Documentation Index
Fetch the complete documentation index at: https://mintlify.com/danielitoCode/AlejoTaller/llms.txt
Use this file to discover all available pages before exploring further.
alejo_publisher is a small, focused HTTP microservice that sits between the Android operator app and Pusher. Its sole responsibility is to receive an authenticated sale decision from the operator, sign and publish the corresponding Pusher event, and return the channel name and event name that were triggered — all without ever exposing Pusher credentials to any client device.
Why a Separate Service?
Publishing to Pusher requires a server-side secret key to sign each trigger request. Embedding that secret in the Android operator APK would make it trivially extractable from the compiled binary. There is also a practical reliability concern: Pusher’s signature algorithm is time-based, and mobile device clocks can drift enough to cause authentication failures. Running the Pusher trigger from a server-side process solves both problems at once. Beyond security, the service acts as a gate: it only publishes after the operator app has already confirmed that Appwrite’sbuy_state field was updated, ensuring the real-time event and the database record stay in sync.
Technology Stack
| Layer | Technology |
|---|---|
| Runtime | Node.js (v18+) |
| Language | TypeScript 5 |
| HTTP Framework | Express 4 |
| Real-time SDK | Pusher server SDK v5 |
| Build | tsc → dist/ |
| Dev server | tsx watch |
Architecture
alejo_publisher follows a clean architecture layout with three layers:
PublishSaleVerificationUseCase validates the incoming command — ensuring saleId, userId, and a valid decision are present — then delegates to the injected SaleRealtimePublisher port.
PusherSaleRealtimePublisher implements that port. It derives the channel name as sale-verification-{userId} and the event name as either sale:confirmed or sale:rejected, then calls pusher.trigger() with the full event payload.
server.ts wires everything together: it reads environment variables, constructs the Pusher client and use case, registers routes, and provides the requireApiKey middleware for Bearer token auth.
Security
Every call toPOST /sale-verification/publish must include a valid Bearer token in the Authorization header. The token is compared against the PUBLISHER_API_KEY environment variable. Requests with a missing, empty, or mismatched token receive a 401 Unauthorized response immediately — the use case is never invoked.
Endpoints at a Glance
| Method | Path | Auth | Purpose |
|---|---|---|---|
GET | /health | None | Liveness check |
POST | /sale-verification/publish | Bearer token | Broadcast sale decision to Pusher |
Call Flow
The diagram below shows how a sale decision travels from the operator device to the customer’s screen:The service intentionally does not talk to Appwrite itself. It trusts the operator app to have already persisted the decision before calling this endpoint. This keeps the service stateless and fast.
Related Pages
API Reference
Full endpoint documentation for GET /health and POST /sale-verification/publish, including request/response shapes and error codes.
Deployment
Step-by-step guide for local development and deploying to Render, including all environment variable definitions.