hypercall_api/handlers/

notifications.rs

//! API handlers for the persisted notification feed.
//!
//! - `GET  /notifications`                - list notifications (keyset pagination, wallet query)
//! - `POST /notifications/mark-read`      - mark specific ids read (signed)
//! - `POST /notifications/mark-all-read`  - mark every unread notification read (signed)
//!
//! Reads follow the same unsigned-with-wallet-query pattern as `/fills` and
//! `/profile` so the frontend bell doesn't need to sign on every page load.
//! Writes stay behind EIP-712 signature auth; the wallet is extracted from
//! the verified signature, not the body.

use axum::extract::{Query, State};
use hypercall_types::WalletAddress;
use serde::{Deserialize, Serialize};
use std::str::FromStr;
use utoipa::ToSchema;

use super::AppState;
use crate::error::ApiError;
use crate::middleware::SignerContext;
use crate::sonic_json::SonicJson;
use hypercall_db::NotificationRecord;

// ---------------------------------------------------------------------------
// Request / response types
// ---------------------------------------------------------------------------

#[derive(Debug, Deserialize, ToSchema)]
pub struct NotificationsListQuery {
    /// Wallet to list notifications for.
    pub wallet: String,
    /// Return rows with id strictly less than this value. Use the smallest
    /// id from the previous page to fetch the next page.
    pub before_id: Option<i64>,
    /// Page size. Clamped to [1, 100]. Default 50.
    pub limit: Option<i64>,
}

#[derive(Debug, Serialize, ToSchema)]
pub struct NotificationDto {
    pub id: i64,
    pub notification_type: String,
    pub created_at_ms: i64,
    pub read: bool,
    pub payload: serde_json::Value,
}

#[derive(Debug, Serialize, ToSchema)]
pub struct NotificationsListResponse {
    pub items: Vec<NotificationDto>,
    pub unread_count: i64,
}

#[derive(Debug, Deserialize, ToSchema)]
pub struct MarkReadRequest {
    pub ids: Vec<i64>,
}

#[derive(Debug, Serialize, ToSchema)]
pub struct MarkReadResponse {
    pub updated: usize,
}

#[derive(Debug, Serialize, ToSchema)]
pub struct MarkAllReadResponse {
    pub updated: usize,
}

// ---------------------------------------------------------------------------
// Helpers
// ---------------------------------------------------------------------------

/// Decode a stored msgpack payload. A decode failure indicates persisted
/// data corruption (schema mismatch, truncation, etc.), so we surface it
/// loudly (log::error) so operators see it, but return `null` for the
/// payload instead of failing the whole list — a single poisoned row
/// shouldn't take down the bell for the wallet's entire history. The
/// fail-loud log + null payload is the compromise between AGENTS.md's
/// fail-fast-on-invariant rule and read-path availability.
fn decode_payload(id: i64, raw: &[u8]) -> serde_json::Value {
    match rmp_serde::from_slice::<serde_json::Value>(raw) {
        Ok(v) => v,
        Err(e) => {
            tracing::error!(
                notification_id = id,
                error = %e,
                "notifications: failed to decode stored msgpack payload; returning null for this row"
            );
            serde_json::Value::Null
        }
    }
}

fn to_dto(row: NotificationRecord) -> NotificationDto {
    let payload = decode_payload(row.id, &row.payload);
    NotificationDto {
        id: row.id,
        notification_type: row.notification_type,
        created_at_ms: row.created_at.timestamp_millis(),
        read: row.read_at.is_some(),
        payload,
    }
}

/// Parse+lowercase the wallet query string, rejecting anything that isn't a
/// valid 0x-prefixed address. Parsing at the handler boundary keeps the
/// rate limiter's wallet-based path reachable (it only kicks in when the
/// query parses as `WalletAddress`) and blocks a trivially-crafted 404-ish
/// DB-load vector against the notifications endpoint.
fn parse_wallet(raw: &str) -> Result<String, ApiError> {
    WalletAddress::from_str(raw.trim())
        .map(|w| format!("{:#x}", w.0))
        .map_err(|_| ApiError::bad_request("Invalid wallet address"))
}

