npm - @juspay/shooter - Versions diffs - 1.24.1 → 1.25.0 - Mend

@juspay/shooter 1.24.1 → 1.25.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (165) hide show

package/src/lib/types/apn.ts CHANGED Viewed

@@ -17,8 +17,12 @@ export interface APNsSendResult {
   details?: unknown[];
   error?: string;
   failed: number;
+  /** APNs HTTP status (200, 400, 410, …); 0 on a transport error. */
+  httpStatus?: number;
   sent: number;
   success: boolean;
+  /** Parsed `timestamp` from a 410 Unregistered body, in ms (for the prune guard). */
+  timestampMs?: number;
 }
 export interface LibraryResult {

package/src/lib/types/device.ts ADDED Viewed

@@ -0,0 +1,156 @@
+// Device registry types for multi-device push notification fan-out.
+//
+// Hand-written (not generated from specs/types/api.yaml) because the
+// type-crafter generator currently truncates generated/API.ts before these
+// types, and because the fan-out result shapes are richer than the flat
+// interfaces YAML can express. Mirrors the pattern in decision.ts.
+//
+// NOTE: deliberately free of Node built-in imports (e.g. `crypto`) so the
+// $lib/types barrel stays safe to import from client bundles. Row-id
+// generation lives in the server-only DeviceTokenStore via crypto.randomUUID().
+/** One device's raw APNs delivery outcome, before aggregation (PR 3 fan-out). */
+export interface ApnsDeliveryOutcome {
+  appEnv: AppEnv;
+  httpStatus: number;
+  reason: null | string;
+  registeredAt: string;
+  timestampMs: number;
+  token: string;
+}
+/** Aggregate APNs fan-out result across all iOS tokens (PR 3). */
+export interface APNsFanOutResult {
+  results: APNsTokenResult[];
+  staleTokens: string[];
+  totalFailed: number;
+  totalSent: number;
+}
+/** Outcome of classifying a single APNs delivery result for pruning. */
+export type ApnsTokenDisposition = 'sent' | 'stale_token' | 'transient_error';
+/** Per-token APNs delivery result (PR 3 fan-out). */
+export interface APNsTokenResult {
+  disposition: ApnsTokenDisposition;
+  httpStatus: number;
+  reason: null | string;
+  success: boolean;
+  timestampMs: number;
+  token: string;
+}
+export type AppEnv = 'production' | 'sandbox';
+/**
+ * A registered device as exposed by GET /api/device-token. The raw push token
+ * is replaced by a masked form so the registered-devices UI/logs never carry a
+ * full token.
+ */
+export interface DeviceListItem {
+  appEnv: AppEnv;
+  deviceId: null | string;
+  failureCount: number;
+  friendlyName: null | string;
+  id: string;
+  isActive: boolean;
+  lastSeenAt: string;
+  platform: DevicePlatform;
+  registeredAt: string;
+  tokenMasked: string;
+}
+export type DevicePlatform = 'android' | 'ios';
+/** One registered push device. Mirrors a `device_tokens` row (camelCased). */
+export interface DeviceRecord {
+  appEnv: AppEnv;
+  bundleId: null | string;
+  deviceId: null | string;
+  failureCount: number;
+  friendlyName: null | string;
+  id: string;
+  isActive: boolean;
+  lastSeenAt: string;
+  platform: DevicePlatform;
+  registeredAt: string;
+  token: string;
+}
+/** Fields accepted by DeviceTokenStore.upsert(); server fills the rest. */
+export interface DeviceUpsertInput {
+  appEnv?: AppEnv;
+  bundleId?: null | string;
+  deviceId?: null | string;
+  friendlyName?: null | string;
+  platform: DevicePlatform;
+  token: string;
+}
+/** One device's raw FCM delivery outcome, before aggregation (PR 4 fan-out). */
+export interface FcmDeliveryOutcome {
+  errorCode: null | string;
+  messageId: null | string;
+  success: boolean;
+  token: string;
+}
+/** Aggregate FCM fan-out result across all Android tokens (PR 4). */
+export interface FCMFanOutResult {
+  failureCount: number;
+  results: FCMTokenResult[];
+  staleTokens: string[];
+  successCount: number;
+}
+/** Per-token FCM delivery result (PR 4 fan-out). */
+export interface FCMTokenResult {
+  error: null | string;
+  messageId: null | string;
+  success: boolean;
+  token: string;
+}
+/** Shape returned by POST /api/notify after multi-device fan-out (PR 5). */
+export interface MultiDeviceNotifyResult {
+  failed: number;
+  pruned: number;
+  requestId: string;
+  sent: number;
+  success: boolean;
+  timestamp: string;
+}
+/** Combined APNs + FCM delivery summary for one /api/notify fan-out (PR 5). */
+export interface NotifyDeliverySummary {
+  delivered: boolean;
+  failed: number;
+  sent: number;
+  staleTokens: string[];
+  succeededTokens: string[];
+}
+/** Consecutive delivery failures before a token is considered dead. */
+export const MAX_FAILURE_COUNT = 3;
+/** Runtime guard for a DeviceRecord coming from an untrusted boundary. */
+export function isDeviceRecord(v: unknown): v is DeviceRecord {
+  if (!v || typeof v !== 'object' || Array.isArray(v)) {
+    return false;
+  }
+  const r = v as Record<string, unknown>;
+  const isNullableString = (x: unknown): x is null | string => x === null || typeof x === 'string';
+  return (
+    typeof r.id === 'string' &&
+    typeof r.token === 'string' &&
+    (r.platform === 'ios' || r.platform === 'android') &&
+    (r.appEnv === 'sandbox' || r.appEnv === 'production') &&
+    typeof r.registeredAt === 'string' &&
+    typeof r.lastSeenAt === 'string' &&
+    typeof r.isActive === 'boolean' &&
+    Number.isInteger(r.failureCount) &&
+    (r.failureCount as number) >= 0 &&
+    isNullableString(r.bundleId) &&
+    isNullableString(r.deviceId) &&
+    isNullableString(r.friendlyName)
+  );
+}

