mirror of
https://github.com/koala73/worldmonitor.git
synced 2026-04-25 17:14:57 +02:00
e1c3b28180
* feat(notifications): Phase 6 — web-push channel for PWA notifications
Adds a web_push notification channel so PWA users receive native
notifications when this tab is closed. Deep-links click to the
brief magazine URL for brief_ready events, to the event link for
everything else.
Schema / API:
- channelTypeValidator gains 'web_push' literal
- notificationChannels union adds { endpoint, p256dh, auth,
userAgent? } variant (standard PushSubscription identity triple +
cosmetic UA for the settings UI)
- new setWebPushChannelForUser internal mutation upserts the row
- /relay/deactivate allow-list extended to accept 'web_push'
- api/notification-channels: 'set-web-push' action validates the
triple, rejects non-https, truncates UA to 200 chars
Client (src/services/push-notifications.ts + src/config/push.ts):
- isWebPushSupported guards Tauri webview + iOS Safari
- subscribeToPush: permission + pushManager.subscribe + POST triple
- unsubscribeFromPush: pushManager.unsubscribe + DELETE row
- VAPID_PUBLIC_KEY constant (with VITE_VAPID_PUBLIC_KEY env override)
- base64 <-> Uint8Array helpers (VAPID key encoding)
Service worker (public/push-handler.js):
- Imported into VitePWA's generated sw.js via workbox.importScripts
- push event: renders notification; requireInteraction=true for
brief_ready so a lock-screen swipe does not dismiss the CTA
- notificationclick: focuses+navigates existing same-origin client
when present, otherwise opens a new window
- Malformed JSON falls back to raw text body, missing data falls
back to a minimal WorldMonitor default
Relay (scripts/notification-relay.cjs):
- sendWebPush() with lazy-loaded web-push dep. 404/410 triggers
deactivateChannel('web_push'). Missing VAPID env vars logs once
and skips — other channels keep delivering.
- processEvent dispatch loop + drainHeldForUser both gain web_push
branches
Settings UI (src/services/notifications-settings.ts):
- New 'Browser Push' tile with bell icon
- Enable button lazy-imports push-notifications, calls subscribe,
renders 'Not supported' on Tauri/in-app webviews
- Remove button routes web_push specifically through
unsubscribeFromPush so the browser side is cleaned up too
Env vars required on Railway services:
VAPID_PUBLIC_KEY public key
VAPID_PRIVATE_KEY private key
VAPID_SUBJECT mailto:support@worldmonitor.app (optional)
Public key is also committed as the default in src/config/push.ts
so the client bundle works without a build-time override.
Tests: 11 new cases in tests/brief-web-push.test.mjs
- base64 <-> Uint8Array round-trip + null guards
- VAPID default fallback when env absent
- SW push event rendering, requireInteraction gating, malformed JSON
+ no-data fallbacks
- SW notificationclick: openWindow vs focus+navigate, default url
154/154 tests pass. Both tsconfigs typecheck clean.
* fix(brief): address PR #3173 review findings + drop hardcoded VAPID
P1 (security): VAPID private key leaked in PR description.
Rotated the keypair. Old pair permanently invalidated. Structural fix:
Removed DEFAULT_VAPID_PUBLIC_KEY entirely. Hardcoding the public
key in src/config/push.ts gave rotations two sources of truth
(code vs env) — exactly the friction that caused me to paste the
private key in a PR description in the first place. VAPID_PUBLIC_KEY
now comes SOLELY from VITE_VAPID_PUBLIC_KEY at build time.
isWebPushConfigured() gates the subscribe flow so builds without
the env var surface as 'Not supported' rather than crashing
pushManager.subscribe.
Operator setup (one-time):
Vercel build: VITE_VAPID_PUBLIC_KEY=<public>
Railway services: VAPID_PUBLIC_KEY=<public>
VAPID_PRIVATE_KEY=<private>
VAPID_SUBJECT=mailto:support@worldmonitor.app
Rotation: update env on both sides, redeploy. No code change, no
PR body — no chance of leaking a key in a commit.
