pushwave-client 0.2.3 → 0.2.5

package/README.md

@@ -0,0 +1,94 @@
+# pushwave-client (alpha)
+
+Expo/React Native SDK for the upcoming PushWave SaaS (work in progress). Goal: fetch the Expo push token and prepare app attestation (Android Play Integrity / iOS DeviceCheck) to secure notification delivery. The SaaS/backend validation is coming soon—consider this an early-stage project.
+
+---
+
+## Quick install
+
+1) Install the [SDK](https://www.npmjs.com/package/pushwave-client) and [Expo notifications](https://docs.expo.dev/versions/latest/sdk/notifications/) (peer requirement):
+```bash
+npm install pushwave-client
+npx expo install expo-notifications
+```
+
+2) Add the config plugin to your app.json / app.config.*:
+```json
+{
+  "expo": {
+    "plugins": ["pushwave-client"]
+  }
+}
+```
+
+3) Build native (EAS or dev client). Expo Go is not supported once native code is involved:
+```bash
+eas build -p android --profile development
+eas build -p ios --profile development
+```
+
+---
+
+## Minimal usage
+
+```tsx
+import { useEffect } from "react";
+import { Alert } from "react-native";
+import PushWaveClient from "pushwave-client";
+
+export default function App() {
+  useEffect(() => {
+    (async () => {
+      const res = await PushWaveClient.init({ apiKey: "pw_dev_xxx" });
+      if (!res.success) {
+        Alert.alert("PushWave", res.message ?? "Init failed");
+      }
+    })();
+  }, []);
+
+  return /* …your UI… */;
+}
+```
+
+- `PushWaveClient.init` is async and returns `{ success: boolean; message?: string }`.
+- Call it **once** at app startup (e.g., in `App.tsx` or a root component `useEffect`). Recalling it later is unnecessary.
+- In `__DEV__`, the SDK may log additional info/errors (e.g., failed API calls) to help debugging.
+
+---
+
+## Notifications (expo-notifications)
+
+- The SDK retrieves the user’s Expo push token. If the user denies notification permission, no push will be delivered and the token may not be available depending on platform/permission.
+- On iOS, user permission is required to obtain a push token.
+- On Android, Expo handles permission/channel setup; if the user refuses, no push is delivered.
+
+---
+
+## Attestation (current status)
+
+- Backend validation is not live yet; it will arrive with the PushWave SaaS.
+- Android (Play Integrity): will require a build distributed via the Play Store (internal/closed track) with Play App Signing + Play Integrity API enabled. No support for Expo Go / sideload.
+- iOS (DeviceCheck): will require a real build (dev client or TestFlight), not Expo Go.
+- For now, consider attestation non-blocking (the SDK may return a `disabled` flag until the SaaS is active).
+
+---
+
+## Compatibility
+
+- Tested on the latest Expo SDK (54). No guarantees on earlier versions.
+- Requires a native build (EAS or dev client).
+
+---
+
+## Links
+
+- NPM: https://www.npmjs.com/package/pushwave-client
+- GitHub: https://github.com/luruk-hai/pushwave-client#readme
+
+---
+
+## Roadmap (with SaaS)
+
+- Server-side validation of Play Integrity / DeviceCheck tokens.
+- Full attestation docs and Play Store setup (enable Integrity API, internal track).
+- Complete registration flow with the PushWave backend.

package/dist/attestation/getApplicationAttestation.d.ts

@@ -1,16 +1,23 @@
 export interface AndroidAttestationPayload {
+    status: "ok";
+    platform: "android";
     nonce: string;
     timestamp: number;
     integrityToken: string;
 }
 export interface IosAttestationPayload {
+    status: "ok";
+    platform: "ios";
     nonce: string;
     timestamp: number;
     deviceCheckToken: string;
 }
 export interface DisabledAttestation {
-    attestationDisabled: true;
+    status: "disabled";
     reason: string;
 }
-export type ApplicationAttestation = AndroidAttestationPayload | IosAttestationPayload | DisabledAttestation | true;
+export interface SkippedAttestation {
+    status: "skipped";
+}
+export type ApplicationAttestation = AndroidAttestationPayload | IosAttestationPayload | DisabledAttestation | SkippedAttestation;
 export default function getApplicationAttestation(apiKey: string): Promise<ApplicationAttestation>;

