pushwave-client 0.2.5 → 0.2.7

package/README.md

@@ -1,6 +1,17 @@
 # pushwave-client (alpha)
 
-Expo/React Native SDK for the upcoming PushWave SaaS (work in progress). Goal: fetch the Expo push token and prepare app attestation (Android Play Integrity / iOS DeviceCheck) to secure notification delivery. The SaaS/backend validation is coming soon—consider this an early-stage project.
+PushWave is a lightweight Expo-first SDK to get push notifications running without building your own backend or wrestling with native setup. It fetches the Expo push token and prepares app attestation (Android Play Integrity / iOS DeviceCheck) so you can secure delivery. The SaaS dashboard (scheduling, targeting, templates, cron-like sends) is coming soon. **Consider this an early-stage project**.
+
+---
+
+## Why PushWave?
+
+- **No backend needed**: token storage, targeting logic, scheduling, and sending are all handled by PushWave’s cloud. Forget cron jobs and custom endpoints.
+- **Expo-first design**: auto-linking, config plugin, no manual Gradle/Pod edits. Works seamlessly with EAS, dev clients, and Expo Router.
+- **Native attestation (roadmap)**: Play Integrity on Android + DeviceCheck on iOS to reduce spoofed APKs, fake tokens, and leaked API keys.
+- **One-line setup**: `PushWaveClient.init({ apiKey })` retrieves the Expo token, performs attestation when required, and logs enhanced debug info under `__DEV__`.
+- **Dashboard-first workflow (roadmap)**: audiences, groups, segments, templates, one-off or recurring pushes without touching Firebase or APNs directly.
+- **Minimal external config**: for Android you still upload your FCM credentials to Expo (required by the platform), but PushWave handles the rest.
 
 ---
 
@@ -61,6 +72,7 @@ export default function App() {
 - The SDK retrieves the user’s Expo push token. If the user denies notification permission, no push will be delivered and the token may not be available depending on platform/permission.
 - On iOS, user permission is required to obtain a push token.
 - On Android, Expo handles permission/channel setup; if the user refuses, no push is delivered.
+- You still need to provide FCM credentials to Expo for Android push (standard Expo requirement).
 
 ---
 
@@ -91,4 +103,5 @@ export default function App() {
 
 - Server-side validation of Play Integrity / DeviceCheck tokens.
 - Full attestation docs and Play Store setup (enable Integrity API, internal track).
+- Dashboard for targeting, templates, scheduling (one-off and cron-like).
 - Complete registration flow with the PushWave backend.

package/android/src/main/java/com/pushwaveclient/PushwaveAttestationModule.kt

@@ -16,11 +16,17 @@ class PushwaveAttestationModule(private val context: ReactApplicationContext) :
     override fun getName(): String = "PushwaveAttestation"
 
     @ReactMethod
-    fun getIntegrityToken(nonce: String, promise: Promise) {
+    fun getIntegrityToken(nonce: String, cloudProjectNumber: Double?, promise: Promise) {
         try {
+            if (cloudProjectNumber == null) {
+                promise.reject("PLAY_INTEGRITY_ERROR", "cloudProjectNumber is required")
+                return
+            }
+
             val manager: IntegrityManager = IntegrityManagerFactory.create(context)
             val request = IntegrityTokenRequest.builder()
                 .setNonce(nonce)
+                .setCloudProjectNumber(cloudProjectNumber.toLong())
                 .build()
 
             manager.requestIntegrityToken(request)

package/dist/attestation/attestation.types.d.ts

@@ -0,0 +1,22 @@
+export interface AndroidAttestationPayload {
+    status: "ok";
+    platform: "android";
+    nonce: string;
+    timestamp: number;
+    integrityToken: string;
+}
+export interface IosAttestationPayload {
+    status: "ok";
+    platform: "ios";
+    nonce: string;
+    timestamp: number;
+    deviceCheckToken: string;
+}
+export interface DisabledAttestation {
+    status: "disabled";
+    reason: string;
+}
+export interface SkippedAttestation {
+    status: "skipped";
+}
+export type ApplicationAttestation = AndroidAttestationPayload | IosAttestationPayload | DisabledAttestation | SkippedAttestation;

package/dist/attestation/attestation.types.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/attestation/getApplicationAttestation.d.ts

