mirror/ditto
mirror/ditto
1
0
Fork 0
mirror of https://gitlab.com/soapbox-pub/ditto.git synced 2025-12-06 11:29:46 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
ditto/src/controllers/api/push.ts
Alex Gleason b6925a5491
webpush: enforce endpoint as a URL
2024-10-12 22:58:29 -05:00

82 lines
2.3 KiB
TypeScript
Raw Blame History

import { nip19 } from 'nostr-tools';
import { z } from 'zod';
import { AppController } from '@/app.ts';
import { Conf } from '@/config.ts';
import { Storages } from '@/storages.ts';
import { parseBody } from '@/utils/api.ts';
import { getTokenHash } from '@/utils/auth.ts';
const pushSubscribeSchema = z.object({
subscription: z.object({
endpoint: z.string().url(),
keys: z.object({
p256dh: z.string(),
auth: z.string(),
}),
}),
data: z.object({
alerts: z.object({
mention: z.boolean().optional(),
status: z.boolean().optional(),
reblog: z.boolean().optional(),
follow: z.boolean().optional(),
follow_request: z.boolean().optional(),
favourite: z.boolean().optional(),
poll: z.boolean().optional(),
update: z.boolean().optional(),
'admin.sign_up': z.boolean().optional(),
'admin.report': z.boolean().optional(),
}).optional(),
policy: z.enum(['all', 'followed', 'follower', 'none']).optional(),
}).optional(),
});
export const pushSubscribeController: AppController = async (c) => {
const BEARER_REGEX = new RegExp(`^Bearer (${nip19.BECH32_REGEX.source})$`);
const header = c.req.header('authorization');
const match = header?.match(BEARER_REGEX);
if (!match) {
return c.json({ error: 'Unauthorized' }, 401);
}
const [_, bech32] = match;
if (!bech32.startsWith('token1')) {
return c.json({ error: 'Unauthorized' }, 401);
}
const kysely = await Storages.kysely();
const signer = c.get('signer')!;
const result = pushSubscribeSchema.safeParse(await parseBody(c.req.raw));
if (!result.success) {
return c.json({ error: 'Invalid request', schema: result.error }, 400);
}
const { subscription, data } = result.data;
const { id } = await kysely
.insertInto('push_subscriptions')
.values({
pubkey: await signer.getPublicKey(),
token_hash: await getTokenHash(bech32 as `token1${string}`),
endpoint: subscription.endpoint,
p256dh: subscription.keys.p256dh,
auth: subscription.keys.auth,
data,
})
.returning('id')
.executeTakeFirstOrThrow();
return c.json({
id,
endpoint: subscription.endpoint,
alerts: data?.alerts ?? {},
policy: data?.policy ?? 'all',
server_key: await Conf.vapidPublicKey,
});
};
Reference in a new issue View git blame Copy permalink