Skip to content

Commit

Permalink
Merge pull request #788 from wultra/develop
Browse files Browse the repository at this point in the history 
Merge develop to master
  • Loading branch information
@banterCZ
banterCZ authored Apr 9, 2024
2 parents 6083c06 + 27906c9 commit 621bd0c
Show file tree
Hide file tree
Showing 110 changed files with 4,237 additions and 2,833 deletions.
5 changes: 3 additions & 2 deletions .github/workflows/codeql-analysis.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,9 @@ jobs:
uses: wultra/wultra-infrastructure/.github/workflows/codeql-analysis.yml@develop
secrets: inherit
with:
languages: "['java', 'javascript']"
languages: "['java']"
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
# Use only 'java' to analyze code written in Java, Kotlin or both
# Use only 'javascript' to analyze code written in JavaScript, TypeScript or both
# Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
# Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
java_version: 21
2 changes: 2 additions & 0 deletions .github/workflows/maven-deploy.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ jobs:
with:
environment: internal-publish
release_type: snapshot
java_version: 21
secrets:
username: ${{ secrets.MAVEN_CENTRAL_USERNAME }}
password: ${{ secrets.MAVEN_CENTRAL_PASSWORD }}
Expand All @@ -45,6 +46,7 @@ jobs:
with:
environment: ${{ inputs.environment }}
release_type: ${{ inputs.release_type }}
java_version: 21
secrets:
username: ${{ secrets.MAVEN_CENTRAL_USERNAME }}
password: ${{ secrets.MAVEN_CENTRAL_PASSWORD }}
Expand Down
4 changes: 3 additions & 1 deletion .github/workflows/maven-test.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,4 +17,6 @@ on:
jobs:
maven-tests:
uses: wultra/wultra-infrastructure/.github/workflows/maven-test.yml@develop
secrets: inherit
secrets: inherit
with:
java_version: 21
4 changes: 2 additions & 2 deletions .github/workflows/scp-deploy.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,10 +8,10 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up JDK 17
- name: Set up JDK 21
uses: actions/setup-java@v3
with:
java-version: 17
java-version: 21
distribution: 'temurin'
server-id: jfrog-central
server-username: INTERNAL_USERNAME
Expand Down
25 changes: 22 additions & 3 deletions docs/Configuration-Properties.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,6 @@ The Push Server uses the following public configuration properties:
| `spring.datasource.url` | `jdbc:postgresql://localhost:5432/powerauth` | Database JDBC URL |
| `spring.datasource.username` | `powerauth` | Database JDBC username |
| `spring.datasource.password` | `_empty_` | Database JDBC password |
| `spring.datasource.driver-class-name` | `org.postgresql.Driver` | Datasource JDBC class name |
| `spring.jpa.properties.hibernate.connection.characterEncoding` | `utf8` | Character encoding |
| `spring.jpa.properties.hibernate.connection.useUnicode` | `true` | Character encoding - Unicode support |

Expand All @@ -31,6 +30,8 @@ The Push Server uses the following public configuration properties:
| `powerauth.push.service.applicationEnvironment` | `_empty_` | Environment identifier |
| `powerauth.push.service.message.storage.enabled` | `false` | Whether persistent storing of sent messages is enabled |
| `powerauth.push.service.registration.multipleActivations.enabled` | `false` | Whether push registration supports "associated activations" |
| `powerauth.push.service.registration.retry.backoff` | `100` | Duration in milliseconds before a retry attempt during device registration in case of an insert error |
| `owerauth.push.service.registration.retry.maxAttempts` | `2` | Max number of retry attempts during device registration in case of an insert error |

## PowerAuth Push Campaign Setup

Expand Down Expand Up @@ -58,7 +59,7 @@ The Push Server uses the following public configuration properties:
| `powerauth.push.service.apns.idlePingInterval` | `60000` | Interval in milliseconds specifying the frequency of APNS ping calls in idle state |
| `powerauth.push.service.apns.concurrentConnections` | `1` | Push message concurrency settings |

# FCM Configuration
## FCM Configuration

| Property | Default | Note |
|---|---|---|
Expand All @@ -71,6 +72,22 @@ The Push Server uses the following public configuration properties:
| `powerauth.push.service.fcm.sendMessageUrl` | `https://fcm.googleapis.com/v1/projects/%s/messages:send` | Default URL for the FCM service |
| `powerauth.push.service.fcm.connect.timeout` | `5000` | Push message gateway connect timeout in milliseconds |

