265 lines
8.9 KiB
JavaScript
265 lines
8.9 KiB
JavaScript
import crypto from 'crypto'
|
|
import { promises as fs } from 'fs'
|
|
import path from 'path'
|
|
import { readUsers, writeUsers, isHiddenUser, migrateUserRoles } from './auth.js'
|
|
import { notificationSettingsForUser } from './notification-settings.js'
|
|
|
|
const FCM_SCOPE = 'https://www.googleapis.com/auth/firebase.messaging'
|
|
const TOKEN_URL = 'https://oauth2.googleapis.com/token'
|
|
const tokenCache = { accessToken: null, expiresAt: 0 }
|
|
|
|
function base64Url(input) {
|
|
return Buffer.from(input).toString('base64url')
|
|
}
|
|
|
|
function projectIdFromServiceAccount(serviceAccount) {
|
|
return process.env.FCM_PROJECT_ID || serviceAccount.project_id
|
|
}
|
|
|
|
function serviceAccountCandidatePaths() {
|
|
const filename = 'harheimer-tc-firebase-adminsdk-fbsvc-18b66a2971.json'
|
|
const cwd = process.cwd()
|
|
const candidates = []
|
|
if (process.env.GOOGLE_APPLICATION_CREDENTIALS) candidates.push(process.env.GOOGLE_APPLICATION_CREDENTIALS)
|
|
candidates.push(path.join(cwd, 'server/data', filename))
|
|
candidates.push(path.join(cwd, '../server/data', filename))
|
|
return [...new Set(candidates)]
|
|
}
|
|
|
|
async function readServiceAccount() {
|
|
if (process.env.FCM_SERVICE_ACCOUNT_JSON) {
|
|
return JSON.parse(process.env.FCM_SERVICE_ACCOUNT_JSON)
|
|
}
|
|
for (const candidate of serviceAccountCandidatePaths()) {
|
|
try {
|
|
const raw = await fs.readFile(candidate, 'utf8')
|
|
return JSON.parse(raw)
|
|
} catch (error) {
|
|
if (error?.code !== 'ENOENT') {
|
|
console.warn(`FCM Service-Account konnte nicht gelesen werden (${candidate}): ${error.message}`)
|
|
}
|
|
}
|
|
}
|
|
return null
|
|
}
|
|
|
|
async function getAccessToken(serviceAccount) {
|
|
if (tokenCache.accessToken && tokenCache.expiresAt > Date.now() + 60_000) {
|
|
return tokenCache.accessToken
|
|
}
|
|
const now = Math.floor(Date.now() / 1000)
|
|
const assertion = [
|
|
base64Url(JSON.stringify({ alg: 'RS256', typ: 'JWT' })),
|
|
base64Url(JSON.stringify({
|
|
iss: serviceAccount.client_email,
|
|
scope: FCM_SCOPE,
|
|
aud: TOKEN_URL,
|
|
iat: now,
|
|
exp: now + 3600
|
|
}))
|
|
].join('.')
