WebPush Notifications

Introduction

The WebPush protocol is defined by the RFC 8030 (Delivery using HTTP Push) and RFC 8291 (Message Encryption).

Web Push is a standardized protocol for delivering push notifications to web browsers. It uses the Push API, which is a standard web API that enables websites to register and receive push messages. The Push API allows a website to send push messages to a user's browser, even when the user is not actively browsing the website.

To use Web Push, a website first needs to obtain a push subscription from the user's browser. The subscription consists of a unique endpoint URL and an encryption key. The endpoint URL is a URL that the website can use to send push messages to the user's browser, and the encryption key is used to encrypt and decrypt the push messages.

Once the website has obtained a push subscription, it can send push messages to the user's browser by making an HTTP request to the endpoint URL. The push message is sent in a special format called the Web Push Protocol Message, which consists of a set of headers and a payload. The headers contain information such as the encryption key and the TTL (time-to-live) of the message, while the payload contains the actual content of the message.

When the user's browser receives a push message, it first decrypts the message using the encryption key. It then displays the notification to the user, along with any additional actions that the user can take, such as dismissing the notification or opening the website.

To ensure the security and privacy of push messages, Web Push uses end-to-end encryption and requires that push subscriptions be obtained over a secure connection (e.g., HTTPS). Additionally, the protocol provides mechanisms for authenticating the sender of a push message and preventing abuse (e.g., by limiting the number of push messages that a website can send to a user). 

Configuration

1. Attach a TsgcWSServer_API_WebPush to a WebSocket server using the Server property.
2. Configure the public and private keys in the WebPush.VAPID property. (Registered users can download an executable that generates the VAPID keys for windows).
3. Requires to deploy the openSSL 3.0.0 version
4. In the WebPush.Endpoints property you can define your own endpoints to handle the webpush subscriptions, by default, accessing to the "/sgcWebPush.html" endpoint will show a simple webpage that enables to Subscribe to the WebPush notifications.
5. Start the server and access to the endpoint configured to test it.

// ... create server
Server := TsgcWebSocketHTTPServer.Crete(nil);
WebPushServer := TsgcWSAPIServer_WebPush.Create(nil);

// ... attach webpush to the server
WebPushServer.Server := Server;

// ... set keys
WebPushServer.WebPush.VAPID.DER.PublicKey := 'BLRy7bKdS9SWqo_yBLnhL6fcrxt8INTzgJcxH--zbDPakzBQUIgT4wbvLczeZS154yjMuCPgAE8jiOys9gvEVVo';
WebPushServer.WebPush.VAPID.DER.PrivateKey := 'IE_ZkMcVaMh-clcMJcUwhAhdHBCh_HnfWKRzZHdEr6o';
WebPushServer.WebPush.VAPID.PEM.PrivateKey.Text := '-----BEGIN PRIVATE KEY-----....-----END PRIVATE KEY-----';

// ... start server
Server.Active := True;


 

Handling Subscriptions

Every time a new client subscribes, the event OnWebPushSubscription is called, here you can save the subscription object into a database to store all subscriptions and reload if the server is restarted. 

procedure OnPushSubscription(Sender: TObject; aSubscription: TsgcHTTP_API_WebPush_PushSubscription; var ResponseCode: Integer);
begin
  Dataset.Insert;
  DataSet.FieldByName('ENDPOINT').AsString := aSubscription.Endpoint;
  DataSet.FieldByName('PUBLICKEY').AsString := aSubscription.PublicKey;
  DataSet.FieldByName('AUTHSECRET').AsString := aSubscription.AuthSecret;
  Dataset.Post;
end; 

The WebPush server has an internal property, called Subscriptions, where all Subscriptions are inserted or removed automatically. If the server is restarted, you can load the previously stored subscription using the methods Subscriptions.AddSubscription and Subscriptions.RemoveSubscription. 

Sending Notifications

Use this method to send a notification given a subscription object. The subscription object is just a class with the following properties

• Endpoint: the url where the client must POST a message.
• PublicKey: the public key used to encrypt the message.
• AuthSecret: the secret used to encrypt the message.

The message can be a string or an object of TsgcWebPushMessage 

procedure SendNotification(const aSubscription: TsgcHTTP_API_WebPush_PushSubscription);
var
  oMessage: TsgcWebPushMessage;
begin
  oMessage := TsgcWebPushMessage.Create;
  Try
    oMessage.Title := 'eSeGeCe Notification';
    oMessage.Body := 'Subscription Successfully Registered!!!';
    oMessage.Icon := 'https://www.esegece.com/images/esegece_logo_small.png';
    oMessage.Url := 'https://www.esegece.com';
    sgcWSAPIServer_WebPush1.SendNotification(aSubscription, oMessage);
  Finally
    oMessage.Free;
  End;
end; 

Broadcast Notifications

Using this method, the message will be sent to all subscribed clients, find below a simple example using delphi code.

procedure BroadcastNotification;
var
  oMessage: TsgcWebPushMessage;
begin
  oMessage := TsgcWebPushMessage.Create;
  Try
    oMessage.Title := 'eSeGeCe Notification';
    oMessage.Body := 'New version released!!!';
    oMessage.Icon := 'https://www.esegece.com/images/esegece_logo_small.png';
    oMessage.Url := 'https://www.esegece.com';
    sgcWSAPIServer_WebPush1.BroadcastNotification(oMessage);
  Finally
    oMessage.Free;
  End;
end; 

WebPush Video

Delphi Source Code and Compiled Demo

Find below the delphi compiled demo for windows and the source code of the WebPush Server Demo.