fix: modified get request to confirm key identity

2 years ago · 9ef07c3943
parent 23dca554ca
commit 9ef07c3943
4 changed files with 48 additions and 51 deletions
--- a/overseerr-api.yml
+++ b/overseerr-api.yml
@ -3548,7 +3548,7 @@ paths:
      responses:
        '204':
          description: Successfully registered push subscription
-  /user/{key}/pushSubscription:
+  /user/{userId}/pushSubscription/{key}:
    get:
      summary: Get web push notification settings for a user
      description: |
@ -3556,6 +3556,11 @@ paths:
      tags:
        - users
      parameters:
+        - in: path
+          name: userId
+          required: true
+          schema:
+            type: number
        - in: path
          name: key
          required: true
@ -3581,6 +3586,11 @@ paths:
      tags:
        - users
      parameters:
+        - in: path
+          name: userId
+          required: true
+          schema:
+            type: number
        - in: path
          name: key
          required: true
--- a/server/routes/user/index.ts
+++ b/server/routes/user/index.ts
@ -138,25 +138,6 @@ router.post(
  }
 );

-router.get<{ key: string }>(
-  '/:key/pushSubscription',
-  async (req, res, next) => {
-    try {
-      const userPushSubRepository = getRepository(UserPushSubscription);
-
-      const userPushSub = await userPushSubRepository.findOneOrFail({
-        where: {
-          p256dh: req.params.key,
-        },
-      });
-
-      return res.status(200).json(userPushSub);
-    } catch (e) {
-      next({ status: 404, message: 'User subscription not found.' });
-    }
-  }
-);
-
 router.post<
  never,
  unknown,
@ -199,14 +180,43 @@ router.post<
  }
 });

-router.delete<{ key: string }>(
-  '/:key/pushSubscription',
+router.get<{ userId: number; key: string }>(
+  '/:userId/pushSubscription/:key',
  async (req, res, next) => {
    try {
      const userPushSubRepository = getRepository(UserPushSubscription);

      const userPushSub = await userPushSubRepository.findOneOrFail({
-        where: { p256dh: req.params.key },
+        relations: {
+          user: true,
+        },
+        where: {
+          user: { id: req.params.userId },
+          p256dh: req.params.key,
+        },
+      });
+
+      return res.status(200).json(userPushSub);
+    } catch (e) {
+      next({ status: 404, message: 'User subscription not found.' });
+    }
+  }
+);
+
+router.delete<{ userId: number; key: string }>(
+  '/:userId/pushSubscription/:key',
+  async (req, res, next) => {
+    try {
+      const userPushSubRepository = getRepository(UserPushSubscription);
+
+      const userPushSub = await userPushSubRepository.findOneOrFail({
+        relations: {
+          user: true,
+        },
+        where: {
+          user: { id: req.params.userId },
+          p256dh: req.params.key,
+        },
      });

      await userPushSubRepository.remove(userPushSub);
--- a/src/components/Layout/UserDropdown/index.tsx
+++ b/src/components/Layout/UserDropdown/index.tsx
@ -39,34 +39,11 @@ const UserDropdown = () => {
  const { user, revalidate } = useUser();

  const logout = async () => {
-    if ('serviceWorker' in navigator && user?.id) {
-      navigator.serviceWorker.getRegistration('/sw.js').then((registration) => {
-        registration?.pushManager
-          .getSubscription()
-          .then(async (subscription) => {
-            subscription
-              ?.unsubscribe()
-              .then(async () => {
-                const parsedSub = JSON.parse(JSON.stringify(subscription));
-                await axios.delete(
-                  `/api/v1/user/${parsedSub.keys.p256dh}/pushSubscription`
-                );
    const response = await axios.post('/api/v1/auth/logout');

    if (response.data?.status === 'ok') {
      revalidate();
    }
-              })
-              .catch(function (error) {
-                // eslint-disable-next-line no-console
-                console.log(
-                  '[SW] Failure unsubscribing to push manager, error:',
-                  error
-                );
-              });
-          });
-      });
-    }
  };

  return (
--- a/src/components/UserProfile/UserSettings/UserNotificationSettings/UserNotificationsWebPush.tsx
+++ b/src/components/UserProfile/UserSettings/UserNotificationSettings/UserNotificationsWebPush.tsx
@ -90,7 +90,7 @@ const UserWebPushSettings = () => {
              .then(async () => {
                const parsedSub = JSON.parse(JSON.stringify(subscription));
                await axios.delete(
-                  `/api/v1/user/${parsedSub.keys.p256dh}/pushSubscription`
+                  `/api/v1/user/${user.id}/pushSubscription/${parsedSub.keys.p256dh}`
                );
                setWebPushEnabled(false);
              })
@ -120,7 +120,7 @@ const UserWebPushSettings = () => {
                const parsedKey = JSON.parse(JSON.stringify(subscription));
                const currentUserPushSub =
                  await axios.get<UserPushSubscription>(
-                    `/api/v1/user/${parsedKey.keys.p256dh}/pushSubscription`
+                    `/api/v1/user/${user.id}/pushSubscription/${parsedKey.keys.p256dh}`
                  );

                if (currentUserPushSub.data.p256dh !== parsedKey.keys.p256dh) {