package/src/lib/types/index.ts CHANGED Viewed

@@ -9,6 +9,7 @@ export type * from './codex';
 export type * from './common';
 export type * from './dashboard';
 export * from './decision';
+export * from './device';
 export type * from './gemini';
 export * from './generated';
 export type * from './neurolink';

package/src/routes/api/debug/+server.ts CHANGED Viewed

@@ -1,6 +1,7 @@
 import { env } from '$env/dynamic/private';
 import { LibraryAPNsService } from '$lib/modules/server/apn/library-apns';
 import { validateAuth } from '$lib/modules/server/auth';
+import { deviceTokenStore } from '$lib/modules/server/push/device-token-store';
 import { json } from '@sveltejs/kit';
 import type { RequestHandler } from './$types';
@@ -12,7 +13,14 @@ export const GET: RequestHandler = ({ request }) => {
   }
   const apnsClient = new LibraryAPNsService();
-  const deviceToken = env.DEVICE_TOKEN?.trim();
+  // Prefer the most-recently-seen active iOS device matching the server's APNs
+  // gateway (the same filter /api/notify uses), so the debug view never lists a
+  // wrong-env device that pushes silently skip; fall back to the legacy env var.
+  const apnsEnv: 'production' | 'sandbox' =
+    env.APNS_PRODUCTION === 'true' ? 'production' : 'sandbox';
+  const iosDevices = deviceTokenStore.listActiveForEnv('ios', apnsEnv);
+  const deviceToken = iosDevices[0]?.token ?? env.DEVICE_TOKEN?.trim() ?? '';
   return json({
     apns: {
@@ -30,6 +38,10 @@ export const GET: RequestHandler = ({ request }) => {
     },
     environment: env.NODE_ENV || 'development',
     hasApiKey: !!env.API_KEY,
+    registeredDevices: {
+      android: deviceTokenStore.listActive('android').length,
+      ios: iosDevices.length,
+    },
     timestamp: new Date().toISOString(),
   });
 };

