for details about the internal implementation see README in module code folder
The Notification Module is watching for events that are configured to trigger (push) notifications to users. This module watches for database changes and creates notification events which can be sent through various channels:
- Push Notifications through Firebase
- "In-App" Notifications directly in the toolbar of our frontend UI
- ... in the future maybe also email
Push Notifications are sent through Firebase Cloud Messaging (FCM).
You can make a request to the API to check if a certain feature is currently enabled and available:
> GET /actuator/features
// response:
{
"notification": { "enabled": true }
}
If the aam-services backend is not deployed at all, such a request will usually return a HTTP 504 error. You should also account for that possibility.
The following environment variables are required:
FEATURES_NOTIFICATIONAPI_ENABLED=true
DATABASECHANGEDETECTION_ENABLED=true
# Firebase Configuration: Confidential (!)
NOTIFICATIONFIREBASECONFIGURATION_CREDENTIALFILEBASE64=<base-64-encoded-firebase-credential-file>
APPLICATION_BASEURL=<your-instance>.aam-digital.com
# if necessary, you can also override the linkBaseUrl (prefer to use the shared APPLICATION_BASEURL however)
NOTIFICATIONFIREBASECONFIGURATION_LINKBASEURL=https://<your-instance>.aam-digital.comTo filter notifications based on entity-level permissions (so users only receive notifications for entities they can access), configure the connection to the replication-backend:
AAMREPLICATIONBACKENDCLIENTCONFIGURATION_BASEPATH=http://replication-backend:5984
AAMREPLICATIONBACKENDCLIENTCONFIGURATION_BASICAUTHUSERNAME=<admin-username>
AAMREPLICATIONBACKENDCLIENTCONFIGURATION_BASICAUTHPASSWORD=<admin-password>If these variables are not set, notifications are sent without permission filtering
(all users matching a notification rule receive the notification regardless of entity access).
This is the expected default for systems without access control (no Config:Permissions document configured).
To explicitly disable permission filtering set AAMREPLICATIONBACKENDCLIENTCONFIGURATION_BASEPATH= (empty value).
When the replication-backend is configured but temporarily unavailable, notifications are not sent (fail-closed) to avoid leaking data to unauthorized users.
If you want to send Push Notifications, we rely on Firebase Cloud Messaging (FCM).
- Create a Firebase Account
- Create a Firebase Project
- Select "Cloud Messaging" and "Add a web app" (you can skip the second step of setup through npm)
- Open the "Project Settings" page
- Under "Your apps" copy to JSON config object
- store this as
assets/firebase-config.jsonin the Aam Digital frontend (or overwrite the empty sample file in your ndb-setup folder in your deployment) - make sure this is proper json format (i.e. the keys are also in double quotes)
- store this as
- Create a Service Account or new key for it
- ... through the firebase interface as described here
- download the
firebase-credentials.jsonwith its key - Encode it as base64
run this to print the encoded file to the console:
base64 -i firebase-credentials.json
- Copy the output (remove line breaks to make it a single line of encoded text)
- Add this as an environment variable:
NOTIFICATIONFIREBASECONFIGURATION_CREDENTIALFILEBASE64as described above
- To apply the config restart the container, if necessary
Users need to have certain Entity Permissions in the frontend to be able to access and configure Notifications:
In
the User Permissions doc
Config:Permissions in the CouchDB, make sure the following rules are present:
{
"default": [
{
"subject": [
"NotificationConfig",
"NotificationEvent"
],
"action": "manage"
}
]
}