Set up infrastructure for push message subscriptions.

A subscription allows an application server (here, the Pilcrow server) to send web push messages to a user agent.

On the server, Pilcrow records subscriptions verbatim, in the clear. Each subscription has an associated key, which will be used to encrypt messages for the corresponding client, but we store them in the clear, for the same broad reason that we store the VAPID key in the clear. They allow anyone who obtains them to impersonate the server and send push messages to clients, but they're rotated regularly - clients must rotate them whenever the server's VAPID key changes.

On the client, we monitor VAPID key change events to drive automatic subscription management, once the user sets up an initial subscription manually (which we must do as it can involve a user-interaction-only prompt for permission to send notifications). This isn't the final UI, but rather a bare-minimum version to let us move on with testing push notifications.

Merges push-subscribe into push-notify.

1 files changed, 4 insertions, 0 deletions

diff --git a/docs/api/authentication.md b/docs/api/authentication.md
index 189103e..801f0e7 100644
--- a/docs/api/authentication.md
+++ b/docs/api/authentication.md
@@ -85,6 +85,8 @@ This endpoint will respond with a status of `401 Unauthorized` if the login name
 
 Invalidates the identity token used to make the request, logging the caller out.
 
+This terminates any [push subscriptions](push.md#receiving-web-push-messages) associated with the token.
+
 ### Request
 
 ```json
@@ -103,6 +105,8 @@ The response will include a `Set-Cookie` header that clears the `identity` cooki
 
 Changes the current user's password, and invalidates all outstanding identity tokens.
 
+This terminates any [push subscriptions](push.md#receiving-web-push-messages) associated with existing tokens.
+
 ### Authentication failure
 
 This endpoint will respond with a status of `401 Unauthorized` if the provided identity token is not valid.