feat: add notification trigger service (#904)

Author: sosweetham

infrastructure/control-panel/config/admin-enames.json

@@ -3,6 +3,7 @@
         "@7218b67d-da21-54d6-9a85-7c4db1d09768",
         "@82f7a77a-f03a-52aa-88fc-1b1e488ad498",
         "@35a31f0d-dd76-5780-b383-29f219fcae99",
-        "@82f7a77a-f03a-52aa-88fc-1b1e488ad498"
+        "@82f7a77a-f03a-52aa-88fc-1b1e488ad498",
+        "@af7e4f55-ad9d-537c-81ef-4f3a234bdd2c"
     ]
 }

infrastructure/control-panel/src/routes/notifications/+page.svelte

@@ -326,6 +326,7 @@
 			<ButtonAction
 				variant="solid"
 				size="sm"
+				class="w-fit"
 				isLoading={enameSending}
 				blockingClick
 				callback={sendByEName}
@@ -343,7 +344,9 @@
 		</p>
 		{#if deviceCount !== null}
 			<p class="text-black-500 mt-1 text-sm font-medium">
-				{deviceCount} device{deviceCount === 1 ? '' : 's'} with push token{deviceCount === 1 ? '' : 's'}
+				{deviceCount} device{deviceCount === 1 ? '' : 's'} with push token{deviceCount === 1
+					? ''
+					: 's'}
 			</p>
 		{/if}
 		<div class="mt-4 space-y-4">
@@ -383,6 +386,7 @@
 			<ButtonAction
 				variant="solid"
 				size="sm"
+				class="w-fit"
 				isLoading={bulkSending}
 				blockingClick
 				callback={sendBulkAll}

infrastructure/eid-wallet/src-tauri/gen/android/app/build.gradle.kts

@@ -27,17 +27,22 @@ android {
     }
 
     signingConfigs {
-      create("release") {
-        val keystorePropertiesFile = rootProject.file("keystore.properties")
-        val keystoreProperties = Properties()
-        if (keystorePropertiesFile.exists()) {
-          keystoreProperties.load(FileInputStream(keystorePropertiesFile))
-        }
+      val keystorePropertiesFile = rootProject.file("keystore.properties")
+      val keystoreProperties = Properties()
+      if (keystorePropertiesFile.exists()) {
+        keystoreProperties.load(FileInputStream(keystorePropertiesFile))
+      }
+      val hasKeystore = keystoreProperties["keyAlias"] != null &&
+        keystoreProperties["password"] != null &&
+        keystoreProperties["storeFile"] != null
 
-        keyAlias = keystoreProperties["keyAlias"] as String
-        keyPassword = keystoreProperties["password"] as String
-        storeFile = file(keystoreProperties["storeFile"] as String)
-        storePassword = keystoreProperties["password"] as String
+      if (hasKeystore) {
+        create("release") {
+          keyAlias = keystoreProperties["keyAlias"] as String
+          keyPassword = keystoreProperties["password"] as String
+          storeFile = file(keystoreProperties["storeFile"] as String)
+          storePassword = keystoreProperties["password"] as String
+        }
       }
     }
 
@@ -54,7 +59,9 @@ android {
             }
         }
         getByName("release") {
-            signingConfig = signingConfigs.getByName("release")
+            if (signingConfigs.findByName("release") != null) {
+              signingConfig = signingConfigs.getByName("release")
+            }
             isMinifyEnabled = true
             proguardFiles(
                 *fileTree(".") { include("**/*.pro") }

infrastructure/signature-validator/src/index.ts

@@ -330,9 +330,16 @@ export async function verifySignature(
             };
         }
 
+        console.log("Verifying signature for eName:", eName);
+        console.log("Registry base URL:", registryBaseUrl);
+        console.log("Signature:", signature);
+        console.log("Payload:", payload);
+
         // Get key binding certificates from eVault
         const keyBindingCertificates = await getKeyBindingCertificates(eName, registryBaseUrl);
 
+        console.log("Key binding certificates:", keyBindingCertificates);
+        
         if (keyBindingCertificates.length === 0) {
             return {
                 valid: true,

notification-trigger/.env.example

@@ -0,0 +1,24 @@
+# Notification Trigger
+# When run from the prototype monorepo, env vars are loaded from the repo root .env
+# (which has GOOGLE_APPLICATION_CREDENTIALS, APNS_*, etc.). Copy this file to .env
+# only if you need to override or run standalone.
+
+# Server
+NOTIFICATION_TRIGGER_PORT=3998
+
+# FCM (Android) - path to Firebase service account JSON
+# Download from Firebase Console → Project Settings → Service accounts
+GOOGLE_APPLICATION_CREDENTIALS="/path/to/your/firebase-adminsdk-xxxxx.json"
+
+# APNS (iOS) - from Apple Developer
+# Create .p8 key in Apple Developer → Keys
+APNS_KEY_PATH="/path/to/AuthKey_XXXXX.p8"
+APNS_KEY_ID="XXXXXXXXXX"
+APNS_TEAM_ID="XXXXXXXXXX"
+APNS_BUNDLE_ID="com.example.yourapp"
+
+# Use production APNS (false for development/sandbox)
+APNS_PRODUCTION=false
+
+# Optional: Live Activities broadcast channel ID (base64)
+# APNS_BROADCAST_CHANNEL_ID=

