fix: modified get request to confirm key identity

overseerr-api.yml

@@ -3548,7 +3548,7 @@ paths:
       responses:
         '204':
           description: Successfully registered push subscription
-  /user/{key}/pushSubscription:
+  /user/{userId}/pushSubscription/{key}:
     get:
       summary: Get web push notification settings for a user
       description: |
@@ -3556,6 +3556,11 @@ paths:
       tags:
         - users
       parameters:
+        - in: path
+          name: userId
+          required: true
+          schema:
+            type: number
         - in: path
           name: key
           required: true
@@ -3581,6 +3586,11 @@ paths:
       tags:
         - users
       parameters:
+        - in: path
+          name: userId
+          required: true
+          schema:
+            type: number
         - in: path
           name: key
           required: true

server/routes/user/index.ts

@@ -138,25 +138,6 @@ router.post(
   }
 );
 
-router.get<{ key: string }>(
-  '/:key/pushSubscription',
-  async (req, res, next) => {
-    try {
-      const userPushSubRepository = getRepository(UserPushSubscription);
-
-      const userPushSub = await userPushSubRepository.findOneOrFail({
-        where: {
-          p256dh: req.params.key,
-        },
-      });
-
-      return res.status(200).json(userPushSub);
-    } catch (e) {
-      next({ status: 404, message: 'User subscription not found.' });
-    }
-  }
-);
-
 router.post<
   never,
   unknown,
@@ -199,14 +180,43 @@ router.post<
   }
 });
 
-router.delete<{ key: string }>(
+router.get<{ userId: number; key: string }>(
-  '/:key/pushSubscription',
+  '/:userId/pushSubscription/:key',
   async (req, res, next) => {
     try {
       const userPushSubRepository = getRepository(UserPushSubscription);
 
       const userPushSub = await userPushSubRepository.findOneOrFail({
-        where: { p256dh: req.params.key },
+        relations: {
+          user: true,
+        },
+        where: {
+          user: { id: req.params.userId },
+          p256dh: req.params.key,
+        },
+      });
+
+      return res.status(200).json(userPushSub);
+    } catch (e) {
+      next({ status: 404, message: 'User subscription not found.' });
+    }
+  }
+);
+
+router.delete<{ userId: number; key: string }>(
+  '/:userId/pushSubscription/:key',
+  async (req, res, next) => {
+    try {
+      const userPushSubRepository = getRepository(UserPushSubscription);
+
+      const userPushSub = await userPushSubRepository.findOneOrFail({
+        relations: {
+          user: true,
+        },
+        where: {
+          user: { id: req.params.userId },
+          p256dh: req.params.key,
+        },
       });
 
       await userPushSubRepository.remove(userPushSub);

src/components/Layout/UserDropdown/index.tsx

@@ -39,34 +39,11 @@ const UserDropdown = () => {
   const { user, revalidate } = useUser();
 
   const logout = async () => {
-    if ('serviceWorker' in navigator && user?.id) {
-      navigator.serviceWorker.getRegistration('/sw.js').then((registration) => {
-        registration?.pushManager
-          .getSubscription()
-          .then(async (subscription) => {
-            subscription
-              ?.unsubscribe()
-              .then(async () => {
-                const parsedSub = JSON.parse(JSON.stringify(subscription));
-                await axios.delete(
-                  `/api/v1/user/${parsedSub.keys.p256dh}/pushSubscription`
-                );
     const response = await axios.post('/api/v1/auth/logout');
 
     if (response.data?.status === 'ok') {
       revalidate();
     }
-              })
-              .catch(function (error) {
-                // eslint-disable-next-line no-console
-                console.log(
-                  '[SW] Failure unsubscribing to push manager, error:',
-                  error
-                );
-              });
-          });
-      });
-    }
   };
 
   return (

src/components/UserProfile/UserSettings/UserNotificationSettings/UserNotificationsWebPush.tsx

@@ -90,7 +90,7 @@ const UserWebPushSettings = () => {
               .then(async () => {
                 const parsedSub = JSON.parse(JSON.stringify(subscription));
                 await axios.delete(
-                  `/api/v1/user/${parsedSub.keys.p256dh}/pushSubscription`
+                  `/api/v1/user/${user.id}/pushSubscription/${parsedSub.keys.p256dh}`
                 );
                 setWebPushEnabled(false);
               })
@@ -120,7 +120,7 @@ const UserWebPushSettings = () => {
                 const parsedKey = JSON.parse(JSON.stringify(subscription));
                 const currentUserPushSub =
                   await axios.get<UserPushSubscription>(
-                    `/api/v1/user/${parsedKey.keys.p256dh}/pushSubscription`
+                    `/api/v1/user/${user.id}/pushSubscription/${parsedKey.keys.p256dh}`
                   );
 
                 if (currentUserPushSub.data.p256dh !== parsedKey.keys.p256dh) {