P2: single-device fan-out — setWebPushChannelForUser replaces the
previous subscription silently. Per-device fan-out is a schema change
deferred to follow-up. Fix for now: surface the replacement in
settings UI copy ('Enabling here replaces any previously registered
browser.') so users who expect multi-device see the warning.
P2: 24h push TTL floods offline devices on reconnect. Event-type-aware:
brief_ready: 12h (daily editorial — still interesting)
quiet_hours_batch: 6h (by definition queued-on-wake)
everything else: 30m (transient alerts: noise after 30min)
REGRESSION test: VAPID_PUBLIC_KEY must be '' when env var is unset.
If a committed default is reintroduced, the test fails loudly.
11/11 web-push tests pass. Both tsconfigs typecheck clean.
* fix(notifications): deliver channel_welcome push for web_push connects (#3173 P2)
The settings UI queues a channel_welcome event on first web_push
subscribe (api/notification-channels.ts:240 via publishWelcome), but
processWelcome() in the relay only branched on slack/discord/email —
no web_push arm. The welcome event was consumed off the queue and
then silently dropped, leaving first-time subscribers with no
'connection confirmed' signal.
Fix: add a web_push branch to processWelcome. Calls sendWebPush with
eventType='channel_welcome' which maps to the 30-minute TTL tier in
the push-delivery switch — a welcome that arrives >30 min after
subscribe is noise, not confirmation.
Short body (under 80 chars) so Chrome/Firefox/Safari notification
shelves don't clip past ellipsis.
11/11 web-push tests pass.
* fix(notifications): address two P1 review findings on #3173
P1-A: SSRF via user-supplied web_push endpoint.
The set-web-push edge handler accepted any https:// URL and wrote
it to Convex. The relay's sendWebPush() later POSTs to whatever
endpoint sits in that row, giving any Pro user a server-side-request
primitive bounded only by the relay's network egress.
Fix: isAllowedPushEndpointHost() allow-list in api/notification-
channels.ts. Only the four known browser push-service hosts pass:
fcm.googleapis.com (Chrome / Edge / Brave)
updates.push.services.mozilla.com (Firefox)
web.push.apple.com (Safari, macOS 13+)
*.notify.windows.com (Windows Notification Service)
Fail-closed: unknown hosts rejected with 400 before the row ever
reaches Convex. If a future browser ships a new push service we'll
need to widen this list (guarded by the SSRF regression tests).
P1-B: cross-account endpoint reuse on shared devices.
The browser's PushSubscription is bound to the origin, NOT to the
Clerk session. User A subscribes on device X, signs out, user B
signs in on X and subscribes — the browser hands out the SAME
endpoint/p256dh/auth triple. The previous setWebPushChannelForUser
upsert keyed only by (userId, channelType), so BOTH rows now carry
the same endpoint. Every push the relay fans out for user A also
lands on device X which is now showing user B's session.
Fix: setWebPushChannelForUser scans all web_push rows and deletes
any that match the new endpoint BEFORE upserting. Effectively
transfers ownership of the subscription to the current caller.
The previous user will need to re-subscribe on that device if they
sign in again.
No endpoint-based index on notificationChannels — the scan happens
at <10k rows and is well-bounded to the one write-path per user
per connect. If volume grows, add an + migration.
Regression tests (tests/brief-web-push.test.mjs, 3 new cases):
- allow-list defines all four browser hosts + fail-closed return
- allow-list is invoked BEFORE convexRelay() in the handler
- setWebPushChannelForUser compares + deletes rows by endpoint
14/14 web-push tests pass. Both tsconfigs typecheck clean.
416 lines
17 KiB
TypeScript
416 lines
17 KiB
TypeScript
/**
|
|
* Notification channel management edge function.
|
|
*
|
|
* GET /api/notification-channels → { channels, alertRules }
|
|
* POST /api/notification-channels → various actions (see below)
|
|
*
|
|
* Authenticates the caller via Clerk JWKS (bearer token), then forwards
|
|
* to the Convex /relay/notification-channels HTTP action using the
|
|
* RELAY_SHARED_SECRET — no Convex-specific JWT template required.
