Add dedicated endpoint for encrypted push notifications and batching (#41)

Changelog: added

Author: mfiebig

docs/concept.adoc

@@ -131,7 +131,7 @@ Möchte der Versicherte Push Notifications von mehreren Fachdiensten erhalten, w
         "app_id": "com.example.app.ios",
         "pushkey": "<APNS/GCM TOKEN>",
         "data": {
-          "url": "https://push-gateway.location.here/_matrix/push/v1/notify"
+          "url": "https://push-gateway.location.here/_matrix/push/v1/"
         },
         "encryption": {
           "method": "aes-hmac-sha256",
@@ -165,7 +165,7 @@ image::diagrams/send_push.svg[width=100%]
 2. Für jeden registrierten Pusher `p`, der für das Ereignis abonniert ist, wird eine Push-Benachrichtigung `Notification_p` mit mindestens folgenden Inhalten erzeugt (Die möglichen Felder und deren Beschreibungen sind auf der OpenAPI-Seite zu finden):
     a. `ciphertext` = Nachrichteninhalt aus 1a, `Base64(IV || Chiffrat || Authentication Tag)`  verschlüsselt mit dem aktuell gültigen Schlüssel.
     b. `time_message_encrypted` = Zeitpunkt der Verschlüsselung des Nachrichteinhaltes.
-    c. `devices` = (mindestens: app_id, push_token)
+    c. `device` = (mindestens: app_id, push_token) - Einzelnes Gerät für verschlüsselte Nachrichten
 3. Für jeden Pusher p wird die Push-Benachrichtigung `Notification_p` an das Push Gateways des Pushers `p` übermittelt.
 4. Das Push Gateway übermittelt die Push-Benachrichtigung `Notification_p` an den Push Provider.
 5. Der Push-Provider sendet die Notification an die zur `push_token` gehörende FdV-Instanz.
@@ -293,7 +293,7 @@ Durch die extra Schritte ist es später möglich, einen eventuell neu vergebenen
     "app_id": "com.example.app.ios",
     "pushkey": "<APNS/GCM TOKEN>",
     "data": {
-        "url": "https://push-gateway.location.here/_matrix/push/v1/notify"
+        "url": "https://push-gateway.location.here/_matrix/push/v1"
     },
     "encryption": {
         "method": "aes-hmac-sha256",
@@ -316,7 +316,7 @@ Durch die extra Schritte ist es später möglich, einen eventuell neu vergebenen
     "app_id": "com.example.app",
     "pushkey": "<APNS/GCM TOKEN>",
     "data": {
-        "url": "https://push-gateway.location.here/_matrix/push/v1/notify",
+        "url": "https://push-gateway.location.here/_matrix/push/v1",
         "platform": "ios"
     },
     "encryption": {
@@ -340,7 +340,7 @@ Durch die extra Schritte ist es später möglich, einen eventuell neu vergebenen
     "app_id": "com.example.app",
     "pushkey": "<APNS/GCM TOKEN>",
     "data": {
-        "url": "https://push-gateway.location.here/ios/_matrix/push/v1/notify"
+        "url": "https://push-gateway.location.here/ios/_matrix/push/v1"
     },
     "encryption": {
         "method": "aes-hmac-sha256",
@@ -388,13 +388,13 @@ function createNotification(trigger, device) {
         time_message_encrypted: time_message_encrypted,
         ciphertext: ciphertext,
         key_identifier: encryptionKey.identifier
-        devices: [
+        device: {
             app_id: device.app_id,
             pushkey: device.pushkey,
             pushkey_ts: device.pushkey_ts,
             data: device.data,
             tweaks: {}
-        ]
+        }
     }
 }
 ----
@@ -415,7 +415,7 @@ pushContent:
 
 === Push Gateway
 
-Endpoint: http://localhost:8080/push/v1/notify
+Endpoint: http://localhost:8080/push/v1/notifyEncrypted/batch
 
