diff --git a/README.md b/README.md new file mode 100644 index 0000000..c18cf05 --- /dev/null +++ b/README.md @@ -0,0 +1,175 @@ +# Safari Notifications Module + +A specialized JavaScript module designed to handle secure notifications for Safari browser extensions and Progressive Web Applications (PWAs). This module abstracts the complex cryptographic operations and IndexedDB interactions required for secure notification processing in browser worker contexts. + +## Overview + +This project was created to separate the PWA build process from the main application, specifically addressing the need to make JavaScript code compatible with browser worker processes. The module provides secure authentication, data encryption/decryption, and notification counting functionality for Safari-based applications. + +## Features + +### 🔐 Cryptographic Operations +- **JWT Token Generation**: Creates secure access tokens using ES256K signing +- **Message Encryption/Decryption**: Uses NaCl (TweetNaCl) for secure message handling +- **Digital Signatures**: Implements ECDSA signatures with secp256k1 curve +- **Hash Functions**: SHA-256 hashing for data integrity + +### 💾 Data Management +- **IndexedDB Integration**: Secure storage for settings, accounts, and contacts +- **Local Storage**: Encrypted secret management +- **Database Operations**: CRUD operations for user data + +### 🔔 Notification System +- **Secure API Communication**: Authenticated requests to external notification services +- **Notification Counting**: Retrieves and processes notification data +- **DID-based Authentication**: Decentralized identifier support + +## Architecture + +### Core Components + +1. **Cryptographic Utilities** (`src/safari-notifications.js`) + - JWT creation and signing + - Message encryption/decryption + - Digital signature generation + - Encoding/decoding utilities + +2. **Data Access Layer** + - IndexedDB operations for settings, accounts, and contacts + - Local storage management + - Promise-based async operations + +3. **Notification Service** + - Secure API communication + - Authentication token management + - Notification data processing + +### Build Configuration + +The project uses Webpack with specific configurations for browser worker compatibility: + +- **Target**: `webworker` - Optimized for service worker contexts +- **Library Target**: `self` - Exports to global scope +- **Mode**: `production` - Optimized for deployment +- **Fallbacks**: Crypto module disabled for browser compatibility + +## Installation + +```bash +npm install +``` + +## Dependencies + +- **@noble/curves**: Cryptographic curve operations (secp256k1) +- **@noble/hashes**: Hash function implementations (SHA-256) +- **tweetnacl**: High-security cryptographic library +- **tweetnacl-util**: Utility functions for TweetNaCl +- **webpack**: Module bundler +- **webpack-cli**: Webpack command line interface + +## Usage + +### Building the Module + +```bash +npm run build +``` + +This creates a bundled JavaScript file in the `dist/` directory optimized for browser worker contexts. + +### Integration + +```javascript +// Import the module in your service worker or web worker +importScripts('./dist/safari-notifications.js'); + +// Use the exported functions +const notificationCount = await getNotificationCount(); +``` + +### API Reference + +#### `getNotificationCount()` +Retrieves the notification count for the active DID (Decentralized Identifier). + +**Returns**: Promise - Object containing DID and notification count + +**Example**: +```javascript +const result = await getNotificationCount(); +// Returns: { "did:example:123": 5 } +``` + +## Security Features + +### 🔒 Authentication +- JWT-based authentication with ES256K signatures +- Secure token generation with expiration +- DID-based identity verification + +### 🛡️ Data Protection +- NaCl encryption for sensitive data +- Secure key management +- Encrypted local storage + +### 🔐 Cryptographic Standards +- ECDSA signatures with secp256k1 curve +- SHA-256 hashing +- Base64URL encoding for JWT compatibility + +## Development + +### Code Standards +- **PEP 8 Compliance**: Python-style formatting for JavaScript +- **80 Column Limit**: Maintains readability +- **Rich Documentation**: Comprehensive JSDoc comments +- **Type Safety**: TypeScript-style annotations where applicable + +### Logging +- Structured logging with tagging +- Error handling and debugging information +- Security audit trail + +## Project Structure + +``` +sw-notifications-module/ +├── src/ +│ └── safari-notifications.js # Main module source +├── dist/ # Built output (generated) +├── package.json # Dependencies and scripts +├── webpack.config.js # Build configuration +└── README.md # This file +``` + +## Security Audit Checklist + +- [x] Cryptographic operations use established libraries +- [x] No hardcoded secrets in source code +- [x] Secure random number generation +- [x] Input validation and sanitization +- [x] Proper error handling without information leakage +- [x] HTTPS-only API communication +- [x] Token expiration and rotation +- [x] Secure storage practices + +## Contributing + +1. Follow the established coding standards +2. Add comprehensive documentation for new features +3. Include security audit considerations +4. Test thoroughly in browser worker contexts +5. Update this README for significant changes + +## License + +[Add your license information here] + +## Author + +**Matthew Raymer** + +--- + +*This module is designed specifically for Safari browser extensions and PWAs requiring secure notification handling in worker contexts.* \ No newline at end of file diff --git a/package.json b/package.json index 3a7d6ad..ef3d92c 100644 --- a/package.json +++ b/package.json @@ -1,4 +1,21 @@ { + "name": "safari-notifications-module", + "version": "1.0.0", + "description": "Secure notifications module for Safari browser extensions and PWAs", + "main": "dist/safari-notifications.js", + "scripts": { + "build": "webpack --config webpack.config.js", + "dev": "webpack --config webpack.config.js --mode development --watch" + }, + "keywords": [ + "safari", + "notifications", + "pwa", + "cryptography", + "jwt", + "service-worker" + ], + "author": "Matthew Raymer", "dependencies": { "@noble/curves": "^1.2.0", "@noble/hashes": "^1.3.2",