search

SherClockHolmes / webpush-go

Web Push API Encryption with VAPID support.
MIT License
312 stars 67 forks source link

Wrong Subscription.Keys.Auth value does not return an error #47

Open eugbyte opened 1 year ago

eugbyte commented 1 year ago

Wrong Subscription.Keys.Auth value does not return an error

For example, if I were to append a random value to the Auth field as such,

sub := &webpush.Subscription{
        Endpoint: endpoint,
        Keys: webpush.Keys{
            Auth:   "my_auth" + "a",
            P256dh: "my_p256dh",
        },
    }

I still get status code 201 when calling webpush.SendNotification(), indicating that the request to send a push message was received and accepted

resp, err := webpush.SendNotification([]byte(message), sub, &webpush.Options{
        Subscriber:      "my_email",
        VAPIDPublicKey:  "my_public_key",
        VAPIDPrivateKey: "my_private_key",
        TTL:             ttl,
    })

fmt.Println(resp.Status, resp.StatusCode)
// "201 Created" 201
eugbyte commented 1 year ago

I notice that so long as the appended value to Subscription.Keys.Auth does not exceed length of 2, no error is returned. Otherwise, the error message will be illegal base64 data at input byte 25