Add REST API for Web Push Notifications subscriptions (#7445)

- POST /api/v1/push/subscription
- PUT /api/v1/push/subscription
- DELETE /api/v1/push/subscription
- New OAuth scope: "push" (required for the above methods)
This commit is contained in:
Eugen Rochko 2018-05-11 11:49:12 +02:00 committed by GitHub
parent 9a794067f7
commit b4fb766b23
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
20 changed files with 258 additions and 81 deletions

View File

@ -0,0 +1,50 @@
# frozen_string_literal: true
class Api::V1::Push::SubscriptionsController < Api::BaseController
before_action -> { doorkeeper_authorize! :push }
before_action :require_user!
before_action :set_web_push_subscription
def create
@web_subscription&.destroy!
@web_subscription = ::Web::PushSubscription.create!(
endpoint: subscription_params[:endpoint],
key_p256dh: subscription_params[:keys][:p256dh],
key_auth: subscription_params[:keys][:auth],
data: data_params,
user_id: current_user.id,
access_token_id: doorkeeper_token.id
)
render json: @web_subscription, serializer: REST::WebPushSubscriptionSerializer
end
def update
raise ActiveRecord::RecordNotFound if @web_subscription.nil?
@web_subscription.update!(data: data_params)
render json: @web_subscription, serializer: REST::WebPushSubscriptionSerializer
end
def destroy
@web_subscription&.destroy!
render_empty
end
private
def set_web_push_subscription
@web_subscription = ::Web::PushSubscription.find_by(access_token_id: doorkeeper_token.id)
end
def subscription_params
params.require(:subscription).permit(:endpoint, keys: [:auth, :p256dh])
end
def data_params
return {} if params[:data].blank?
params.require(:data).permit(alerts: [:follow, :favourite, :reblog, :mention])
end
end

View File

@ -31,22 +31,23 @@ class Api::Web::PushSubscriptionsController < Api::Web::BaseController
endpoint: subscription_params[:endpoint], endpoint: subscription_params[:endpoint],
key_p256dh: subscription_params[:keys][:p256dh], key_p256dh: subscription_params[:keys][:p256dh],
key_auth: subscription_params[:keys][:auth], key_auth: subscription_params[:keys][:auth],
data: data data: data,
user_id: active_session.user_id,
access_token_id: active_session.access_token_id
) )
active_session.update!(web_push_subscription: web_subscription) active_session.update!(web_push_subscription: web_subscription)
render json: web_subscription.as_payload render json: web_subscription, serializer: REST::WebPushSubscriptionSerializer
end end
def update def update
params.require([:id]) params.require([:id])
web_subscription = ::Web::PushSubscription.find(params[:id]) web_subscription = ::Web::PushSubscription.find(params[:id])
web_subscription.update!(data: data_params) web_subscription.update!(data: data_params)
render json: web_subscription.as_payload render json: web_subscription, serializer: REST::WebPushSubscriptionSerializer
end end
private private
@ -56,6 +57,6 @@ class Api::Web::PushSubscriptionsController < Api::Web::BaseController
end end
def data_params def data_params
@data_params ||= params.require(:data).permit(:alerts) @data_params ||= params.require(:data).permit(alerts: [:follow, :favourite, :reblog, :mention])
end end
end end

View File

@ -15,6 +15,7 @@ class SharesController < ApplicationController
def initial_state_params def initial_state_params
text = [params[:title], params[:text], params[:url]].compact.join(' ') text = [params[:title], params[:text], params[:url]].compact.join(' ')
{ {
settings: Web::Setting.find_by(user: current_user)&.data || {}, settings: Web::Setting.find_by(user: current_user)&.data || {},
push_subscription: current_account.user.web_push_subscription(current_session), push_subscription: current_account.user.web_push_subscription(current_session),

View File

@ -245,7 +245,7 @@ class User < ApplicationRecord
end end
def web_push_subscription(session) def web_push_subscription(session)
session.web_push_subscription.nil? ? nil : session.web_push_subscription.as_payload session.web_push_subscription.nil? ? nil : session.web_push_subscription
end end
def invite_code=(code) def invite_code=(code)