 ==== IN
 
@@ -428,18 +428,16 @@ Endpoint: http://localhost:8080/push/v1/notify
     "key_identifier": "123e4567-e89b-12d3-a456-426614174000",
     "prio": "high",
     "counts": {},
-    "devices": [
-        {
-            "app_id": "de.gematikkk.app.ios",
-            "pushkey": "abcd-efghi-jklm-nopq",
-            "pushkey_ts": 0,
-            "data": {
-                "format": "string"
-            },
-            "tweaks": {
-            }
+    "device": {
+        "app_id": "de.gematikkk.app.ios",
+        "pushkey": "abcd-efghi-jklm-nopq",
+        "pushkey_ts": 0,
+        "data": {
+            "format": "string"
+        },
+        "tweaks": {
         }
-    ]
+    }
 }
 ----
 

docs/optional-features.adoc

@@ -113,6 +113,15 @@ Ein Fachdienst sendet eine Push Nachricht mit zusätzlichem `identifier`.
     "key_identifier": "123123",
     "time_message_encrypted": "2024-01",
     "identifier": "123-4567-890",
+    "device": {
+        "app_id": "de.gematik.app.ios",
+        "pushkey": "example-pushkey-123",
+        "pushkey_ts": 1634025600,
+        "data": {
+            "format": "string"
+        },
+        "tweaks": {}
+    },
     "data": {
         "service": "epa15"
     }

docs_sources/concept-source.adoc

@@ -132,7 +132,7 @@ image::diagrams/send_push.svg[width=100%]
 2. Für jeden registrierten Pusher `p`, der für das Ereignis abonniert ist, wird eine Push-Benachrichtigung `Notification_p` mit mindestens folgenden Inhalten erzeugt (Die möglichen Felder und deren Beschreibungen sind auf der OpenAPI-Seite zu finden):
     a. `ciphertext` = Nachrichteninhalt aus 1a, `Base64(IV || Chiffrat || Authentication Tag)`  verschlüsselt mit dem aktuell gültigen Schlüssel.
     b. `time_message_encrypted` = Zeitpunkt der Verschlüsselung des Nachrichteinhaltes.
-    c. `devices` = (mindestens: app_id, push_token)
+    c. `device` = (mindestens: app_id, push_token) - Einzelnes Gerät für verschlüsselte Nachrichten
 3. Für jeden Pusher p wird die Push-Benachrichtigung `Notification_p` an das Push Gateways des Pushers `p` übermittelt.
 4. Das Push Gateway übermittelt die Push-Benachrichtigung `Notification_p` an den Push Provider.
 5. Der Push-Provider sendet die Notification an die zur `push_token` gehörende FdV-Instanz.
@@ -260,7 +260,7 @@ Durch die extra Schritte ist es später möglich, einen eventuell neu vergebenen
     "app_id": "com.example.app.ios",
     "pushkey": "<APNS/GCM TOKEN>",
     "data": {
-        "url": "https://push-gateway.location.here/_matrix/push/v1/notify"
+        "url": "https://push-gateway.location.here/_matrix/push/v1"
     },
     "encryption": {
         "method": "aes-hmac-sha256",
@@ -283,7 +283,7 @@ Durch die extra Schritte ist es später möglich, einen eventuell neu vergebenen
     "app_id": "com.example.app",
     "pushkey": "<APNS/GCM TOKEN>",
     "data": {
-        "url": "https://push-gateway.location.here/_matrix/push/v1/notify",
+        "url": "https://push-gateway.location.here/_matrix/push/v1",
         "platform": "ios"
     },
     "encryption": {
@@ -307,7 +307,7 @@ Durch die extra Schritte ist es später möglich, einen eventuell neu vergebenen
     "app_id": "com.example.app",
     "pushkey": "<APNS/GCM TOKEN>",
     "data": {
-        "url": "https://push-gateway.location.here/ios/_matrix/push/v1/notify"
+        "url": "https://push-gateway.location.here/ios/_matrix/push/v1"
     },
     "encryption": {
         "method": "aes-hmac-sha256",
@@ -355,13 +355,13 @@ function createNotification(trigger, device) {
         time_message_encrypted: time_message_encrypted,
         ciphertext: ciphertext,
         key_identifier: encryptionKey.identifier
-        devices: [
+        device: {
             app_id: device.app_id,
             pushkey: device.pushkey,
             pushkey_ts: device.pushkey_ts,
             data: device.data,
             tweaks: {}
-        ]
+        }
     }
 }
 ----
@@ -382,7 +382,7 @@ pushContent:
 
 === Push Gateway
 
-Endpoint: http://localhost:8080/push/v1/notify
+Endpoint: http://localhost:8080/push/v1/notifyEncrypted/batch
 