// ---------------------------------------------------------------------------
// Handlers
// ---------------------------------------------------------------------------

#[utoipa::path(
    get,
    path = "/notifications",
    params(
        ("wallet"    = String,      Query, description = "Wallet address"),
        ("before_id" = Option<i64>, Query, description = "Keyset cursor: return rows with id < this"),
        ("limit"     = Option<i64>, Query, description = "Page size (clamped to 1..=100, default 50)"),
    ),
    responses(
        (status = 200, description = "Notifications page", body = NotificationsListResponse),
        (status = 400, description = "Invalid wallet address"),
        (status = 500, description = "Internal server error"),
    ),
    security(("wallet_query" = [])),
    tag = "Notifications"
)]
pub async fn list_notifications(
    State(state): State<AppState>,
    Query(query): Query<NotificationsListQuery>,
) -> Result<SonicJson<NotificationsListResponse>, ApiError> {
    let wallet = parse_wallet(&query.wallet)?;

    let Some(ref service) = state.notification_service else {
        return Err(ApiError::internal_error(
            "Notifications service not configured",
        ));
    };

    let rows = service
        .list(&wallet, query.before_id, query.limit)
        .await
        .map_err(|e| {
            tracing::error!("notifications list failed: {e}");
            ApiError::internal_error("Failed to list notifications")
        })?;

    let unread_count = service.count_unread(&wallet).await.map_err(|e| {
        tracing::error!("notifications count_unread failed: {e}");
        ApiError::internal_error("Failed to count unread notifications")
    })?;

    let items: Vec<NotificationDto> = rows.into_iter().map(to_dto).collect();

    Ok(SonicJson(NotificationsListResponse {
        items,
        unread_count,
    }))
}

#[utoipa::path(
    post,
    path = "/notifications/mark-read",
    request_body = MarkReadRequest,
    responses(
        (status = 200, description = "Marked read", body = MarkReadResponse),
        (status = 401, description = "Unauthorized"),
        (status = 500, description = "Internal server error"),
    ),
    security(("eip712_signature" = [])),
    tag = "Notifications"
)]
pub async fn mark_read(
    State(state): State<AppState>,
    signer_ctx: SignerContext,
    SonicJson(request): SonicJson<MarkReadRequest>,
) -> Result<SonicJson<MarkReadResponse>, ApiError> {
    let wallet = format!("{:#x}", signer_ctx.wallet_address.0);

    let Some(ref service) = state.notification_service else {
        return Err(ApiError::internal_error(
            "Notifications service not configured",
        ));
    };

    let updated = service
        .mark_read(&wallet, &request.ids)
        .await
        .map_err(|e| {
            tracing::error!("notifications mark_read failed: {e}");
            ApiError::internal_error("Failed to mark notifications read")
        })?;

    Ok(SonicJson(MarkReadResponse { updated }))
}

#[utoipa::path(
    post,
    path = "/notifications/mark-all-read",
    responses(
        (status = 200, description = "All notifications marked read", body = MarkAllReadResponse),
        (status = 401, description = "Unauthorized"),
        (status = 500, description = "Internal server error"),
    ),
    security(("eip712_signature" = [])),
    tag = "Notifications"
)]
pub async fn mark_all_read(
    State(state): State<AppState>,
    signer_ctx: SignerContext,
) -> Result<SonicJson<MarkAllReadResponse>, ApiError> {
    let wallet = format!("{:#x}", signer_ctx.wallet_address.0);

    let Some(ref service) = state.notification_service else {
        return Err(ApiError::internal_error(
            "Notifications service not configured",
        ));
    };

    let updated = service.mark_all_read(&wallet).await.map_err(|e| {
        tracing::error!("notifications mark_all_read failed: {e}");
        ApiError::internal_error("Failed to mark all notifications read")
    })?;

    Ok(SonicJson(MarkAllReadResponse { updated }))
}