fix key logic

2025-07-18 17:07:46 +01:00 · 2025-07-18 17:07:46 +01:00 · 5ab44bd78d
commit 5ab44bd78d
parent 42831d294c
1 changed files with 20 additions and 12 deletions
--- a/routes/api.py
+++ b/routes/api.py
@ -15,6 +15,8 @@ from ktvmanager.lib.checker import validate_account
 from typing import Tuple
 import json
 import re
+from cryptography.hazmat.primitives import serialization
+from cryptography.hazmat.primitives.asymmetric import ec
 from pywebpush import webpush, WebPushException

 api_blueprint = Blueprint("api", __name__)
@ -149,18 +151,24 @@ def login_route(username: str, password: str) -> Response:
 def vapid_public_key():
    """Provides the VAPID public key in the correct format."""
    pem_key = current_app.config["VAPID_PUBLIC_KEY"]
-    # Use regex to robustly extract the base64 content from the PEM key
-    match = re.search(r"-----BEGIN PUBLIC KEY-----(.*)-----END PUBLIC KEY-----", pem_key, re.DOTALL)
-    if not match:
-        return jsonify({"error": "Could not parse VAPID public key from config"}), 500
+    try:
+        public_key = serialization.load_pem_public_key(pem_key.encode("utf-8"))
+        if not isinstance(public_key, ec.EllipticCurvePublicKey):
+            raise TypeError("VAPID public key is not an Elliptic Curve key")
        
-    # Join the split lines to remove all whitespace and newlines
-    base64_key = "".join(match.group(1).split())
+        # Get the raw, uncompressed public key bytes (65 bytes for P-256)
+        raw_key = public_key.public_bytes(
+            encoding=serialization.Encoding.X962,
+            format=serialization.PublicFormat.UncompressedPoint
+        )
        
-    # Convert to URL-safe base64 and remove padding for the PushManager API
-    url_safe_key = base64_key.replace('+', '-').replace('/', '_').rstrip('=')
+        # URL-safe base64 encode the raw key
+        url_safe_key = base64.urlsafe_b64encode(raw_key).rstrip(b'=').decode('utf-8')
        
-    return jsonify({"public_key": url_safe_key})
+        return jsonify({"public_key": url_safe_key})
+    except (ValueError, TypeError, AttributeError) as e:
+        current_app.logger.error(f"Error processing VAPID public key: {e}")
+        return jsonify({"error": "Could not process VAPID public key"}), 500


@api_blueprint.route("/save-subscription", methods=["POST"])