versia-pub/server
2
0
Fork 0
mirror of https://github.com/versia-pub/server.git synced 2026-03-13 13:59:16 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(api): Add initial Push Notifications support

Browse source
This commit is contained in:
Jesse Wierzbinski 2025-01-02 01:29:33 +01:00
parent acd2bcb469
commit d096ab830c
No known key found for this signature in database
21 changed files with 3301 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

31
api/api/v1/push/subscription/index.delete.schema.ts Normal file
View file

@ -0,0 +1,31 @@
import { auth } from "@/api";
import { createRoute, z } from "@hono/zod-openapi";
import { RolePermissions } from "~/drizzle/schema";
export const route = createRoute({
method: "delete",
path: "/api/v1/push/subscription",
summary: "Remove current subscription",
description: "Removes the current Web Push API subscription.",
externalDocs: {
url: "https://docs.joinmastodon.org/methods/push/#delete",
},
middleware: [
auth({
auth: true,
permissions: [RolePermissions.UsePushNotifications],
scopes: ["push"],
}),
] as const,
responses: {
200: {
description:
"PushSubscription successfully deleted or did not exist previously.",
content: {
"application/json": {
schema: z.object({}),
},
},
},
},
});

23
api/api/v1/push/subscription/index.delete.ts Normal file
View file

@ -0,0 +1,23 @@
import { apiRoute } from "@/api";
import { PushSubscription } from "@versia/kit/db";
import { ApiError } from "~/classes/errors/api-error";
import { route } from "./index.delete.schema";
export default apiRoute((app) =>
app.openapi(route, async (context) => {
const { token } = context.get("auth");
const ps = await PushSubscription.fromToken(token);
if (!ps) {
throw new ApiError(
404,
"No push subscription associated with this access token",
);
}
await ps.delete();
return context.json({}, 200);
}),
);

85
api/api/v1/push/subscription/index.get.schema.ts Normal file
View file

@ -0,0 +1,85 @@
import { auth } from "@/api";
import { createRoute, z } from "@hono/zod-openapi";
import { PushSubscription } from "@versia/kit/db";
import { RolePermissions } from "~/drizzle/schema";
export const WebPushSubscriptionInput = z
.object({
subscription: z.object({
endpoint: z.string().url().openapi({
example: "https://yourdomain.example/listener",
description: "Where push alerts will be sent to.",
}),
keys: z
.object({
p256dh: z.string().base64().openapi({
description:
"User agent public key. Base64 encoded string of a public key from a ECDH keypair using the prime256v1 curve.",
example:
"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEoKCJeHCy69ywHcb3dAR/T8Sud5ljSFHJkuiR6it1ycqAjGTe5F1oZ0ef5QiMX/zdQ+d4jSKiO7RztIz+o/eGuQ==",
}),
auth: z.string().base64().length(24).openapi({
description:
"Auth secret. Base64 encoded string of 16 bytes of random data.",
example: "u67u09PXZW4ncK9l9mAXkA==",
}),
})
.strict(),
}),
data: z
.object({
policy: z
.enum(["all", "followed", "follower", "none"])
.default("all")
.openapi({
description:
"Specify whether to receive push notifications from all, followed, follower, or none users.",
}),
alerts: PushSubscription.schema.shape.alerts,
})
.strict()
.default({
policy: "all",
alerts: {
mention: false,
favourite: false,
reblog: false,
follow: false,
poll: false,
follow_request: false,
status: false,
update: false,
"admin.sign_up": false,
"admin.report": false,
},
}),
})
.strict();
export const route = createRoute({
method: "get",
path: "/api/v1/push/subscription",
summary: "Get current subscription",
description:
"View the PushSubscription currently associated with this access token.",
externalDocs: {
url: "https://docs.joinmastodon.org/methods/push/#get",
},
middleware: [
auth({
auth: true,
permissions: [RolePermissions.UsePushNotifications],
scopes: ["push"],
}),
] as const,
responses: {
200: {
description: "WebPushSubscription",
content: {
"application/json": {
schema: PushSubscription.schema,
},
},
},
},
});

