MCPcopy
hub / github.com/web-push-libs/web-push / validateRequest

Function validateRequest

test/testSendNotification.js:137–230  ·  view source on GitHub ↗
(request)

Source from the content-addressed store, hash-verified

135 }
136
137 function validateRequest(request) {
138 const options = request.requestOptions;
139 const contentEncoding = (options.extraOptions && options.extraOptions.contentEncoding)
140 || WebPushConstants.supportedContentEncodings.AES_GCM;
141 const isGCM = options.subscription.endpoint
142 .indexOf('https://android.googleapis.com/gcm') === 0;
143 const isFCM = options.subscription.endpoint
144 .indexOf('https://fcm.googleapis.com/fcm') === 0;
145
146 assert.equal(requestDetails.headers['content-length'], requestBody.length, 'Check Content-Length header');
147
148 if (typeof options.extraOptions !== 'undefined'
149 && typeof options.extraOptions.TTL !== 'undefined') {
150 assert.equal(requestDetails.headers.ttl, options.extraOptions.TTL, 'Check TTL header');
151 } else if (!isGCM) {
152 assert.equal(requestDetails.headers.ttl, 2419200, 'Check default TTL header');
153 }
154
155 if (typeof message !== 'undefined') {
156 assert(requestBody.length > 0);
157
158 assert.equal(requestDetails.headers.encryption.indexOf('keyid=p256dh;salt='), 0, 'Check Encryption header');
159 const salt = requestDetails.headers.encryption.substring('keyid=p256dh;salt='.length);
160
161 assert.equal(requestDetails.headers['content-type'], 'application/octet-stream', 'Check Content-Type header');
162
163 const keys = requestDetails.headers['crypto-key'].split(';');
164 const appServerPublicKey = keys.find(function(key) {
165 return key.indexOf('dh=') === 0;
166 }).substring('dh='.length);
167
168 assert.equal(requestDetails.headers['content-encoding'], contentEncoding, 'Check Content-Encoding header');
169
170 const decrypted = ece.decrypt(requestBody, {
171 version: contentEncoding,
172 privateKey: userCurve,
173 dh: appServerPublicKey,
174 salt: salt,
175 authSecret: userAuth.toString('base64url')
176 });
177
178 assert(decrypted.equals(Buffer.from(options.message)), 'Check cipher text can be correctly decoded');
179 }
180
181 if (options.vapid) {
182 let jwt;
183 let vapidKey;
184
185 if (contentEncoding === WebPushConstants.supportedContentEncodings.AES_GCM) {
186 const keys = requestDetails.headers['crypto-key'].split(';');
187 const vapidKeyHeader = keys.find(function(key) {
188 return key.indexOf('p256ecdsa=') === 0;
189 });
190
191 assert.equal(vapidKeyHeader.indexOf('p256ecdsa='), 0, 'Crypto-Key header correct');
192 vapidKey = vapidKeyHeader.substring('p256ecdsa='.length);
193
194 const authorizationHeader = requestDetails.headers.authorization;

Callers 1

Calls

no outgoing calls

Tested by

no test coverage detected