Add REST API for Web Push Notifications subscriptions (#7445)

- POST /api/v1/push/subscription - PUT /api/v1/push/subscription - DELETE /api/v1/push/subscription - New OAuth scope: "push" (required for the above methods)
mastodon · May 11, 2018 · b4fb766 · b4fb766
1 parent 9a79406
commit b4fb766
Show file tree

Hide file tree

Showing 20 changed files with 258 additions and 81 deletions.
diff --git a/app/controllers/api/v1/push/subscriptions_controller.rb b/app/controllers/api/v1/push/subscriptions_controller.rb
@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+class Api::V1::Push::SubscriptionsController < Api::BaseController
+  before_action -> { doorkeeper_authorize! :push }
+  before_action :require_user!
+  before_action :set_web_push_subscription
+
+  def create
+    @web_subscription&.destroy!
+
+    @web_subscription = ::Web::PushSubscription.create!(
+      endpoint: subscription_params[:endpoint],
+      key_p256dh: subscription_params[:keys][:p256dh],
+      key_auth: subscription_params[:keys][:auth],
+      data: data_params,
+      user_id: current_user.id,
+      access_token_id: doorkeeper_token.id
+    )
+
+    render json: @web_subscription, serializer: REST::WebPushSubscriptionSerializer
+  end
+
+  def update
+    raise ActiveRecord::RecordNotFound if @web_subscription.nil?
+
+    @web_subscription.update!(data: data_params)
+
+    render json: @web_subscription, serializer: REST::WebPushSubscriptionSerializer
+  end
+
+  def destroy
+    @web_subscription&.destroy!
+    render_empty
+  end
+
+  private
+
+  def set_web_push_subscription
+    @web_subscription = ::Web::PushSubscription.find_by(access_token_id: doorkeeper_token.id)
+  end
+
+  def subscription_params
+    params.require(:subscription).permit(:endpoint, keys: [:auth, :p256dh])
+  end
+
+  def data_params
+    return {} if params[:data].blank?
+    params.require(:data).permit(alerts: [:follow, :favourite, :reblog, :mention])
+  end
+end
diff --git a/app/controllers/api/web/push_subscriptions_controller.rb b/app/controllers/api/web/push_subscriptions_controller.rb
@@ -31,22 +31,23 @@ def create
       endpoint: subscription_params[:endpoint],
       key_p256dh: subscription_params[:keys][:p256dh],
       key_auth: subscription_params[:keys][:auth],
-      data: data
+      data: data,
+      user_id: active_session.user_id,
+      access_token_id: active_session.access_token_id
     )
 
     active_session.update!(web_push_subscription: web_subscription)
 
-    render json: web_subscription.as_payload
+    render json: web_subscription, serializer: REST::WebPushSubscriptionSerializer
   end
 
   def update
     params.require([:id])
 
     web_subscription = ::Web::PushSubscription.find(params[:id])
-
     web_subscription.update!(data: data_params)
 
-    render json: web_subscription.as_payload
+    render json: web_subscription, serializer: REST::WebPushSubscriptionSerializer
   end
 
   private
@@ -56,6 +57,6 @@ def subscription_params
   end
 
   def data_params
-    @data_params ||= params.require(:data).permit(:alerts)
+    @data_params ||= params.require(:data).permit(alerts: [:follow, :favourite, :reblog, :mention])
   end
 end
diff --git a/app/controllers/shares_controller.rb b/app/controllers/shares_controller.rb
@@ -15,6 +15,7 @@ def show
 
   def initial_state_params
     text = [params[:title], params[:text], params[:url]].compact.join(' ')
+
     {
       settings: Web::Setting.find_by(user: current_user)&.data || {},
       push_subscription: current_account.user.web_push_subscription(current_session),

diff --git a/app/models/user.rb b/app/models/user.rb
@@ -245,7 +245,7 @@ def session_active?(id)
   end
 
   def web_push_subscription(session)
-    session.web_push_subscription.nil? ? nil : session.web_push_subscription.as_payload
+    session.web_push_subscription.nil? ? nil : session.web_push_subscription
   end
 
   def invite_code=(code)

diff --git a/app/models/web/push_subscription.rb b/app/models/web/push_subscription.rb
@@ -3,38 +3,51 @@
 #
 # Table name: web_push_subscriptions
 #
-#  id         :bigint(8)        not null, primary key
-#  endpoint   :string           not null
-#  key_p256dh :string           not null
-#  key_auth   :string           not null
-#  data       :json
-#  created_at :datetime         not null
-#  updated_at :datetime         not null
+#  id              :bigint(8)        not null, primary key
+#  endpoint        :string           not null
+#  key_p256dh      :string           not null
+#  key_auth        :string           not null
+#  data            :json
+#  created_at      :datetime         not null
+#  updated_at      :datetime         not null
+#  access_token_id :bigint(8)
+#  user_id         :bigint(8)
 #
 