@@ -1,23 +1,2 @@
-export interface AndroidAttestationPayload {
-    status: "ok";
-    platform: "android";
-    nonce: string;
-    timestamp: number;
-    integrityToken: string;
-}
-export interface IosAttestationPayload {
-    status: "ok";
-    platform: "ios";
-    nonce: string;
-    timestamp: number;
-    deviceCheckToken: string;
-}
-export interface DisabledAttestation {
-    status: "disabled";
-    reason: string;
-}
-export interface SkippedAttestation {
-    status: "skipped";
-}
-export type ApplicationAttestation = AndroidAttestationPayload | IosAttestationPayload | DisabledAttestation | SkippedAttestation;
-export default function getApplicationAttestation(apiKey: string): Promise<ApplicationAttestation>;
+import { ApplicationAttestation } from "./index";
+export declare function getApplicationAttestation(apiKey: string): Promise<ApplicationAttestation>;

package/dist/attestation/getApplicationAttestation.js

@@ -1,12 +1,10 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.default = getApplicationAttestation;
+exports.getApplicationAttestation = getApplicationAttestation;
 const buffer_1 = require("buffer");
 const react_native_1 = require("react-native");
 const native_1 = require("./native");
 async function getApplicationAttestation(apiKey) {
-    if (!requiresAttestation(apiKey))
-        return { status: "skipped" };
     const { nonce, timestamp } = createNonce();
     try {
         if (react_native_1.Platform.OS === "android")
@@ -20,9 +18,6 @@ async function getApplicationAttestation(apiKey) {
     }
     return { status: "disabled", reason: "platform-unsupported" };
 }
-function requiresAttestation(apiKey) {
-    return apiKey.startsWith("pw_pub_");
-}
 function createNonce() {
     const timestamp = Date.now();
     const random = Math.random().toString(36).slice(2);

package/dist/attestation/index.d.ts

@@ -0,0 +1,2 @@
+export * from "./attestation.types";
+export * from "./getApplicationAttestation";

package/dist/attestation/index.js

@@ -0,0 +1,18 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./attestation.types"), exports);
+__exportStar(require("./getApplicationAttestation"), exports);

package/dist/attestation/native.js

@@ -3,6 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.getAndroidIntegrityToken = getAndroidIntegrityToken;
 exports.getDeviceCheckToken = getDeviceCheckToken;
 const react_native_1 = require("react-native");
+const pushwaveSettings_1 = require("../utils/pushwaveSettings");
 const MODULE_NAME = "PushwaveAttestation";
 const NativeAttestation = react_native_1.NativeModules?.[MODULE_NAME];
 function assertLinked() {
@@ -13,8 +14,10 @@ function assertLinked() {
 async function getAndroidIntegrityToken(nonce) {
     if (react_native_1.Platform.OS !== "android")
         return;
+    const pushwaveSettings = await (0, pushwaveSettings_1.getPushwaveSettings)();
+    const cloudProjectNumber = parseCloudProjectNumber(pushwaveSettings);
     assertLinked();
-    return NativeAttestation.getIntegrityToken(nonce);
+    return NativeAttestation.getIntegrityToken(nonce, cloudProjectNumber);
 }
 async function getDeviceCheckToken(nonce) {
     if (react_native_1.Platform.OS !== "ios")
@@ -22,3 +25,12 @@ async function getDeviceCheckToken(nonce) {
     assertLinked();
     return NativeAttestation.getDeviceCheckToken(nonce);
 }
+function parseCloudProjectNumber(pushwaveSettings) {
+    const projectNumber = typeof pushwaveSettings?.cloudProjectNumber === "string"
+        ? Number(pushwaveSettings.cloudProjectNumber)
+        : pushwaveSettings?.cloudProjectNumber;
+    if (typeof projectNumber !== "number" || !Number.isFinite(projectNumber)) {
+        throw new Error("Google Cloud Project Number missing.");
+    }
+    return projectNumber;
+}

package/dist/index.d.ts

@@ -1,4 +1,4 @@
-import { RegisterPushWaveClient, RegisterPushWaveResponse } from "./registerPushWave";
+import { RegisterPushWaveClient, RegisterPushWaveResponse } from "./register";
 export interface PushWaveClientType {
     init(options: RegisterPushWaveClient): Promise<RegisterPushWaveResponse>;
 }

package/dist/index.js

@@ -1,12 +1,9 @@
 "use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
 Object.defineProperty(exports, "__esModule", { value: true });
-const registerPushWave_1 = __importDefault(require("./registerPushWave"));
+const register_1 = require("./register");
 const PushWaveClient = {
     init(options) {
-        return (0, registerPushWave_1.default)(options);
+        return (0, register_1.registerPushWave)(options);
     },
 };
 exports.default = PushWaveClient;