## HMS Configuration

| Property | Default | Note |
|---------------------------------------------------|---------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------|
| `powerauth.push.service.hms.proxy.enabled` | `false` | Flag indicating if the communication needs to go through proxy. |
| `powerauth.push.service.hms.proxy.host` | `127.0.0.1` | Proxy host. |
| `powerauth.push.service.hms.proxy.port` | `8080` | Proxy port. |
| `powerauth.push.service.hms.proxy.username` | `_empty_` | Proxy username. |
| `powerauth.push.service.hms.proxy.password` | `_empty_` | Proxy password. |
| `powerauth.push.service.hms.dataNotificationOnly` | `false` | Flag indicating that HMS service should never use "notification" format, only a data format with extra payload representing the notification. |
| `powerauth.push.service.hms.sendMessageUrl` | `https://push-api.cloud.huawei.com/v2/%s/messages:send` | Default URL for the HMS service. |
| `powerauth.push.service.hms.tokenUrl` | `https://oauth-login.cloud.huawei.com/oauth2/v3/token` | Default URL for the HMS OAuth service to obtain an access token. |
| `powerauth.push.service.hms.connect.timeout` | `5s` | Push message gateway connect timeout. |
| `powerauth.push.service.hms.response.timeout` | `60s` | Push message gateway maximum duration allowed between each network-level read operations. |
| `powerauth.push.service.hms.max-idle-time` | `200s` | Push message gateway ConnectionProvider max idle time. |

## Correlation HTTP Header Configuration

| Property | Default | Note |
Expand All @@ -82,6 +99,8 @@ The Push Server uses the following public configuration properties:


## Monitoring and Observability

| Property | Default | Note |
|-------------------------------------------|---------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `management.tracing.sampling.probability` | `1.0` | Specifies the proportion of requests that are sampled for tracing. A value of 1.0 means that 100% of requests are sampled, while a value of 0 effectively disables tracing. |
The WAR file includes the `micrometer-registry-prometheus` dependency.
Discuss its configuration with the [Spring Boot documentation](https://docs.spring.io/spring-boot/docs/3.1.x/reference/html/actuator.html#actuator.metrics).
16 changes: 5 additions & 11 deletions docs/Deploying-Push-Server.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,6 @@ The default database connectivity parameters in `powerauth-push-server.war` are
spring.datasource.url=jdbc:postgresql://localhost:5432/powerauth
spring.datasource.username=powerauth
spring.datasource.password=
spring.datasource.driver-class-name=org.postgresql.Driver
spring.jpa.properties.hibernate.temp.use_jdbc_metadata_defaults=false
spring.jpa.properties.hibernate.connection.characterEncoding=utf8
spring.jpa.properties.hibernate.connection.useUnicode=true
Expand Down Expand Up @@ -126,14 +125,6 @@ The credentials are stored in the `pa_integration` table.

_Note: The RESTful interface is secured using Basic HTTP Authentication (pre-emptive)._

## Using up ALPN

PowerAuth Push Server uses [Pushy](https://github.com/relayrides/pushy) to send notifications. Since Pushy uses the new HTTP/2 interface for sending APNs messages, underlying server must support this protocol. As a result, Java runtime / application container must support HTTP/2 as well.

### APNL and Tomcat 8.0

Put `alpn-boot` library (available [here](https://mvnrepository.com/artifact/org.mortbay.jetty.alpn/alpn-boot)) in `${CATALINA_HOME}/lib` folder and make sure to start Tomcat with `-Xbootclasspath/p:${CATALINA_HOME}/lib/alpn-boot.jar` parameters, so that the library is on classpath.

## Correlation Header Configuration (Optional)

You can enable correlation header logging in Push server by enabling the following properties:
Expand All @@ -153,6 +144,9 @@ For best traceability, the correlation headers should be enabled in the whole Po

## Deploying Push Server

PowerAuth Push Server uses [Pushy](https://github.com/relayrides/pushy) to send notifications.
Since Pushy uses the new HTTP/2 interface for sending APNs messages, the underlying server must support this protocol.