|
|
const signature = crypto
|
|
.createSign('RSA-SHA256')
|
|
.update(assertion)
|
|
.sign(serviceAccount.private_key, 'base64url')
|
|
const response = await fetch(TOKEN_URL, {
|
|
method: 'POST',
|
|
headers: { 'content-type': 'application/x-www-form-urlencoded' },
|
|
body: new URLSearchParams({
|
|
grant_type: 'urn:ietf:params:oauth:grant-type:jwt-bearer',
|
|
assertion: `${assertion}.${signature}`
|
|
})
|
|
})
|
|
if (!response.ok) {
|
|
throw new Error(`FCM OAuth fehlgeschlagen: ${response.status}`)
|
|
}
|
|
const body = await response.json()
|
|
tokenCache.accessToken = body.access_token
|
|
tokenCache.expiresAt = Date.now() + Number(body.expires_in || 3600) * 1000
|
|
return tokenCache.accessToken
|
|
}
|
|
|
|
function pushTokensForUser(user) {
|
|
return Array.isArray(user.pushTokens)
|
|
? user.pushTokens.filter(entry => entry?.token && entry.platform === 'android')
|
|
: []
|
|
}
|
|
|
|
export function upsertPushToken(user, { token, platform = 'android', appVersion = null }) {
|
|
const normalizedToken = String(token || '').trim()
|
|
if (!normalizedToken) return user
|
|
const now = new Date().toISOString()
|
|
const tokens = Array.isArray(user.pushTokens) ? user.pushTokens : []
|
|
const next = tokens.filter(entry => entry?.token !== normalizedToken)
|
|
next.push({
|
|
token: normalizedToken,
|
|
platform: String(platform || 'android').slice(0, 30),
|
|
appVersion: appVersion ? String(appVersion).slice(0, 80) : null,
|
|
updatedAt: now,
|
|
createdAt: tokens.find(entry => entry?.token === normalizedToken)?.createdAt || now
|
|
})
|
|
user.pushTokens = next.slice(-20)
|
|
return user
|
|
}
|
|
|
|
async function sendFcmMessage({ serviceAccount, accessToken, token, title, body, data = {} }) {
|
|
const projectId = projectIdFromServiceAccount(serviceAccount)
|
|
if (!projectId) throw new Error('FCM project_id fehlt.')
|
|
const response = await fetch(`https://fcm.googleapis.com/v1/projects/${projectId}/messages:send`, {
|
|
method: 'POST',
|
|
headers: {
|
|
authorization: `Bearer ${accessToken}`,
|
|
'content-type': 'application/json'
|
|
},
|
|
body: JSON.stringify({
|
|
message: {
|
|
token,
|
|
notification: { title, body },
|
|
data,
|
|
android: {
|
|
priority: 'high',
|
|
notification: {
|
|
channel_id: 'harheimer_tc_updates',
|
|
click_action: 'OPEN_NEWS'
|
|
}
|
|
}
|
|
}
|
|
})
|
|
})
|
|
if (!response.ok) {
|
|
const text = await response.text().catch(() => '')
|
|
throw new Error(`FCM send fehlgeschlagen: ${response.status} ${text}`)
|
|
}
|
|
}
|
|
|
|
function notificationIdFor(value) {
|
|
return String(value || Date.now()).split('').reduce((acc, char) => acc + char.charCodeAt(0), 0).toString()
|
|
}
|
|
|
|
function userRoles(user) {
|
|
const migrated = migrateUserRoles({ ...(user || {}) })
|
|
return Array.isArray(migrated.roles) ? migrated.roles : []
|
|
}
|
|
|
|
function isVorstandUser(user) {
|
|
const roles = userRoles(user)
|
|
return roles.includes('admin') || roles.includes('vorstand')
|
|
}
|
|
|
|
export async function sendPushToUsers({ title, body, data = {}, predicate, failureLabel = 'FCM-Push' }) {
|
|
const serviceAccount = await readServiceAccount()
|
|
if (!serviceAccount) {
|
|
console.warn('FCM nicht konfiguriert: FCM_SERVICE_ACCOUNT_JSON oder GOOGLE_APPLICATION_CREDENTIALS fehlt.')
