fix: push notification permission ve toJSON çağrıları tip güvenli hale getirildi

.gitea/workflows/build-mips.yml

@@ -26,30 +26,22 @@ jobs:
       run: |
         cd frontend
         npm install
-        # Run Tailwind manually first
         npx @tailwindcss/cli -i input.css -o public/tailwind.css
+        # Trunk'ın optimizasyonunu kapalı (0) tutuyoruz çünkü Cargo.toml'daki opt-level='z' zaten o işi yapıyor.
         trunk build --release
-        
-        # Manuel WASM Optimizasyonu (Trunk'ın yapamadığını biz yapıyoruz)
-        # --all-features kullanarak tüm modern özellikleri tanımasını ve en küçük boyutu üretmesini sağlıyoruz.
-        WASM_FILE=$(ls dist/*.wasm)
-        echo "Optimizing $WASM_FILE..."
-        wasm-opt --all-features -Oz "$WASM_FILE" -o "$WASM_FILE"
-        echo "Optimization complete!"
 
     - name: Build Backend (MIPS)
       env:
-        # Ensure we are building a fully static binary
-        # -C link-self-contained=no: Let Zig (the linker) handle CRT objects (crt1.o, etc.)
-        RUSTFLAGS: "-C target-feature=+crt-static -C link-self-contained=no -C link-arg=-msoft-float"
+        # -s ve -w ile binary içindeki gereksiz tüm yükleri siliyoruz.
+        RUSTFLAGS: "-C target-feature=+crt-static -C link-self-contained=no -C link-arg=-msoft-float -C link-arg=-s -C link-arg=-w"
         CFLAGS_mips_unknown_linux_musl: "-msoft-float"
       run: |
-        cd backend
-        cargo zigbuild --target mips-unknown-linux-musl --release -Z build-std=std,panic_abort
-        file target/mips-unknown-linux-musl/release/backend
+        # Sadece gerekli özellikleri derliyoruz (Boyut tasarrufu için swagger kapalı)
+        cargo zigbuild -p backend --target mips-unknown-linux-musl --release -Z build-std=std,panic_abort --no-default-features --features push-notifications
 
-    - name: Rename Binary
-      run: mv target/mips-unknown-linux-musl/release/backend target/mips-unknown-linux-musl/release/vibetorrent-mips
+    - name: Create Release Assets
+      run: |
+        mv target/mips-unknown-linux-musl/release/backend target/mips-unknown-linux-musl/release/vibetorrent-mips
 
     - name: Generate Release Tag
       id: tag
@@ -63,8 +55,10 @@ jobs:
         REPO="admin/vibetorrent"
         API_URL="${{ gitea.server_url }}/api/v1"
 
-        # Create release
-        RELEASE_RESPONSE=$(curl -s -X POST "${API_URL}/repos/${REPO}/releases"           -H "Authorization: token ${RELEASE_TOKEN}"           -H "Content-Type: application/json"           -d "{
+        RELEASE_RESPONSE=$(curl -s -X POST "${API_URL}/repos/${REPO}/releases" \
+          -H "Authorization: token ${RELEASE_TOKEN}" \
+          -H "Content-Type: application/json" \
+          -d "{
             \"tag_name\": \"${TAG}\",
             \"name\": \"Release ${TAG}\",
             \"body\": \"Automated build from commit ${{ gitea.sha }}\",
@@ -73,15 +67,9 @@ jobs:
           }")
 
         RELEASE_ID=$(echo "$RELEASE_RESPONSE" | jq -r '.id')
-        echo "Release ID: $RELEASE_ID"
+        if [ "$RELEASE_ID" = "null" ] || [ -z "$RELEASE_ID" ]; then exit 1; fi
 
-        if [ "$RELEASE_ID" = "null" ] || [ -z "$RELEASE_ID" ]; then
-          echo "Failed to create release:"
-          echo "$RELEASE_RESPONSE"
-          exit 1
-        fi
-
-        # Upload binary as release asset
-        curl -s -X POST "${API_URL}/repos/${REPO}/releases/${RELEASE_ID}/assets?name=vibetorrent-mips"           -H "Authorization: token ${RELEASE_TOKEN}"           -H "Content-Type: application/octet-stream"           --data-binary @target/mips-unknown-linux-musl/release/vibetorrent-mips
-
-        echo "Release ${TAG} created with binary attached."
+        curl -s -X POST "${API_URL}/repos/${REPO}/releases/${RELEASE_ID}/assets?name=vibetorrent-mips" \
+          -H "Authorization: token ${RELEASE_TOKEN}" \
+          -H "Content-Type: application/octet-stream" \
+          --data-binary @target/mips-unknown-linux-musl/release/vibetorrent-mips