21
api/api/v1/push/subscription/index.get.ts Normal file
View file

@ -0,0 +1,21 @@
import { apiRoute } from "@/api";
import { PushSubscription } from "@versia/kit/db";
import { ApiError } from "~/classes/errors/api-error";
import { route } from "./index.get.schema";
export default apiRoute((app) =>
app.openapi(route, async (context) => {
const { token } = context.get("auth");
const ps = await PushSubscription.fromToken(token);
if (!ps) {
throw new ApiError(
404,
"No push subscription associated with this access token",
);
}
return context.json(ps.toApi(), 200);
}),
);

44
api/api/v1/push/subscription/index.post.schema.ts Normal file
View file

@ -0,0 +1,44 @@
import { auth, jsonOrForm } from "@/api";
import { createRoute } from "@hono/zod-openapi";
import { PushSubscription } from "@versia/kit/db";
import { RolePermissions } from "~/drizzle/schema";
import { WebPushSubscriptionInput } from "./index.get.schema";
export const route = createRoute({
method: "post",
path: "/api/v1/push/subscription",
summary: "Subscribe to push notifications",
description:
"Add a Web Push API subscription to receive notifications. Each access token can have one push subscription. If you create a new subscription, the old subscription is deleted.",
externalDocs: {
url: "https://docs.joinmastodon.org/methods/push/#create",
},
middleware: [
auth({
auth: true,
permissions: [RolePermissions.UsePushNotifications],
scopes: ["push"],
}),
jsonOrForm(),
] as const,
request: {
body: {
content: {
"application/json": {
schema: WebPushSubscriptionInput,
},
},
},
},
responses: {
200: {
description:
"A new PushSubscription has been generated, which will send the requested alerts to your endpoint.",
content: {
"application/json": {
schema: PushSubscription.schema,
},
},
},
},
});

45
api/api/v1/push/subscription/index.post.ts Normal file
View file

@ -0,0 +1,45 @@
import { apiRoute } from "@/api";
import { PushSubscription } from "@versia/kit/db";
import { ApiError } from "~/classes/errors/api-error";
import { RolePermissions } from "~/drizzle/schema";
import { route } from "./index.post.schema";
export default apiRoute((app) =>
app.openapi(route, async (context) => {
const { user, token } = context.get("auth");
const { subscription, data } = context.req.valid("json");
if (
data.alerts["admin.report"] &&
!user.hasPermission(RolePermissions.ManageReports)
) {
throw new ApiError(
403,
`You do not have the '${RolePermissions.ManageReports}' permission to receive report alerts`,
);
}
if (
data.alerts["admin.sign_up"] &&
!user.hasPermission(RolePermissions.ManageAccounts)
) {
throw new ApiError(
403,
`You do not have the '${RolePermissions.ManageAccounts}' permission to receive sign-up alerts`,
);
}
await PushSubscription.clearAllOfToken(token);
const ps = await PushSubscription.insert({
alerts: data.alerts,
policy: data.policy,
endpoint: subscription.endpoint,
publicKey: subscription.keys.p256dh,
authSecret: subscription.keys.auth,
tokenId: token.id,
});
return context.json(ps.toApi(), 200);
}),
);

43
api/api/v1/push/subscription/index.put.schema.ts Normal file
View file

@ -0,0 +1,43 @@
import { auth, jsonOrForm } from "@/api";
import { createRoute } from "@hono/zod-openapi";
import { PushSubscription } from "@versia/kit/db";
import { RolePermissions } from "~/drizzle/schema";
import { WebPushSubscriptionInput } from "./index.get.schema";
export const route = createRoute({
method: "put",
path: "/api/v1/push/subscription",
summary: "Change types of notifications",
description:
"Updates the current push subscription. Only the data part can be updated. To change fundamentals, a new subscription must be created instead.",
externalDocs: {
url: "https://docs.joinmastodon.org/methods/push/#update",
},
middleware: [
auth({
auth: true,
permissions: [RolePermissions.UsePushNotifications],
scopes: ["push"],
}),
jsonOrForm(),
] as const,
request: {
body: {
content: {
"application/json": {
schema: WebPushSubscriptionInput.shape.data,
},
},
},
},
responses: {
200: {
description: "The WebPushSubscription has been updated.",
content: {
"application/json": {
schema: PushSubscription.schema,
},
},
},
},
});