-require 'webpush'
-
 class Web::PushSubscription < ApplicationRecord
+  belongs_to :user, optional: true
+  belongs_to :access_token, class_name: 'Doorkeeper::AccessToken', optional: true
+
   has_one :session_activation
 
   def push(notification)
-    I18n.with_locale(session_activation.user.locale || I18n.default_locale) do
+    I18n.with_locale(associated_user.locale || I18n.default_locale) do
       push_payload(message_from(notification), 48.hours.seconds)
     end
   end
 
   def pushable?(notification)
-    data&.key?('alerts') && data['alerts'][notification.type.to_s]
+    data&.key?('alerts') && ActiveModel::Type::Boolean.new.cast(data['alerts'][notification.type.to_s])
   end
 
-  def as_payload
-    payload = { id: id, endpoint: endpoint }
-    payload[:alerts] = data['alerts'] if data&.key?('alerts')
-    payload
+  def associated_user
+    return @associated_user if defined?(@associated_user)
+
+    @associated_user = if user_id.nil?
+                         session_activation.user
+                       else
+                         user
+                       end
   end
 
-  def access_token
-    find_or_create_access_token.token
+  def associated_access_token
+    return @associated_access_token if defined?(@associated_access_token)
+
+    @associated_access_token = if access_token_id.nil?
+                                 find_or_create_access_token.token
+                               else
+                                 access_token
+                               end
   end
 
   private

diff --git a/app/serializers/initial_state_serializer.rb b/app/serializers/initial_state_serializer.rb
@@ -2,7 +2,9 @@
 
 class InitialStateSerializer < ActiveModel::Serializer
   attributes :meta, :compose, :accounts,
-             :media_attachments, :settings, :push_subscription
+             :media_attachments, :settings
+
+  has_one :push_subscription, serializer: REST::WebPushSubscriptionSerializer
 
   def meta
     store = {

diff --git a/app/serializers/rest/web_push_subscription_serializer.rb b/app/serializers/rest/web_push_subscription_serializer.rb
@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+class REST::WebPushSubscriptionSerializer < ActiveModel::Serializer
+  attributes :id, :endpoint, :alerts, :server_key
+
+  def alerts
+    object.data&.dig('alerts') || {}
+  end
+
+  def server_key
+    Rails.configuration.x.vapid_public_key
+  end
+end
diff --git a/app/serializers/web/notification_serializer.rb b/app/serializers/web/notification_serializer.rb
@@ -54,7 +54,7 @@ def actions
 
     def access_token
       return if actions.empty?
-      current_push_subscription.access_token
+      current_push_subscription.associated_access_token
     end
 
     def message

diff --git a/app/services/notify_service.rb b/app/services/notify_service.rb
@@ -9,6 +9,7 @@ def call(recipient, activity)
     return if recipient.user.nil? || blocked?
 
     create_notification
+    push_notification if @notification.browserable?
     send_email if email_enabled?
   rescue ActiveRecord::RecordInvalid
     return
@@ -101,25 +102,27 @@ def conversation_muted?
 
   def create_notification
     @notification.save!
-    return unless @notification.browserable?
+  end
+
+  def push_notification
+    return if @notification.activity.nil?
+
     Redis.current.publish("timeline:#{@recipient.id}", Oj.dump(event: :notification, payload: InlineRenderer.render(@notification, @recipient, :notification)))
     send_push_notifications
   end
 
   def send_push_notifications
-    # HACK: Can be caused by quickly unfavouriting a status, since creating
-    # a favourite and creating a notification are not wrapped in a transaction.
-    return if @notification.activity.nil?
-
-    sessions_with_subscriptions = @recipient.user.session_activations.where.not(web_push_subscription: nil)
-    sessions_with_subscriptions_ids = sessions_with_subscriptions.select { |session| session.web_push_subscription.pushable? @notification }.map(&:id)
+    subscriptions_ids = ::Web::PushSubscription.where(user_id: @recipient.user.id)
+                                               .select { |subscription| subscription.pushable?(@notification) }
+                                               .map(&:id)
 
