService());
+ },
+
+ /**
+ * Drops all active registrations and notifies the associated service
+ * workers. This function is called when the user switches Push servers,
+ * or when the server invalidates all existing registrations.
+ *
+ * We ignore expired registrations because they're already handled in other
+ * code paths. Registrations that expired after exceeding their quotas are
+ * evicted at startup, or on the next `idle-daily` event. Registrations that
+ * expired because the user revoked the notification permission are evicted
+ * once the permission is reinstated.
+ */
+ dropUnexpiredRegistrations() {
+ return this._db.clearIf(record => {
+ if (record.isExpired()) {
+ return false;
+ }
+ this._notifySubscriptionChangeObservers(record);
+ return true;
+ });
+ },
+
+ _notifySubscriptionChangeObservers(record) {
+ if (!record) {
+ return;
+ }
+ lazy.gPushNotifier.notifySubscriptionChange(record.scope, record.principal);
+ },
+
+ /**
+ * Drops a registration and notifies the associated service worker. If the
+ * registration does not exist, this function is a no-op.
+ *
+ * @param {String} keyID The registration ID to remove.
+ * @returns {Promise} Resolves once the worker has been notified.
+ */
+ dropRegistrationAndNotifyApp(aKeyID) {
+ return this._db
+ .delete(aKeyID)
+ .then(record => this._notifySubscriptionChangeObservers(record));
+ },
+
+ /**
+ * Replaces an existing registration and notifies the associated service
+ * worker.
+ *
+ * @param {String} aOldKey The registration ID to replace.
+ * @param {PushRecord} aNewRecord The new record.
+ * @returns {Promise} Resolves once the worker has been notified.
+ */
+ updateRegistrationAndNotifyApp(aOldKey, aNewRecord) {
+ return this.updateRecordAndNotifyApp(aOldKey, _ => aNewRecord);
+ },
+ /**
+ * Updates a registration and notifies the associated service worker.
+ *
+ * @param {String} keyID The registration ID to update.
+ * @param {Function} updateFunc Returns the updated record.
+ * @returns {Promise} Resolves with the updated record once the worker
+ * has been notified.
+ */
+ updateRecordAndNotifyApp(aKeyID, aUpdateFunc) {
+ return this._db.update(aKeyID, aUpdateFunc).then(record => {
+ this._notifySubscriptionChangeObservers(record);
+ return record;
+ });
+ },
+
+ ensureCrypto(record) {
+ if (
+ record.hasAuthenticationSecret() &&
+ record.p256dhPublicKey &&
+ record.p256dhPrivateKey
+ ) {
+ return Promise.resolve(record);
+ }
+
+ let keygen = Promise.resolve([]);
+ if (!record.p256dhPublicKey || !record.p256dhPrivateKey) {
+ keygen = lazy.PushCrypto.generateKeys();
+ }
+ // We do not have a encryption key. so we need to generate it. This
+ // is only going to happen on db upgrade from version 4 to higher.
+ return keygen.then(
+ ([pubKey, privKey]) => {
+ return this.updateRecordAndNotifyApp(record.keyID, record => {
+ if (!record.p256dhPublicKey || !record.p256dhPrivateKey) {
+ record.p256dhPublicKey = pubKey;
+ record.p256dhPrivateKey = privKey;
+ }
+ if (!record.hasAuthenticationSecret()) {
+ record.authenticationSecret =
+ lazy.PushCrypto.generateAuthenticationSecret();
+ }
+ return record;
+ });
+ },
+ error => {
+ return this.dropRegistrationAndNotifyApp(record.keyID).then(() =>
+ Promise.reject(error)
+ );
+ }
+ );
+ },
+
+ /**
+ * Dispatches an incoming message to a service worker, recalculating the
+ * quota for the associated push registration. If the quota is exceeded,
+ * the registration and message will be dropped, and the worker will not
+ * be notified.
+ *
+ * @param {String} keyID The push registration ID.
+ * @param {String} messageID The message ID, used to report service worker
+ * delivery failures. For Web Push messages, this is the version. If empty,
+ * failures will not be reported.
+ * @param {Object} headers The encryption headers.
+ * @param {ArrayBuffer|Uint8Array} data The encrypted message data.
+ * @param {Function} updateFunc A function that receives the existing
+ * registration record as its argument, and returns a new record. If the
+ * function returns `null` or `undefined`, the record will not be updated.
+ * `PushServiceWebSocket` uses this to drop incoming updates with older
+ * versions.
