feat: Implement secure VAPID key generation for push notifications

- Replace random key generation with the web-push library for generating cryptographically secure VAPID keys. - Update console output to guide users on adding keys to their environment configuration. - Enhance error handling for VAPID key generation issues. - Add web-push dependency to package.json and package-lock.json for proper functionality.
2025-07-07 00:38:32 +02:00 · 2025-07-07 00:38:32 +02:00 · 8a9ffc5918
commit 8a9ffc5918
parent cc6ba2612d
5 changed files with 169 additions and 36 deletions
--- a/src/components/nostr/IdentityDialog.vue
+++ b/src/components/nostr/IdentityDialog.vue
@ -1,5 +1,5 @@
 <script setup lang="ts">
-import { ref, computed, watch } from 'vue'
+import { ref, computed } from 'vue'
 import { Dialog, DialogContent, DialogDescription, DialogHeader, DialogTitle } from '@/components/ui/dialog'
 import { Tabs, TabsContent, TabsList, TabsTrigger } from '@/components/ui/tabs'
 import { Button } from '@/components/ui/button'
--- a/src/lib/notifications/push.ts
+++ b/src/lib/notifications/push.ts
@ -101,11 +101,15 @@ export class PushNotificationService {
      // Check if already subscribed
      const existingSubscription = await registration.pushManager.getSubscription()
      if (existingSubscription) {
+        console.log('Using existing push subscription')
        return this.subscriptionToData(existingSubscription)
      }

      // Create new subscription
+      console.log('Creating new push subscription with VAPID key:', config.push.vapidPublicKey.substring(0, 20) + '...')
+      
      const applicationServerKey = this.urlBase64ToUint8Array(config.push.vapidPublicKey)
+      console.log('VAPID key converted to Uint8Array, length:', applicationServerKey.length)
      
      const subscription = await registration.pushManager.subscribe({
        userVisibleOnly: true,
@ -114,11 +118,26 @@ export class PushNotificationService {

      const subscriptionData = this.subscriptionToData(subscription)
      
-      console.log('Push subscription created:', subscriptionData)
+      console.log('Push subscription created successfully:', {
+        endpoint: subscriptionData.endpoint,
+        hasKeys: !!subscriptionData.keys.p256dh && !!subscriptionData.keys.auth
+      })
      return subscriptionData

    } catch (error) {
      console.error('Failed to subscribe to push notifications:', error)
+      
+      // Provide more specific error information
+      if (error instanceof DOMException) {
+        if (error.name === 'InvalidStateError') {
+          console.error('VAPID key format issue detected. Please check your VAPID public key.')
+        } else if (error.name === 'NotAllowedError') {
+          console.error('Push notifications blocked by user or browser policy.')
+        } else if (error.name === 'NotSupportedError') {
+          console.error('Push notifications not supported by this browser.')
+        }
+      }
+      
      throw error
    }
  }