notification-trigger/.gitignore

@@ -0,0 +1,3 @@
+node_modules
+dist
+.env

notification-trigger/README.md

@@ -0,0 +1,107 @@
+# Notification Trigger
+
+A standalone toy platform to send push notifications via **APNS** (iOS) and **FCM** (Android). Accepts a common payload structure and routes to the appropriate service based on platform.
+
+Kept in this repo for testing purposes. Can be moved to its own project for standalone use.
+
+## Quick start
+
+```bash
+pnpm install
+cp .env.example .env
+# Edit .env with your credentials
+pnpm dev
+```
+
+Open http://localhost:3998 to use the web UI.
+
+## Requirements
+
+- **Node.js** 18+
+- **FCM (Android)**: Firebase service account JSON
+- **APNS (iOS)**: Apple .p8 auth key + key ID, team ID, bundle ID
+
+You can run with only one provider configured; the other will be disabled.
+
+## API
+
+### GET /api/health
+
+Returns health status and which providers are configured.
+
+```json
+{
+  "ok": true,
+  "apns": true,
+  "fcm": true
+}
+```
+
+### POST /api/send
+
+Send a push notification.
+
+**Request body:**
+
+```json
+{
+  "token": "<APNS or FCM device token>",
+  "platform": "ios" | "android" | null,
+  "payload": {
+    "title": "Hello",
+    "body": "Notification body",
+    "subtitle": "Optional subtitle",
+    "data": { "key": "value" },
+    "sound": "default",
+    "badge": 1,
+    "clickAction": "category-id"
+  }
+}
+```
+
+- **token**: APNS device token (iOS) or FCM registration token (Android)
+- **platform**: Optional. If omitted, auto-detected from token format (64 hex chars → iOS/APNS, else → Android/FCM)
+- **payload**: Common structure; `title` and `body` are required. `data` values must be strings for FCM compatibility.
+
+**Example (curl):**
+
+```bash
+curl -X POST http://localhost:3998/api/send \
+  -H "Content-Type: application/json" \
+  -d '{
+    "token": "YOUR_DEVICE_TOKEN",
+    "payload": {
+      "title": "Test",
+      "body": "Hello from notification trigger"
+    }
+  }'
+```
+
+## Environment
+
+Copy `.env.example` to `.env` and fill in your credentials. See `.env.example` for all required variables.
+
+| Variable | Required | Description |
+|----------|----------|--------------|
+| `NOTIFICATION_TRIGGER_PORT` | No | Server port (default: 3998) |
+| `GOOGLE_APPLICATION_CREDENTIALS` | For FCM | Path to Firebase service account JSON |
+| `APNS_KEY_PATH` | For APNS | Path to .p8 APNS auth key |
+| `APNS_KEY_ID` | For APNS | APNS key ID |
+| `APNS_TEAM_ID` | For APNS | Apple team ID |
+| `APNS_BUNDLE_ID` | For APNS | App bundle ID |
+| `APNS_PRODUCTION` | No | `true` for production APNS (default: `false`) |
+| `APNS_BROADCAST_CHANNEL_ID` | No | Base64 channel ID for Live Activities (optional) |
+
+## Build & run
+
+```bash
+pnpm build
+pnpm start
+```
+
+## Integration with this repo
+
+When used from the prototype monorepo:
+
+- Control panel uses `NOTIFICATION_TRIGGER_URL` (e.g. `http://localhost:3998`) to send notifications
+- The provisioner (evault-core) stores device tokens; the control panel fetches them and sends via this service

notification-trigger/package.json

@@ -0,0 +1,26 @@
+{
+  "name": "notification-trigger",
+  "version": "0.1.0",
+  "private": true,
+  "description": "Standalone toy platform to trigger push notifications via APNS/FCM. Kept for testing.",
+  "main": "dist/index.js",
+  "scripts": {
+    "dev": "tsx watch src/index.ts",
+    "build": "tsc && cp -r public dist/",
+    "start": "node dist/index.js"
+  },
+  "dependencies": {
+    "apn": "^2.2.0",
+    "cors": "^2.8.5",
+    "dotenv": "^16.4.5",
+    "express": "^4.18.2",
+    "firebase-admin": "^12.0.0"
+  },
+  "devDependencies": {
+    "@types/cors": "^2.8.18",
+    "@types/express": "^4.17.21",
+    "@types/node": "^20.11.24",
+    "tsx": "^4.7.1",
+    "typescript": "^5.3.3"
+  }
+}