Cargo.toml

@@ -2,13 +2,19 @@
 members = ["backend", "frontend", "shared"]
 resolver = "2"
 
-# Optimize for size (aggressive)
 [profile.release]
+# En küçük binary boyutu
 opt-level = "z"
-lto = true
+# En derin kod temizliği (dead code elimination)
+lto = "fat"
+# En iyi optimizasyon için tek birim derleme
 codegen-units = 1
+# Hata izleme kodlarını atarak yer kazan
 panic = "abort"
+# Sembolleri ve hata ayıklama bilgilerini kesin sil
 strip = true
+# Artık (incremental) build'i kapat ki optimizasyon tam olsun
+incremental = false
 
 [patch.crates-io]
-coarsetime = { path = "third_party/coarsetime" }
+coarsetime = { path = "third_party/coarsetime" }

backend/Cargo.toml

@@ -4,8 +4,9 @@ version = "0.1.0"
 edition = "2021"
 
 [features]
-default = ["push-notifications"]
+default = ["push-notifications", "swagger"]
 push-notifications = ["web-push", "openssl"]
+swagger = ["utoipa-swagger-ui"]
 
 [dependencies]
 axum = { version = "0.8", features = ["macros", "ws"] }
@@ -29,7 +30,7 @@ shared = { path = "../shared" }
 thiserror = "2.0.18"
 dotenvy = "0.15.7"
 utoipa = { version = "5.4.0", features = ["axum_extras"] }
-utoipa-swagger-ui = { version = "9.0.2", features = ["axum"] }
+utoipa-swagger-ui = { version = "9.0.2", features = ["axum"], optional = true }
 web-push = { version = "0.10", default-features = false, features = ["hyper-client"], optional = true }
 base64 = "0.22"
 openssl = { version = "0.10", features = ["vendored"], optional = true }

backend/src/main.rs

@@ -32,7 +32,9 @@ use tower_http::{
     cors::CorsLayer,
     trace::TraceLayer,
 };
+#[cfg(feature = "swagger")]
 use utoipa::OpenApi;
+#[cfg(feature = "swagger")]
 use utoipa_swagger_ui::SwaggerUi;
 
 #[derive(Clone)]
@@ -98,6 +100,7 @@ struct Args {
     reset_password: Option<String>,
 }
 
+#[cfg(feature = "swagger")]
 #[cfg(feature = "push-notifications")]
 #[derive(OpenApi)]
 #[openapi(
@@ -146,6 +149,7 @@ struct Args {
 )]
 struct ApiDoc;
 
+#[cfg(feature = "swagger")]
 #[cfg(not(feature = "push-notifications"))]
 #[derive(OpenApi)]
 #[openapi(
@@ -462,9 +466,13 @@ async fn main() {
         }
     });
 
-    let app = Router::new()
-        .merge(SwaggerUi::new("/swagger-ui").url("/api-docs/openapi.json", ApiDoc::openapi()))
-        // Setup & Auth Routes
+    let app = Router::new();
+
+    #[cfg(feature = "swagger")]
+    let app = app.merge(SwaggerUi::new("/swagger-ui").url("/api-docs/openapi.json", ApiDoc::openapi()));
+
+    // Setup & Auth Routes
+    let app = app
         .route("/api/setup/status", get(handlers::setup::get_setup_status_handler))
         .route("/api/setup", post(handlers::setup::setup_handler))
         .route(

frontend/Cargo.toml

@@ -52,10 +52,5 @@ web-sys = { version = "0.3", features = [
 shared = { path = "../shared" }
 tailwind_fuse = "0.3.2"
 js-sys = "0.3.85"
-
-[profile.release]
-opt-level = "z"
-lto = true
-codegen-units = 1
-panic = "abort"
-strip = true
+base64 = "0.22.1"
+serde-wasm-bindgen = "0.6.5"

