changed the route name

README.md

@@ -6,15 +6,16 @@ It's designed to be run as a Docker container and integrated with Traefik v3 for
 
 ## Features
 
-*   Receives GET requests on `/flic-webhook`.
+*   Receives GET requests on `/webhook`.
+*   Receives POST requests on `/subscribe` to manage button-PWA mappings.
 *   Uses HTTP headers `Button-Name` and `Timestamp` from the Flic request.
-*   Gets `click_type` from query parameter.
+*   Gets `click_type` from URL path.
 *   Looks up the target PWA push subscription based on the `Button-Name` header in a JSON file.
 *   Sends a Web Push notification containing the click details (action, button, timestamp) to the corresponding PWA subscription.
 *   Integrates with Traefik v3 via Docker labels.
 *   Configurable via environment variables (`.env` file).
-*   Optional bearer token authentication for securing the Flic webhook endpoint.
-*   CORS configuration for allowing requests (needed if your PWA management interface interacts with this service, although not strictly necessary for the Flic->Backend->PWA push flow itself).
+*   Optional Basic Authentication for securing the `/webhook` and `/subscribe` endpoints.
+*   CORS configuration for allowing requests (needed if your PWA management interface interacts with the `/subscribe` endpoint).
 
 ## Prerequisites
 
@@ -61,7 +62,8 @@ It's designed to be run as a Docker container and integrated with Traefik v3 for
         *   `VAPID_SUBJECT`: A `mailto:` or `https:` URL identifying you or your application (e.g., `mailto:admin@yourdomain.com`). Used by push services to contact you.
         *   `PORT`: (Default: `3000`) The internal port the Node.js app listens on. Traefik will map to this.
         *   `SUBSCRIPTIONS_FILE`: (Default: `/app/subscriptions.json`) The path *inside the container* where the button-to-subscription mapping is stored.
-        *   `FLIC_SECRET`: (Optional) Set a strong, random secret string if you want to secure the webhook endpoint using Bearer token authentication. Generate with `openssl rand -hex 32` or a password manager.
+        *   `BASIC_AUTH_USERNAME`: (Optional) Username for Basic Authentication. If set along with `BASIC_AUTH_PASSWORD`, authentication will be enabled for `/webhook` and `/subscribe`.
+        *   `BASIC_AUTH_PASSWORD`: (Optional) Password for Basic Authentication. If set along with `BASIC_AUTH_USERNAME`, authentication will be enabled.
         *   `ALLOWED_ORIGINS`: Comma-separated list of domains allowed by CORS. Include your PWA's domain if it needs to interact directly (e.g., for setup). Example: `https://my-pwa.com`.
         *   `ALLOWED_METHODS`: (Default: `POST,OPTIONS`) Standard methods needed.
         *   `ALLOWED_HEADERS`: (Default: `Content-Type,Authorization`) Standard headers needed.
@@ -78,10 +80,6 @@ It's designed to be run as a Docker container and integrated with Traefik v3 for
         ```bash
         cp labels.example labels
         ```
-    *   **Important:** Edit the `labels` file. Replace `${TRAEFIK_SERVICE_HOST}`, `${TRAEFIK_CERT_RESOLVER}`, and `${PORT}` with the *actual values* from your `.env` file, as `docker run` does not substitute variables in label files.
-        *   Example replacement: `Host(\`${TRAEFIK_SERVICE_HOST}\`)` becomes `Host(`webpush.virtonline.eu`)`.
-        *   `traefik.http.routers.flic-webhook.tls.certresolver=${TRAEFIK_CERT_RESOLVER}` becomes `traefik.http.routers.flic-webhook.tls.certresolver=myresolver`.
-        *   `traefik.http.services.flic-webhook.loadbalancer.server.port=${PORT}` becomes `traefik.http.services.flic-webhook.loadbalancer.server.port=3000`.
 