+ * @returns {Promise} Resolves with an `nsIPushErrorReporter` ack status
+ * code, indicating whether the message was delivered successfully.
+ */
+ receivedPushMessage(keyID, messageID, headers, data, updateFunc) {
+ lazy.console.debug("receivedPushMessage()");
+
+ return this._updateRecordAfterPush(keyID, updateFunc)
+ .then(record => {
+ if (record.quotaApplies()) {
+ // Update quota after the delay, at which point
+ // we check for visible notifications.
+ let timeoutID = setTimeout(_ => {
+ this._updateQuota(keyID);
+ if (!this._updateQuotaTimeouts.delete(timeoutID)) {
+ lazy.console.debug(
+ "receivedPushMessage: quota update timeout missing?"
+ );
+ }
+ }, prefs.getIntPref("quotaUpdateDelay"));
+ this._updateQuotaTimeouts.add(timeoutID);
+ }
+ return this._decryptAndNotifyApp(record, messageID, headers, data);
+ })
+ .catch(error => {
+ lazy.console.error("receivedPushMessage: Error notifying app", error);
+ return Ci.nsIPushErrorReporter.ACK_NOT_DELIVERED;
+ });
+ },
+
+ /**
+ * Dispatches a broadcast notification to the BroadcastService.
+ *
+ * @param {Object} message The reply received by PushServiceWebSocket
+ * @param {Object} context Additional information about the context in which the
+ * notification was received.
+ */
+ receivedBroadcastMessage(message, context) {
+ lazy.pushBroadcastService
+ .receivedBroadcastMessage(message.broadcasts, context)
+ .catch(e => {
+ lazy.console.error(e);
+ });
+ },
+
+ /**
+ * Updates a registration record after receiving a push message.
+ *
+ * @param {String} keyID The push registration ID.
+ * @param {Function} updateFunc The function passed to `receivedPushMessage`.
+ * @returns {Promise} Resolves with the updated record, or rejects if the
+ * record was not updated.
+ */
+ _updateRecordAfterPush(keyID, updateFunc) {
+ return this.getByKeyID(keyID)
+ .then(record => {
+ if (!record) {
+ throw new Error("No record for key ID " + keyID);
+ }
+ return record
+ .getLastVisit()
+ .then(lastVisit => {
+ // As a special case, don't notify the service worker if the user
+ // cleared their history.
+ if (!isFinite(lastVisit)) {
+ throw new Error("Ignoring message sent to unvisited origin");
+ }
+ return lastVisit;
+ })
+ .then(lastVisit => {
+ // Update the record, resetting the quota if the user has visited the
+ // site since the last push.
+ return this._db.update(keyID, record => {
+ let newRecord = updateFunc(record);
+ if (!newRecord) {
+ return null;
+ }
+ // Because `unregister` is advisory only, we can still receive messages
+ // for stale Simple Push registrations from the server. To work around
+ // this, we check if the record has expired before *and* after updating
+ // the quota.
+ if (newRecord.isExpired()) {
+ return null;
+ }
+ newRecord.receivedPush(lastVisit);
+ return newRecord;
+ });
+ });
+ })
+ .then(record => {
+ lazy.gPushNotifier.notifySubscriptionModified(
+ record.scope,
+ record.principal
+ );
+ return record;
+ });
+ },
+
+ /**
+ * Decrypts an incoming message and notifies the associated service worker.
+ *
+ * @param {PushRecord} record The receiving registration.
+ * @param {String} messageID The message ID.
+ * @param {Object} headers The encryption headers.
+ * @param {ArrayBuffer|Uint8Array} data The encrypted message data.
+ * @returns {Promise} Resolves with an ack status code.
+ */
+ _decryptAndNotifyApp(record, messageID, headers, data) {
+ return lazy.PushCrypto.decrypt(
+ record.p256dhPrivateKey,
+ record.p256dhPublicKey,
+ record.authenticationSecret,
+ headers,
+ data
+ ).then(
+ message => this._notifyApp(record, messageID, message),
+ error => {
+ lazy.console.warn(
+ "decryptAndNotifyApp: Error decrypting message",
+ record.scope,
+ messageID,
+ error
+ );
+
+ let message = error.format(record.scope);
+ lazy.gPushNotifier.notifyError(
+ record.scope,
+ record.principal,
+ message,
+ Ci.nsIScriptError.errorFlag
+ );
+ return Ci.nsIPushErrorReporter.ACK_DECRYPTION_ERROR;
+ }
+ );
+ },
+
+ _updateQuota(keyID) {
+ lazy.console.debug("updateQuota()");
+
+ this._db
+ .update(keyID, record => {
+ // Record may have expired from an earlier quota update.
