diff --git a/app.py b/app.py index 9c54d3f..0e5df86 100644 --- a/app.py +++ b/app.py @@ -70,30 +70,46 @@ class FlicButtonHandler: def _decode_vapid_private_key(self): """ - Load the VAPID private key from environment variable. - Handles the \n escaped format from .env file. + Final robust VAPID private key loader + Handles all possible key formats and provides detailed debugging """ try: - # Get the key from environment - env_key = os.getenv('VAPID_PRIVATE_KEY', '').strip() + # Get and clean the key from environment + env_key = os.getenv('VAPID_PRIVATE_KEY', '').strip().strip('"\'') - # Convert escaped newlines back to actual newlines - private_pem = env_key.replace('\\n', '\n') + # Debug output + logger.debug(f"Raw env key length: {len(env_key)}") + logger.debug(f"Key starts with: {env_key[:50]}") - # Verify PEM format + # Convert to PEM format + if '\\n' in env_key: + # Handle escaped newlines (from .env file) + private_pem = env_key.replace('\\n', '\n') + elif '-----BEGIN PRIVATE KEY-----' in env_key: + # Already in PEM format + private_pem = env_key + else: + # Assume base64 encoded + private_pem = base64.urlsafe_b64decode(env_key).decode('utf-8') + + # Ensure proper PEM format if not private_pem.startswith('-----BEGIN PRIVATE KEY-----'): - raise ValueError("Invalid PEM format") + private_pem = f"-----BEGIN PRIVATE KEY-----\n{private_pem}\n-----END PRIVATE KEY-----" + + # Final validation + try: + key = serialization.load_pem_private_key( + private_pem.encode('utf-8'), + password=None + ) + logger.debug("VAPID private key successfully loaded") + return private_pem + except Exception as e: + logger.error(f"Key validation failed: {str(e)}") + raise ValueError(f"Invalid private key format") from e - # Validate the key - serialization.load_pem_private_key( - private_pem.encode('utf-8'), - password=None - ) - - return private_pem - except Exception as e: - logger.error(f"VAPID key error: {str(e)}") + logger.error(f"VAPID key loading failed: {str(e)}") raise def load_subscriptions(self) -> List[Dict]: