MSC4174: add support for WebPush pusher kind by MatMaul · Pull Request #17987 · element-hq/synapse

MatMaul · 2024-12-02T22:55:59Z

matrix-org/matrix-spec-proposals#4174

It has been tested using the hydrogen implementation.

Most of the code and doc is inspired from the sygnal implementation.

Pull Request Checklist

Pull request is based on the develop branch
Pull request includes a changelog file.
Code style is correct
(run the linters)

synapse/push/webpushpusher.py

synapse/config/experimental.py

MadLittleMods

Here is a review of the code itself. I haven't inspected if this is actually a valid and good enough implementation of the WebPush spec itself.

docs/webpush.md

MadLittleMods · 2025-01-24T19:55:31Z

docs/webpush.md

+In the synapse virtualenv, generate the server key pair by running
+`vapid --gen --applicationServerKey`. This will generate a `private_key.pem`
+(which you'll refer to in the config file with `vapid_private_key`) 
+and `public_key.pem` file, and also a string labeled `Application Server Key`.
+
+You'll copy the Application Server Key to `vapid_app_server_key` so that
+web applications can fetch it through `/capabilities` and use it to subscribe
+to the push manager:


This seems like a hassle. Any way to improve this?

Is it possible to make it generate if the file does not exist like we do for signing_key_path?

synapse/docs/usage/configuration/config_documentation.md

Lines 3128 to 3138 in 90a6bd0

### `signing_key_path`

Path to the signing key to sign events and federation requests with.

*New in Synapse 1.67*: If this file does not exist, Synapse will create a new signing

key on startup and store it in this file.

Example configuration:

```yaml

signing_key_path: "CONFDIR/SERVERNAME.signing.key"

```

Does it matter if this key changes from time to time?

It matters if the client isn't aware of this change

We would have to edit the config file since we need to also specify vapid_app_server_key.
However if we make vapid_app_server_key also (possibly) take a file as vapid_private_key does, it looks a lot more sane to do the generation on the fly.

Turns out vapid_app_server_key is just the public key in a specific format, we only need to store the private key. I've rework everything related to config and added generation on the fly.

synapse/config/experimental.py

synapse/push/webpushpusher.py

MadLittleMods · 2025-01-24T20:59:02Z

synapse/push/webpushpusher.py

+
+    async def send_webpush(self, content: JsonDict) -> Union[bool, List[str]]:
+        # web push only supports normal and low priority, so assume normal if absent
+        low_priority = content.get("prio") == "low"


"low" should be a constant PushPriority.LOW

synapse/push/webpushpusher.py

MadLittleMods · 2026-01-12T17:19:31Z

changelog.d/17987.feature

@@ -0,0 +1,2 @@
+MSC4174: add support for WebPush pusher kind.


@MatMaul Any interest in continuing this implementation?

WebPush came up recently as an alternative to MSC3013: 'Encrypted Push' in terms of leaking room_id/event_id metadata.

I am at it again 💪

Co-authored-by: Eric Eastwood <madlittlemods@gmail.com>

synapse/config/experimental.py

MatMaul · 2026-02-27T23:08:58Z

synapse/push/webpushpusher.py

+MAX_CIPHERTEXT_LENGTH = 2000
+
+
+class WebPushPusher(HttpPusher):


A lot of the logic is reused, send_badge and dispatch_push are actually quite small compared to the rest of the logic in HttpPusher.
Also while email notif (it's not really push honestly :) ) content is quite different, having push content be mostly similar between them outside of medium specific properties makes sense I believe.

synapse/push/webpushpusher.py

MatMaul · 2026-02-27T23:15:37Z

docs/webpush.md

+In the synapse virtualenv, generate the server key pair by running
+`vapid --gen --applicationServerKey`. This will generate a `private_key.pem`
+(which you'll refer to in the config file with `vapid_private_key`) 
+and `public_key.pem` file, and also a string labeled `Application Server Key`.
+
+You'll copy the Application Server Key to `vapid_app_server_key` so that
+web applications can fetch it through `/capabilities` and use it to subscribe
+to the push manager:


We would have to edit the config file since we need to also specify vapid_app_server_key.
However if we make vapid_app_server_key also (possibly) take a file as vapid_private_key does, it looks a lot more sane to do the generation on the fly.

MatMaul · 2026-02-27T23:16:19Z

changelog.d/17987.feature

@@ -0,0 +1,2 @@
+MSC4174: add support for WebPush pusher kind.