 5.  **Prepare Subscription Mapping File:**
     *   Edit the `subscriptions.json` file
@@ -138,43 +136,91 @@ In your Flic app or Flic Hub SDK interface:
 2.  Add an "Internet Request" action.
 3.  Fill in the following details:
     *   Set `GET` method.
-    *   Set URL with query parameter: `https://webpush.virtonline.eu/flic-webhook?click_type=SingleClick`
-    *   Add headers:
-        *   Key: `Authorization`
-        *   Value: `Bearer <FLIC_SECRET>` (Replace `<FLIC_SECRET>` with the actual secret from your `.env` file).
-    *   It should look like this:
-
-    <!-- <img src="images/flic-button-request.png" width="300" alt="Flic Button Request Configuration"> // TODO: Update image -->
-
+    *   Set URL with query parameter: `https://<your_domain>/webhook/SingleClick` (Replace `<your_domain>` with your actual service domain, e.g., `webpush.virtonline.eu`).
+    *   **If Basic Authentication is enabled:**
+        *   Set the `Username` and `Password` fields to the values from your `BASIC_AUTH_USERNAME` and `BASIC_AUTH_PASSWORD` environment variables.
+    *   **If Basic Authentication is disabled:**
+        *   Leave the `Username` and `Password` fields empty.
     *   Tap on `Save action`.
-4.   Repeat for Double Click and/or Hold events.
+4.   Repeat for Double Click and/or Hold events, changing the `click_type` parameter accordingly (e.g., `/DoubleClick`).
     
-## API Endpoint
+## API Endpoints
 
-*   **`GET /flic-webhook`**
+*   **`POST /subscribe`**
+    *   **Description:** Adds or updates the Web Push subscription associated with a specific Flic button ID.
+    *   **Authentication:** Optional Basic Authentication via `Authorization` header if `BASIC_AUTH_USERNAME` and `BASIC_AUTH_PASSWORD` are configured.
+    *   **Request Body:** JSON object containing:
+        *   `button_id` (string, required): The unique identifier for the Flic button (lowercase recommended, e.g., "game", "lights").
+        *   `subscription` (object, required): The [PushSubscription object](https://developer.mozilla.org/en-US/docs/Web/API/PushSubscription) obtained from the browser's Push API.
+        ```json
+        {
+          "button_id": "game",
+          "subscription": {
+            "endpoint": "https://your_pwa_push_endpoint...",
+            "expirationTime": null,
+            "keys": {
+              "p256dh": "YOUR_PWA_SUBSCRIPTION_P256DH_KEY",
+              "auth": "YOUR_PWA_SUBSCRIPTION_AUTH_KEY"
+            }
+          }
+        }
+        ```
+    *   **Responses:**
+        *   `201 Created`: Subscription saved successfully.
+        *   `400 Bad Request`: Missing or invalid `button_id` or `subscription` object in the request body.
+        *   `401 Unauthorized`: Missing or invalid Basic Authentication credentials (if authentication is enabled).
+        *   `500 Internal Server Error`: Failed to save the subscription to the file.
+
+*   **`GET /webhook/:click_type`**
     *   **Description:** Receives Flic button events.
-    *   **Authentication:** Optional Bearer token via `Authorization` header if `FLIC_SECRET` is configured.
-    *   **Query Parameters:**
-        *   `click_type`: The type of button press (SingleClick, DoubleClick, or Hold)
+    *   **Authentication:** Optional Basic Authentication via `Authorization` header if `BASIC_AUTH_USERNAME` and `BASIC_AUTH_PASSWORD` are configured.
+    *   **URL Parameters:**
+        *   `click_type` (required): The type of button press (e.g., `SingleClick`, `DoubleClick`, or `Hold`).
+    *   **Required Headers:**
+        *   `Button-Name` (required): The identifier of the Flic button (sent by the Flic system).
+    *   **Optional Headers:**
+        *   `Timestamp`: Timestamp of the button event (sent by the Flic system).
+        *   `Button-Battery-Level`: The battery level percentage of the button (sent by the Flic system).
+    *   **Push Notification Payload (`data` field):** The service sends a JSON payload within the push notification. The client-side Service Worker can access this data via `event.data.json()`. The structure is:
+        ```json
+        {
+          "action": "SingleClick", // or DoubleClick, Hold
+          "button": "game-button",       // Normalized button name (lowercase)
+          "timestamp": "2024-03-28T15:00:00.000Z", // ISO 8601 timestamp or current server time
+          "batteryLevel": 100     // Integer percentage (0-100) or 'N/A' if not provided
+        }
+        ```
     *   **Responses:**
         *   `200 OK`: Webhook received, push notification sent successfully.
-        *   `400 Bad Request`: Missing `Button-Name` header or `click_type` query parameter.
-        *   `401 Unauthorized`: Missing or invalid Bearer token (if `FLIC_SECRET` is enabled).
+        *   `400 Bad Request`: Missing `Button-Name` header or `click_type` URL parameter.
+        *   `401 Unauthorized`: Missing or invalid Basic Authentication credentials (if authentication is enabled).
         *   `404 Not Found`: No subscription found in `subscriptions.json` for the given `Button-Name`.
         *   `410 Gone`: The push subscription associated with the button was rejected by the push service (likely expired or revoked).
         *   `500 Internal Server Error`: Failed to send the push notification for other reasons.
 