View File

@ -10,31 +10,44 @@
# data :json # data :json
# created_at :datetime not null # created_at :datetime not null
# updated_at :datetime not null # updated_at :datetime not null
# access_token_id :bigint(8)
# user_id :bigint(8)
# #
require 'webpush'
class Web::PushSubscription < ApplicationRecord class Web::PushSubscription < ApplicationRecord
belongs_to :user, optional: true
belongs_to :access_token, class_name: 'Doorkeeper::AccessToken', optional: true
has_one :session_activation has_one :session_activation
def push(notification) def push(notification)
I18n.with_locale(session_activation.user.locale || I18n.default_locale) do I18n.with_locale(associated_user.locale || I18n.default_locale) do
push_payload(message_from(notification), 48.hours.seconds) push_payload(message_from(notification), 48.hours.seconds)
end end
end end
def pushable?(notification) def pushable?(notification)
data&.key?('alerts') && data['alerts'][notification.type.to_s] data&.key?('alerts') && ActiveModel::Type::Boolean.new.cast(data['alerts'][notification.type.to_s])
end end
def as_payload def associated_user
payload = { id: id, endpoint: endpoint } return @associated_user if defined?(@associated_user)
payload[:alerts] = data['alerts'] if data&.key?('alerts')
payload @associated_user = if user_id.nil?
session_activation.user
else
user
end
end end
def access_token def associated_access_token
return @associated_access_token if defined?(@associated_access_token)
@associated_access_token = if access_token_id.nil?
find_or_create_access_token.token find_or_create_access_token.token
else
access_token
end
end end
private private

View File

@ -2,7 +2,9 @@
class InitialStateSerializer < ActiveModel::Serializer class InitialStateSerializer < ActiveModel::Serializer
attributes :meta, :compose, :accounts, attributes :meta, :compose, :accounts,
:media_attachments, :settings, :push_subscription :media_attachments, :settings
has_one :push_subscription, serializer: REST::WebPushSubscriptionSerializer
def meta def meta
store = { store = {

View File

@ -0,0 +1,13 @@
# frozen_string_literal: true
class REST::WebPushSubscriptionSerializer < ActiveModel::Serializer
attributes :id, :endpoint, :alerts, :server_key
def alerts
object.data&.dig('alerts') || {}
end
def server_key
Rails.configuration.x.vapid_public_key
end
end

View File

@ -54,7 +54,7 @@ class Web::NotificationSerializer < ActiveModel::Serializer
def access_token def access_token
return if actions.empty? return if actions.empty?
current_push_subscription.access_token current_push_subscription.associated_access_token
end end
def message def message

View File

@ -9,6 +9,7 @@ class NotifyService < BaseService
return if recipient.user.nil? || blocked? return if recipient.user.nil? || blocked?
create_notification create_notification
push_notification if @notification.browserable?
send_email if email_enabled? send_email if email_enabled?
rescue ActiveRecord::RecordInvalid rescue ActiveRecord::RecordInvalid
return return
@ -101,25 +102,27 @@ class NotifyService < BaseService
def create_notification def create_notification
@notification.save! @notification.save!
return unless @notification.browserable? end
def push_notification
return if @notification.activity.nil?
Redis.current.publish("timeline:#{@recipient.id}", Oj.dump(event: :notification, payload: InlineRenderer.render(@notification, @recipient, :notification))) Redis.current.publish("timeline:#{@recipient.id}", Oj.dump(event: :notification, payload: InlineRenderer.render(@notification, @recipient, :notification)))
send_push_notifications send_push_notifications
end end
def send_push_notifications def send_push_notifications
# HACK: Can be caused by quickly unfavouriting a status, since creating subscriptions_ids = ::Web::PushSubscription.where(user_id: @recipient.user.id)
# a favourite and creating a notification are not wrapped in a transaction. .select { |subscription| subscription.pushable?(@notification) }
return if @notification.activity.nil? .map(&:id)
sessions_with_subscriptions = @recipient.user.session_activations.where.not(web_push_subscription: nil) ::Web::PushNotificationWorker.push_bulk(subscriptions_ids) do |subscription_id|
sessions_with_subscriptions_ids = sessions_with_subscriptions.select { |session| session.web_push_subscription.pushable? @notification }.map(&:id) [subscription_id, @notification.id]
WebPushNotificationWorker.push_bulk(sessions_with_subscriptions_ids) do |session_activation_id|
[session_activation_id, @notification.id]
end end
end end
def send_email def send_email
return if @notification.activity.nil?
NotificationMailer.public_send(@notification.type, @recipient, @notification).deliver_later NotificationMailer.public_send(@notification.type, @recipient, @notification).deliver_later
end end