|
|
*/
|
|
|
|
export const config = { runtime: 'edge' };
|
|
|
|
// @ts-expect-error — JS module, no declaration file
|
|
import { getCorsHeaders } from './_cors.js';
|
|
// @ts-expect-error — JS module, no declaration file
|
|
import { captureEdgeException } from './_sentry-edge.js';
|
|
import { validateBearerToken } from '../server/auth-session';
|
|
import { getEntitlements } from '../server/_shared/entitlement-check';
|
|
|
|
// Prefer explicit CONVEX_SITE_URL; fall back to deriving from CONVEX_URL (same pattern as notification-relay.cjs).
|
|
const CONVEX_SITE_URL =
|
|
process.env.CONVEX_SITE_URL ??
|
|
(process.env.CONVEX_URL ?? '').replace('.convex.cloud', '.convex.site');
|
|
const RELAY_SHARED_SECRET = process.env.RELAY_SHARED_SECRET ?? '';
|
|
const UPSTASH_URL = process.env.UPSTASH_REDIS_REST_URL ?? '';
|
|
const UPSTASH_TOKEN = process.env.UPSTASH_REDIS_REST_TOKEN ?? '';
|
|
|
|
// AES-256-GCM encryption using Web Crypto (matches Node crypto.cjs decrypt format).
|
|
// Format stored: v1:<base64(iv[12] || tag[16] || ciphertext)>
|
|
async function encryptSlackWebhook(webhookUrl: string): Promise<string> {
|
|
const rawKey = process.env.NOTIFICATION_ENCRYPTION_KEY;
|
|
if (!rawKey) throw new Error('NOTIFICATION_ENCRYPTION_KEY not set');
|
|
const keyBytes = Uint8Array.from(atob(rawKey), (c) => c.charCodeAt(0));
|
|
const key = await crypto.subtle.importKey('raw', keyBytes, 'AES-GCM', false, ['encrypt']);
|
|
const iv = crypto.getRandomValues(new Uint8Array(12));
|
|
const encoded = new TextEncoder().encode(webhookUrl);
|
|
const result = new Uint8Array(await crypto.subtle.encrypt({ name: 'AES-GCM', iv, tagLength: 128 }, key, encoded));
|
|
const ciphertext = result.slice(0, -16);
|
|
const tag = result.slice(-16);
|
|
const payload = new Uint8Array(12 + 16 + ciphertext.length);
|
|
payload.set(iv, 0);
|
|
payload.set(tag, 12);
|
|
payload.set(ciphertext, 28);
|
|
const binary = Array.from(payload, (b) => String.fromCharCode(b)).join('');
|
|
return `v1:${btoa(binary)}`;
|
|
}
|
|
|
|
/**
|
|
* Allow-list of hostnames every major browser's push service uses.
|
|
*
|
|
* A PushSubscription's endpoint URL is assigned by the browser's
|
|
* push platform — users can't pick it. That means we CAN safely
|
|
* constrain accepted endpoints to known push-service hosts and
|
|
* reject anything else before it hits Convex storage (and later
|
|
* the relay's outbound fetch). Without this allow-list the relay's
|
|
* sendWebPush() becomes a server-side-request primitive for any
|
|
* PRO user: they could submit `https://internal.example.com/admin`
|
|
* as their endpoint and the relay would faithfully POST to it.
|
|
*
|
|
* Sources (verified 2026-04-18):
|
|
* - Chrome / Edge / Brave: fcm.googleapis.com
|
|
* - Firefox: updates.push.services.mozilla.com
|
|
* - Safari (macOS 13+): web.push.apple.com
|
|
* - Windows Notification: *.notify.windows.com (wns2-*, etc.)
|
|
*
|
|
* If a future browser ships a new push service we'll need to widen
|
|
* this list — fail-closed is the right default.