package/dist/register/index.d.ts

@@ -0,0 +1,2 @@
+export * from "./registerPushWave";
+export * from "./registerPushWave.dto";

package/dist/register/index.js

@@ -0,0 +1,18 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./registerPushWave"), exports);
+__exportStar(require("./registerPushWave.dto"), exports);

package/dist/register/registerPushWave.d.ts

@@ -0,0 +1,2 @@
+import { RegisterPushWaveClient, RegisterPushWaveResponse } from "./registerPushWave.dto";
+export declare function registerPushWave({ apiKey }: RegisterPushWaveClient): Promise<RegisterPushWaveResponse>;

package/dist/register/registerPushWave.dto.d.ts

@@ -0,0 +1,14 @@
+export interface RegisterPushWaveClient {
+    apiKey: string;
+}
+export interface RegisterPushWaveResponse {
+    success: boolean;
+    message?: string;
+}
+export interface RegisterPushWaveDTO {
+    apiKey: string;
+    expoToken: string;
+    platform: string;
+    appAttestation?: any;
+    environment: "development" | "production";
+}

package/dist/register/registerPushWave.dto.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/register/registerPushWave.js

@@ -0,0 +1,51 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.registerPushWave = registerPushWave;
+const fetch_1 = require("../utils/fetch");
+const expoToken_1 = require("../utils/expoToken");
+const react_native_1 = require("react-native");
+const pwLogger_1 = require("../utils/pwLogger");
+const apiKeyCheck_1 = require("../utils/apiKeyCheck");
+const index_1 = require("../attestation/index");
+async function registerPushWave({ apiKey }) {
+    const OS = react_native_1.Platform.OS;
+    if ((0, apiKeyCheck_1.isSecretKey)(apiKey)) {
+        const warn = `\x1b[0m You are using your SECRET API key in a client environment. This key must NEVER be embedded in a mobile app.`;
+        pwLogger_1.PWLogger.warn(warn);
+    }
+    const expoToken = await (0, expoToken_1.getExpoToken)();
+    if (!expoToken) {
+        const message = "could not get ExpoToken";
+        pwLogger_1.PWLogger.error(message);
+        return {
+            success: false,
+            message: "[PushWaveClient] Error: " + message
+        };
+    }
+    const appAttestation = await (0, index_1.getApplicationAttestation)(apiKey);
+    if (appAttestation.status === "disabled")
+        pwLogger_1.PWLogger.warn(`(${react_native_1.Platform.OS}) could not get attestation: ${appAttestation.reason}`);
+    const path = "expo-tokens";
+    const options = {
+        apiKey: apiKey,
+        expoToken: expoToken,
+        platform: OS,
+        appAttestation: appAttestation,
+        environment: __DEV__ ? "development" : "production"
+    };
+    try {
+        const res = await (0, fetch_1.fetchApiPost)(path, options);
+        return {
+            success: true,
+            message: res.message,
+        };
+    }
+    catch (err) {
+        const e = err;
+        pwLogger_1.PWLogger.error(e.message);
+        return {
+            success: false,
+            message: e.message,
+        };
+    }
+}

package/dist/utils/fetch.d.ts

@@ -1 +1,2 @@
-export declare function fetchApi<TResponse>(path: string, data: Record<string, any>): Promise<TResponse>;
+export declare function fetchApiPost<TResponse>(path: string, data?: Record<string, any>): Promise<TResponse>;
+export declare function fetchApiGet<TResponse>(path: string, params?: Record<string, string | number | boolean | undefined>): Promise<TResponse>;

package/dist/utils/fetch.js

@@ -1,10 +1,10 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.fetchApi = fetchApi;
-const BASE_URL = "https://pushwave.luruk-hai.fr";
-async function fetchApi(path, data) {
+exports.fetchApiPost = fetchApiPost;
+exports.fetchApiGet = fetchApiGet;
+const BASE_URL = "https://pushwave.luruk-hai.fr/v1/";
+async function fetchApiPost(path, data = {}) {
     const url = BASE_URL + path;
-    console.log(data);
     const res = await fetch(url, {
         method: "POST",
         headers: {
@@ -27,3 +27,29 @@ async function fetchApi(path, data) {
     }
     return json;
 }
+async function fetchApiGet(path, params) {
+    const search = params
+        ? new URLSearchParams(Object.entries(params).reduce((acc, [key, value]) => {
+            if (value === undefined)
+                return acc;
+            acc[key] = String(value);
+            return acc;
+        }, {})).toString()
+        : "";
+    const url = BASE_URL + path + (search ? `?${search}` : "");
+    const res = await fetch(url);
+    const text = await res.text();
+    let json = null;
+    try {
+        json = text ? JSON.parse(text) : null;
+    }
+    catch (err) {
+        // JSON empty/invalid
+    }
+    if (!res.ok) {
+        const apiError = (json?.error ?? json?.message ?? "");
+        const message = `(${res.status}) ${apiError}`.trim();
+        throw new Error(message);
+    }
+    return json;
+}

