implemented an E2E-encrypted Nextcloud push-v2 notification system with support for RSA decryption and signature verification; introduced an iOS Notification Service Extension and native AppDelegate handlers for Talk actions (inline reply and mark-as-read); replaced the legacy notification registration with a new lifecycle managing app passwords and secure keypair storage; added background message handling with tray synchronization and a test notification utility in the settings.

This commit is contained in:
2026-07-04 22:50:18 +02:00
parent 32f7c311bc
commit 74a2ddd17f
56 changed files with 2987 additions and 285 deletions
+88
View File
@@ -0,0 +1,88 @@
import 'dart:convert';
import 'package:http/http.dart' as http;
import '../api/marianumcloud/nextcloud_ocs.dart';
/// Result of a successful Nextcloud push-v2 registration.
class NextcloudPushRegistration {
/// Per-user server public key (PEM). Forwarded to MarianumConnect as
/// `userPublicKey` and used device-side to verify push signatures.
final String publicKey;
/// Opaque device identifier assigned by Nextcloud.
final String deviceIdentifier;
/// Signature over [deviceIdentifier], forwarded as `deviceIdentifierSignature`.
final String signature;
/// True when Nextcloud created a new subscription (HTTP 201); false when the
/// existing one was already up to date (HTTP 200).
final bool created;
const NextcloudPushRegistration({
required this.publicKey,
required this.deviceIdentifier,
required this.signature,
required this.created,
});
}
/// Thin client for Nextcloud's push-v2 device endpoints under
/// `/ocs/v2.php/apps/notifications/api/v2/push`. Uses the shared OCS headers,
/// which authenticate with the app password once available (the push
/// registration binds to it).
class NextcloudPushApi {
static const _path = 'apps/notifications/api/v2/push';
final http.Client _client;
NextcloudPushApi({http.Client? client}) : _client = client ?? http.Client();
/// Registers (or refreshes) this device. [devicePublicKeyPem] must be the
/// 64-column SPKI PEM. [proxyServer] is the MarianumConnect push-proxy base
/// URL (with trailing slash).
Future<NextcloudPushRegistration> register({
required String pushTokenHash,
required String devicePublicKeyPem,
required String proxyServer,
}) async {
final response = await _client.post(
NextcloudOcs.uri(_path),
headers: NextcloudOcs.headers(),
body: {
'pushTokenHash': pushTokenHash,
'devicePublicKey': devicePublicKeyPem,
'proxyServer': proxyServer,
},
);
if (response.statusCode < 200 || response.statusCode >= 300) {
throw Exception('NC push register HTTP ${response.statusCode}');
}
final json = jsonDecode(utf8.decode(response.bodyBytes));
final data = (json as Map)['ocs']?['data'];
if (data is! Map) throw Exception('NC push register: malformed response');
final publicKey = data['publicKey'] as String?;
final deviceIdentifier = data['deviceIdentifier'] as String?;
final signature = data['signature'] as String?;
if (publicKey == null || deviceIdentifier == null || signature == null) {
throw Exception('NC push register: missing fields');
}
return NextcloudPushRegistration(
publicKey: publicKey,
deviceIdentifier: deviceIdentifier,
signature: signature,
created: response.statusCode == 201,
);
}
/// Unregisters this device from Nextcloud push. Returns true when the server
/// responded 202, meaning the proxy subscription should also be removed.
Future<bool> unregister() async {
final response = await _client.delete(
NextcloudOcs.uri(_path),
headers: NextcloudOcs.headers(),
);
return response.statusCode == 202;
}
}