 ## Testing the Webhook
 
-Once your service is up and running, you can test the webhook endpoint using curl or any API testing tool:
+Once your service is up and running, you can test the webhook endpoint using curl or any API testing tool. This example assumes Basic Authentication is enabled.
 
-**Note:** In the command below, replace `a74181969a613c545d66c1e436e75c1e4a6` with your actual FLIC_SECRET value from your .env file.
+**Note:** Replace `<username>`, `<password>`, `<your_domain>`, and `<button_name>` with your actual values.
 
 ```bash
-curl -X GET "https://webpush.virtonline.eu/flic-webhook?click_type=SingleClick" \
-  -H "Authorization: Bearer a74181969a613c545d66c1e436e75c1e4a6" \
-  -H "Button-Name: Game" \
-  -H "Timestamp: 2025-03-26T01:10:20Z"
+# Generate Base64 credentials (run this once)
+# echo -n '<username>:<password>' | base64
+
+# Example using generated Base64 string (replace YOUR_BASE64_CREDS)
+curl -X GET "https://<your_domain>/webhook/SingleClick" \
+  -H "Authorization: Basic YOUR_BASE64_CREDS" \
+  -H "Button-Name: <button_name>" \
+  -H "Timestamp: $(date -u +%Y-%m-%dT%H:%M:%SZ)" \
+  -H "Button-Battery-Level: 100" \
+
+# Example using curl's built-in Basic Auth (-u)
+curl -X GET "https://<your_domain>/webhook/SingleClick" \
+  -u "<username>:<password>" \
+  -H "Button-Name: <button_name>" \
+  -H "Timestamp: $(date -u +%Y-%m-%dT%H:%M:%SZ)" \
+  -H "Button-Battery-Level: 100" \
 ```
 
 The expected response should be:
@@ -197,5 +243,5 @@ If you receive a different response, refer to the Troubleshooting section below.
 *   **Verify `.env`:** Ensure all required variables are set correctly, especially VAPID keys and Traefik settings.
 *   **Verify `labels`:** Double-check that variables were correctly substituted manually and match your `.env` and Traefik setup.
 *   **Verify `subscriptions.json`:** Ensure it's valid JSON and the button serial number (key) matches exactly what Flic sends (check backend logs for "Received webhook: Button=..."). Check if the subscription details are correct. Case sensitivity matters for the JSON keys (button serials).
-*   **Check Flic Configuration:** Ensure the URL, Method, Body, and Headers (especially `Content-Type` and `Authorization` if used) are correct in the Flic action setup. Use `curl` or Postman to test the endpoint manually first.
+*   **Check Flic Configuration:** Ensure the URL, Method, `click_type` parameter, and authentication details (Username/Password if enabled) are correct in the Flic action setup. Use `curl` or Postman to test the endpoint manually first.
 *   **PWA Service Worker:** Remember that the PWA needs a correctly registered Service Worker to receive and handle the incoming push messages. Ensure the PWA subscribes using the *same* `VAPID_PUBLIC_KEY` configured in the backend's `.env`.