2f1946e683
Some checks failed
ParentFlow CI/CD Pipeline / Backend Tests (push) Has been cancelled
ParentFlow CI/CD Pipeline / Frontend Tests (push) Has been cancelled
ParentFlow CI/CD Pipeline / Security Scanning (push) Has been cancelled
ParentFlow CI/CD Pipeline / Build Docker Images (map[context:maternal-app/maternal-app-backend dockerfile:Dockerfile.production name:backend]) (push) Has been cancelled
ParentFlow CI/CD Pipeline / Build Docker Images (map[context:maternal-web dockerfile:Dockerfile.production name:frontend]) (push) Has been cancelled
ParentFlow CI/CD Pipeline / Deploy to Development (push) Has been cancelled
ParentFlow CI/CD Pipeline / Deploy to Production (push) Has been cancelled
CI/CD Pipeline / Lint and Test (push) Has been cancelled
CI/CD Pipeline / E2E Tests (push) Has been cancelled
CI/CD Pipeline / Build Application (push) Has been cancelled
The VAPID public key endpoint needs to be publicly accessible since
frontends need it BEFORE user authentication to set up push subscriptions.
Changes:
- Added @Public() decorator to /api/v1/push/vapid-public-key endpoint
- Imported Public decorator from auth decorators
- Kept all other endpoints protected with JwtAuthGuard:
* POST /api/v1/push/subscriptions (requires auth)
* GET /api/v1/push/subscriptions (requires auth)
* DELETE /api/v1/push/subscriptions (requires auth)
* POST /api/v1/push/test (requires auth)
* GET /api/v1/push/statistics (requires auth)
The endpoint now returns the public VAPID key without authentication:
GET /api/v1/push/vapid-public-key
Response: {"publicKey":"BErlB..."}
This matches the Web Push API standard where VAPID public keys
are safe to expose publicly.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>