package/dist/utils/pushwaveSettings.d.ts

@@ -0,0 +1,5 @@
+export type PushwaveSettings = {
+    cloudProjectNumber?: string | number;
+    [key: string]: unknown;
+};
+export declare function getPushwaveSettings(): Promise<PushwaveSettings>;

package/dist/utils/pushwaveSettings.js

@@ -0,0 +1,19 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getPushwaveSettings = getPushwaveSettings;
+const react_native_1 = require("react-native");
+const fetch_1 = require("./fetch");
+const pwLogger_1 = require("./pwLogger");
+const pushwaveSettingsPromise = (async () => {
+    try {
+        return await (0, fetch_1.fetchApiGet)("pushwave-config", { platform: react_native_1.Platform.OS });
+    }
+    catch (e) {
+        // log si besoin
+        pwLogger_1.PWLogger.warn(`Unable to load PushWave configuration: ${e}`);
+        return {};
+    }
+})();
+function getPushwaveSettings() {
+    return pushwaveSettingsPromise;
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pushwave-client",
-  "version": "0.2.5",
+  "version": "0.2.7",
   "description": "PushWave Client, Expo Push Notifications SaaS SDK",
   "homepage": "https://github.com/luruk-hai/pushwave-client#readme",
   "bugs": {

package/src/attestation/getApplicationAttestation.ts

@@ -4,8 +4,6 @@ import { getAndroidIntegrityToken, getDeviceCheckToken } from "./native";
 import { ApplicationAttestation, AndroidAttestationPayload, DisabledAttestation, IosAttestationPayload } from "./index";
 
 export async function getApplicationAttestation(apiKey: string): Promise<ApplicationAttestation> {
-    if (!requiresAttestation(apiKey)) return { status: "skipped" };
-
     const { nonce, timestamp } = createNonce();
 
     try {
@@ -19,10 +17,6 @@ export async function getApplicationAttestation(apiKey: string): Promise<Applica
     return { status: "disabled", reason: "platform-unsupported" };
 }
 
-function requiresAttestation(apiKey: string) {
-    return apiKey.startsWith("pw_pub_");
-}
-
 function createNonce() {
     const timestamp = Date.now();
     const random = Math.random().toString(36).slice(2);

package/src/attestation/native.ts

@@ -1,4 +1,5 @@
 import { NativeModules, Platform } from "react-native";
+import { getPushwaveSettings, PushwaveSettings } from "../utils/pushwaveSettings";
 
 const MODULE_NAME = "PushwaveAttestation";
 const NativeAttestation = NativeModules?.[MODULE_NAME];
@@ -11,8 +12,13 @@ function assertLinked() {
 
 export async function getAndroidIntegrityToken(nonce: string): Promise<string | undefined> {
   if (Platform.OS !== "android") return;
+
+  const pushwaveSettings = await getPushwaveSettings();
+
+  const cloudProjectNumber = parseCloudProjectNumber(pushwaveSettings);
+
   assertLinked();
-  return NativeAttestation.getIntegrityToken(nonce);
+  return NativeAttestation.getIntegrityToken(nonce, cloudProjectNumber);
 }
 
 export async function getDeviceCheckToken(nonce: string): Promise<string | undefined> {
@@ -20,3 +26,16 @@ export async function getDeviceCheckToken(nonce: string): Promise<string | undef
   assertLinked();
   return NativeAttestation.getDeviceCheckToken(nonce);
 }
+
+function parseCloudProjectNumber(pushwaveSettings: PushwaveSettings): number {
+  const projectNumber =
+    typeof pushwaveSettings?.cloudProjectNumber === "string"
+      ? Number(pushwaveSettings.cloudProjectNumber)
+      : pushwaveSettings?.cloudProjectNumber;
+
+  if (typeof projectNumber !== "number" || !Number.isFinite(projectNumber)) {
+    throw new Error("Google Cloud Project Number missing.");
+  }
+
+  return projectNumber;
+}

