feat(push): add UnifiedPush application-server with anonymous installation registry (#378)#395
Open
wax911 wants to merge 7 commits into
Open
feat(push): add UnifiedPush application-server with anonymous installation registry (#378)#395wax911 wants to merge 7 commits into
wax911 wants to merge 7 commits into
Conversation
…ation registry (#378) - Add SSRF endpoint URL validator for push endpoint safety - Add Redis-based rate limiting guard for push endpoints - Add programmatic MongoDB index creation for push collections - Add PushSenderService wrapping @negrel/webpush for Web Push delivery - Add PushModule with controller, service, and repository layers - Implement 6 REST endpoints: VAPID key, registration, challenge confirmation, profile, preferences, and installation deletion - Add challenge token confirmation flow with SHA-256 hashing - Add client-declared AniList user identity support - Bump @danet/core from 2.9.6 to 2.11.0 - Update swagger contract with 11 new schema names and 6 operation IDs
wax911
force-pushed
the
feature/378-push-feasibility
branch
from
86b7561 to
a35f83d
Compare
added 2 commits
June 18, 2026 23:34
Prevent application bootstrap crash when PUSH_VAPID_KEYS env var is missing or invalid. Log a warning instead of throwing so that Swagger generation and other non-push functionality works without push sending configured.
wax911
force-pushed
the
feature/378-push-feasibility
branch
from
21de73e to
bbb6870
Compare
…ger compat Implement GET /v1/push/vapid and POST /v1/push/installations with full SSRF validation, challenge token flow, and MongoDB persistence. Defer remaining endpoints (confirm, profile, preferences, delete) due to Danet Swagger Module crash on controllers with >2 POST methods (TypeError: Promise resolver undefined in generateTypeSchema). Infrastructure included: - SSRF endpoint URL validator - Redis-based rate limiting guard (RateLimitModule) - MongoDB index creation (DatabaseIndexService) - Web Push sender service (@negrel/webpush wrapper) - Full repository/service layer for push installations - Swagger contract with 11 schemas and 6 expected operation IDs Ref: #378
wax911
force-pushed
the
feature/378-push-feasibility
branch
from
00daf61 to
adb8ff6
Compare
added 3 commits
June 19, 2026 00:41
Remove schema names and operation IDs for deferred endpoints (confirm, profile, preferences, delete) from contract validation. Swagger successfully generates PushVapid and PushInstallation.
Swagger module derives operation IDs from method names, not from class prefix + method name convention. Fix vapid and registerInstallation operation IDs. Also remove PushInstallationStatus from expected schemas (deeply nested schemas are inlined by @anatine/zod-openapi).
Remove deferred endpoint paths and schemas from makeValidDoc fixture. Fix operation IDs to match controller method names (vapid, registerInstallation).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds the UnifiedPush application-server layer to
on-the-edgeas specified in #378. This is the backend companion to AniTrend/anitrend-v2#1249.What's Included
Infrastructure (prerequisites)
src/common/ssrf.validator.ts) — HTTPS enforcement, private IP rejection, DNS resolutionsrc/guard/rate-limit/) — sliding window counters via Redis INCR+EXPIRE, per-endpoint configsrc/database/index.service.ts) — 12 indexes on push collectionssrc/service/push-sender/) — wraps@negrel/webpush, VAPID key management, gone endpoint detection@danet/core2.9.6 → 2.11.0Push Module (
src/package/push/)API Endpoints
GET/v1/push/vapidPOST/v1/push/installationsPOST/v1/push/installations/:id/confirmPUT/v1/push/installations/:id/profilePATCH/v1/push/installations/:id/preferencesDELETE/v1/push/installations/:idQuality Gates
deno fmt✓deno lint✓deno check✓deno task test— 90 passed, 0 failedWhat's NOT Included (Future PRs)
Ref: #378"