I am at it again 💪

Co-authored-by: Eric Eastwood <madlittlemods@gmail.com>

MatMaul mentioned this pull request Dec 2, 2024

MSC4174: Web push matrix-org/matrix-spec-proposals#4174

Open

MatMaul force-pushed the msc4174 branch 7 times, most recently from a561f07 to 09ba9c3 Compare December 7, 2024 14:38

github-actions bot deployed to PR Documentation Preview December 7, 2024 14:39 Active

MatMaul changed the title ~~Add support of MSC4174~~ MSC4174: add support for WebPush pusher kind Dec 7, 2024

MatMaul force-pushed the msc4174 branch from 09ba9c3 to c464d9e Compare December 7, 2024 14:41

github-actions bot deployed to PR Documentation Preview December 7, 2024 14:42 Active

MatMaul force-pushed the msc4174 branch from c464d9e to 3c6cbdd Compare December 7, 2024 14:53

github-actions bot deployed to PR Documentation Preview December 7, 2024 14:54 Active

MatMaul force-pushed the msc4174 branch from 3c6cbdd to a745870 Compare December 7, 2024 14:56

github-actions bot deployed to PR Documentation Preview December 7, 2024 14:57 Active

MSC4174: add support for WebPush pusher kind

a3f58ad

MatMaul force-pushed the msc4174 branch from a745870 to a3f58ad Compare December 7, 2024 17:38

github-actions bot deployed to PR Documentation Preview December 7, 2024 17:39 Active

MatMaul marked this pull request as ready for review December 7, 2024 20:37

MatMaul requested a review from a team as a code owner December 7, 2024 20:37

p1gp1g reviewed Dec 9, 2024

View reviewed changes

synapse/push/webpushpusher.py Outdated Show resolved Hide resolved

p1gp1g reviewed Dec 9, 2024

View reviewed changes

synapse/config/experimental.py Outdated Show resolved Hide resolved

Address comments

920a3f1

github-actions bot deployed to PR Documentation Preview December 9, 2024 16:04 Active

lint

5515c37

github-actions bot deployed to PR Documentation Preview December 9, 2024 16:06 Active

Merge branch 'develop' into msc4174

c029e9a

github-actions bot deployed to PR Documentation Preview December 9, 2024 16:39 Active

Merge branch 'develop' into msc4174

20f4a31

github-actions bot deployed to PR Documentation Preview December 13, 2024 11:43 Active

MadLittleMods requested changes Jan 24, 2025

View reviewed changes

MadLittleMods reviewed Jan 12, 2026

View reviewed changes

MatMaul and others added 8 commits February 25, 2026 23:08

Merge remote-tracking branch 'origin/develop' into msc4174

8f22240

Fix doc

4c20c10

Missing deps

c8a7847

Apply simple suggestions from code review

9727f55

Co-authored-by: Eric Eastwood <madlittlemods@gmail.com>

Update lock file

e2d67d6

Fix merge

ad0f8fe

Merge remote-tracking branch 'origin/develop' into msc4174

94e946c

Use | instead of Union

bf0cbd1

MatMaul force-pushed the msc4174 branch from b6490e0 to 6cd5b23 Compare February 27, 2026 20:29

fix old deps

5f67af1

MatMaul force-pushed the msc4174 branch from 6cd5b23 to 5f67af1 Compare February 27, 2026 20:48

MatMaul commented Feb 27, 2026

View reviewed changes

MatMaul and others added 6 commits February 28, 2026 10:43

Apply suggestion from @MadLittleMods

f54ad43

Co-authored-by: Eric Eastwood <madlittlemods@gmail.com>

Do not create a vapid signer for each push

18dcea0

Address some comments

9eb04a5

Address more comments

12fb074

Rework configuration and generate vapid key if needed

e7e6d52

Merge remote-tracking branch 'origin/develop' into msc4174

86422ab

MatMaul force-pushed the msc4174 branch 2 times, most recently from 79e6b05 to ecd0ed0 Compare March 7, 2026 20:53

Rework conf

bad15bf

MatMaul force-pushed the msc4174 branch from ecd0ed0 to bad15bf Compare March 7, 2026 20:58

MatMaul added 3 commits March 8, 2026 00:01

Use url instead of endpoint

b57a473

Add test and fix some stuffs

3946928

skip tests if pywebpush not avail

d25e7c9

MatMaul force-pushed the msc4174 branch from c3f64ea to d25e7c9 Compare March 9, 2026 00:44

fix olddeps

c9229ed

	### `signing_key_path`

	Path to the signing key to sign events and federation requests with.

	New in Synapse 1.67: If this file does not exist, Synapse will create a new signing
	key on startup and store it in this file.

	Example configuration:
	```yaml
	signing_key_path: "CONFDIR/SERVERNAME.signing.key"
	```

		@@ -0,0 +1,2 @@
		MSC4174: add support for WebPush pusher kind.

		MAX_CIPHERTEXT_LENGTH = 2000


		class WebPushPusher(HttpPusher):

Conversation

MatMaul commented Dec 2, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Pull Request Checklist

Uh oh!

Uh oh!

Uh oh!

MadLittleMods left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

MatMaul commented Dec 2, 2024 •

edited

Loading