|
|
*/
|
|
function isAllowedPushEndpointHost(host: string): boolean {
|
|
const h = host.toLowerCase();
|
|
if (h === 'fcm.googleapis.com') return true;
|
|
if (h === 'updates.push.services.mozilla.com') return true;
|
|
if (h === 'web.push.apple.com') return true;
|
|
if (h.endsWith('.web.push.apple.com')) return true;
|
|
if (h.endsWith('.notify.windows.com')) return true;
|
|
return false;
|
|
}
|
|
|
|
async function publishWelcome(userId: string, channelType: string): Promise<void> {
|
|
if (!UPSTASH_URL || !UPSTASH_TOKEN) {
|
|
console.error('[notification-channels] publishWelcome: UPSTASH env vars missing — welcome not queued');
|
|
return;
|
|
}
|
|
console.log(`[notification-channels] publishWelcome: queuing ${channelType} for ${userId}`);
|
|
const msg = JSON.stringify({ eventType: 'channel_welcome', userId, channelType });
|
|
try {
|
|
const res = await fetch(`${UPSTASH_URL}/lpush/wm:events:queue/${encodeURIComponent(msg)}`, {
|
|
method: 'POST',
|
|
headers: {
|
|
Authorization: `Bearer ${UPSTASH_TOKEN}`,
|
|
'User-Agent': 'worldmonitor-edge/1.0',
|
|
},
|
|
signal: AbortSignal.timeout(5000),
|
|
});
|
|
const data = await res.json().catch(() => null) as { result?: unknown } | null;
|
|
console.log(`[notification-channels] publishWelcome LPUSH: status=${res.status} result=${JSON.stringify(data?.result)}`);
|
|
} catch (err) {
|
|
console.error('[notification-channels] publishWelcome LPUSH failed:', (err as Error).message);
|
|
}
|
|
}
|
|
|
|
async function publishFlushHeld(userId: string, variant: string): Promise<void> {
|
|
if (!UPSTASH_URL || !UPSTASH_TOKEN) return;
|
|
const msg = JSON.stringify({ eventType: 'flush_quiet_held', userId, variant });
|
|
try {
|
|
await fetch(`${UPSTASH_URL}/lpush/wm:events:queue/${encodeURIComponent(msg)}`, {
|
|
method: 'POST',
|
|
headers: { Authorization: `Bearer ${UPSTASH_TOKEN}`, 'User-Agent': 'worldmonitor-edge/1.0' },
|
|
signal: AbortSignal.timeout(5000),
|
|
});
|
|
} catch (err) {
|
|
console.warn('[notification-channels] publishFlushHeld LPUSH failed:', (err as Error).message);
|
|
}
|
|
}
|
|
|
|
function json(body: unknown, status: number, cors: Record<string, string>, noCache = false): Response {
|
|
return new Response(JSON.stringify(body), {
|
|
status,
|
|
headers: {
|
|
'Content-Type': 'application/json',
|
|
...(noCache ? { 'Cache-Control': 'no-store' } : {}),
|
|
...cors,
|
|
},
|
|
});
|
|
}
|
|
|
|
async function convexRelay(body: Record<string, unknown>): Promise<Response> {
|
|
return fetch(`${CONVEX_SITE_URL}/relay/notification-channels`, {
|
|
method: 'POST',
|
|
headers: {
|
|
'Content-Type': 'application/json',
|
|
'Authorization': `Bearer ${RELAY_SHARED_SECRET}`,
|
|
},
|
|
body: JSON.stringify(body),
|
|
});
|
|
}
|
|
|
|
interface PostBody {
|
|
action?: string;
|
|
channelType?: string;
|
|
email?: string;
|
|
webhookEnvelope?: string;
|
|
webhookLabel?: string;
|
|
variant?: string;
|
|
enabled?: boolean;
|
|
eventTypes?: string[];
|
|
sensitivity?: string;
|
|
channels?: string[];
|
|
// web_push subscription triple (Phase 6)
|
|
endpoint?: string;
|
|
p256dh?: string;
|
|
