feat(notifications): bind device registrations to authenticated user DID
Scope register and refresh to verified JWT identity (req.did). Persist devices under userId::deviceId, reject client-supplied userId, and dedupe FCM tokens per user.
This commit is contained in:
@@ -1,6 +1,8 @@
|
||||
export interface Device {
|
||||
/** Internal row id used for persistence updates. */
|
||||
id: string;
|
||||
/** Authenticated user DID (from verified JWT). */
|
||||
userId: string;
|
||||
/** Client-provided stable physical device identity. */
|
||||
deviceId: string;
|
||||
fcmToken: string;
|
||||
|
||||
Reference in New Issue
Block a user