From 98199846b3852921b2ab576609191563d02079de Mon Sep 17 00:00:00 2001
From: Elias Nahum <nahumhbl@gmail.com>
Date: Thu, 14 Apr 2022 10:48:54 -0400
Subject: [PATCH 1/2] Add support for Apple APNS AuthKey

---
 config/mattermost-push-proxy.json   | 10 +++++--
 server/apple_notification_server.go | 46 +++++++++++++++++++++++++++--
 server/config_push_proxy.go         |  3 ++
 3 files changed, 54 insertions(+), 5 deletions(-)

diff --git a/config/mattermost-push-proxy.json b/config/mattermost-push-proxy.json
index 112c0459..717c4ec5 100644
--- a/config/mattermost-push-proxy.json
+++ b/config/mattermost-push-proxy.json
@@ -10,14 +10,20 @@
             "ApplePushUseDevelopment":false,
             "ApplePushCertPrivate":"",
             "ApplePushCertPassword":"",
-            "ApplePushTopic":"com.mattermost.Mattermost"
+            "ApplePushTopic":"com.mattermost.Mattermost",
+            "AppleAuthKeyFile": "",
+            "AppleAuthKeyID": "",
+            "AppleTeamID": ""
         },
         {
             "Type":"apple_rn",
             "ApplePushUseDevelopment":false,
             "ApplePushCertPrivate":"",
             "ApplePushCertPassword":"",
-            "ApplePushTopic":"com.mattermost.react.native"
+            "ApplePushTopic":"com.mattermost.react.native",
+            "AppleAuthKeyFile": "",
+            "AppleAuthKeyID": "",
+            "AppleTeamID": ""
         }
     ],
     "AndroidPushSettings":[
diff --git a/server/apple_notification_server.go b/server/apple_notification_server.go
index 9af95483..09f427bf 100644
--- a/server/apple_notification_server.go
+++ b/server/apple_notification_server.go
@@ -13,6 +13,7 @@ import (
 	apns "github.com/sideshow/apns2"
 	"github.com/sideshow/apns2/certificate"
 	"github.com/sideshow/apns2/payload"
+	"github.com/sideshow/apns2/token"
 	"golang.org/x/net/http2"
 )
 
@@ -32,12 +33,49 @@ func NewAppleNotificationServer(settings ApplePushSettings, logger *Logger, metr
 }
 
 func (me *AppleNotificationServer) Initialize() bool {
-	me.logger.Infof("Initializing apple notification server for type=%v", me.ApplePushSettings.Type)
+	if me.ApplePushSettings.AppleAuthKeyFile != "" && me.ApplePushSettings.AppleAuthKeyID != "" && me.ApplePushSettings.AppleTeamID != "" {
+		authKey, err := token.AuthKeyFromFile(me.ApplePushSettings.AppleAuthKeyFile)
+		if err != nil {
+			me.logger.Panicf("Failed to initialize apple notification service with AuthKey file err=%v ", err)
+		}
+
+		appleToken := &token.Token{
+			AuthKey: authKey,
+			KeyID:   me.ApplePushSettings.AppleAuthKeyID,
+			TeamID:  me.ApplePushSettings.AppleTeamID,
+		}
+
+		if me.ApplePushSettings.ApplePushUseDevelopment {
+			me.AppleClient = apns.NewTokenClient(appleToken).Development()
+		} else {
+			me.AppleClient = apns.NewTokenClient(appleToken).Production()
+		}
 
-	if me.ApplePushSettings.ApplePushCertPrivate != "" {
+		// Override the native transport.
+		proxyServer := getProxyServer()
+		if proxyServer != "" {
+			transport := &http.Transport{
+				Proxy: func(request *http.Request) (*url.URL, error) {
+					return url.Parse(proxyServer)
+				},
+				IdleConnTimeout: apns.HTTPClientTimeout,
+			}
+			err := http2.ConfigureTransport(transport)
+			if err != nil {
+				me.logger.Errorf("Transport Error: %v", err)
+				return false
+			}
+
+			me.AppleClient.HTTPClient.Transport = transport
+		}
+
+		me.logger.Infof("Initializing apple notification server for type=%v with AuthKey", me.ApplePushSettings.Type)
+
+		return true
+	} else if me.ApplePushSettings.ApplePushCertPrivate != "" {
 		appleCert, appleCertErr := certificate.FromPemFile(me.ApplePushSettings.ApplePushCertPrivate, me.ApplePushSettings.ApplePushCertPassword)
 		if appleCertErr != nil {
-			me.logger.Panicf("Failed to load the apple pem cert err=%v for type=%v", appleCertErr, me.ApplePushSettings.Type)
+			me.logger.Panicf("Failed to initialize apple notification service with pem cert err=%v for type=%v", appleCertErr, me.ApplePushSettings.Type)
 			return false
 		}
 
@@ -70,6 +108,8 @@ func (me *AppleNotificationServer) Initialize() bool {
 			me.AppleClient.HTTPClient.Transport = transport
 		}
 
+		me.logger.Infof("Initializing apple notification server for type=%v with PEM certificate", me.ApplePushSettings.Type)
+
 		return true
 	} else {
 		me.logger.Errorf("Apple push notifications not configured.  Missing ApplePushCertPrivate. for type=%v", me.ApplePushSettings.Type)
diff --git a/server/config_push_proxy.go b/server/config_push_proxy.go
index 422c7037..c25e91a9 100644
--- a/server/config_push_proxy.go
+++ b/server/config_push_proxy.go
@@ -29,6 +29,9 @@ type ApplePushSettings struct {
 	ApplePushCertPrivate    string
 	ApplePushCertPassword   string
 	ApplePushTopic          string
+	AppleAuthKeyFile        string
+	AppleAuthKeyID          string
+	AppleTeamID             string
 	ApplePushUseDevelopment bool
 }
 