auth?: string;
|
|
userAgent?: string;
|
|
quietHoursEnabled?: boolean;
|
|
quietHoursStart?: number;
|
|
quietHoursEnd?: number;
|
|
quietHoursTimezone?: string;
|
|
quietHoursOverride?: string;
|
|
digestMode?: string;
|
|
digestHour?: number;
|
|
digestTimezone?: string;
|
|
aiDigestEnabled?: boolean;
|
|
}
|
|
|
|
export default async function handler(req: Request, ctx: { waitUntil: (p: Promise<unknown>) => void }): Promise<Response> {
|
|
const corsHeaders = getCorsHeaders(req) as Record<string, string>;
|
|
|
|
if (req.method === 'OPTIONS') {
|
|
return new Response(null, {
|
|
status: 204,
|
|
headers: {
|
|
...corsHeaders,
|
|
'Access-Control-Allow-Methods': 'GET, POST, OPTIONS',
|
|
'Access-Control-Allow-Headers': 'Content-Type, Authorization',
|
|
},
|
|
});
|
|
}
|
|
|
|
const authHeader = req.headers.get('Authorization') ?? '';
|
|
const token = authHeader.startsWith('Bearer ') ? authHeader.slice(7) : '';
|
|
if (!token) return json({ error: 'Unauthorized' }, 401, corsHeaders);
|
|
|
|
const session = await validateBearerToken(token);
|
|
if (!session.valid || !session.userId) return json({ error: 'Unauthorized' }, 401, corsHeaders);
|
|
|
|
if (!CONVEX_SITE_URL || !RELAY_SHARED_SECRET) {
|
|
return json({ error: 'Service unavailable' }, 503, corsHeaders);
|
|
}
|
|
|
|
if (req.method === 'GET') {
|
|
try {
|
|
const resp = await convexRelay({ action: 'get', userId: session.userId });
|
|
if (!resp.ok) {
|
|
const errText = await resp.text();
|
|
console.error('[notification-channels] GET relay error:', resp.status, errText);
|
|
return json({ error: 'Failed to fetch' }, 500, corsHeaders);
|
|
}
|
|
const data = await resp.json();
|
|
return json(data, 200, corsHeaders, true);
|
|
} catch (err) {
|
|
console.error('[notification-channels] GET error:', err);
|
|
void captureEdgeException(err, { handler: 'notification-channels', method: 'GET' });
|
|
return json({ error: 'Failed to fetch' }, 500, corsHeaders);
|
|
}
|
|
}
|
|
|
|
if (req.method === 'POST') {
|
|
const ent = await getEntitlements(session.userId);
|
|
if (!ent || ent.features.tier < 1) {
|
|
return json({
|
|
error: 'pro_required',
|
|
message: 'Real-time alerts are available on the Pro plan.',
|
|
upgradeUrl: 'https://worldmonitor.app/pro',
|
|
}, 403, corsHeaders);
|
|
}
|
|
|
|
let body: PostBody;
|
|
try {
|
|
body = (await req.json()) as PostBody;
|
|
} catch {
|
|
return json({ error: 'Invalid JSON body' }, 400, corsHeaders);
|
|
}
|
|
|
|
const { action } = body;
|
|
|
|
try {
|
|
if (action === 'create-pairing-token') {
|
|
const relayBody: Record<string, unknown> = { action: 'create-pairing-token', userId: session.userId };
|
|
if (body.variant) relayBody.variant = body.variant;
|
|
const resp = await convexRelay(relayBody);
|
|
if (!resp.ok) {
|
|
console.error('[notification-channels] POST create-pairing-token relay error:', resp.status);
|
|
return json({ error: 'Operation failed' }, 500, corsHeaders);
|
|
}
|
|
return json(await resp.json(), 200, corsHeaders);
|
|
}
|
|
|
|
if (action === 'set-channel') {
|
|
const { channelType, email, webhookEnvelope, webhookLabel } = body;
|
|
