From 1b4f4a674ac533c0b51260ba35ab91dd2cf9486d Mon Sep 17 00:00:00 2001
From: Ariel Costas Guerrero <ariel@costas.dev>
Date: Thu, 2 Apr 2026 12:38:10 +0200
Subject: Basic push notification system for service alerts

Co-authored-by: Copilot <copilot@github.com>
---
 src/Enmarcha.Backend/Controllers/PushController.cs | 50 ++++++++++++++++++++++
 1 file changed, 50 insertions(+)
 create mode 100644 src/Enmarcha.Backend/Controllers/PushController.cs

(limited to 'src/Enmarcha.Backend/Controllers/PushController.cs')

diff --git a/src/Enmarcha.Backend/Controllers/PushController.cs b/src/Enmarcha.Backend/Controllers/PushController.cs
new file mode 100644
index 0000000..9df6b48
--- /dev/null
+++ b/src/Enmarcha.Backend/Controllers/PushController.cs
@@ -0,0 +1,50 @@
+using Enmarcha.Backend.Configuration;
+using Enmarcha.Backend.Services;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.Extensions.Options;
+
+namespace Enmarcha.Backend.Controllers;
+
+[Route("api/push")]
+[ApiController]
+public class PushController(IPushNotificationService pushService, IOptions<AppConfiguration> config) : ControllerBase
+{
+    /// <summary>Returns the VAPID public key for the browser to use when subscribing.</summary>
+    [HttpGet("vapid-public-key")]
+    public IActionResult GetVapidPublicKey()
+    {
+        var vapid = config.Value.Vapid;
+        if (vapid is null)
+            return StatusCode(StatusCodes.Status503ServiceUnavailable, "Push notifications are not configured on this server.");
+
+        return Ok(new { publicKey = vapid.PublicKey });
+    }
+
+    /// <summary>Registers a new push subscription.</summary>
+    [HttpPost("subscribe")]
+    public async Task<IActionResult> Subscribe([FromBody] SubscribeRequest request)
+    {
+        if (!Uri.TryCreate(request.Endpoint, UriKind.Absolute, out var uri) || uri.Scheme != Uri.UriSchemeHttps)
+            return BadRequest("Invalid push endpoint: must be an absolute HTTPS URL.");
+
+        if (string.IsNullOrWhiteSpace(request.P256Dh) || string.IsNullOrWhiteSpace(request.Auth))
+            return BadRequest("Missing encryption keys.");
+
+        await pushService.SubscribeAsync(request.Endpoint, request.P256Dh, request.Auth);
+        return NoContent();
+    }
+
+    /// <summary>Removes a push subscription.</summary>
+    [HttpDelete("unsubscribe")]
+    public async Task<IActionResult> Unsubscribe([FromBody] UnsubscribeRequest request)
+    {
+        if (string.IsNullOrWhiteSpace(request.Endpoint))
+            return BadRequest("Endpoint is required.");
+
+        await pushService.UnsubscribeAsync(request.Endpoint);
+        return NoContent();
+    }
+}
+
+public record SubscribeRequest(string Endpoint, string P256Dh, string Auth);
+public record UnsubscribeRequest(string Endpoint);
-- 
cgit v1.3