Joseph Doherty
134 lines
12 KiB
Markdown
134 lines
12 KiB
Markdown
# Component: Notification Service
|
|
|
|
## Purpose
|
|
|
|
The Notification Service is the central component that manages notification-list, SMTP, and SMS definitions and provides the per-type delivery adapters used to send notifications. It manages notification-list and delivery-channel definitions, and supplies the stateless "deliver one notification" adapter implementations that the Notification Outbox invokes at delivery time.
|
|
|
|
The Notification Service no longer delivers notifications from sites. Notification delivery has been inverted: a site script's notification is store-and-forwarded to the central cluster, and the central **Notification Outbox** owns dispatch and delivery, calling an `INotificationDeliveryAdapter` supplied by this component. See [`Component-NotificationOutbox.md`](Component-NotificationOutbox.md).
|
|
|
|
## Location
|
|
|
|
Central cluster only. The Notification Service manages definitions in the central configuration database and provides the delivery adapters that run on the central cluster. It is no longer present at site clusters, and notification definitions and SMTP configuration are no longer deployed to sites.
|
|
|
|
## Responsibilities
|
|
|
|
### Definitions (Central)
|
|
- Store notification lists in the configuration database: list name, list **type**, and type-specific targets (e.g. recipients for an `Email` list, phone numbers for an `Sms` list).
|
|
- Store email server configuration (SMTP settings).
|
|
- Store SMS provider configuration (`SmsConfiguration`: Twilio credentials and endpoint settings).
|
|
- Managed by users with the Designer role (notification lists) and Admin role (SMTP and SMS configuration).
|
|
- Notification lists, SMTP configuration, and SMS configuration are **not deployed to sites** — they exist centrally only. There is no deploy-to-sites artifact and no local SQLite copy.
|
|
|
|
### Delivery Adapters (Central)
|
|
- Provide a delivery adapter implementing `INotificationDeliveryAdapter` for each notification `Type`.
|
|
- Each adapter is a stateless "deliver one notification" implementation: it composes and sends a single notification and classifies the outcome.
|
|
- The **Email adapter** is the relocated SMTP composition and send logic — formerly run at sites, it now runs on the central cluster.
|
|
- The **SMS adapter** delivers notifications via Twilio REST to a list's phone-number recipients — see SMS Delivery Adapter below.
|
|
- Resolve a notification list name to its concrete targets (e.g. recipient addresses or phone numbers) at delivery time, on behalf of the Notification Outbox.
|
|
|
|
## Notification List Definition
|
|
|
|
Each notification list includes:
|
|
- **Name**: Unique identifier (e.g., "Maintenance-Team", "Shift-Supervisors").
|
|
- **Type**: The notification channel — `Email` or `Sms`. `Notify.To("list")` works transparently for any type — the calling script does not care about the type. The type is chosen at list creation and is **fixed** — it cannot be changed on update (prevents email/phone recipient mismatch within a list).
|
|
- **Type-specific targets**: The targets appropriate to the list type:
|
|
- **Email list** — one or more recipient entries, each with a recipient name and email address.
|
|
- **SMS list** — one or more recipient entries, each with a recipient name and E.164 phone number.
|
|
|
|
Lists are defined and stored centrally only. **Recipient resolution happens at central, at delivery time** — a site forwards only `(listName, subject, body)` plus provenance; the Notification Outbox asks the Notification Service to resolve the list when it dispatches the notification.
|
|
|
|
## Email Server Configuration
|
|
|
|
The SMTP configuration is defined centrally and used by the central Email delivery adapter. It is not deployed to sites. It includes:
|
|
|
|
- **Server hostname**: SMTP server address (e.g., `smtp.office365.com`).
|
|
- **Port**: SMTP port (e.g., 587 for StartTLS, 465 for SSL).
|
|
- **Authentication mode**: One of:
|
|
- **Basic Auth**: Username and password. For on-prem SMTP relays or servers that support basic authentication.
|
|
- **OAuth2 Client Credentials**: Tenant ID, Client ID, and Client Secret. For Microsoft 365 and other modern SMTP providers that require OAuth2. The Email adapter handles the token lifecycle internally (fetch, cache, refresh on expiry).
|
|
- **TLS mode**: None, StartTLS, or SSL.