frontend/src/store.rs

@@ -328,67 +328,46 @@ pub async fn subscribe_to_push_notifications() {
 
     // First, request notification permission if not already granted
     let window = web_sys::window().expect("window should exist");
-    let permission_granted = if let Ok(notification_class) = js_sys::Reflect::get(&window, &"Notification".into()) {
-        if notification_class.is_undefined() {
-            log::error!("Notification API not available");
-            return;
-        }
-
-        // Check current permission
-        let current_permission = js_sys::Reflect::get(&notification_class, &"permission".into())
-            .ok()
-            .and_then(|p| p.as_string())
-            .unwrap_or_default();
-
-        if current_permission == "granted" {
+    
+    // Notification.permission is a static property, but web_sys exposes it via the Notification class instance or we check it manually.
+    // Actually, Notification::permission() is a static method in web_sys.
+    match web_sys::Notification::permission() {
+        web_sys::NotificationPermission::Granted => {
             log::info!("Notification permission already granted");
-            true
-        } else if current_permission == "denied" {
+        }
+        web_sys::NotificationPermission::Denied => {
             log::warn!("Notification permission was denied");
             return;
-        } else {
-            // Permission is "default" - need to request
+        }
+        web_sys::NotificationPermission::Default => {
             log::info!("Requesting notification permission...");
-            if let Ok(request_fn) = js_sys::Reflect::get(&notification_class, &"requestPermission".into()) {
-                if request_fn.is_function() {
-                    let request_fn_typed = js_sys::Function::from(request_fn);
-                    match request_fn_typed.call0(&notification_class) {
-                        Ok(promise_val) => {
-                            let request_future = wasm_bindgen_futures::JsFuture::from(
-                                js_sys::Promise::from(promise_val)
-                            );
-                            match request_future.await {
-                                Ok(result) => {
-                                    let result_str = result.as_string().unwrap_or_default();
-                                    log::info!("Permission request result: {}", result_str);
-                                    result_str == "granted"
-                                }
-                                Err(e) => {
-                                    log::error!("Failed to request notification permission: {:?}", e);
-                                    false
-                                }
-                            }
-                        }
-                        Err(e) => {
-                            log::error!("Failed to call requestPermission: {:?}", e);
-                            false
-                        }
-                    }
-                } else {
-                    false
+            let permission_promise = match web_sys::Notification::request_permission() {
+                Ok(p) => p,
+                Err(e) => {
+                    log::error!("Failed to request notification permission: {:?}", e);
+                    return;
+                }
+            };
+            
+            match wasm_bindgen_futures::JsFuture::from(permission_promise).await {
+                Ok(val) => {
+                    let permission = val.as_string().unwrap_or_default();
+                    if permission != "granted" {
+                        log::warn!("Notification permission denied by user");
+                        return;
+                    }
+                    log::info!("Notification permission granted by user");
+                }
+                Err(e) => {
+                    log::error!("Failed to await notification permission: {:?}", e);
+                    return;
                 }
-            } else {
-                false
             }
         }
-    } else {
-        log::error!("Cannot access Notification class");
-        return;
-    };
-
-    if !permission_granted {
-        log::warn!("Notification permission not granted, cannot subscribe to push");
-        return;
+        _ => {
+             log::warn!("Unknown notification permission status");
+             return;
+        }
     }
 
     log::info!("Notification permission granted! Proceeding with push subscription...");
@@ -433,7 +412,6 @@ pub async fn subscribe_to_push_notifications() {
     };
 
     // Get service worker registration
-    let window = web_sys::window().expect("window should exist");
     let navigator = window.navigator();
     let service_worker = navigator.service_worker();
 
@@ -494,38 +472,45 @@ pub async fn subscribe_to_push_notifications() {
         .dyn_into::<web_sys::PushSubscription>()
         .expect("should be PushSubscription");
 