package/dist/attestation/getApplicationAttestation.js

@@ -6,7 +6,7 @@ const react_native_1 = require("react-native");
 const native_1 = require("./native");
 async function getApplicationAttestation(apiKey) {
     if (!requiresAttestation(apiKey))
-        return true;
+        return { status: "skipped" };
     const { nonce, timestamp } = createNonce();
     try {
         if (react_native_1.Platform.OS === "android")
@@ -16,9 +16,9 @@ async function getApplicationAttestation(apiKey) {
     }
     catch (err) {
         const reason = err?.message ?? "attestation-error";
-        return { attestationDisabled: true, reason };
+        return { status: "disabled", reason };
     }
-    return { attestationDisabled: true, reason: "platform-unsupported" };
+    return { status: "disabled", reason: "platform-unsupported" };
 }
 function requiresAttestation(apiKey) {
     return apiKey.startsWith("pw_pub_");
@@ -43,14 +43,14 @@ function base64UrlEncode(input) {
 async function getAndroidSignature(nonce, timestamp) {
     const integrityToken = await (0, native_1.getAndroidIntegrityToken)(nonce);
     if (!integrityToken) {
-        return { attestationDisabled: true, reason: "play-integrity-unavailable" };
+        return { status: "disabled", reason: "play-integrity-unavailable" };
     }
-    return { nonce, timestamp, integrityToken };
+    return { status: "ok", platform: "android", nonce, timestamp, integrityToken };
 }
 async function getIosDeviceCheck(nonce, timestamp) {
     const deviceCheckToken = await (0, native_1.getDeviceCheckToken)(nonce);
     if (!deviceCheckToken) {
-        return { attestationDisabled: true, reason: "devicecheck-unavailable" };
+        return { status: "disabled", reason: "devicecheck-unavailable" };
     }
-    return { nonce, timestamp, deviceCheckToken };
+    return { status: "ok", platform: "ios", nonce, timestamp, deviceCheckToken };
 }

package/dist/registerPushWave.d.ts

@@ -5,10 +5,11 @@ export interface RegisterPushWaveResponse {
     success: boolean;
     message?: string;
 }
-export interface RegisterPushWaveOptions {
+export interface RegisterPushWaveDTO {
     apiKey: string;
     expoToken: string;
     platform: string;
     appAttestation?: any;
+    environment: "development" | "production";
 }
 export default function registerPushWave({ apiKey }: RegisterPushWaveClient): Promise<RegisterPushWaveResponse>;

package/dist/registerPushWave.js

@@ -25,20 +25,15 @@ async function registerPushWave({ apiKey }) {
         };
     }
     const appAttestation = await (0, getApplicationAttestation_1.default)(apiKey);
-    if (!appAttestation) {
-        const message = `could not get ${react_native_1.Platform.OS} attestation.`;
-        pwLogger_1.PWLogger.error(message);
-        return {
-            success: false,
-            message: `[PushWaveClient] Error: ` + message
-        };
-    }
+    if (appAttestation.status === "disabled")
+        pwLogger_1.PWLogger.warn(`(${react_native_1.Platform.OS}) could not get attestation: ${appAttestation.reason}`);
     const path = "/v1/expo-tokens";
     const options = {
         apiKey: apiKey,
         expoToken: expoToken,
         platform: react_native_1.Platform.OS,
-        appAttestation: appAttestation
+        appAttestation: appAttestation,
+        environment: __DEV__ ? "development" : "production"
     };
     try {
         const res = await (0, fetch_1.fetchApi)(path, options);