From 58956563328783d04623930007975173ae821fb0 Mon Sep 17 00:00:00 2001
From: Elias Nahum <nahumhbl@gmail.com>
Date: Fri, 15 Apr 2022 11:12:20 -0400
Subject: [PATCH 2/2] feedback review

---
 server/apple_notification_server.go | 90 ++++++++++++++---------------
 1 file changed, 42 insertions(+), 48 deletions(-)

diff --git a/server/apple_notification_server.go b/server/apple_notification_server.go
index 09f427bf..d6fe71ee 100644
--- a/server/apple_notification_server.go
+++ b/server/apple_notification_server.go
@@ -32,6 +32,41 @@ func NewAppleNotificationServer(settings ApplePushSettings, logger *Logger, metr
 	}
 }
 
+func (me *AppleNotificationServer) setupProxySettings(appleCert *tls.Certificate) bool {
+	// Override the native transport.
+	proxyServer := getProxyServer()
+	if proxyServer != "" {
+		transport := &http.Transport{
+			Proxy: func(request *http.Request) (*url.URL, error) {
+				return url.Parse(proxyServer)
+			},
+			IdleConnTimeout: apns.HTTPClientTimeout,
+		}
+
+		if appleCert != nil {
+			transport.TLSClientConfig = &tls.Config{
+				Certificates: []tls.Certificate{*appleCert},
+			}
+		}
+
+		err := http2.ConfigureTransport(transport)
+		if err != nil {
+			me.logger.Errorf("Transport Error: %v", err)
+			return false
+		}
+
+		me.AppleClient.HTTPClient.Transport = transport
+	}
+
+	if appleCert != nil {
+		me.logger.Infof("Initializing apple notification server for type=%v with PEM certificate", me.ApplePushSettings.Type)
+	} else {
+		me.logger.Infof("Initializing apple notification server for type=%v with AuthKey", me.ApplePushSettings.Type)
+	}
+
+	return true
+}
+
 func (me *AppleNotificationServer) Initialize() bool {
 	if me.ApplePushSettings.AppleAuthKeyFile != "" && me.ApplePushSettings.AppleAuthKeyID != "" && me.ApplePushSettings.AppleTeamID != "" {
 		authKey, err := token.AuthKeyFromFile(me.ApplePushSettings.AppleAuthKeyFile)
@@ -52,27 +87,10 @@ func (me *AppleNotificationServer) Initialize() bool {
 		}
 
 		// Override the native transport.
-		proxyServer := getProxyServer()
-		if proxyServer != "" {
-			transport := &http.Transport{
-				Proxy: func(request *http.Request) (*url.URL, error) {
-					return url.Parse(proxyServer)
-				},
-				IdleConnTimeout: apns.HTTPClientTimeout,
-			}
-			err := http2.ConfigureTransport(transport)
-			if err != nil {
-				me.logger.Errorf("Transport Error: %v", err)
-				return false
-			}
-
-			me.AppleClient.HTTPClient.Transport = transport
-		}
-
-		me.logger.Infof("Initializing apple notification server for type=%v with AuthKey", me.ApplePushSettings.Type)
+		return me.setupProxySettings(nil)
+	}
 
-		return true
-	} else if me.ApplePushSettings.ApplePushCertPrivate != "" {
+	if me.ApplePushSettings.ApplePushCertPrivate != "" {
 		appleCert, appleCertErr := certificate.FromPemFile(me.ApplePushSettings.ApplePushCertPrivate, me.ApplePushSettings.ApplePushCertPassword)
 		if appleCertErr != nil {
 			me.logger.Panicf("Failed to initialize apple notification service with pem cert err=%v for type=%v", appleCertErr, me.ApplePushSettings.Type)
@@ -86,35 +104,11 @@ func (me *AppleNotificationServer) Initialize() bool {
 		}
 
 		// Override the native transport.
-		proxyServer := getProxyServer()
-		if proxyServer != "" {
-			tlsConfig := &tls.Config{
-				Certificates: []tls.Certificate{appleCert},
-			}
-
-			transport := &http.Transport{
-				TLSClientConfig: tlsConfig,
-				Proxy: func(request *http.Request) (*url.URL, error) {
-					return url.Parse(proxyServer)
-				},
-				IdleConnTimeout: apns.HTTPClientTimeout,
-			}
-			err := http2.ConfigureTransport(transport)
-			if err != nil {
-				me.logger.Errorf("Transport Error: %v", err)
-				return false
-			}
-
-			me.AppleClient.HTTPClient.Transport = transport
-		}
-
-		me.logger.Infof("Initializing apple notification server for type=%v with PEM certificate", me.ApplePushSettings.Type)
-
-		return true
-	} else {
-		me.logger.Errorf("Apple push notifications not configured.  Missing ApplePushCertPrivate. for type=%v", me.ApplePushSettings.Type)
-		return false
+		return me.setupProxySettings(&appleCert)
 	}
+
+	me.logger.Errorf("Apple push notifications not configured.  Missing ApplePushCertPrivate. for type=%v", me.ApplePushSettings.Type)
+	return false
 }
 
 func (me *AppleNotificationServer) SendNotification(msg *PushNotification) PushResponse {