if (!channelType) return json({ error: 'channelType required' }, 400, corsHeaders);
|
|
|
|
if (channelType === 'webhook' && webhookEnvelope) {
|
|
try {
|
|
const parsed = new URL(webhookEnvelope);
|
|
if (parsed.protocol !== 'https:') {
|
|
return json({ error: 'Webhook URL must use HTTPS' }, 400, corsHeaders);
|
|
}
|
|
if (/^(localhost|127\.|10\.|172\.(1[6-9]|2\d|3[01])\.|192\.168\.|::1|0\.0\.0\.0)/.test(parsed.hostname)) {
|
|
return json({ error: 'Webhook URL must not point to a private/local address' }, 400, corsHeaders);
|
|
}
|
|
} catch {
|
|
return json({ error: 'Invalid webhook URL' }, 400, corsHeaders);
|
|
}
|
|
}
|
|
|
|
const relayBody: Record<string, unknown> = { action: 'set-channel', userId: session.userId, channelType };
|
|
if (email !== undefined) relayBody.email = email;
|
|
if (webhookLabel !== undefined) relayBody.webhookLabel = String(webhookLabel).slice(0, 100);
|
|
if (webhookEnvelope !== undefined) {
|
|
try {
|
|
relayBody.webhookEnvelope = await encryptSlackWebhook(webhookEnvelope);
|
|
} catch {
|
|
return json({ error: 'Encryption unavailable' }, 503, corsHeaders);
|
|
}
|
|
}
|
|
const resp = await convexRelay(relayBody);
|
|
if (!resp.ok) {
|
|
console.error('[notification-channels] POST set-channel relay error:', resp.status);
|
|
return json({ error: 'Operation failed' }, 500, corsHeaders);
|
|
}
|
|
const setResult = await resp.json() as { ok: boolean; isNew?: boolean };
|
|
console.log(`[notification-channels] set-channel ${channelType}: isNew=${setResult.isNew}`);
|
|
// Only send welcome on first connect, not re-links; use waitUntil so the edge isolate doesn't terminate early
|
|
if (setResult.isNew) ctx.waitUntil(publishWelcome(session.userId, channelType));
|
|
return json({ ok: true }, 200, corsHeaders);
|
|
}
|
|
|
|
if (action === 'set-web-push') {
|
|
const { endpoint, p256dh, auth, userAgent } = body;
|
|
if (!endpoint || !p256dh || !auth) {
|
|
return json({ error: 'endpoint, p256dh, auth required' }, 400, corsHeaders);
|
|
}
|
|
// SSRF defence. The relay later POSTs to whatever endpoint we
|
|
// persist here, so an unvalidated user-submitted URL is a
|
|
// server-side-request primitive bounded only by the relay's
|
|
// network egress. Browsers always produce endpoints at one
|
|
// of a small set of push-service hosts (FCM, Mozilla, Apple,
|
|
// Windows Notification Service); anything else is either an
|
|
// exotic browser (rare) or an attack. Allow-list the known
|
|
// hosts and reject everything else.
|
|
try {
|
|
const u = new URL(endpoint);
|
|
if (u.protocol !== 'https:') {
|
|
return json({ error: 'endpoint must be https' }, 400, corsHeaders);
|
|
}
|
|
if (!isAllowedPushEndpointHost(u.hostname)) {
|
|
return json(
|
|
{ error: 'endpoint host is not a recognised push service' },
|
|
400,
|
|
corsHeaders,
|
|
);
|
|
}
|
|
} catch {
|
|
return json({ error: 'invalid endpoint' }, 400, corsHeaders);
|
|
}
|
|
const resp = await convexRelay({
|
|
action: 'set-web-push',
|
|
userId: session.userId,
|
|
endpoint,
|
|
p256dh,
|
|
auth,
|
|
// Trim user agent; it's cosmetic for the settings UI, not identity.