View File

@ -0,0 +1,18 @@
# frozen_string_literal: true
class Web::PushNotificationWorker
include Sidekiq::Worker
sidekiq_options backtrace: true
def perform(subscription_id, notification_id)
subscription = ::Web::PushSubscription.find(subscription_id)
notification = Notification.find(notification_id)
subscription.push(notification) unless notification.activity.nil?
rescue Webpush::InvalidSubscription, Webpush::ExpiredSubscription
subscription.destroy!
rescue ActiveRecord::RecordNotFound
true
end
end

View File

@ -1,25 +0,0 @@
# frozen_string_literal: true
class WebPushNotificationWorker
include Sidekiq::Worker
sidekiq_options backtrace: true
def perform(session_activation_id, notification_id)
session_activation = SessionActivation.find(session_activation_id)
notification = Notification.find(notification_id)
return if session_activation.web_push_subscription.nil? || notification.activity.nil?
session_activation.web_push_subscription.push(notification)
rescue Webpush::InvalidSubscription, Webpush::ExpiredSubscription
# Subscription expiration is not currently implemented in any browser
session_activation.web_push_subscription.destroy!
session_activation.update!(web_push_subscription: nil)
true
rescue ActiveRecord::RecordNotFound
true
end
end

View File

@ -55,7 +55,7 @@ Doorkeeper.configure do
# For more information go to # For more information go to
# https://github.com/doorkeeper-gem/doorkeeper/wiki/Using-Scopes # https://github.com/doorkeeper-gem/doorkeeper/wiki/Using-Scopes
default_scopes :read default_scopes :read
optional_scopes :write, :follow optional_scopes :write, :follow, :push
# Change the way client credentials are retrieved from the request object. # Change the way client credentials are retrieved from the request object.
# By default it retrieves first from the `HTTP_AUTHORIZATION` header, then # By default it retrieves first from the `HTTP_AUTHORIZATION` header, then

View File

@ -115,5 +115,6 @@ en:
title: OAuth authorization required title: OAuth authorization required
scopes: scopes:
follow: follow, block, unblock and unfollow accounts follow: follow, block, unblock and unfollow accounts
push: receive push notifications for your account
read: read your account's data read: read your account's data
write: post on your behalf write: post on your behalf

View File

@ -306,6 +306,10 @@ Rails.application.routes.draw do
resources :lists, only: [:index, :create, :show, :update, :destroy] do resources :lists, only: [:index, :create, :show, :update, :destroy] do
resource :accounts, only: [:show, :create, :destroy], controller: 'lists/accounts' resource :accounts, only: [:show, :create, :destroy], controller: 'lists/accounts'
end end
namespace :push do
resource :subscription, only: [:create, :update, :destroy]
end
end end
namespace :web do namespace :web do

View File

@ -0,0 +1,6 @@
class AddAccessTokenIdToWebPushSubscriptions < ActiveRecord::Migration[5.2]
def change
add_reference :web_push_subscriptions, :access_token, null: true, default: nil, foreign_key: { on_delete: :cascade, to_table: :oauth_access_tokens }, index: false
add_reference :web_push_subscriptions, :user, null: true, default: nil, foreign_key: { on_delete: :cascade }, index: false
end
end

View File

@ -0,0 +1,13 @@
class MigrateWebPushSubscriptions < ActiveRecord::Migration[5.2]
disable_ddl_transaction!
def up
add_index :web_push_subscriptions, :user_id, algorithm: :concurrently
add_index :web_push_subscriptions, :access_token_id, algorithm: :concurrently
end
def down
remove_index :web_push_subscriptions, :user_id
remove_index :web_push_subscriptions, :access_token_id
end
end