51
api/api/v1/push/subscription/index.put.ts Normal file
View file

@ -0,0 +1,51 @@
import { apiRoute } from "@/api";
import { PushSubscription } from "@versia/kit/db";
import { ApiError } from "~/classes/errors/api-error";
import { RolePermissions } from "~/drizzle/schema";
import { route } from "./index.put.schema";
export default apiRoute((app) =>
app.openapi(route, async (context) => {
const { user, token } = context.get("auth");
const { alerts, policy } = context.req.valid("json");
const ps = await PushSubscription.fromToken(token);
if (!ps) {
throw new ApiError(
404,
"No push subscription associated with this access token",
);
}
if (
alerts["admin.report"] &&
!user.hasPermission(RolePermissions.ManageReports)
) {
throw new ApiError(
403,
`You do not have the '${RolePermissions.ManageReports}' permission to receive report alerts`,
);
}
if (
alerts["admin.sign_up"] &&
!user.hasPermission(RolePermissions.ManageAccounts)
) {
throw new ApiError(
403,
`You do not have the '${RolePermissions.ManageAccounts}' permission to receive sign-up alerts`,
);
}
await ps.update({
policy,
alerts: {
...ps.data.alerts,
...alerts,
},
});
return context.json(ps.toApi(), 200);
}),
);

