Introduce Firebase and notifications

[LennertDefauw1]

[SPECS + RESEARCH] Firebase notifications for chat messages

To introduce the FreeFlow connect app, Firebase notifications are a requirement. If a user receives a message without his mobile application open, he should get notified with a popup/notification on his mobile phone.

Therefore, we will use Firebase with the existing FreeFlow web interface/mobile application.

Research

After doing some research and trial and error, I got notifications inside the FreeFlow app (Notifications when the app is open + notifications when the app is in the background / not opened yet). I could push the notifications manually through the Firebase console, which is of course not meant to be the end solution for this issue.

As far as I understood my research, it is currently not possible to send notifications directly from device to device. Unless you create an HTTP request with Authorization headers. But in these headers, the server API key of the Firebase project is necessary and this is of course a no-go. It is very hard to destruct a flutter app and to find hardcoded variables, but it should still be possible to obtain the server key. This is not what we want.

Proposal for implementation

We will need several applications to communicate with each other to let this work:

• FreeFlow backend
• ThreeFold Connect API
• Microservice connected to Firebase

Drawing

FreeFlow backend

When a message is sent, we will send the message to the recipient his backend, and a check will be made on this place

• is the user connected (if yes: check if the socket is connected with the mobile app if no: use microservice to send a notification)

Use microservice

An API call will be done of the recipient its backend to an external microservice with the following body:

{
  "time": string,
  "message": string (ENCRYPTED!),
  "sender": string,
  "group": boolean,
  "me": string
}

Note: me and sender example: Lennert wants to send message to Tobias: sender is Lennert and me is Tobias

The message will be encrypted with me its derived public key The whole message will be signed with me its derived private key

Microservice Firebase

A new NodeJS backend has to be written as a microservice to make a secure notification system for this app. This NodeJS script has the server key for FireBase as a secret. Preferably this is a Cloud function of Firebase itself (TODO: will we reach limits for free usage of firebase?).

This script will also be connected with a Firebase Store: to store the necessary data to redirect the Notification to the right user. The best solution would be a key:value store. The key would be a 3bot username and the value would be the FirebaseIdentifier.

In this way, we always know what FirebaseIdentifier is linked to what user.

For security reasons, in this step, a verification process will be done for the given message.

Steps:

• Retrieve the derived public key of the user using TFConnect API
• Verify the signature with its public key

If the verification failed: ALWAYS deny the request and NEVER send a notification. If the verification is successful: retrieve the FirebaseIdentifier of me using the Firebase Store and sent the necessary data in a payload to this Firebase Identifier

FreeFlow app

When a notification event has been triggered, before showing the notification, decrypt the message with your private key and if the decryption is successful: show the message

Tasks for FreeFlow app

• [x] Initialize Firebase for Android
• [x] Initialize Firebase for IOS
• [x] When logged in, a POST a request to Microservice to sync your username with your FirebaseIdentifier
• [x] Listen to all notification events
• [x] If the app is opened, show a popup with the notification
• [x] If the app is closed, add a notification to the device
• [x] On notification tap => open chat
• [ ] Obtain the private key of the container using webview event handlers
• [ ] When notification is received, decrypt the message using the private key and show the notification
• [x] Create custom notification icons

Tasks for FreeFlow Backend

• [x] Check count of socket connections inside the backend
• [x] If mobile app not connected: create POST request with given specs on message receive event
• [x] Add event handler when logged in
• [ ] Add event handler for retrieving the derivedSeed

Tasks for microservice

• [x] Create Firebase service account
• [x] Create Firebase Cloud Function
• [x] Create Firebase database
• [x] Add 2 routes: POST /identifier and POST /notification
• [x] Verify the signed message as explained in the specs
• [x] If verified, trigger the notification the the FirebaseIdentifier

[LennertDefauw1]

Encryption and decryption is not implemented yet V1 will be just "sent you a message", since a new keypair needs to be generated on the device and public key needs to be stored in TFConnect which is some work to do. This feature will be for V2.

We need to create a new keypair for each app since there is no option to obtain the derived seed of the container inside the app due security measurements.