|
|
return { sent: 0, failed: 0, removed: 0, recipients: 0, tokenCount: 0, skipped: true }
|
|
}
|
|
const accessToken = await getAccessToken(serviceAccount)
|
|
const users = await readUsers()
|
|
let sent = 0
|
|
let failed = 0
|
|
let removed = 0
|
|
let recipients = 0
|
|
let tokenCount = 0
|
|
let changed = false
|
|
const payload = {
|
|
...Object.fromEntries(Object.entries(data).map(([key, value]) => [key, String(value ?? '')])),
|
|
title: String(title || 'Harheimer TC'),
|
|
body: String(body || '').slice(0, 240),
|
|
notificationId: String(data.notificationId || notificationIdFor(`${data.type || 'push'}:${title}:${body}`))
|
|
}
|
|
|
|
for (const user of users) {
|
|
if (isHiddenUser(user)) continue
|
|
const settings = notificationSettingsForUser(user)
|
|
if (predicate && !predicate(user, settings)) continue
|
|
recipients += 1
|
|
const tokens = pushTokensForUser(user)
|
|
tokenCount += tokens.length
|
|
const validTokens = []
|
|
for (const entry of tokens) {
|
|
try {
|
|
await sendFcmMessage({ serviceAccount, accessToken, token: entry.token, title, body, data: payload })
|
|
sent += 1
|
|
validTokens.push(entry)
|
|
} catch (error) {
|
|
failed += 1
|
|
console.error('FCM Push fehlgeschlagen:', { failureLabel, message: error.message })
|
|
if (!/UNREGISTERED|NOT_FOUND|INVALID_ARGUMENT/.test(String(error.message))) {
|
|
validTokens.push(entry)
|
|
} else {
|
|
removed += 1
|
|
changed = true
|
|
}
|
|
}
|
|
}
|
|
if (validTokens.length !== tokens.length) {
|
|
user.pushTokens = validTokens
|
|
changed = true
|
|
}
|
|
}
|
|
if (changed) await writeUsers(users)
|
|
return { sent, failed, removed, recipients, tokenCount, skipped: false }
|
|
}
|
|
|
|
export async function sendNewNewsPush(news) {
|
|
const title = 'Neue News'
|
|
const body = String(news.title || 'Neue Nachricht vom Harheimer TC').slice(0, 120)
|
|
return sendPushToUsers({
|
|
title,
|
|
body,
|
|
data: {
|
|
type: 'news',
|
|
newsId: String(news.id || ''),
|
|
notificationId: notificationIdFor(news.id || Date.now())
|
|
},
|
|
predicate: (_user, settings) => settings.newNews,
|
|
failureLabel: 'FCM News-Push'
|
|
})
|
|
}
|
|
|
|
export async function sendNewEventPush(termin) {
|
|
const title = 'Neuer Termin'
|
|
const body = String(termin?.titel || 'Ein neuer Termin wurde eingetragen.').slice(0, 120)
|
|
return sendPushToUsers({
|
|
title,
|
|
body,
|
|
data: {
|
|
type: 'event',
|
|
date: termin?.datum || '',
|
|
notificationId: notificationIdFor(`event:${termin?.datum || ''}:${termin?.titel || ''}`)
|
|
},
|
|
predicate: (_user, settings) => settings.newEvents,
|
|
failureLabel: 'FCM Termin-Push'
|
|
})
|
|
}
|
|
|
|
export async function sendNewContactRequestPush(contactRequest) {
|
|
const title = 'Neue Kontaktanfrage'
|
|
const body = String(contactRequest?.subject || contactRequest?.name || 'Eine neue Kontaktanfrage ist eingegangen.').slice(0, 120)
|
|
return sendPushToUsers({
|
|
title,
|
|
body,
|
|
data: {
|
|
type: 'contact_request',
|
|
notificationId: notificationIdFor(`contact:${contactRequest?.email || ''}:${contactRequest?.subject || ''}:${Date.now()}`)
|
|
},
|
|
predicate: (user, settings) => isVorstandUser(user) && settings.newContactRequest,
|
|
failureLabel: 'FCM Kontaktanfrage-Push'
|
|
})
|
|
}
|
|
|
|
export async function sendNewUserRegistrationPush(registration) {
|
|
const title = 'Neue Benutzerregistrierung'
|
|
const body = String(registration?.name || registration?.email || 'Eine neue Registrierung wartet auf Freigabe.').slice(0, 120)
|
|
return sendPushToUsers({
|
|
title,
|
|
body,
|
|
data: {
|
|
type: 'user_registration',
|
|
userId: registration?.id || '',
|
|
notificationId: notificationIdFor(`registration:${registration?.id || registration?.email || Date.now()}`)
|
|
},
|
|
predicate: (user, settings) => isVorstandUser(user) && settings.newUserRegistration,
|
|
failureLabel: 'FCM Registrierungs-Push'
|
|
})
|
|
}
|