304
api/api/v1/push/subscription/index.test.ts Normal file
View file

@ -0,0 +1,304 @@
import { afterAll, beforeEach, describe, expect, test } from "bun:test";
import { PushSubscription } from "@versia/kit/db";
import { fakeRequest, getTestUsers } from "~/tests/utils";
const { users, tokens, deleteUsers } = await getTestUsers(2);
afterAll(async () => {
await deleteUsers();
});
beforeEach(async () => {
await PushSubscription.clearAllOfToken(tokens[0]);
await PushSubscription.clearAllOfToken(tokens[1]);
});
describe("/api/v1/push/subscriptions", () => {
test("should create a push subscription", async () => {
const res = await fakeRequest("/api/v1/push/subscription", {
method: "POST",
headers: {
Authorization: `Bearer ${tokens[0].data.accessToken}`,
"Content-Type": "application/json",
},
body: JSON.stringify({
data: {
alerts: {
update: true,
},
policy: "all",
},
subscription: {
endpoint: "https://example.com",
keys: {
p256dh: "test",
auth: "testthatis24charactersha",
},
},
}),
});
expect(res.status).toBe(200);
const body = await res.json();
expect(body).toMatchObject({
endpoint: "https://example.com",
alerts: {
update: true,
},
});
});
test("should retrieve the same push subscription", async () => {
await PushSubscription.insert({
endpoint: "https://example.com",
alerts: {
update: true,
"admin.report": false,
"admin.sign_up": false,
favourite: false,
follow: false,
follow_request: false,
mention: false,
poll: false,
reblog: false,
status: false,
},
policy: "all",
authSecret: "test",
publicKey: "test",
tokenId: tokens[1].id,
});
const res = await fakeRequest("/api/v1/push/subscription", {
headers: {
Authorization: `Bearer ${tokens[1].data.accessToken}`,
},
});
expect(res.status).toBe(200);
const body = await res.json();
expect(body).toMatchObject({
endpoint: "https://example.com",
alerts: {
update: true,
},
});
});
test("should update a push subscription", async () => {
await PushSubscription.insert({
endpoint: "https://example.com",
alerts: {
update: true,
"admin.report": false,
"admin.sign_up": false,
favourite: false,
follow: false,
follow_request: false,
mention: false,
poll: false,
reblog: false,
status: false,
},
policy: "all",
authSecret: "test",
publicKey: "test",
tokenId: tokens[0].id,
});
const res = await fakeRequest("/api/v1/push/subscription", {
method: "PUT",
headers: {
Authorization: `Bearer ${tokens[0].data.accessToken}`,
"Content-Type": "application/json",
},
body: JSON.stringify({
alerts: {
update: false,
favourite: true,
},
policy: "follower",
}),
});
expect(res.status).toBe(200);
expect(await res.json()).toMatchObject({
alerts: {
update: false,
favourite: true,
},
});
});
describe("permissions", () => {
test("should not allow watching admin reports without permissions", async () => {
const res = await fakeRequest("/api/v1/push/subscription", {
method: "POST",
headers: {
Authorization: `Bearer ${tokens[0].data.accessToken}`,
"Content-Type": "application/json",
},
body: JSON.stringify({
data: {
alerts: {
"admin.report": true,
},
policy: "all",
},
subscription: {
endpoint: "https://example.com",
keys: {
p256dh: "test",
auth: "testthatis24charactersha",
},
},
}),
});
expect(res.status).toBe(403);
expect(await res.json()).toMatchObject({
error: expect.stringContaining("permission"),
});
});
test("should allow watching admin reports with permissions", async () => {
await users[0].update({
isAdmin: true,
});
const res = await fakeRequest("/api/v1/push/subscription", {
method: "POST",
headers: {
Authorization: `Bearer ${tokens[0].data.accessToken}`,
"Content-Type": "application/json",
},
body: JSON.stringify({
data: {
alerts: {
"admin.report": true,
},
policy: "all",
},
subscription: {
endpoint: "https://example.com",
keys: {
p256dh: "test",
auth: "testthatis24charactersha",
},
},
}),
});
expect(res.status).toBe(200);
await users[0].update({
isAdmin: false,
});
});
test("should not allow editing to add admin reports without permissions", async () => {
await PushSubscription.insert({
endpoint: "https://example.com",
alerts: {
update: true,
"admin.report": false,
"admin.sign_up": false,
favourite: false,
follow: false,
follow_request: false,
mention: false,
poll: false,
reblog: false,
status: false,
},
policy: "all",
authSecret: "test",
publicKey: "test",
tokenId: tokens[0].id,
});
const res = await fakeRequest("/api/v1/push/subscription", {
method: "PUT",
headers: {
Authorization: `Bearer ${tokens[0].data.accessToken}`,
"Content-Type": "application/json",
},
body: JSON.stringify({
alerts: {
"admin.report": true,
},
policy: "all",
}),
});
expect(res.status).toBe(403);
expect(await res.json()).toMatchObject({
error: expect.stringContaining("permission"),
});
});
test("should allow editing to add admin reports with permissions", async () => {
await users[0].update({
isAdmin: true,
});
await PushSubscription.insert({
endpoint: "https://example.com",
alerts: {
update: true,
"admin.report": false,
"admin.sign_up": false,
favourite: false,
follow: false,
follow_request: false,
mention: false,
poll: false,
reblog: false,
status: false,
},
policy: "all",
authSecret: "test",
publicKey: "test",
tokenId: tokens[0].id,
});
const res = await fakeRequest("/api/v1/push/subscription", {
method: "PUT",
headers: {
Authorization: `Bearer ${tokens[0].data.accessToken}`,
"Content-Type": "application/json",
},
body: JSON.stringify({
alerts: {
"admin.report": true,
},
policy: "all",
}),
});
expect(res.status).toBe(200);
expect(await res.json()).toMatchObject({
alerts: {
update: true,
"admin.report": true,
"admin.sign_up": false,
favourite: false,
follow: false,
follow_request: false,
mention: false,
poll: false,
reblog: false,
status: false,
},
});
await users[0].update({
isAdmin: false,
});
});
});
});