+ if (record.isExpired()) {
+ lazy.console.debug(
+ "updateQuota: Trying to update quota for expired record",
+ record
+ );
+ return null;
+ }
+ // If there are visible notifications, don't apply the quota penalty
+ // for the message.
+ if (record.uri && !this._visibleNotifications.has(record.uri.prePath)) {
+ record.reduceQuota();
+ }
+ return record;
+ })
+ .then(record => {
+ if (record.isExpired()) {
+ // Drop the registration in the background. If the user returns to the
+ // site, the service worker will be notified on the next `idle-daily`
+ // event.
+ this._backgroundUnregister(
+ record,
+ Ci.nsIPushErrorReporter.UNSUBSCRIBE_QUOTA_EXCEEDED
+ );
+ } else {
+ lazy.gPushNotifier.notifySubscriptionModified(
+ record.scope,
+ record.principal
+ );
+ }
+ if (this._updateQuotaTestCallback) {
+ // Callback so that test may be notified when the quota update is complete.
+ this._updateQuotaTestCallback();
+ }
+ })
+ .catch(error => {
+ lazy.console.debug(
+ "updateQuota: Error while trying to update quota",
+ error
+ );
+ });
+ },
+
+ notificationForOriginShown(origin) {
+ lazy.console.debug("notificationForOriginShown()", origin);
+ let count;
+ if (this._visibleNotifications.has(origin)) {
+ count = this._visibleNotifications.get(origin);
+ } else {
+ count = 0;
+ }
+ this._visibleNotifications.set(origin, count + 1);
+ },
+
+ notificationForOriginClosed(origin) {
+ lazy.console.debug("notificationForOriginClosed()", origin);
+ let count;
+ if (this._visibleNotifications.has(origin)) {
+ count = this._visibleNotifications.get(origin);
+ } else {
+ lazy.console.debug(
+ "notificationForOriginClosed: closing notification that has not been shown?"
+ );
+ return;
+ }
+ if (count > 1) {
+ this._visibleNotifications.set(origin, count - 1);
+ } else {
+ this._visibleNotifications.delete(origin);
+ }
+ },
+
+ reportDeliveryError(messageID, reason) {
+ lazy.console.debug("reportDeliveryError()", messageID, reason);
+ if (this._state == PUSH_SERVICE_RUNNING && this._service.isConnected()) {
+ // Only report errors if we're initialized and connected.
+ this._service.reportDeliveryError(messageID, reason);
+ }
+ },
+
+ _notifyApp(aPushRecord, messageID, message) {
+ if (
+ !aPushRecord ||
+ !aPushRecord.scope ||
+ aPushRecord.originAttributes === undefined
+ ) {
+ lazy.console.error("notifyApp: Invalid record", aPushRecord);
+ return Ci.nsIPushErrorReporter.ACK_NOT_DELIVERED;
+ }
+
+ lazy.console.debug("notifyApp()", aPushRecord.scope);
+
+ // If permission has been revoked, trash the message.
+ if (!aPushRecord.hasPermission()) {
+ lazy.console.warn("notifyApp: Missing push permission", aPushRecord);
+ return Ci.nsIPushErrorReporter.ACK_NOT_DELIVERED;
+ }
+
+ let payload = ArrayBuffer.isView(message)
+ ? new Uint8Array(message.buffer)
+ : message;
+
+ if (aPushRecord.quotaApplies()) {
+ // Don't record telemetry for chrome push messages.
+ Services.telemetry.getHistogramById("PUSH_API_NOTIFY").add();
+ }
+
+ if (payload) {
+ lazy.gPushNotifier.notifyPushWithData(
+ aPushRecord.scope,
+ aPushRecord.principal,
+ messageID,
+ payload
+ );
+ } else {
+ lazy.gPushNotifier.notifyPush(
+ aPushRecord.scope,
+ aPushRecord.principal,
+ messageID
+ );
+ }
+
+ return Ci.nsIPushErrorReporter.ACK_DELIVERED;
+ },
+
+ getByKeyID(aKeyID) {
+ return this._db.getByKeyID(aKeyID);
+ },
+
+ getAllUnexpired() {
+ return this._db.getAllUnexpired();
+ },
+
+ _sendRequest(action, ...params) {
+ if (this._state == PUSH_SERVICE_CONNECTION_DISABLE) {
+ return Promise.reject(new Error("Push service disabled"));
+ }
+ if (this._state == PUSH_SERVICE_ACTIVE_OFFLINE) {
+ return Promise.reject(new Error("Push service offline"));
+ }
+ // Ensure the backend is ready. `getByPageRecord` already checks this, but
+ // we need to check again here in case the service was restarted in the
+ // meantime.
