padreug/web-app
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: Implement secure VAPID key generation for push notifications

Browse source 
- Replace random key generation with the web-push library for generating cryptographically secure VAPID keys.
- Update console output to guide users on adding keys to their environment configuration.
- Enhance error handling for VAPID key generation issues.
- Add web-push dependency to package.json and package-lock.json for proper functionality.
This commit is contained in:
padreug 2025-07-07 00:38:32 +02:00
parent cc6ba2612d
commit 8a9ffc5918
5 changed files with 169 additions and 36 deletions
Download patch file Download diff file Expand all files Collapse all files

52
generate-vapid-keys.js
View file

@ -1,36 +1,28 @@
#!/usr/bin/env node
// Simple VAPID key generator for testing push notifications
// In production, you'd want to use proper cryptographic libraries
// Proper VAPID key generator using web-push library
import webpush from 'web-push'
console.log('🔑 VAPID Key Generator for Push Notifications')
console.log('')
// Generate a random string for testing
function generateTestKey(length = 64) {
const chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_'
let result = ''
for (let i = 0; i < length; i++) {
result += chars.charAt(Math.floor(Math.random() * chars.length))
}
return result
}
// Generate test VAPID keys
const publicKey = generateTestKey(87) // Base64 URL-safe, typical length
const privateKey = generateTestKey(43) // Base64 URL-safe, typical length
console.log('📋 Add these to your .env file:')
console.log('')
console.log(`VITE_VAPID_PUBLIC_KEY=${publicKey}`)
console.log(`VITE_PUSH_NOTIFICATIONS_ENABLED=true`)
console.log('')
console.log('⚠️ IMPORTANT: These are test keys for development only!')
console.log(' For production, generate proper VAPID keys using:')
console.log(' - web-push library: npx web-push generate-vapid-keys')
console.log(' - online tool: https://vapidkeys.com/')
console.log('')
console.log('🔐 Private key (keep secure, for backend only):')
console.log(`VAPID_PRIVATE_KEY=${privateKey}`)
console.log('')
console.log('✅ Once added, restart your dev server to apply the changes.')
try {
// Generate proper VAPID keys using web-push
const vapidKeys = webpush.generateVAPIDKeys()
console.log('📋 Add these to your .env file:')
console.log('')
console.log(`VITE_VAPID_PUBLIC_KEY=${vapidKeys.publicKey}`)
console.log(`VITE_PUSH_NOTIFICATIONS_ENABLED=true`)
console.log('')
console.log('🔐 Private key (keep secure, for backend only):')
console.log(`VAPID_PRIVATE_KEY=${vapidKeys.privateKey}`)
console.log('')
console.log('✅ Once added, restart your dev server to apply the changes.')
console.log('')
console.log(' These are cryptographically secure VAPID keys suitable for production.')
} catch (error) {
console.error('❌ Error generating VAPID keys:', error)
process.exit(1)
}