feat(push): owner-only subscribe/unsubscribe endpoints + VAPID config (T10)
POST/DELETE /api/subscriptions gated to the configured owner; runtime config carries the public VAPID key, owner email and the signing secret.
This commit is contained in:
14
.env.example
14
.env.example
@@ -17,7 +17,13 @@ NUXT_OAUTH_GOOGLE_CLIENT_ID=
|
||||
NUXT_OAUTH_GOOGLE_CLIENT_SECRET=
|
||||
NUXT_OAUTH_GOOGLE_REDIRECT_URL=
|
||||
|
||||
# Web Push / VAPID (Task 10)
|
||||
VAPID_PUBLIC_KEY=
|
||||
VAPID_PRIVATE_KEY=
|
||||
VAPID_SUBJECT=mailto:example@theodo.com
|
||||
# Web Push / VAPID (Task 10) — Nuxt binds these to runtimeConfig at runtime.
|
||||
# Generate the key pair with `pnpm vapid:keys`. The public key is sent to the
|
||||
# browser; the private key signs pushes server-side (T11) and must stay secret.
|
||||
NUXT_PUBLIC_VAPID_PUBLIC_KEY=
|
||||
NUXT_VAPID_PRIVATE_KEY=
|
||||
NUXT_VAPID_SUBJECT=mailto:example@theodo.com
|
||||
|
||||
# Push notifications go to this single owner only (G3). Not secret — also gates
|
||||
# the client-side "Enable notifications" button.
|
||||
NUXT_PUBLIC_OWNER_EMAIL=
|
||||
|
||||
Reference in New Issue
Block a user