+ return this._checkActivated().then(_ => {
+ switch (action) {
+ case "register":
+ return this._service.register(...params);
+ case "unregister":
+ return this._service.unregister(...params);
+ }
+ return Promise.reject(new Error("Unknown request type: " + action));
+ });
+ },
+
+ /**
+ * Called on message from the child process. aPageRecord is an object sent by
+ * the push manager, identifying the sending page and other fields.
+ */
+ _registerWithServer(aPageRecord) {
+ lazy.console.debug("registerWithServer()", aPageRecord);
+
+ return this._sendRequest("register", aPageRecord)
+ .then(
+ record => this._onRegisterSuccess(record),
+ err => this._onRegisterError(err)
+ )
+ .then(
+ record => {
+ this._deletePendingRequest(aPageRecord);
+ lazy.gPushNotifier.notifySubscriptionModified(
+ record.scope,
+ record.principal
+ );
+ return record.toSubscription();
+ },
+ err => {
+ this._deletePendingRequest(aPageRecord);
+ throw err;
+ }
+ );
+ },
+
+ _sendUnregister(aRecord, aReason) {
+ return this._sendRequest("unregister", aRecord, aReason);
+ },
+
+ /**
+ * Exceptions thrown in _onRegisterSuccess are caught by the promise obtained
+ * from _service.request, causing the promise to be rejected instead.
+ */
+ _onRegisterSuccess(aRecord) {
+ lazy.console.debug("_onRegisterSuccess()");
+
+ return this._db.put(aRecord).catch(error => {
+ // Unable to save. Destroy the subscription in the background.
+ this._backgroundUnregister(
+ aRecord,
+ Ci.nsIPushErrorReporter.UNSUBSCRIBE_MANUAL
+ );
+ throw error;
+ });
+ },
+
+ /**
+ * Exceptions thrown in _onRegisterError are caught by the promise obtained
+ * from _service.request, causing the promise to be rejected instead.
+ */
+ _onRegisterError(reply) {
+ lazy.console.debug("_onRegisterError()");
+
+ if (!reply.error) {
+ lazy.console.warn(
+ "onRegisterError: Called without valid error message!",
+ reply
+ );
+ throw new Error("Registration error");
+ }
+ throw reply.error;
+ },
+
+ notificationsCleared() {
+ this._visibleNotifications.clear();
+ },
+
+ _getByPageRecord(pageRecord) {
+ return this._checkActivated().then(_ =>
+ this._db.getByIdentifiers(pageRecord)
+ );
+ },
+
+ register(aPageRecord) {
+ lazy.console.debug("register()", aPageRecord);
+
+ let keyPromise;
+ if (aPageRecord.appServerKey && aPageRecord.appServerKey.length) {
+ let keyView = new Uint8Array(aPageRecord.appServerKey);
+ keyPromise = lazy.PushCrypto.validateAppServerKey(keyView).catch(
+ error => {
+ // Normalize Web Crypto exceptions. `nsIPushService` will forward the
+ // error result to the DOM API implementation in `PushManager.cpp` or
+ // `Push.js`, which will convert it to the correct `DOMException`.
+ throw errorWithResult(
+ "Invalid app server key",
+ Cr.NS_ERROR_DOM_PUSH_INVALID_KEY_ERR
+ );
+ }
+ );
+ } else {
+ keyPromise = Promise.resolve(null);
+ }
+
+ return Promise.all([keyPromise, this._getByPageRecord(aPageRecord)]).then(
+ ([appServerKey, record]) => {
+ aPageRecord.appServerKey = appServerKey;
+ if (!record) {
+ return this._lookupOrPutPendingRequest(aPageRecord);
+ }
+ if (!record.matchesAppServerKey(appServerKey)) {
+ throw errorWithResult(
+ "Mismatched app server key",
+ Cr.NS_ERROR_DOM_PUSH_MISMATCHED_KEY_ERR
+ );
+ }
+ if (record.isExpired()) {
+ return record
+ .quotaChanged()
+ .then(isChanged => {
+ if (isChanged) {
+ // If the user revisited the site, drop the expired push
+ // registration and re-register.