View File

@ -10,7 +10,7 @@
# #
# It's strongly recommended that you check this file into your version control system. # It's strongly recommended that you check this file into your version control system.
ActiveRecord::Schema.define(version: 2018_05_06_221944) do ActiveRecord::Schema.define(version: 2018_05_10_230049) do
# These are extensions that must be enabled in order to support this database # These are extensions that must be enabled in order to support this database
enable_extension "plpgsql" enable_extension "plpgsql"
@ -539,6 +539,10 @@ ActiveRecord::Schema.define(version: 2018_05_06_221944) do
t.json "data" t.json "data"
t.datetime "created_at", null: false t.datetime "created_at", null: false
t.datetime "updated_at", null: false t.datetime "updated_at", null: false
t.bigint "access_token_id"
t.bigint "user_id"
t.index ["access_token_id"], name: "index_web_push_subscriptions_on_access_token_id"
t.index ["user_id"], name: "index_web_push_subscriptions_on_user_id"
end end
create_table "web_settings", force: :cascade do |t| create_table "web_settings", force: :cascade do |t|
@ -605,5 +609,7 @@ ActiveRecord::Schema.define(version: 2018_05_06_221944) do
add_foreign_key "subscriptions", "accounts", name: "fk_9847d1cbb5", on_delete: :cascade add_foreign_key "subscriptions", "accounts", name: "fk_9847d1cbb5", on_delete: :cascade
add_foreign_key "users", "accounts", name: "fk_50500f500d", on_delete: :cascade add_foreign_key "users", "accounts", name: "fk_50500f500d", on_delete: :cascade
add_foreign_key "users", "invites", on_delete: :nullify add_foreign_key "users", "invites", on_delete: :nullify
add_foreign_key "web_push_subscriptions", "oauth_access_tokens", column: "access_token_id", on_delete: :cascade
add_foreign_key "web_push_subscriptions", "users", on_delete: :cascade
add_foreign_key "web_settings", "users", name: "fk_11910667b2", on_delete: :cascade add_foreign_key "web_settings", "users", name: "fk_11910667b2", on_delete: :cascade
end end

View File

@ -0,0 +1,83 @@
# frozen_string_literal: true
require 'rails_helper'
describe Api::V1::Push::SubscriptionsController do
render_views
let(:user) { Fabricate(:user) }
let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: 'push') }
before do
allow(controller).to receive(:doorkeeper_token) { token }
end
let(:create_payload) do
{
subscription: {
endpoint: 'https://fcm.googleapis.com/fcm/send/fiuH06a27qE:APA91bHnSiGcLwdaxdyqVXNDR9w1NlztsHb6lyt5WDKOC_Z_Q8BlFxQoR8tWFSXUIDdkyw0EdvxTu63iqamSaqVSevW5LfoFwojws8XYDXv_NRRLH6vo2CdgiN4jgHv5VLt2A8ah6lUX',
keys: {
p256dh: 'BEm_a0bdPDhf0SOsrnB2-ategf1hHoCnpXgQsFj5JCkcoMrMt2WHoPfEYOYPzOIs9mZE8ZUaD7VA5vouy0kEkr8=',
auth: 'eH_C8rq2raXqlcBVDa1gLg==',
},
}
}.with_indifferent_access
end
let(:alerts_payload) do
{
data: {
alerts: {
follow: true,
favourite: false,
reblog: true,
mention: false,
}
}
}.with_indifferent_access
end
describe 'POST #create' do
it 'saves push subscriptions' do
post :create, params: create_payload
push_subscription = Web::PushSubscription.find_by(endpoint: create_payload[:subscription][:endpoint])
expect(push_subscription.endpoint).to eq(create_payload[:subscription][:endpoint])
expect(push_subscription.key_p256dh).to eq(create_payload[:subscription][:keys][:p256dh])
expect(push_subscription.key_auth).to eq(create_payload[:subscription][:keys][:auth])
expect(push_subscription.user_id).to eq user.id
expect(push_subscription.access_token_id).to eq token.id
end
it 'replaces old subscription on repeat calls' do
post :create, params: create_payload
post :create, params: create_payload
expect(Web::PushSubscription.where(endpoint: create_payload[:subscription][:endpoint]).count).to eq 1
end
end
describe 'PUT #update' do
it 'changes alert settings' do
post :create, params: create_payload
put :update, params: alerts_payload
push_subscription = Web::PushSubscription.find_by(endpoint: create_payload[:subscription][:endpoint])
expect(push_subscription.data.dig('alerts', 'follow')).to eq(alerts_payload[:data][:alerts][:follow].to_s)
expect(push_subscription.data.dig('alerts', 'favourite')).to eq(alerts_payload[:data][:alerts][:favourite].to_s)
expect(push_subscription.data.dig('alerts', 'reblog')).to eq(alerts_payload[:data][:alerts][:reblog].to_s)
expect(push_subscription.data.dig('alerts', 'mention')).to eq(alerts_payload[:data][:alerts][:mention].to_s)
end
end
describe 'DELETE #destroy' do
it 'removes the subscription' do
post :create, params: create_payload
delete :destroy
expect(Web::PushSubscription.find_by(endpoint: create_payload[:subscription][:endpoint])).to be_nil
end
end
end

