diff --git a/api/api/v1/push/subscription/index.post.ts b/api/api/v1/push/subscription/index.post.ts index 6ae65f27..061cdd3f 100644 --- a/api/api/v1/push/subscription/index.post.ts +++ b/api/api/v1/push/subscription/index.post.ts @@ -2,7 +2,6 @@ import { apiRoute } from "@/api"; import { auth, jsonOrForm } from "@/api"; import { createRoute } from "@hono/zod-openapi"; import { PushSubscription } from "@versia/kit/db"; -import { ApiError } from "~/classes/errors/api-error"; import { WebPushSubscriptionInput } from "~/classes/schemas/pushsubscription"; import { RolePermissions } from "~/drizzle/schema"; @@ -54,20 +53,15 @@ export default apiRoute((app) => data.alerts["admin.report"] && !user.hasPermission(RolePermissions.ManageReports) ) { - throw new ApiError( - 403, - `You do not have the '${RolePermissions.ManageReports}' permission to receive report alerts`, - ); + // This shouldn't throw an error in mastodon either + data.alerts["admin.report"] = false; } if ( data.alerts["admin.sign_up"] && !user.hasPermission(RolePermissions.ManageAccounts) ) { - throw new ApiError( - 403, - `You do not have the '${RolePermissions.ManageAccounts}' permission to receive sign-up alerts`, - ); + data.alerts["admin.sign_up"] = false; } await PushSubscription.clearAllOfToken(token); diff --git a/api/api/v1/push/subscription/index.put.ts b/api/api/v1/push/subscription/index.put.ts index d99c9199..96baedb9 100644 --- a/api/api/v1/push/subscription/index.put.ts +++ b/api/api/v1/push/subscription/index.put.ts @@ -61,20 +61,15 @@ export default apiRoute((app) => alerts["admin.report"] && !user.hasPermission(RolePermissions.ManageReports) ) { - throw new ApiError( - 403, - `You do not have the '${RolePermissions.ManageReports}' permission to receive report alerts`, - ); + // This shouldn't throw an error in mastodon either + alerts["admin.report"] = false; } if ( alerts["admin.sign_up"] && !user.hasPermission(RolePermissions.ManageAccounts) ) { - throw new ApiError( - 403, - `You do not have the '${RolePermissions.ManageAccounts}' permission to receive sign-up alerts`, - ); + alerts["admin.sign_up"] = false; } await ps.update({ diff --git a/api/api/v1/push/subscription/index.test.ts b/api/api/v1/push/subscription/index.test.ts index dd2ec6e7..ad694d95 100644 --- a/api/api/v1/push/subscription/index.test.ts +++ b/api/api/v1/push/subscription/index.test.ts @@ -159,9 +159,11 @@ describe("/api/v1/push/subscriptions", () => { }), }); - expect(res.status).toBe(403); + expect(res.status).toBe(200); expect(await res.json()).toMatchObject({ - error: expect.stringContaining("permission"), + alerts: { + "admin.report": false, + }, }); }); @@ -235,9 +237,11 @@ describe("/api/v1/push/subscriptions", () => { }), }); - expect(res.status).toBe(403); + expect(res.status).toBe(200); expect(await res.json()).toMatchObject({ - error: expect.stringContaining("permission"), + alerts: { + "admin.report": false, + }, }); }); diff --git a/classes/schemas/pushsubscription.ts b/classes/schemas/pushsubscription.ts index 5f1435fa..8bc92784 100644 --- a/classes/schemas/pushsubscription.ts +++ b/classes/schemas/pushsubscription.ts @@ -16,7 +16,7 @@ export const WebPushSubscriptionInput = z example: "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEoKCJeHCy69ywHcb3dAR/T8Sud5ljSFHJkuiR6it1ycqAjGTe5F1oZ0ef5QiMX/zdQ+d4jSKiO7RztIz+o/eGuQ==", }), - auth: z.string().base64().length(24).openapi({ + auth: z.string().base64().openapi({ description: "Auth secret. Base64 encoded string of 16 bytes of random data.", example: "u67u09PXZW4ncK9l9mAXkA==",