package/dist/utils/fetch.js

@@ -4,6 +4,7 @@ exports.fetchApi = fetchApi;
 const BASE_URL = "https://pushwave.luruk-hai.fr";
 async function fetchApi(path, data) {
     const url = BASE_URL + path;
+    console.log(data);
     const res = await fetch(url, {
         method: "POST",
         headers: {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pushwave-client",
-  "version": "0.2.3",
+  "version": "0.2.5",
   "description": "PushWave Client, Expo Push Notifications SaaS SDK",
   "homepage": "https://github.com/luruk-hai/pushwave-client#readme",
   "bugs": {

package/src/attestation/attestation.types.ts

@@ -0,0 +1,30 @@
+export interface AndroidAttestationPayload {
+    status: "ok";
+    platform: "android";
+    nonce: string;
+    timestamp: number;
+    integrityToken: string;
+}
+
+export interface IosAttestationPayload {
+    status: "ok";
+    platform: "ios";
+    nonce: string;
+    timestamp: number;
+    deviceCheckToken: string;
+}
+
+export interface DisabledAttestation {
+    status: "disabled";
+    reason: string;
+}
+
+export interface SkippedAttestation {
+    status: "skipped";
+}
+
+export type ApplicationAttestation =
+    | AndroidAttestationPayload
+    | IosAttestationPayload
+    | DisabledAttestation
+    | SkippedAttestation;

package/src/attestation/getApplicationAttestation.ts

@@ -1,32 +1,10 @@
 import { Buffer } from "buffer";
 import { Platform } from "react-native";
 import { getAndroidIntegrityToken, getDeviceCheckToken } from "./native";
+import { ApplicationAttestation, AndroidAttestationPayload, DisabledAttestation, IosAttestationPayload } from "./index";
 
-export interface AndroidAttestationPayload {
-    nonce: string;
-    timestamp: number;
-    integrityToken: string;
-}
-
-export interface IosAttestationPayload {
-    nonce: string;
-    timestamp: number;
-    deviceCheckToken: string;
-}
-
-export interface DisabledAttestation {
-    attestationDisabled: true;
-    reason: string;
-}
-
-export type ApplicationAttestation =
-    | AndroidAttestationPayload
-    | IosAttestationPayload
-    | DisabledAttestation
-    | true;
-
-export default async function getApplicationAttestation(apiKey: string): Promise<ApplicationAttestation> {
-    if (!requiresAttestation(apiKey)) return true;
+export async function getApplicationAttestation(apiKey: string): Promise<ApplicationAttestation> {
+    if (!requiresAttestation(apiKey)) return { status: "skipped" };
 
     const { nonce, timestamp } = createNonce();
 
@@ -35,10 +13,10 @@ export default async function getApplicationAttestation(apiKey: string): Promise
         if (Platform.OS === "ios") return await getIosDeviceCheck(nonce, timestamp);
     } catch (err) {
         const reason = (err as Error)?.message ?? "attestation-error";
-        return { attestationDisabled: true, reason };
+        return { status: "disabled", reason };
     }
 
-    return { attestationDisabled: true, reason: "platform-unsupported" };
+    return { status: "disabled", reason: "platform-unsupported" };
 }
 
 function requiresAttestation(apiKey: string) {
@@ -72,10 +50,10 @@ async function getAndroidSignature(
     const integrityToken = await getAndroidIntegrityToken(nonce);
 
     if (!integrityToken) {
-        return { attestationDisabled: true, reason: "play-integrity-unavailable" };
+        return { status: "disabled", reason: "play-integrity-unavailable" };
     }
 
-    return { nonce, timestamp, integrityToken };
+    return { status: "ok", platform: "android", nonce, timestamp, integrityToken };
 }
 
 async function getIosDeviceCheck(
@@ -85,8 +63,8 @@ async function getIosDeviceCheck(
     const deviceCheckToken = await getDeviceCheckToken(nonce);
 
     if (!deviceCheckToken) {
-        return { attestationDisabled: true, reason: "devicecheck-unavailable" };
+        return { status: "disabled", reason: "devicecheck-unavailable" };
     }
 