package/src/routes/api/device-token/+server.ts CHANGED Viewed

@@ -1,36 +1,77 @@
+import type { AppEnv } from '$lib/types';
+import { env } from '$env/dynamic/private';
 import { validateAuth } from '$lib/modules/server/auth';
+import { toDeviceListItem } from '$lib/modules/server/push/device-format';
+import {
+  deviceTokenStore,
+  MAX_BUNDLE_ID_LENGTH,
+  MAX_DEVICE_ID_LENGTH,
+  MAX_NAME_LENGTH,
+  MAX_TOKEN_LENGTH,
+} from '$lib/modules/server/push/device-token-store';
 import { json } from '@sveltejs/kit';
-import { existsSync, mkdirSync, readFileSync, writeFileSync } from 'fs';
-import { homedir } from 'os';
-import { join } from 'path';
 import type { RequestHandler } from './$types';
-const TOKENS_DIR = join(homedir(), '.shooter');
-const TOKENS_FILE = join(TOKENS_DIR, 'device-tokens.json');
+function resolveAppEnv(requested: unknown): AppEnv {
+  if (requested === 'production' || requested === 'sandbox') {
+    return requested;
+  }
+  // Old apps omit appEnv → match the server's configured APNs gateway.
+  return env.APNS_PRODUCTION === 'true' ? 'production' : 'sandbox';
+}
+/** List all registered devices (masked tokens) plus per-platform counts. */
+export const GET: RequestHandler = ({ request }) => {
+  const authError = validateAuth(request);
+  if (authError) {
+    return authError;
+  }
+  const ios = deviceTokenStore.listActive('ios');
+  const android = deviceTokenStore.listActive('android');
+  const devices = [...ios, ...android].map(toDeviceListItem);
+  return json({
+    counts: { android: android.length, ios: ios.length, total: devices.length },
+    devices,
+  });
+};
+/** Remove a registered device by its registry row id. */
+export const DELETE: RequestHandler = async ({ request }) => {
+  const authError = validateAuth(request);
+  if (authError) {
+    return authError;
+  }
-function readTokens(): { android?: string; ios?: string } {
+  let body: unknown;
   try {
-    if (existsSync(TOKENS_FILE)) {
-      const parsed: unknown = JSON.parse(readFileSync(TOKENS_FILE, 'utf-8'));
-      // Guard against valid-but-wrong JSON (null, array, number, string)
-      if (!parsed || typeof parsed !== 'object' || Array.isArray(parsed)) {
-        return {};
-      }
-      return parsed as { android?: string; ios?: string };
-    }
+    body = await request.json();
   } catch {
-    // Corrupt file -- start fresh
+    return json({ error: 'Invalid JSON body' }, { status: 400 });
   }
-  return {};
-}
-function writeTokens(tokens: { android?: string; ios?: string }): void {
-  if (!existsSync(TOKENS_DIR)) {
-    mkdirSync(TOKENS_DIR, { mode: 0o700, recursive: true });
+  const id =
+    body && typeof body === 'object' && !Array.isArray(body)
+      ? (body as { id?: unknown }).id
+      : undefined;
+  if (typeof id !== 'string' || id.trim().length === 0) {
+    return json({ error: 'Missing required field: id' }, { status: 400 });
   }
-  writeFileSync(TOKENS_FILE, JSON.stringify(tokens, null, 2), { encoding: 'utf-8', mode: 0o600 });
-}
+  const removed = deviceTokenStore.deleteById(id.trim());
+  if (removed === 0) {
+    // Unknown id or already-removed device → 404 so a caller checking only the
+    // HTTP status can tell "already gone" apart from a real deletion.
+    return json({ error: 'Device not found or already removed', id: id.trim() }, { status: 404 });
+  }
+  // Registry is the single source of truth post-cutover (/api/notify reads it
+  // directly), so removing the row fully stops delivery — no legacy sink to sync.
+  return json({ removed, success: true });
+};
 export const POST: RequestHandler = async ({ request }) => {
   const authError = validateAuth(request);
@@ -38,7 +79,15 @@ export const POST: RequestHandler = async ({ request }) => {
     return authError;
   }
-  let body: { bundleId?: string; deviceToken?: string; platform: string; token?: string };
+  let body: {
+    appEnv?: string;
+    bundleId?: string;
+    deviceId?: string;
+    deviceName?: string;
+    deviceToken?: string;
+    platform: string;
+    token?: string;
+  };
   try {
     const parsed: unknown = await request.json();
     if (!parsed || typeof parsed !== 'object' || Array.isArray(parsed)) {
@@ -63,25 +112,61 @@ export const POST: RequestHandler = async ({ request }) => {
     return json({ error: 'Missing device token (deviceToken or token)' }, { status: 400 });
   }
   const token = rawToken.trim();
+  const deviceId = typeof body.deviceId === 'string' ? body.deviceId.trim() || null : null;
+  const friendlyName = typeof body.deviceName === 'string' ? body.deviceName.trim() || null : null;
+  const bundleId = typeof body.bundleId === 'string' ? body.bundleId.trim() || null : null;
-  // Persist to ~/.shooter/device-tokens.json
-  const tokens = readTokens();
-  tokens[platform] = token;
-  writeTokens(tokens);
-  // Update in-memory env so APNs can use it immediately (iOS is the primary APNs target).
-  // SvelteKit's $env/dynamic/private exposes a Proxy whose getter reads process.env at
-  // access time but whose setter does NOT propagate to process.env. Assigning via the
-  // Proxy is a silent no-op, so subsequent /api/notify calls still read the stale value
-  // from .env. Write straight to process.env so env.DEVICE_TOKEN picks up the new token
-  // on the next read.
-  if (platform === 'ios') {
-    process.env.DEVICE_TOKEN = token;
+  // Reject oversized fields up front with a clean 400 (the store enforces the
+  // same caps defensively). Limits are generous vs. real values, so no
+  // legitimate client is affected; they bound per-row storage from bad input.
+  const tooLong =
+    token.length > MAX_TOKEN_LENGTH
+      ? 'token'
+      : deviceId && deviceId.length > MAX_DEVICE_ID_LENGTH
+        ? 'deviceId'
+        : friendlyName && friendlyName.length > MAX_NAME_LENGTH
+          ? 'deviceName'
+          : bundleId && bundleId.length > MAX_BUNDLE_ID_LENGTH
+            ? 'bundleId'
+            : null;
+  if (tooLong) {
+    return json({ error: `Field "${tooLong}" exceeds maximum allowed length` }, { status: 400 });
+  }
+  const appEnv = resolveAppEnv(body.appEnv);
+  // Register in the multi-device SQLite registry (one row per device). This is
+  // now the single source of truth — /api/notify reads it directly, so there is
+  // no longer a legacy JSON dual-write or a process.env.DEVICE_TOKEN mutation.
+  const record = deviceTokenStore.upsert({
+    appEnv,
+    bundleId,
+    deviceId,
+    friendlyName,
+    platform,
+    token,
+  });
+  // The store's anti-theft guard intentionally no-ops when the token is held by
+  // a different device, returning that device's row unchanged. If the row we got
+  // back isn't this caller's (its deviceId differs from the requested one — incl.
+  // a legacy null-deviceId caller hitting a token owned by a deviceId'd device),
+  // surface a 409 instead of leaking the other device's metadata as a misleading
+  // success.
+  if (record.deviceId !== deviceId) {
+    return json(
+      { error: 'Token is already registered to a different active device' },
+      { status: 409 }
+    );
   }
-  console.log(`[device-token] Registered ${platform} token (length: ${token.length})`);
+  console.log(
+    `[device-token] Registered ${platform} device ${record.id} (token len ${token.length})`
+  );
   return json({
+    deviceId: record.deviceId,
+    id: record.id,
     platform,
     success: true,
     timestamp: new Date().toISOString(),