|
|
- **From address**: The sender email address for all notifications (e.g., `scada-notifications@company.com`).
|
|
- **Connection timeout**: Maximum time to wait for SMTP connection (default: 30 seconds).
|
|
- **Max concurrent connections**: Maximum simultaneous SMTP connections from the central cluster (default: 5).
|
|
- **Retry settings**: Max retry count, fixed time between retries. The Notification Outbox reuses these for delivery retry of transient failures.
|
|
|
|
## SMS Configuration
|
|
|
|
The `SmsConfiguration` entity is defined centrally and used by the central SMS delivery adapter. It mirrors `SmtpConfiguration` in structure and is not deployed to sites. It is managed by Admin-role users via the CLI (`notification sms list|update`) and the Central UI `/notifications/sms` page. It includes:
|
|
|
|
- **Account SID**: Twilio Account SID (plaintext; also appears in the API URL path).
|
|
- **Auth Token**: Twilio Auth Token, **encrypted at rest** via ASP.NET Data Protection (`EncryptedStringConverter`). The Auth Token is never returned from the list command — the listing reports it only as a `hasAuthToken` presence flag.
|
|
- **From number**: Sender phone number in E.164 format (e.g., `+15551234567`). Used unless a Messaging Service SID is specified.
|
|
- **Messaging Service SID** (optional): Twilio Messaging Service SID. When present, Twilio uses it for sender selection; overrides the From number.
|
|
- **API base URL** (optional): Override for the Twilio REST API base URL (default: `https://api.twilio.com`). Allows pointing at a test/stub handler or a regional endpoint.
|
|
- **Connection timeout**: Maximum time to wait for a Twilio API response.
|
|
- **Max retries** / **Retry delay**: Delivery retry settings, mirroring the SMTP retry model.
|
|
|
|
The `SmsConfiguration` entity travels in Transport bundles — the Auth Token rides the encrypted `SecretsBlock` (keyed by Account SID), consistent with how SMTP credentials are bundled.
|
|
|
|
## Script API
|
|
|
|
```csharp
|
|
NotificationId id = Notify.To("listName").Send("subject", "message");
|
|
NotificationStatus status = Notify.Status(id);
|
|
```
|
|
|
|
- Available to instance scripts (via Script Execution Actors), alarm on-trigger scripts (via Alarm Execution Actors), and shared scripts (executing inline).
|
|
- `Notify.To("listName").Send(...)` is **asynchronous**: it generates a `NotificationId` (GUID) locally, hands the notification to the site Store-and-Forward Engine for forwarding to central, and returns the `NotificationId` to the script **immediately**. The script does not block waiting for delivery.
|
|
- The message body is **plain text** only. No HTML content.
|
|
- `Notify.Status(notificationId)` returns a small **status record** — the current status, retry count, last error, and key timestamps (enqueued, delivered). While the notification is still in the site Store-and-Forward buffer, the site answers the query **locally** with status `Forwarding`; once forwarded to central, the query round-trips to central and reads the `Notifications` table.
|
|
- The returned `NotificationId` is a `TrackedOperationId` — the shared Commons tracking-handle type used by all store-and-forward producers; `NotificationId` is simply the notification-domain name for it. Likewise, `Notify.Status` is a thin alias of the unified `Tracking.Status` accessor, retained for backward compatibility. This is a naming/type clarification only — notification delivery behavior is unchanged.
|
|
|
|
## Notification Delivery Behavior
|
|
|
|
Delivery is performed centrally by the Notification Outbox, which calls the `INotificationDeliveryAdapter` registered for the notification's `Type`.
|
|
|
|
### Recipient Handling (Email)
|
|
- A single email is sent per notification, with all list recipients in **BCC**. The from address is placed in the To field.
|
|
- Recipients do not see each other's email addresses.
|
|
- No per-recipient deduplication — if the same email address appears in multiple lists and a script sends to both, they receive multiple emails.
|
|
|
|
## SMS Delivery Adapter
|
|
|
|
The `SmsNotificationDeliveryAdapter` delivers notifications to an SMS list via the Twilio REST API (no Twilio SDK — uses `IHttpClientFactory` with a named `"Twilio"` `HttpClient` and HTTP Basic auth with `AccountSid:AuthToken`). It is outbound-only; true per-recipient delivery confirmation requires a status-callback webhook (out of scope for v1). "Accepted by Twilio" is treated as delivered, consistent with how the Email adapter treats "accepted by SMTP."