-    // Get subscription JSON using toJSON() method
-    let json_result = match js_sys::Reflect::get(&push_subscription, &"toJSON".into()) {
+    // PushSubscription objects can be serialized directly via JSON.stringify which calls their toJSON method internally.
+    // Or we can use Reflect to call toJSON if we want the object directly.
+    // Let's use the robust way: call toJSON via Reflect but handle it gracefully.
+    let json_val = match js_sys::Reflect::get(&push_subscription, &"toJSON".into()) {
         Ok(func) if func.is_function() => {
-            let json_func = js_sys::Function::from(func);
-            match json_func.call0(&push_subscription) {
-                Ok(result) => result,
+             let json_func = js_sys::Function::from(func);
+             match json_func.call0(&push_subscription) {
+                 Ok(res) => res,
+                 Err(e) => {
+                     log::error!("Failed to call toJSON: {:?}", e);
+                     return;
+                 }
+             }
+        }
+        _ => {
+            // Fallback: try to stringify the object directly
+            // log::warn!("toJSON not found, trying JSON.stringify");
+            let json_str = match js_sys::JSON::stringify(&push_subscription) {
+                Ok(s) => s,
                 Err(e) => {
-                    log::error!("Failed to call toJSON: {:?}", e);
+                    log::error!("Failed to stringify subscription: {:?}", e);
+                    return;
+                }
+            };
+            // Parse back to object to match our expected flow (slightly inefficient but safe)
+            match js_sys::JSON::parse(&String::from(json_str)) {
+                Ok(v) => v,
+                Err(e) => {
+                    log::error!("Failed to parse stringified subscription: {:?}", e);
                     return;
                 }
             }
         }
-        _ => {
-            log::error!("toJSON method not found on PushSubscription");
-            return;
-        }
     };
-
-    let json_value = match js_sys::JSON::stringify(&json_result) {
-        Ok(val) => val,
-        Err(e) => {
-            log::error!("Failed to stringify subscription: {:?}", e);
-            return;
-        }
-    };
-
-    let subscription_json_str = json_value.as_string().expect("should be string");
-
-    log::info!("Push subscription: {}", subscription_json_str);
-
-    // Parse and send to backend
-    let subscription_data: serde_json::Value = match serde_json::from_str(&subscription_json_str) {
+    
+    // Convert JsValue (JSON object) to PushSubscriptionJSON struct via serde
+    // Note: web_sys::PushSubscriptionJSON is not a struct we can directly use with serde_json usually,
+    // but we can use serde-wasm-bindgen to convert JsValue -> Rust Struct
+    let subscription_data: PushSubscriptionData = match serde_wasm_bindgen::from_value(json_val) {
         Ok(data) => data,
         Err(e) => {
             log::error!("Failed to parse subscription JSON: {:?}", e);
@@ -533,37 +518,9 @@ pub async fn subscribe_to_push_notifications() {
         }
     };
 
-    // Extract endpoint and keys
-    let endpoint = subscription_data
-        .get("endpoint")
-        .and_then(|v| v.as_str())
-        .expect("endpoint should exist")
-        .to_string();
-
-    let keys_obj = subscription_data
-        .get("keys")
-        .expect("keys should exist");
-
-    let p256dh = keys_obj
-        .get("p256dh")
-        .and_then(|v| v.as_str())
-        .expect("p256dh should exist")
-        .to_string();
-
-    let auth = keys_obj
-        .get("auth")
-        .and_then(|v| v.as_str())
-        .expect("auth should exist")
-        .to_string();
-
-    let push_data = PushSubscriptionData {
-        endpoint,
-        keys: PushKeys { p256dh, auth },
-    };
-
-    // Send to backend
+    // Send to backend (subscription_data is already the struct we need)
     let response = match Request::post("/api/push/subscribe")
-        .json(&push_data)
+        .json(&subscription_data)
         .expect("serialization should succeed")
         .send()
         .await
@@ -583,34 +540,15 @@ pub async fn subscribe_to_push_notifications() {
 }
 
 /// Helper to convert URL-safe base64 string to Uint8Array
-/// Uses JavaScript to properly decode binary data (avoids UTF-8 encoding issues)
+/// Uses pure Rust base64 crate for better safety and performance
 fn url_base64_to_uint8array(base64_string: &str) -> Result<js_sys::Uint8Array, JsValue> {
-    // Add padding
-    let padding = (4 - (base64_string.len() % 4)) % 4;
-    let mut padded = base64_string.to_string();
-    padded.push_str(&"=".repeat(padding));
+    use base64::{engine::general_purpose, Engine as _};
 
-    // Replace URL-safe characters
-    let standard_base64 = padded.replace('-', "+").replace('_', "/");
+    // VAPID keys are URL-safe base64. Try both NO_PAD and padded for robustness.
+    let bytes = general_purpose::URL_SAFE_NO_PAD
+        .decode(base64_string)
+        .or_else(|_| general_purpose::URL_SAFE.decode(base64_string))
+        .map_err(|e| JsValue::from_str(&format!("Base64 decode error: {}", e)))?;
 
-    // Decode using JavaScript to avoid UTF-8 encoding issues
-    // Create a JavaScript function to decode the base64 and convert to Uint8Array
-    let js_code = format!(
-        r#"
-        (function() {{
-            const binaryString = atob('{}');
-            const bytes = new Uint8Array(binaryString.length);
-            for (let i = 0; i < binaryString.length; i++) {{
-                bytes[i] = binaryString.charCodeAt(i);
-            }}
-            return bytes;
-        }})()
-        "#,
-        standard_base64
-    );
-
-    let result = js_sys::eval(&js_code)?;
-    let array = result.dyn_into::<js_sys::Uint8Array>()?;
-
-    Ok(array)
+    Ok(js_sys::Uint8Array::from(&bytes[..]))
 }