Threema E2E Support

[caronc]

Description

Related issue (if applicable): #986

Add end-to-end encrypted messaging support to the Threema Gateway plugin
(threema://).

How it works:

• Basic mode (default) — unchanged; no new dependency required. If you do not provide a mode, but provide a prvkey= then it is presumed you wanted the mode to be e2e.
• E2E mode (?mode=e2e) — encrypts messages client-side.
  • Only Threema ID targets are supported in E2E mode.
• The private key is accepted as private:{64hexchars} (Threema SDK format) or a raw 64-char hex string.
• PyNaCl is added as an optional dependency; if not installed, E2E mode will not work, however you're free to leverage the basic mode.

Checklist

• Documentation ticket created (if applicable): [apprise-docs/30(https://github.com/Threema E2E support apprise-docs#30)
• The change is tested and works locally.
• No commented-out code in this PR.
• No lint errors (use tox -e lint and optionally tox -e format).
• Test coverage added or updated (use tox -e qa).

Testing

Anyone can help test as follows:

# Create a virtual environment
python3 -m venv apprise

# Change into our new directory
cd apprise

# Activate our virtual environment
source bin/activate

# Install the branch
pip install "git+https://github.com/caronc/apprise.git@986-threema-e2e-support"

# Basic mode (no PyNaCl needed):
tox -e apprise -- -t "Test Title" -b "Test Message" \
    "threema://*MYGWYID@mysecret/FRIENDID"

# E2E mode (requires PyNaCl + an E2E Gateway ID + private key):
tox -e apprise -- -t "Test Title" -b "Test Message" \
    "threema://*MYGWYID@mysecret/FRIENDID?mode=e2e&privkey=private:<64hexchars>"

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (ce0f838) to head (822e45c).
⚠️ Report is 2 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##            master     #1570    +/-   ##
==========================================
  Coverage   100.00%   100.00%            
==========================================
  Files          197       197            
  Lines        26067     26223   +156     
  Branches      4253      4274    +21     
==========================================
+ Hits         26067     26223   +156     

Files with missing lines	Coverage Δ
apprise/plugins/threema.py	100.00% <100.00%> (ø)

... and 2 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[Copilot]

Pull request overview

This PR adds end-to-end (E2E) encryption support to the existing Threema Gateway (threema://) plugin, keeping the current “basic” (server-side encryption) mode intact while introducing an optional PyNaCl-based client-side encryption path.

Changes:

• Add E2E mode (mode=e2e) with client-side NaCl encryption, public-key lookup, and caching in NotifyThreema.
• Add PyNaCl as an optional dependency for “all plugins” installs and RPM packaging metadata.
• Add an extensive test suite covering mode selection, key parsing, URL round-trips, E2E send paths, caching, and failure handling.

Reviewed changes

Copilot reviewed 5 out of 6 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
apprise/plugins/threema.py	Implements E2E mode, optional PyNaCl import, pubkey fetch/cache, encryption, and URL parsing/formatting updates.
tests/test_plugin_threema.py	Adds new tests for mode detection, key parsing, URL behavior, E2E send/caching, and error scenarios.
pyproject.toml	Adds PyNaCl to the all-plugins optional dependency extra.
all-plugin-requirements.txt	Adds PyNaCl to the aggregated plugin requirements list.
packaging/redhat/python-apprise.spec	Adds python3dist(pynacl) to RPM BuildRequires/Recommends.
bin/build-rpm.sh	Installs spec build dependencies via dnf builddep before building RPMs.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.