View File

@ -59,10 +59,10 @@ describe Api::Web::PushSubscriptionsController do
push_subscription = Web::PushSubscription.find_by(endpoint: create_payload[:subscription][:endpoint]) push_subscription = Web::PushSubscription.find_by(endpoint: create_payload[:subscription][:endpoint])
expect(push_subscription.data['follow']).to eq(alerts_payload[:data][:follow]) expect(push_subscription.data['alerts']['follow']).to eq(alerts_payload[:data][:alerts][:follow].to_s)
expect(push_subscription.data['favourite']).to eq(alerts_payload[:data][:favourite]) expect(push_subscription.data['alerts']['favourite']).to eq(alerts_payload[:data][:alerts][:favourite].to_s)
expect(push_subscription.data['reblog']).to eq(alerts_payload[:data][:reblog]) expect(push_subscription.data['alerts']['reblog']).to eq(alerts_payload[:data][:alerts][:reblog].to_s)
expect(push_subscription.data['mention']).to eq(alerts_payload[:data][:mention]) expect(push_subscription.data['alerts']['mention']).to eq(alerts_payload[:data][:alerts][:mention].to_s)
end end
end end
end end
@ -81,10 +81,10 @@ describe Api::Web::PushSubscriptionsController do
push_subscription = Web::PushSubscription.find_by(endpoint: create_payload[:subscription][:endpoint]) push_subscription = Web::PushSubscription.find_by(endpoint: create_payload[:subscription][:endpoint])
expect(push_subscription.data['follow']).to eq(alerts_payload[:data][:follow]) expect(push_subscription.data['alerts']['follow']).to eq(alerts_payload[:data][:alerts][:follow].to_s)
expect(push_subscription.data['favourite']).to eq(alerts_payload[:data][:favourite]) expect(push_subscription.data['alerts']['favourite']).to eq(alerts_payload[:data][:alerts][:favourite].to_s)
expect(push_subscription.data['reblog']).to eq(alerts_payload[:data][:reblog]) expect(push_subscription.data['alerts']['reblog']).to eq(alerts_payload[:data][:alerts][:reblog].to_s)
expect(push_subscription.data['mention']).to eq(alerts_payload[:data][:mention]) expect(push_subscription.data['alerts']['mention']).to eq(alerts_payload[:data][:alerts][:mention].to_s)
end end
end end
end end

View File

@ -2,20 +2,8 @@ require 'rails_helper'
RSpec.describe Web::PushSubscription, type: :model do RSpec.describe Web::PushSubscription, type: :model do
let(:alerts) { { mention: true, reblog: false, follow: true, follow_request: false, favourite: true } } let(:alerts) { { mention: true, reblog: false, follow: true, follow_request: false, favourite: true } }
let(:payload_no_alerts) { Web::PushSubscription.new(id: 1, endpoint: 'a', key_p256dh: 'c', key_auth: 'd').as_payload }
let(:payload_alerts) { Web::PushSubscription.new(id: 1, endpoint: 'a', key_p256dh: 'c', key_auth: 'd', data: { alerts: alerts }).as_payload }
let(:push_subscription) { Web::PushSubscription.new(data: { alerts: alerts }) } let(:push_subscription) { Web::PushSubscription.new(data: { alerts: alerts }) }
describe '#as_payload' do
it 'only returns id and endpoint' do
expect(payload_no_alerts.keys).to eq [:id, :endpoint]
end
it 'returns alerts if set' do
expect(payload_alerts.keys).to eq [:id, :endpoint, :alerts]
end
end
describe '#pushable?' do describe '#pushable?' do
it 'obeys alert settings' do it 'obeys alert settings' do
expect(push_subscription.send(:pushable?, Notification.new(activity_type: 'Mention'))).to eq true expect(push_subscription.send(:pushable?, Notification.new(activity_type: 'Mention'))).to eq true