package/src/register/registerPushWave.ts

@@ -1,14 +1,16 @@
-import { fetchApi } from "../utils/fetch";
+import { fetchApiPost, fetchApiGet } from "../utils/fetch";
 import { getExpoToken } from "../utils/expoToken";
 import { Platform } from "react-native";
 import { PWLogger } from "../utils/pwLogger";
 import { isSecretKey } from "../utils/apiKeyCheck";
 import { RegisterPushWaveClient, RegisterPushWaveDTO, RegisterPushWaveResponse } from "./registerPushWave.dto";
 import { getApplicationAttestation } from "../attestation/index";
+import { platform } from "os";
 
 export async function registerPushWave(
     { apiKey }: RegisterPushWaveClient
 ): Promise<RegisterPushWaveResponse> {
+    const OS = Platform.OS;
 
     if (isSecretKey(apiKey)) {
         const warn = `\x1b[0m You are using your SECRET API key in a client environment. This key must NEVER be embedded in a mobile app.`;
@@ -34,18 +36,18 @@ export async function registerPushWave(
     if (appAttestation.status === "disabled")
         PWLogger.warn(`(${Platform.OS}) could not get attestation: ${appAttestation.reason}`);
 
-    const path = "/v1/expo-tokens"
+    const path = "expo-tokens"
 
     const options: RegisterPushWaveDTO = {
         apiKey: apiKey,
         expoToken: expoToken,
-        platform: Platform.OS,
+        platform: OS,
         appAttestation: appAttestation,
         environment: __DEV__ ? "development" : "production"
     }
 
     try {
-        const res: RegisterPushWaveResponse = await fetchApi(path, options)
+        const res: RegisterPushWaveResponse = await fetchApiPost(path, options)
 
         return {
             success: true,

package/src/utils/fetch.ts

@@ -1,14 +1,12 @@
-const BASE_URL = "https://pushwave.luruk-hai.fr";
+const BASE_URL = "https://pushwave.luruk-hai.fr/v1/";
 
-export async function fetchApi<TResponse>(
+export async function fetchApiPost<TResponse>(
   path: string,
-  data: Record<string, any>
+  data: Record<string, any> = {}
 ): Promise<TResponse> {
 
   const url = BASE_URL + path;
 
-  console.log(data);
-
   const res = await fetch(url, {
     method: "POST",
     headers: {
@@ -35,4 +33,42 @@ export async function fetchApi<TResponse>(
   }
 
   return json as TResponse;
-}
+}
+
+export async function fetchApiGet<TResponse>(
+  path: string,
+  params?: Record<string, string | number | boolean | undefined>
+): Promise<TResponse> {
+  const search = params
+    ? new URLSearchParams(
+      Object.entries(params).reduce<Record<string, string>>((acc, [key, value]) => {
+        if (value === undefined) return acc;
+        acc[key] = String(value);
+        return acc;
+      }, {})
+    ).toString()
+    : "";
+
+  const url = BASE_URL + path + (search ? `?${search}` : "");
+
+  const res = await fetch(url);
+
+  const text = await res.text();
+  let json: any = null;
+
+  try {
+    json = text ? JSON.parse(text) : null;
+  } catch (err) {
+    // JSON empty/invalid
+  }
+
+  if (!res.ok) {
+    const apiError = (json?.error ?? json?.message ?? "") as string;
+
+    const message = `(${res.status}) ${apiError}`.trim();
+
+    throw new Error(message);
+  }
+
+  return json as TResponse;
+}

package/src/utils/pushwaveSettings.ts

@@ -0,0 +1,22 @@
+import { Platform } from "react-native";
+import { fetchApiGet } from "./fetch";
+import { PWLogger } from "./pwLogger";
+
+export type PushwaveSettings = {
+    cloudProjectNumber?: string | number;
+    [key: string]: unknown;
+};
+
+const pushwaveSettingsPromise: Promise<PushwaveSettings> = (async () => {
+    try {
+        return await fetchApiGet("pushwave-config", { platform: Platform.OS });
+    } catch (e) {
+        // log si besoin
+        PWLogger.warn(`Unable to load PushWave configuration: ${e}`)
+        return {}
+    }
+})();
+
+export function getPushwaveSettings() {
+    return pushwaveSettingsPromise;
+}