### Inside the Container

You can deploy PowerAuth Push Server into any Java EE container.
Expand All @@ -163,7 +157,7 @@ To deploy PowerAuth Push Server to Apache Tomcat, simply copy the WAR file in yo

*__Important note: Since PowerAuth Push Server is a very simple application with direct access to the PowerAuth Server REST services, it must not be under any circumstances published publicly and must be constrained to the in-house closed infrastructure. The only exception to this rule is the requirement to open up ports for the purpose of communication with APNs and FCM services - the push notifications apparently would not work without access to the primary push service providers.__*

## Outside the Container
### Outside the Container

You can also execute WAR file directly using the following command:

Expand All @@ -175,7 +169,7 @@ _Note: You can overwrite the port using `-Dserver.port=8090` parameter to avoid

*__Important note: Since PowerAuth Push Server is a very simple application with direct access to the PowerAuth Server REST services, it must not be under any circumstances published publicly and must be constrained to the in-house closed infrastructure. The only exception to this rule is the requirement to open up ports for the purpose of communication with APNs and FCM services - the push notifications apparently would not work without access to the primary push service providers.__*

## Deploying Push Server On JBoss / Wildfly
### Deploying Push Server On JBoss / Wildfly

Follow the extra instructions in chapter [Deploying Push Server on JBoss / Wildfly](./Deploying-Wildfly.md).

Expand Down
1 change: 1 addition & 0 deletions docs/Migration-Instructions.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@

This page contains PowerAuth Push Server migration instructions.

- [PowerAuth Push Server 1.7.0](./PowerAuth-Push-Server-1.7.0.md)
- [PowerAuth Push Server 1.6.0](./PowerAuth-Push-Server-1.6.0.md)
- [PowerAuth Push Server 1.5.0](./PowerAuth-Push-Server-1.5.0.md)
- [PowerAuth Push Server 1.4.0](./PowerAuth-Push-Server-1.4.0.md)
Expand Down
11 changes: 11 additions & 0 deletions docs/PowerAuth-Push-Server-1.7.0.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
# Migration from 1.6.x to 1.7.x

This guide contains instructions for migration from PowerAuth Push Server version `1.6.x` to version `1.7.x`.


## Database Changes


### Huawei Mobile Services

To support HMS, the columns `hms_project_id`, `hms_client_id`, and `hms_client_secret` have been added into the table `push_app_credentials`.
26 changes: 25 additions & 1 deletion docs/Push-Message-Payload-Mapping.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
# Push Message Payload Mapping

The push server provides a convenient wrapper on top of the push messages sent to various platforms (APNS, FCM). This chapter describes what fields of the abstract push message are mapped to particular fields of APNS or FCM payload.
The push server provides a convenient wrapper on top of the push messages sent to various platforms (APNS, FCM, HMS).
This chapter describes what fields of the abstract push message are mapped to particular fields of APNS, FCM, or HMS payload.

## Abstract Push Message Object

Expand Down Expand Up @@ -82,3 +83,26 @@ For the documentation of the FCM payload reference, please read the official Goo
### Silent Messages

In case a push message is marked with the `silent` flag, we do not add attributes that trigger visible push notifications (attributes with `notification.*` path), even if they are present in the abstract push message object.


## HMS Mapping

Attributes of the abstract push message object are mapped to HMS payload in following way:

| Abstract Message Attribute | HMS Mapped Attributes | Type | Description |
|----------------------------|-------------------------------|----------------------------|--------------------------------------------------------------------------------------------------------------------|
| `title` | `notification.title` | | |
| `titleLocKey` | `notification.title_loc_key` | | |
| `titleLocArgs` | `notification.title_loc_args` | | |
| `body` | `notification.body` | | |
| `bodyLocKey` | `notification.body_loc_key` | | |
| `bodyLocArgs` | `notification.body_loc_args` | | |
| `badge` | _ignored_ | | |
| `category` | `notification.tag` | | |
| `sound` | `notification.sound` | | |
| `icon` | `notification.icon` | | |
| `collapseKey` | `collapse_key` | String containing Integer | Mode for the Push Kit server to cache messages sent to an offline device. `-1` (default): All messages are cached. |
| `validUntil` | _ignored_ | | |
| `extras` | `data` | | |

For details, see [Huawei documentation](https://developer.huawei.com/consumer/en/doc/HMSCore-References/https-send-api-0000001050986197).
Loading

0 comments on commit 621bd0c

Please sign in to comment.