My web push notification implementation for Toot! is now finally in a state where it feels ready for use! I have updated the relay service code to support production and development modes, and fixed bugs:
https://github.com/DagAgren/toot-relay
I also published an excerpt of the code used in the client to handle the cryptography:
https://gist.github.com/DagAgren/77d82e28174b57f87e194c97fae0898b
It is a good starting point for anyone wanting to have their own client receive web pushes from Mastodon.
If anyone wants a more in depth explanation, ask!
@bombaycalli It’ll be in the next beta build once I can finalise it, probably next week.
@WAHa_06x36 great job mate
@WAHa_06x36 Curious, does this do any authentication? How does the data model work? Or is it just an "open" relay?
@moritzheiber The relay is open, but the web push standard works with public key crypto. The relay can’t understand any of the data, and to fake a message you have to know the public key used for encryption, which only the instance has.
@WAHa_06x36 But technically anyone could use your relay for sending push notifications? I mean, I don't mean that you as an intermediary would be able to read any of the content .. I'm more worried about abuse should I choose to run a relay
@moritzheiber The relay can only send messages to whatever client it has a certificate for, and to any device it has a device token for, so the most someone can do is eavesdrop to get the device token and public key, and then fake a message to my app only. And getting those two is probably unrealistic, thanks to https.
@WAHa_06x36 I think I don't understand how the data exchange works then .. I'll have to do some more research
@WAHa_06x36 how can I add all of this on the beta I am working with? Thanks again