From b9039dbf194f66738766cb4296ba6d141d6d433e Mon Sep 17 00:00:00 2001
From: Claudomator Agent <agent@claudomator>
Date: Tue, 17 Mar 2026 08:04:04 +0000
Subject: fix: validate VAPID public key on load, regenerate if swapped

The DB may contain keys generated before the swap fix, with the private
key stored as the public key. Add ValidateVAPIDPublicKey() and use it in
serve.go to detect and regenerate invalid stored keys on startup.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 internal/cli/serve.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'internal/cli')

diff --git a/internal/cli/serve.go b/internal/cli/serve.go
index efac719..5677562 100644
--- a/internal/cli/serve.go
+++ b/internal/cli/serve.go
@@ -54,7 +54,7 @@ func serve(addr string) error {
 	if cfg.VAPIDPublicKey == "" || cfg.VAPIDPrivateKey == "" {
 		pub, _ := store.GetSetting("vapid_public_key")
 		priv, _ := store.GetSetting("vapid_private_key")
-		if pub == "" || priv == "" {
+		if pub == "" || priv == "" || !notify.ValidateVAPIDPublicKey(pub) {
 			pub, priv, err = notify.GenerateVAPIDKeys()
 			if err != nil {
 				return fmt.Errorf("generating VAPID keys: %w", err)
-- 
cgit v1.2.3