7ae8a24372
* ST-cmovs79lt: Schema + migratie PushSubscription model Voeg PushSubscription model toe aan prisma/schema.prisma met snake_case-conventie, relation field op User, en bijbehorende migratie (push_subscriptions tabel, FK + index op user_id). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * ST-cmovs7e3o: web-push dependency + VAPID env vars feature-gated Voeg web-push + @types/web-push toe aan package.json. Registreer NEXT_PUBLIC_VAPID_PUBLIC_KEY, VAPID_PRIVATE_KEY, VAPID_SUBJECT en INTERNAL_PUSH_SECRET als .optional() in lib/env.ts. Documenteer alle vier in .env.example en README. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * ST-cmovs7jgr: lib/push-server.ts met sendPushToUser + stale-cleanup Server-only push-lib met VAPID feature-gate, send naar alle subscriptions van een user, en automatische cleanup bij 404/410. Unit tests: success-pad, 410 verwijdert sub, 404 verwijdert sub, andere errors loggen zonder delete. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * ST-cmovs7ouz: lib/push-client.ts client-side push helpers + stub actions/push.ts Client-side helpers: isPushSupported, isIOSSafari, isStandalonePWA, urlBase64ToUint8Array, subscribeToPush, unsubscribeFromPush. Stub actions/push.ts zodat imports resolven (implementatie volgt in volgende taak). Unit tests voor urlBase64ToUint8Array. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * ST-cmovs7ut4: actions/push.ts subscribeToPushAction + unsubscribeFromPushAction Vervangt stub met volledige implementatie: requireUser via getSession, demo-block, Zod-validatie, upsert met user_id-scoping en user-scoped deleteMany. Tests (8): idempotentie, demo-block, unauthenticated, invalid input. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * ST-cmovs80c1: POST /api/internal/push/send met constant-time Bearer check Route: 503 als INTERNAL_PUSH_SECRET uitstaat, 401 bij verkeerd secret (timingSafeEqual), 400 bij invalid JSON, 422 bij Zod-fout, 204 bij succes. push-server.ts: env-import vervangen door process.env om SESSION_SECRET validatie tijdens build te omzeilen. Tests aangepast. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * ST-cmovs862j: Admin test-send route + public/sw.js service worker POST /api/internal/push/test-send: requireAdmin check (redirect bij niet-admin), optioneel body met defaults, roept sendPushToUser aan, 204. public/sw.js: push-handler met showNotification, notificationclick met same-origin guard, focus bestaand venster of openWindow. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * ST-cmovs8jvq: PushToggle component met 3 states + iOS-banner Client component met states loading/unsupported/ios-needs-install/ denied/subscribed/unsubscribed. useEffect detecteert initial status, permission-prompt alleen via user-click. iOS-banner NL, denied-uitleg, subscribe/unsubscribe knoppen met sonner-toasts. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * ST-cmovs8psg: notifications-sheet + iOS meta-tags in layout notifications-sheet.tsx: PushToggle onderin met sectie 'Notificatie-instellingen' en visuele scheidslijn. app/layout.tsx: appleWebApp.capable, statusBarStyle en mobile-web-app-capable meta-tags toegevoegd via Next.js Metadata API. manifest.json had al display: standalone. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * ST-cmovs8vxj: docs/patterns/web-push.md pattern-documentatie Architectuur-diagram, payload-shape, foutcodes, VAPID-config, iOS-quirks, demo-users blokkade, trigger-voorbeelden (server + HTTP) en admin-testroute curl-voorbeeld. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
37 lines
1.5 KiB
Text
37 lines
1.5 KiB
Text
# Database
|
|
DATABASE_URL="postgresql://user:password@host/dbname?sslmode=require"
|
|
DIRECT_URL="postgresql://user:password@host/dbname?sslmode=require"
|
|
|
|
# Auth/session
|
|
# Generate with: openssl rand -base64 32
|
|
SESSION_SECRET="replace-with-at-least-32-characters"
|
|
|
|
# Optional; Vercel and Node set this automatically in deployed environments.
|
|
NODE_ENV="development"
|
|
|
|
# M11 (ST-1107) — shared secret between Vercel cron-trigger and the
|
|
# /api/cron/expire-questions handler. Required in production; optional in
|
|
# local dev (the route returns 401 if the Authorization header doesn't match).
|
|
# Generate with: openssl rand -base64 32
|
|
CRON_SECRET=""
|
|
|
|
# PBI-55 — Web Push (VAPID). All optional; app starts without these.
|
|
# Generate keys with: npx web-push generate-vapid-keys
|
|
NEXT_PUBLIC_VAPID_PUBLIC_KEY=""
|
|
VAPID_PRIVATE_KEY=""
|
|
# Must start with mailto: e.g. mailto:admin@example.com
|
|
VAPID_SUBJECT="mailto:admin@example.com"
|
|
# Shared secret for POST /api/internal/push/send — min 32 chars
|
|
# Generate with: openssl rand -base64 32
|
|
INTERNAL_PUSH_SECRET=""
|
|
|
|
# v1-readiness item 2 — Sentry error monitoring.
|
|
# Optional. Without DSN, the SDK is a no-op (no network, no overhead).
|
|
# Get a DSN at https://sentry.io → Project → Settings → Client Keys (DSN).
|
|
NEXT_PUBLIC_SENTRY_DSN=""
|
|
|
|
# Required ONLY if you want source-map upload during build (production deploy).
|
|
# In Vercel: project settings → Environment Variables → add as encrypted.
|
|
SENTRY_ORG=""
|
|
SENTRY_PROJECT=""
|
|
SENTRY_AUTH_TOKEN=""
|