package/src/routes/api/health/+server.ts CHANGED Viewed

@@ -2,6 +2,7 @@ import type { FCMConfiguration, HealthChecks, HealthConfiguration, HealthStatus
 import { env } from '$env/dynamic/private';
 import { validateAuth } from '$lib/modules/server/auth';
+import { deviceTokenStore } from '$lib/modules/server/push/device-token-store';
 import { getProviderAvailability } from '$lib/modules/shared/providers';
 import { json } from '@sveltejs/kit';
 import { readFileSync } from 'fs';
@@ -36,11 +37,19 @@ export const GET: RequestHandler = ({ request, url }) => {
   const hasClientEmail = !!env.FCM_CLIENT_EMAIL?.trim();
   const hasPrivateKey = !!env.FCM_PRIVATE_KEY?.trim();
+  // Multi-device registry counts (replace the single-token env check).
+  const iosDeviceCount = deviceTokenStore.listActive('ios').length;
+  const androidDeviceCount = deviceTokenStore.listActive('android').length;
+  const registeredDeviceCount = iosDeviceCount + androidDeviceCount;
   const checks: HealthChecks = {
     hasApiKey: !!env.API_KEY?.trim(),
     hasAPNsConfig: !!(env.APNS_KEY_ID?.trim() && env.APNS_TEAM_ID?.trim() && env.APNS_KEY?.trim()),
     hasBundleId: !!env.APNS_BUNDLE_ID?.trim(),
-    hasDeviceToken: !!env.DEVICE_TOKEN?.trim(),
+    // Backward-compat alias: true if any device is registered OR the legacy
+    // single-token env var is still set.
+    hasDeviceToken:
+      registeredDeviceCount > 0 || !!env.DEVICE_TOKEN?.trim() || !!env.ANDROID_DEVICE_TOKEN?.trim(),
     hasFCMConfig: hasProjectId && hasClientEmail && hasPrivateKey,
   };
@@ -68,7 +77,7 @@ export const GET: RequestHandler = ({ request, url }) => {
     warnings.push('APNs not configured — iOS push notifications disabled');
   }
   if (!checks.hasDeviceToken) {
-    warnings.push('No device token set — push notifications have no target');
+    warnings.push('No devices registered — push notifications have no target');
   }
   if (!checks.hasFCMConfig) {
     warnings.push('FCM not configured — Android push notifications disabled');
@@ -92,6 +101,11 @@ export const GET: RequestHandler = ({ request, url }) => {
     },
     checks,
     configuration,
+    devices: {
+      android: androidDeviceCount,
+      ios: iosDeviceCount,
+      total: registeredDeviceCount,
+    },
     environment: env.NODE_ENV || 'development',
     status: 'healthy' as HealthStatus,
     timestamp: new Date().toISOString(),