 ==== IN
 
@@ -395,18 +395,16 @@ Endpoint: http://localhost:8080/push/v1/notify
     "key_identifier": "123e4567-e89b-12d3-a456-426614174000",
     "prio": "high",
     "counts": {},
-    "devices": [
-        {
-            "app_id": "de.gematikkk.app.ios",
-            "pushkey": "abcd-efghi-jklm-nopq",
-            "pushkey_ts": 0,
-            "data": {
-                "format": "string"
-            },
-            "tweaks": {
-            }
+    "device": {
+        "app_id": "de.gematikkk.app.ios",
+        "pushkey": "abcd-efghi-jklm-nopq",
+        "pushkey_ts": 0,
+        "data": {
+            "format": "string"
+        },
+        "tweaks": {
         }
-    ]
+    }
 }
 ----
 

docs_sources/definitions/pusher_get.yaml

@@ -11,7 +11,7 @@ examples:
           "profile_tag": "xyz",
           "lang": "en-US",
           "data": {
-            "url": "https://example.com/_matrix/push/v1/notify"
+            "url": "https://example.com/_matrix/push/v1/"
           }
         }
       ]
@@ -70,7 +70,7 @@ schema:
               to use for sending notifications. Clients MAY use this object
               to pass custom data to their push gateway. Servers MUST forward
               the entire content including `format` and any custom keys but excluding `url`
-              when calling [`/push/v1/notify`](/push-gateway-api/#postpushv1notify).
+              when calling [`/push/v1/notify*`](/push-gateway-api/#postpushv1notify).
             title: PusherData
             properties:
               url:
@@ -79,8 +79,10 @@ schema:
                 description: |-
                   Required if `kind` is `http`. The URL to use for sending
                   notifications. MUST be an HTTPS URL with a path of
-                  `/push/v1/notify`.
-                example: https://push-gateway.location.here/push/v1/notify
+                  `/push/v1/` that can be extended by `notify`, `notify/batch`
+                  or `notifyEncrypted/batch`, so that the FD can pick the method, if not
+                  specified otherwise by the FD specification.
+                example: https://push-gateway.location.here/push/v1/
               format:
                 type: string
                 description: |-

docs_sources/definitions/pusher_post_put_delete.yaml

@@ -10,7 +10,7 @@ examples:
         "app_id": "com.example.app.ios",
         "pushkey": "<APNS/GCM TOKEN>",
         "data": {
-          "url": "https://push-gateway.location.here/_matrix/push/v1/notify"
+          "url": "https://push-gateway.location.here/_matrix/push/v1/"
         },
         "encryption": {
           "method": "aes-hmac-sha256",
@@ -89,7 +89,8 @@ schema:
         to use for sending notifications. Clients MAY use this object
         to pass custom data to their push gateway. Servers MUST forward
         the entire content including `format` and any custom keys but excluding `url`
-        when calling [`/notify`](./push_gateway_openapi.html#tag/Push-Gateway/operation/push_v1_notify).       
+        when calling [`/notify`](./push_gateway_openapi.html#tag/Push-Gateway/operation/push_v1_notify_plain) 
+        or [`/notifyEncrypted`](./push_gateway_openapi.html#tag/Push-Gateway/operation/push_v1_notify_batch_encrypted).
       title: PusherData
       properties:
         url:
@@ -98,8 +99,8 @@ schema:
           description: |-
             Required if `kind` is `http`. The URL to use for sending
             notifications. MUST be an HTTPS URL with a path of
-            `/_matrix/push/v1/notify`.
-          example: https://push-gateway.location.here/_matrix/push/v1/notify
+            `/_matrix/push/v1/`.
+          example: https://push-gateway.location.here/_matrix/push/v1/
         format:
           type: string
           description: |-

docs_sources/optional-features-source.adoc

@@ -97,6 +97,15 @@ Ein Fachdienst sendet eine Push Nachricht mit zusätzlichem `identifier`.
     "key_identifier": "123123",
     "time_message_encrypted": "2024-01",
     "identifier": "123-4567-890",
+    "device": {
+        "app_id": "de.gematik.app.ios",
+        "pushkey": "example-pushkey-123",
+        "pushkey_ts": 1634025600,
+        "data": {
+            "format": "string"
+        },
+        "tweaks": {}
+    },
     "data": {
         "service": "epa15"
     }