+ return this.dropRegistrationAndNotifyApp(record.keyID);
+ }
+ throw new Error("Push subscription expired");
+ })
+ .then(_ => this._lookupOrPutPendingRequest(aPageRecord));
+ }
+ return record.toSubscription();
+ }
+ );
+ },
+
+ /*
+ * Called only by the PushBroadcastService on the receipt of a new
+ * subscription. Don't call this directly. Go through PushBroadcastService.
+ */
+ async subscribeBroadcast(broadcastId, version) {
+ if (this._state != PUSH_SERVICE_RUNNING) {
+ // Ignore any request to subscribe before we send a hello.
+ // We'll send all the broadcast listeners as part of the hello
+ // anyhow.
+ return;
+ }
+
+ await this._service.sendSubscribeBroadcast(broadcastId, version);
+ },
+
+ /**
+ * Called on message from the child process.
+ *
+ * Why is the record being deleted from the local database before the server
+ * is told?
+ *
+ * Unregistration is for the benefit of the app and the AppServer
+ * so that the AppServer does not keep pinging a channel the UserAgent isn't
+ * watching The important part of the transaction in this case is left to the
+ * app, to tell its server of the unregistration. Even if the request to the
+ * PushServer were to fail, it would not affect correctness of the protocol,
+ * and the server GC would just clean up the channelID/subscription
+ * eventually. Since the appserver doesn't ping it, no data is lost.
+ *
+ * If rather we were to unregister at the server and update the database only
+ * on success: If the server receives the unregister, and deletes the
+ * channelID/subscription, but the response is lost because of network
+ * failure, the application is never informed. In addition the application may
+ * retry the unregister when it fails due to timeout (websocket) or any other
+ * reason at which point the server will say it does not know of this
+ * unregistration. We'll have to make the registration/unregistration phases
+ * have retries and attempts to resend messages from the server, and have the
+ * client acknowledge. On a server, data is cheap, reliable notification is
+ * not.
+ */
+ unregister(aPageRecord) {
+ lazy.console.debug("unregister()", aPageRecord);
+
+ return this._getByPageRecord(aPageRecord).then(record => {
+ if (record === null) {
+ return false;
+ }
+
+ let reason = Ci.nsIPushErrorReporter.UNSUBSCRIBE_MANUAL;
+ return Promise.all([
+ this._sendUnregister(record, reason),
+ this._db.delete(record.keyID).then(rec => {
+ if (rec) {
+ lazy.gPushNotifier.notifySubscriptionModified(
+ rec.scope,
+ rec.principal
+ );
+ }
+ }),
+ ]).then(([success]) => success);
+ });
+ },
+
+ clear(info) {
+ return this._checkActivated()
+ .then(_ => {
+ return this._dropRegistrationsIf(
+ record =>
+ info.domain == "*" ||
+ (record.uri &&
+ Services.eTLD.hasRootDomain(record.uri.prePath, info.domain))
+ );
+ })
+ .catch(e => {
+ lazy.console.warn(
+ "clear: Error dropping subscriptions for domain",
+ info.domain,
+ e
+ );
+ return Promise.resolve();
+ });
+ },
+
+ registration(aPageRecord) {
+ lazy.console.debug("registration()");
+
+ return this._getByPageRecord(aPageRecord).then(record => {
+ if (!record) {
+ return null;
+ }
+ if (record.isExpired()) {
+ return record.quotaChanged().then(isChanged => {
+ if (isChanged) {
+ return this.dropRegistrationAndNotifyApp(record.keyID).then(
+ _ => null
+ );
+ }
+ return null;
+ });
+ }
+ return record.toSubscription();
+ });
+ },
+
+ _dropExpiredRegistrations() {
+ lazy.console.debug("dropExpiredRegistrations()");
+
+ return this._db.getAllExpired().then(records => {
+ return Promise.all(
+ records.map(record =>
+ record
+ .quotaChanged()
+ .then(isChanged => {
+ if (isChanged) {
+ // If the user revisited the site, drop the expired push
+ // registration and notify the associated service worker.
+ this.dropRegistrationAndNotifyApp(record.keyID);
+ }
+ })
+ .catch(error => {
+ lazy.console.error(
+ "dropExpiredRegistrations: Error dropping registration",
+ record.keyID,
+ error
+ );
+ })
+ )
+ );
+ });
+ },
+
+ _onPermissionChange(subject, data) {
+ lazy.console.debug("onPermissionChange()");
+
+ if (data == "cleared") {
+ return this._clearPermissions();
+ }
+
+ let permission = subject.QueryInterface(Ci.nsIPermission);
+ if (permission.type != "desktop-notification") {
+ return Promise.resolve();
+ }
+
+ return this._updatePermission(permission, data);
+ },
+
+ _clearPermissions() {
+ lazy.console.debug("clearPermissions()");
+
+ return this._db.clearIf(record => {
+ if (!record.quotaApplies()) {
+ // Only drop registrations that are subject to quota.