|
|
userAgent: typeof userAgent === 'string' ? userAgent.slice(0, 200) : undefined,
|
|
});
|
|
if (!resp.ok) {
|
|
console.error('[notification-channels] POST set-web-push relay error:', resp.status);
|
|
return json({ error: 'Operation failed' }, 500, corsHeaders);
|
|
}
|
|
const wpResult = await resp.json() as { ok: boolean; isNew?: boolean };
|
|
if (wpResult.isNew) ctx.waitUntil(publishWelcome(session.userId, 'web_push'));
|
|
return json({ ok: true }, 200, corsHeaders);
|
|
}
|
|
|
|
if (action === 'delete-channel') {
|
|
const { channelType } = body;
|
|
if (!channelType) return json({ error: 'channelType required' }, 400, corsHeaders);
|
|
const resp = await convexRelay({ action: 'delete-channel', userId: session.userId, channelType });
|
|
if (!resp.ok) {
|
|
console.error('[notification-channels] POST delete-channel relay error:', resp.status);
|
|
return json({ error: 'Operation failed' }, 500, corsHeaders);
|
|
}
|
|
return json({ ok: true }, 200, corsHeaders);
|
|
}
|
|
|
|
if (action === 'set-alert-rules') {
|
|
const { variant, enabled, eventTypes, sensitivity, channels, aiDigestEnabled } = body;
|
|
const resp = await convexRelay({
|
|
action: 'set-alert-rules',
|
|
userId: session.userId,
|
|
variant,
|
|
enabled,
|
|
eventTypes,
|
|
sensitivity,
|
|
channels,
|
|
aiDigestEnabled,
|
|
});
|
|
if (!resp.ok) {
|
|
console.error('[notification-channels] POST set-alert-rules relay error:', resp.status);
|
|
return json({ error: 'Operation failed' }, 500, corsHeaders);
|
|
}
|
|
return json({ ok: true }, 200, corsHeaders);
|
|
}
|
|
|
|
if (action === 'set-quiet-hours') {
|
|
const VALID_OVERRIDE = new Set(['critical_only', 'silence_all', 'batch_on_wake']);
|
|
const { variant, quietHoursEnabled, quietHoursStart, quietHoursEnd, quietHoursTimezone, quietHoursOverride } = body;
|
|
if (!variant || quietHoursEnabled === undefined) {
|
|
return json({ error: 'variant and quietHoursEnabled required' }, 400, corsHeaders);
|
|
}
|
|
if (quietHoursOverride !== undefined && !VALID_OVERRIDE.has(quietHoursOverride)) {
|
|
return json({ error: 'invalid quietHoursOverride' }, 400, corsHeaders);
|
|
}
|
|
const resp = await convexRelay({
|
|
action: 'set-quiet-hours',
|
|
userId: session.userId,
|
|
variant,
|
|
quietHoursEnabled,
|
|
quietHoursStart,
|
|
quietHoursEnd,
|
|
quietHoursTimezone,
|
|
quietHoursOverride,
|
|
});
|
|
if (!resp.ok) {
|
|
console.error('[notification-channels] POST set-quiet-hours relay error:', resp.status);
|
|
return json({ error: 'Operation failed' }, 500, corsHeaders);
|
|
}
|
|
// If quiet hours were disabled or override changed away from batch_on_wake,
|
|
// flush any held events so they're delivered rather than expiring silently.
|
|
const abandonsBatch = !quietHoursEnabled || quietHoursOverride !== 'batch_on_wake';
|
|
if (abandonsBatch) ctx.waitUntil(publishFlushHeld(session.userId, variant));
|
|
return json({ ok: true }, 200, corsHeaders);
|
|
}
|
|
|
|
if (action === 'set-digest-settings') {
|
|
const VALID_DIGEST_MODE = new Set(['realtime', 'daily', 'twice_daily', 'weekly']);
|
|
const { variant, digestMode, digestHour, digestTimezone } = body;
|
|
if (!variant || !digestMode || !VALID_DIGEST_MODE.has(digestMode)) {
|
|
return json({ error: 'variant and valid digestMode required' }, 400, corsHeaders);
|
|
}
|
|
const resp = await convexRelay({
|
|
action: 'set-digest-settings',
|
|
userId: session.userId,
|
|
variant,
|
|
digestMode,
|
|
digestHour,
|
|
digestTimezone,
|
|
});
|
|
if (!resp.ok) {
|
|
console.error('[notification-channels] POST set-digest-settings relay error:', resp.status);
|
|
return json({ error: 'Operation failed' }, 500, corsHeaders);
|
|
}
|
|
return json({ ok: true }, 200, corsHeaders);
|
|
}
|
|
|
|
return json({ error: 'Unknown action' }, 400, corsHeaders);
|
|
} catch (err) {
|
|
console.error('[notification-channels] POST error:', err);
|
|
void captureEdgeException(err, { handler: 'notification-channels', method: 'POST' });
|
|
return json({ error: 'Operation failed' }, 500, corsHeaders);
|
|
}
|
|
}
|
|
|
|
return json({ error: 'Method not allowed' }, 405, corsHeaders);
|
|
}
|