docs: document server-side web-push flow and deployment

This commit is contained in:
hbrain 2026-05-29 05:30:24 +00:00
parent 192c57ee13
commit cfba09e7ce

View file

@ -275,3 +275,40 @@ Adjust these constants and rerun `movmaker.py` to change the intro behavior with
## Notes
This is an early version. The intended workflow is deliberately simple: dump files into one folder and run the script.
## Web push notifications (MVLog web server)
Movmaker itself does not send web push notifications. The MVLog web UI handles "Show" notifications server-side: when an authenticated admin enables the "Show" checkbox for a job the web server attempts to send a single web-push to all subscribers and records the send. This keeps the VAPID private key on the web host and centralizes notification logic.
Files and behavior (deployed under the MVLog web root):
- send_push.js — Node sender script (uses web-push). It reads subscriptions from stdin and accepts a push payload and a push config file path.
- lib/send_push.php — server-side PHP helper used by new.php to call send_push.js and atomically update cache/push_notifications.json (the "shown" map).
- api/enable_show.php — authenticated endpoint to toggle Show and trigger send (used by some integrations). It requires admin login.
- new.php — the admin UI toggle now calls the server-side helper when Show is enabled (server-side send; non-fatal).
- cache/push_subscriptions.json — stored subscriptions (array of subscription objects).
- cache/push_notifications.json — recorded sends; the "shown" map prevents duplicate Show notifications.
- push.json or /etc/mvlog/push.php — VAPID keys (private key must be kept secret and file permissions restricted).
- log: /var/log/mvlog_notify.log — send attempts and errors are logged here.
Deployment checklist
1) Install Node.js and the web-push package under the web root (or system-wide):
npm install web-push --prefix /var/www/html/mvlog
2) Place VAPID keys where the webserver can read them (recommended: /etc/mvlog/push.php or /var/www/html/mvlog/push.json) and set restrictive permissions (600 or 640, owner www-data). Do NOT commit private keys to git.
3) Ensure /var/www/html/mvlog/cache exists and contains push_subscriptions.json and push_notifications.json (create {} if empty), owned by www-data and writable.
4) Ensure /var/log/mvlog_notify.log is writable by the webserver user.
5) The admin UI (new.php) requires login; enable Show from the admin UI to trigger a server-side send.
Security notes
- api/enable_show.php requires admin login; do not expose it publicly without strong auth.
- Protect push private keys: file permission 600 and owned by web user. Do not store private keys in repository.
- Consider adding CSRF protection, rate limiting, and periodic pruning of expired subscriptions (HTTP 410 responses).
If you want deployment automation, alternative flows (worker-based sender or token-protected endpoint), or I should add a short admin checklist, tell me and I will update the docs.