+ return false;
+ }
+ this._backgroundUnregister(
+ record,
+ Ci.nsIPushErrorReporter.UNSUBSCRIBE_PERMISSION_REVOKED
+ );
+ return true;
+ });
+ },
+
+ _updatePermission(permission, type) {
+ lazy.console.debug("updatePermission()");
+
+ let isAllow = permission.capability == Ci.nsIPermissionManager.ALLOW_ACTION;
+ let isChange = type == "added" || type == "changed";
+
+ if (isAllow && isChange) {
+ // Permission set to "allow". Drop all expired registrations for this
+ // site, notify the associated service workers, and reset the quota
+ // for active registrations.
+ return this._forEachPrincipal(permission.principal, (record, cursor) =>
+ this._permissionAllowed(record, cursor)
+ );
+ } else if (isChange || (isAllow && type == "deleted")) {
+ // Permission set to "block" or "always ask," or "allow" permission
+ // removed. Expire all registrations for this site.
+ return this._forEachPrincipal(permission.principal, (record, cursor) =>
+ this._permissionDenied(record, cursor)
+ );
+ }
+
+ return Promise.resolve();
+ },
+
+ _forEachPrincipal(principal, callback) {
+ return this._db.forEachOrigin(
+ principal.URI.prePath,
+ ChromeUtils.originAttributesToSuffix(principal.originAttributes),
+ callback
+ );
+ },
+
+ /**
+ * The update function called for each registration record if the push
+ * permission is revoked. We only expire the record so we can notify the
+ * service worker as soon as the permission is reinstated. If we just
+ * deleted the record, the worker wouldn't be notified until the next visit
+ * to the site.
+ *
+ * @param {PushRecord} record The record to expire.
+ * @param {IDBCursor} cursor The IndexedDB cursor.
+ */
+ _permissionDenied(record, cursor) {
+ lazy.console.debug("permissionDenied()");
+
+ if (!record.quotaApplies() || record.isExpired()) {
+ // Ignore already-expired records.
+ return;
+ }
+ // Drop the registration in the background.
+ this._backgroundUnregister(
+ record,
+ Ci.nsIPushErrorReporter.UNSUBSCRIBE_PERMISSION_REVOKED
+ );
+ record.setQuota(0);
+ cursor.update(record);
+ },
+
+ /**
+ * The update function called for each registration record if the push
+ * permission is granted. If the record has expired, it will be dropped;
+ * otherwise, its quota will be reset to the default value.
+ *
+ * @param {PushRecord} record The record to update.
+ * @param {IDBCursor} cursor The IndexedDB cursor.
+ */
+ _permissionAllowed(record, cursor) {
+ lazy.console.debug("permissionAllowed()");
+
+ if (!record.quotaApplies()) {
+ return;
+ }
+ if (record.isExpired()) {
+ // If the registration has expired, drop and notify the worker
+ // unconditionally.
+ this._notifySubscriptionChangeObservers(record);
+ cursor.delete();
+ return;
+ }
+ record.resetQuota();
+ cursor.update(record);
+ },
+
+ /**
+ * Drops all matching registrations from the database. Notifies the
+ * associated service workers if permission is granted, and removes
+ * unexpired registrations from the server.
+ *
+ * @param {Function} predicate A function called for each record.
+ * @returns {Promise} Resolves once the registrations have been dropped.
+ */
+ _dropRegistrationsIf(predicate) {
+ return this._db.clearIf(record => {
+ if (!predicate(record)) {
+ return false;
+ }
+ if (record.hasPermission()) {
+ // "Clear Recent History" and the Forget button remove permissions
+ // before clearing registrations, but it's possible for the worker to
+ // resubscribe if the "dom.push.testing.ignorePermission" pref is set.
+ this._notifySubscriptionChangeObservers(record);
+ }
+ if (!record.isExpired()) {
+ // Only unregister active registrations, since we already told the
+ // server about expired ones.
+ this._backgroundUnregister(
+ record,
+ Ci.nsIPushErrorReporter.UNSUBSCRIBE_MANUAL
+ );
+ }
+ return true;
+ });
+ },
+};