A real-time notification server that provides secure WebSocket-based pub/sub functionality with HTTP-based access control.
-
Secure Client Management
- Client ID generation and validation
- Client metadata support
- Automatic client ID expiration
-
Channel Management
- Channel creation with access control rules
- Channel access control (grant/revoke)
- Maximum subscriber limits
- Client pattern-based access rules
-
WebSocket Communication
- Real-time notifications
- WebSocket-only subscription model
- Connection status tracking
- Automatic reconnection support
-
Access Control
- HTTP-based access management
- Channel-level access control
- Client-specific permissions
- Access pattern validation
The system consists of two main components:
-
HTTP API (
openapi.yaml)- Client management
- Channel creation and access control
- Notification publishing
- History retrieval
-
WebSocket API (
asyncapi.yaml)- Real-time notifications
- Subscription management
- Connection handling
- Error reporting
- Node.js (v16 or later)
- Redis (v6 or later)
- npm or yarn
-
Clone the repository:
git clone <repository-url> cd notification-server
-
Install dependencies:
npm install
-
Configure environment variables:
cp env.example .env # Edit .env with your configuration -
Start Redis:
redis-server
-
Start the server:
npm start
For development and testing, see the Development > Running Tests section for detailed setup instructions.
The HTTP API is documented in openapi.yaml and provides the following endpoints:
-
Client Management
POST /api/clients- Generate a new client IDGET /api/clients/{clientId}- Validate a client IDDELETE /api/clients/{clientId}- Delete a client and all its data
-
Channel Management
POST /api/channels- Create a new channelPOST /api/channels/{channel}/access/{clientId}- Grant channel accessDELETE /api/channels/{channel}/access/{clientId}- Revoke channel access
-
Notification Management
POST /api/notifications- Publish a notificationGET /api/notifications/{channel}- Get notification history
The WebSocket API is documented in asyncapi.yaml and supports the following message types:
-
Connection Messages
{ "type": "connection", "clientId": "client123", "metadata": { "userAgent": "Demo Client", "environment": "development" } } -
Subscription Messages
{ "type": "subscription", "action": "subscribe", "channel": "channel1" } -
Notification Messages
{ "type": "notification", "data": { "channel": "channel1", "message": "Hello, world!", "timestamp": "2024-03-20T12:00:00Z", "metadata": { "priority": "high", "tags": ["important"] } } }
- Client IDs are required for WebSocket connections
- Channel access is controlled via HTTP API
- Client IDs expire after a configurable period
- Channel access can be revoked at any time
- Access patterns can be restricted using regex patterns
- CORS Configuration: Supports single or multiple allowed origins
The server supports flexible CORS configuration for both HTTP API and WebSocket connections:
CORS_ORIGIN=http://localhost:3000CORS_ORIGIN=http://localhost:3000,https://app.example.com,https://admin.example.comCORS_ORIGIN=*Development: Multiple local development servers
CORS_ORIGIN=http://localhost:3000,http://localhost:3001,http://localhost:8080Production: Specific trusted domains
CORS_ORIGIN=https://app.yourcompany.com,https://admin.yourcompany.com-
Generate a client ID:
curl -X POST http://localhost:3111/api/clients \ -H "Content-Type: application/json" \ -d '{"metadata": {"userAgent": "Demo Client"}}'
-
Create a channel:
curl -X POST http://localhost:3111/api/channels \ -H "Content-Type: application/json" \ -d '{ "channel": "demo", "rules": { "maxSubscribers": 100, "allowedClients": ["client123"], "allowedPatterns": ["client.*"] } }'
-
Connect via WebSocket:
const ws = new WebSocket('ws://localhost:8080?clientId=client123'); ws.onmessage = (event) => { const data = JSON.parse(event.data); if (data.type === 'notification') { console.log('Received notification:', data.data); } }; // Subscribe to a channel ws.send(JSON.stringify({ type: 'subscription', action: 'subscribe', channel: 'demo' }));
The project includes comprehensive E2E tests that require both the notification server and Redis to be running.
- Redis server running on port 6379
- Notification server running on ports 3000 (HTTP) and 8080 (WebSocket)
-
Start Redis:
# Using Docker docker run -d --name test-redis -p 6379:6379 redis:7-alpine # Or using local Redis installation redis-server
-
Start the Notification Server:
# In a separate terminal PORT=3000 WS_PORT=8080 REDIS_URL=redis://localhost:6379 npm run dev -
Run Tests:
# In another terminal npm test
-
Cleanup:
# Stop Redis container docker stop test-redis && docker rm test-redis # Stop the dev server (Ctrl+C in the dev terminal)
# Future enhancement - automated test setup
npm run test:e2e- HTTP API E2E Tests: Test all REST endpoints (25 tests)
- WebSocket E2E Tests: Test real-time functionality (5 tests)
- CORS Configuration Tests: Test multiple origin support (8 tests)
To run only unit tests without E2E requirements:
# Run specific test files
npm test -- src/__tests__/cors.test.tsnpm run lintnpm run build- Fork the repository
- Create a feature branch
- Commit your changes
- Push to the branch
- Create a Pull Request
MIT License - see LICENSE file for details
curl -X POST http://localhost:3000/api/channels \
-H "Content-Type: application/json" \
-d '{
"channel": "my-channel",
"rules": {
"isPublic": true,
"allowedClientIds": ["client1", "client2"],
"maxSubscribers": 100
}
}'curl -X DELETE http://localhost:3000/api/channels/my-channel- Channel creation will fail with a 409 status if the channel already exists
- Channel deletion will fail with a 404 status if the channel doesn't exist
- Both operations require a valid channel name
# Generate a new client ID
curl -X POST http://localhost:3000/api/clients \
-H "Content-Type: application/json" \
-d '{"metadata": {"userAgent": "Demo Client"}}'
# Delete a client and all its data
curl -X DELETE http://localhost:3000/api/clients/client123