-    return { nonce, timestamp, deviceCheckToken };
+    return { status: "ok", platform: "ios", nonce, timestamp, deviceCheckToken };
 }

package/src/attestation/index.ts

@@ -0,0 +1,2 @@
+export * from "./attestation.types";
+export * from "./getApplicationAttestation";

package/src/index.ts

@@ -1,7 +1,4 @@
-import registerPushWave, {
-    RegisterPushWaveClient,
-  RegisterPushWaveResponse,
-} from "./registerPushWave";
+import { registerPushWave, RegisterPushWaveClient, RegisterPushWaveResponse } from "./register";
 
 export interface PushWaveClientType {
   init(options: RegisterPushWaveClient): Promise<RegisterPushWaveResponse>;

package/src/register/index.ts

@@ -0,0 +1,2 @@
+export * from "./registerPushWave";
+export * from "./registerPushWave.dto";

package/src/register/registerPushWave.dto.ts

@@ -0,0 +1,16 @@
+export interface RegisterPushWaveClient {
+    apiKey: string;
+}
+
+export interface RegisterPushWaveResponse {
+    success: boolean;
+    message?: string;
+}
+
+export interface RegisterPushWaveDTO {
+    apiKey: string;
+    expoToken: string;
+    platform: string;
+    appAttestation?: any;
+    environment: "development" | "production"
+}

package/src/{registerPushWave.ts → register/registerPushWave.ts}

@@ -1,27 +1,12 @@
-import { fetchApi } from "./utils/fetch";
-import { getExpoToken } from "./utils/expoToken";
-import getApplicationAttestation from "./attestation/getApplicationAttestation";
+import { fetchApi } from "../utils/fetch";
+import { getExpoToken } from "../utils/expoToken";
 import { Platform } from "react-native";
-import { PWLogger } from "./utils/pwLogger";
-import { isSecretKey } from "./utils/apiKeyCheck";
+import { PWLogger } from "../utils/pwLogger";
+import { isSecretKey } from "../utils/apiKeyCheck";
+import { RegisterPushWaveClient, RegisterPushWaveDTO, RegisterPushWaveResponse } from "./registerPushWave.dto";
+import { getApplicationAttestation } from "../attestation/index";
 
-export interface RegisterPushWaveClient {
-    apiKey: string;
-}
-
-export interface RegisterPushWaveResponse {
-    success: boolean;
-    message?: string;
-}
-
-export interface RegisterPushWaveOptions {
-    apiKey: string;
-    expoToken: string;
-    platform: string;
-    appAttestation?: any;
-}
-
-export default async function registerPushWave(
+export async function registerPushWave(
     { apiKey }: RegisterPushWaveClient
 ): Promise<RegisterPushWaveResponse> {
 
@@ -46,25 +31,17 @@ export default async function registerPushWave(
 
     const appAttestation = await getApplicationAttestation(apiKey);
 
-    if (!appAttestation) {
-
-        const message = `could not get ${Platform.OS} attestation.`;
-
-        PWLogger.error(message);
-
-        return {
-            success: false,
-            message: `[PushWaveClient] Error: ` + message
-        }
-    }
+    if (appAttestation.status === "disabled")
+        PWLogger.warn(`(${Platform.OS}) could not get attestation: ${appAttestation.reason}`);
 
     const path = "/v1/expo-tokens"
 
-    const options: RegisterPushWaveOptions = {
+    const options: RegisterPushWaveDTO = {
         apiKey: apiKey,
         expoToken: expoToken,
         platform: Platform.OS,
-        appAttestation: appAttestation
+        appAttestation: appAttestation,
+        environment: __DEV__ ? "development" : "production"
     }
 
     try {

package/src/utils/fetch.ts

@@ -7,6 +7,8 @@ export async function fetchApi<TResponse>(
 
   const url = BASE_URL + path;
 
+  console.log(data);
+
   const res = await fetch(url, {
     method: "POST",
     headers: {