-    WebPushNotificationWorker.push_bulk(sessions_with_subscriptions_ids) do |session_activation_id|
-      [session_activation_id, @notification.id]
+    ::Web::PushNotificationWorker.push_bulk(subscriptions_ids) do |subscription_id|
+      [subscription_id, @notification.id]
     end
   end
 
   def send_email
+    return if @notification.activity.nil?
     NotificationMailer.public_send(@notification.type, @recipient, @notification).deliver_later
   end
 

diff --git a/app/workers/web/push_notification_worker.rb b/app/workers/web/push_notification_worker.rb
@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+class Web::PushNotificationWorker
+  include Sidekiq::Worker
+
+  sidekiq_options backtrace: true
+
+  def perform(subscription_id, notification_id)
+    subscription = ::Web::PushSubscription.find(subscription_id)
+    notification = Notification.find(notification_id)
+
+    subscription.push(notification) unless notification.activity.nil?
+  rescue Webpush::InvalidSubscription, Webpush::ExpiredSubscription
+    subscription.destroy!
+  rescue ActiveRecord::RecordNotFound
+    true
+  end
+end
diff --git a/app/workers/web_push_notification_worker.rb b/app/workers/web_push_notification_worker.rb
diff --git a/config/initializers/doorkeeper.rb b/config/initializers/doorkeeper.rb
@@ -55,7 +55,7 @@
   # For more information go to
   # https://github.com/doorkeeper-gem/doorkeeper/wiki/Using-Scopes
   default_scopes  :read
-  optional_scopes :write, :follow
+  optional_scopes :write, :follow, :push
 
   # Change the way client credentials are retrieved from the request object.
   # By default it retrieves first from the `HTTP_AUTHORIZATION` header, then

diff --git a/config/locales/doorkeeper.en.yml b/config/locales/doorkeeper.en.yml
@@ -115,5 +115,6 @@ en:
         title: OAuth authorization required
     scopes:
       follow: follow, block, unblock and unfollow accounts
+      push: receive push notifications for your account
       read: read your account's data
       write: post on your behalf
diff --git a/config/routes.rb b/config/routes.rb
@@ -306,6 +306,10 @@
       resources :lists, only: [:index, :create, :show, :update, :destroy] do
         resource :accounts, only: [:show, :create, :destroy], controller: 'lists/accounts'
       end
+
+      namespace :push do
+        resource :subscription, only: [:create, :update, :destroy]
+      end
     end
 
     namespace :web do

diff --git a/db/migrate/20180510214435_add_access_token_id_to_web_push_subscriptions.rb b/db/migrate/20180510214435_add_access_token_id_to_web_push_subscriptions.rb
@@ -0,0 +1,6 @@
+class AddAccessTokenIdToWebPushSubscriptions < ActiveRecord::Migration[5.2]
+  def change
+    add_reference :web_push_subscriptions, :access_token, null: true, default: nil, foreign_key: { on_delete: :cascade, to_table: :oauth_access_tokens }, index: false
+    add_reference :web_push_subscriptions, :user, null: true, default: nil, foreign_key: { on_delete: :cascade }, index: false
+  end
+end
diff --git a/db/migrate/20180510230049_migrate_web_push_subscriptions.rb b/db/migrate/20180510230049_migrate_web_push_subscriptions.rb
@@ -0,0 +1,13 @@
+class MigrateWebPushSubscriptions < ActiveRecord::Migration[5.2]
+  disable_ddl_transaction!
+
+  def up
+    add_index :web_push_subscriptions, :user_id, algorithm: :concurrently
+    add_index :web_push_subscriptions, :access_token_id, algorithm: :concurrently
+  end
+
+  def down
+    remove_index :web_push_subscriptions, :user_id
+    remove_index :web_push_subscriptions, :access_token_id
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 2018_05_06_221944) do
+ActiveRecord::Schema.define(version: 2018_05_10_230049) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
@@ -539,6 +539,10 @@
     t.json "data"
     t.datetime "created_at", null: false
     t.datetime "updated_at", null: false
+    t.bigint "access_token_id"
+    t.bigint "user_id"
+    t.index ["access_token_id"], name: "index_web_push_subscriptions_on_access_token_id"
+    t.index ["user_id"], name: "index_web_push_subscriptions_on_user_id"
   end
 
   create_table "web_settings", force: :cascade do |t|
@@ -605,5 +609,7 @@
   add_foreign_key "subscriptions", "accounts", name: "fk_9847d1cbb5", on_delete: :cascade
   add_foreign_key "users", "accounts", name: "fk_50500f500d", on_delete: :cascade
   add_foreign_key "users", "invites", on_delete: :nullify
+  add_foreign_key "web_push_subscriptions", "oauth_access_tokens", column: "access_token_id", on_delete: :cascade
+  add_foreign_key "web_push_subscriptions", "users", on_delete: :cascade
   add_foreign_key "web_settings", "users", name: "fk_11910667b2", on_delete: :cascade
 end