|
|
|
|
### Message Format
|
|
- SMS has no subject line. The message body is composed as `Subject` + newline + `Body` (whichever are present), plain text, truncated to a configurable cap (`SmsOptions.MaxMessageLength`, default 1600 — the Twilio maximum) with an ellipsis when over. Twilio segments at 160 GSM-7 characters and bills per segment.
|
|
|
|
### Per-Recipient Delivery (no BCC equivalent)
|
|
SMS has no BCC mechanism. The adapter sends one Twilio request per recipient and classifies each:
|
|
|
|
- **All accepted** → `Success`; `ResolvedTargets` is snapshotted with the accepted numbers.
|
|
- **Any transient failure** → `Transient` (the whole notification retries at the fixed interval, then Parks after max-retries). Numbers already accepted on a prior attempt are re-texted on retry — the same "re-send to all" characteristic the Email adapter already has with BCC. (v1 does not track per-recipient state; that is a documented future enhancement.)
|
|
- **No transient failures, mix of accepted + permanent-bad** → `Success` to the good numbers; permanently-bad numbers are recorded in `LastError`. The notification is not parked if anything got through.
|
|
- **All permanent / no recipients / no SMS config / list-not-found** → `Permanent` (Park).
|
|
|
|
### Error Classification (SMS)
|
|
A small `SmsErrorClassifier` mirrors the External System Gateway pattern:
|
|
- **Transient**: HTTP 5xx, 408, 429; `HttpRequestException`, timeout (non-caller-cancel).
|
|
- **Permanent**: other 4xx (including 401/403 bad credentials, 400 invalid/unsubscribed number).
|
|
|
|
### Error Classification (Email)
|
|
Each `Deliver(...)` call returns one of `success | transient failure | permanent failure`, consistent with the External System Gateway pattern. There is **no synchronous permanent-failure return to the script** — `Send()` returns immediately, before any delivery is attempted.
|
|
|
|
- **Transient failures** (connection refused, timeout, SMTP 4xx temporary errors): The Notification Outbox moves the row to `Retrying` and schedules another attempt per the SMTP configuration's retry settings.
|
|
- **Permanent failures** (SMTP 5xx permanent errors, e.g., mailbox not found): The Notification Outbox moves the row to `Parked` with the error in `LastError`. The notification will never deliver, and an operator can review or discard it on the Central UI Notification Outbox page.
|
|
- Retries exhausted on a transient failure also result in a `Parked` row.
|
|
- A script observes failures only by calling `Notify.Status(id)` and seeing a `Parked` status — not as a synchronous exception.
|
|
|
|
### No Rate Limiting
|
|
- No application-level rate limiting. If the delivery endpoint enforces sending limits (e.g., Microsoft 365 throttling or Twilio rate limits), those manifest as transient failures and are retried naturally by the Notification Outbox.
|
|
|
|
## Dependencies
|
|
|
|
- **Configuration Database (MS SQL)**: Stores notification list definitions (name, type, type-specific targets), SMTP configuration, and `SmsConfiguration`.
|
|
- **Notification Outbox**: Invokes the delivery adapters supplied by this component and asks it to resolve notification lists at delivery time.
|
|
- **Security & Auth**: Designer role manages notification lists.
|
|
- **Configuration Database (via IAuditService)**: Notification list changes are audit logged.
|
|
|
|
## Interactions
|
|
|
|
- **Notification Outbox**: Consumes the per-type delivery adapters and the list-resolution service this component provides; the outbox owns dispatch, retry, parking, and status.
|
|
- **Site Runtime (Script/Alarm Execution Actors)**: Scripts invoke `Notify.To().Send()` and `Notify.Status()`. `Send()` generates a `NotificationId` and hands the notification to the site Store-and-Forward Engine; it does not contact this component synchronously.
|
|
- **Store-and-Forward Engine (site)**: Forwards a script's notification to central; the central Notification Outbox ingests it for delivery. The Notification Service does not interact with the site Store-and-Forward Engine directly.
|