diff options
Diffstat (limited to 'internal/api/client/push')
| -rw-r--r-- | internal/api/client/push/push.go | 49 | ||||
| -rw-r--r-- | internal/api/client/push/push_test.go | 110 | ||||
| -rw-r--r-- | internal/api/client/push/pushsubscriptiondelete.go | 64 | ||||
| -rw-r--r-- | internal/api/client/push/pushsubscriptiondelete_test.go | 83 | ||||
| -rw-r--r-- | internal/api/client/push/pushsubscriptionget.go | 71 | ||||
| -rw-r--r-- | internal/api/client/push/pushsubscriptionget_test.go | 102 | ||||
| -rw-r--r-- | internal/api/client/push/pushsubscriptionpost.go | 284 | ||||
| -rw-r--r-- | internal/api/client/push/pushsubscriptionpost_test.go | 346 | ||||
| -rw-r--r-- | internal/api/client/push/pushsubscriptionput.go | 232 | ||||
| -rw-r--r-- | internal/api/client/push/pushsubscriptionput_test.go | 176 |
10 files changed, 1517 insertions, 0 deletions
diff --git a/internal/api/client/push/push.go b/internal/api/client/push/push.go new file mode 100644 index 000000000..33b974efa --- /dev/null +++ b/internal/api/client/push/push.go @@ -0,0 +1,49 @@ +// GoToSocial +// Copyright (C) GoToSocial Authors admin@gotosocial.org +// SPDX-License-Identifier: AGPL-3.0-or-later +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see <http://www.gnu.org/licenses/>. + +package push + +import ( + "net/http" + + "github.com/gin-gonic/gin" + "github.com/superseriousbusiness/gotosocial/internal/processing" +) + +const ( + // BasePath is the base path for serving the push API, minus the 'api' prefix. + BasePath = "/v1/push" + // SubscriptionPath is the path for serving requests for the current auth token's push subscription. + SubscriptionPath = BasePath + "/subscription" +) + +type Module struct { + processor *processing.Processor +} + +func New(processor *processing.Processor) *Module { + return &Module{ + processor: processor, + } +} + +func (m *Module) Route(attachHandler func(method string, path string, f ...gin.HandlerFunc) gin.IRoutes) { + attachHandler(http.MethodGet, SubscriptionPath, m.PushSubscriptionGETHandler) + attachHandler(http.MethodPost, SubscriptionPath, m.PushSubscriptionPOSTHandler) + attachHandler(http.MethodPut, SubscriptionPath, m.PushSubscriptionPUTHandler) + attachHandler(http.MethodDelete, SubscriptionPath, m.PushSubscriptionDELETEHandler) +} diff --git a/internal/api/client/push/push_test.go b/internal/api/client/push/push_test.go new file mode 100644 index 000000000..0d85192ff --- /dev/null +++ b/internal/api/client/push/push_test.go @@ -0,0 +1,110 @@ +// GoToSocial +// Copyright (C) GoToSocial Authors admin@gotosocial.org +// SPDX-License-Identifier: AGPL-3.0-or-later +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see <http://www.gnu.org/licenses/>. + +package push_test + +import ( + "testing" + + "github.com/stretchr/testify/suite" + "github.com/superseriousbusiness/gotosocial/internal/api/client/push" + "github.com/superseriousbusiness/gotosocial/internal/config" + "github.com/superseriousbusiness/gotosocial/internal/db" + "github.com/superseriousbusiness/gotosocial/internal/email" + "github.com/superseriousbusiness/gotosocial/internal/federation" + "github.com/superseriousbusiness/gotosocial/internal/gtsmodel" + "github.com/superseriousbusiness/gotosocial/internal/media" + "github.com/superseriousbusiness/gotosocial/internal/processing" + "github.com/superseriousbusiness/gotosocial/internal/state" + "github.com/superseriousbusiness/gotosocial/internal/storage" + "github.com/superseriousbusiness/gotosocial/testrig" +) + +type PushTestSuite struct { + suite.Suite + db db.DB + storage *storage.Driver + mediaManager *media.Manager + federator *federation.Federator + processor *processing.Processor + emailSender email.Sender + sentEmails map[string]string + state state.State + + // standard suite models + testTokens map[string]*gtsmodel.Token + testClients map[string]*gtsmodel.Client + testApplications map[string]*gtsmodel.Application + testUsers map[string]*gtsmodel.User + testAccounts map[string]*gtsmodel.Account + testWebPushSubscriptions map[string]*gtsmodel.WebPushSubscription + + // module being tested + pushModule *push.Module +} + +func (suite *PushTestSuite) SetupSuite() { + suite.testTokens = testrig.NewTestTokens() + suite.testClients = testrig.NewTestClients() + suite.testApplications = testrig.NewTestApplications() + suite.testUsers = testrig.NewTestUsers() + suite.testAccounts = testrig.NewTestAccounts() + suite.testWebPushSubscriptions = testrig.NewTestWebPushSubscriptions() +} + +func (suite *PushTestSuite) SetupTest() { + suite.state.Caches.Init() + testrig.StartNoopWorkers(&suite.state) + + testrig.InitTestConfig() + config.Config(func(cfg *config.Configuration) { + cfg.WebAssetBaseDir = "../../../../web/assets/" + cfg.WebTemplateBaseDir = "../../../../web/templates/" + }) + testrig.InitTestLog() + + suite.db = testrig.NewTestDB(&suite.state) + suite.state.DB = suite.db + suite.storage = testrig.NewInMemoryStorage() + suite.state.Storage = suite.storage + + suite.mediaManager = testrig.NewTestMediaManager(&suite.state) + suite.federator = testrig.NewTestFederator(&suite.state, testrig.NewTestTransportController(&suite.state, testrig.NewMockHTTPClient(nil, "../../../../testrig/media")), suite.mediaManager) + suite.sentEmails = make(map[string]string) + suite.emailSender = testrig.NewEmailSender("../../../../web/template/", suite.sentEmails) + suite.processor = testrig.NewTestProcessor( + &suite.state, + suite.federator, + suite.emailSender, + testrig.NewNoopWebPushSender(), + suite.mediaManager, + ) + suite.pushModule = push.New(suite.processor) + + testrig.StandardDBSetup(suite.db, nil) + testrig.StandardStorageSetup(suite.storage, "../../../../testrig/media") +} + +func (suite *PushTestSuite) TearDownTest() { + testrig.StandardDBTeardown(suite.db) + testrig.StandardStorageTeardown(suite.storage) + testrig.StopWorkers(&suite.state) +} + +func TestPushTestSuite(t *testing.T) { + suite.Run(t, new(PushTestSuite)) +} diff --git a/internal/api/client/push/pushsubscriptiondelete.go b/internal/api/client/push/pushsubscriptiondelete.go new file mode 100644 index 000000000..2a5fd8e69 --- /dev/null +++ b/internal/api/client/push/pushsubscriptiondelete.go @@ -0,0 +1,64 @@ +// GoToSocial +// Copyright (C) GoToSocial Authors admin@gotosocial.org +// SPDX-License-Identifier: AGPL-3.0-or-later +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see <http://www.gnu.org/licenses/>. + +package push + +import ( + "net/http" + + "github.com/gin-gonic/gin" + apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util" + "github.com/superseriousbusiness/gotosocial/internal/gtserror" + "github.com/superseriousbusiness/gotosocial/internal/oauth" +) + +// PushSubscriptionDELETEHandler swagger:operation DELETE /api/v1/push/subscription pushSubscriptionDelete +// +// Delete the Web Push subscription associated with the current auth token. +// If there is no subscription, returns successfully anyway. +// +// --- +// tags: +// - push +// +// security: +// - OAuth2 Bearer: +// - push +// +// responses: +// '200': +// description: Push subscription deleted, or did not exist. +// '400': +// description: bad request +// '401': +// description: unauthorized +// '500': +// description: internal server error +func (m *Module) PushSubscriptionDELETEHandler(c *gin.Context) { + authed, err := oauth.Authed(c, true, true, true, true) + if err != nil { + apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1) + return + } + + if errWithCode := m.processor.Push().Delete(c.Request.Context(), authed.Token.GetAccess()); errWithCode != nil { + apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1) + return + } + + apiutil.Data(c, http.StatusOK, apiutil.AppJSON, apiutil.EmptyJSONObject) +} diff --git a/internal/api/client/push/pushsubscriptiondelete_test.go b/internal/api/client/push/pushsubscriptiondelete_test.go new file mode 100644 index 000000000..3e81ce2a1 --- /dev/null +++ b/internal/api/client/push/pushsubscriptiondelete_test.go @@ -0,0 +1,83 @@ +// GoToSocial +// Copyright (C) GoToSocial Authors admin@gotosocial.org +// SPDX-License-Identifier: AGPL-3.0-or-later +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see <http://www.gnu.org/licenses/>. + +package push_test + +import ( + "fmt" + "net/http" + "net/http/httptest" + + "github.com/superseriousbusiness/gotosocial/internal/api/client/push" + "github.com/superseriousbusiness/gotosocial/internal/config" + "github.com/superseriousbusiness/gotosocial/internal/oauth" + "github.com/superseriousbusiness/gotosocial/testrig" +) + +// deleteSubscription deletes the push subscription for the named account and token. +func (suite *PushTestSuite) deleteSubscription( + accountFixtureName string, + tokenFixtureName string, + expectedHTTPStatus int, +) error { + // instantiate recorder + test context + recorder := httptest.NewRecorder() + ctx, _ := testrig.CreateGinTestContext(recorder, nil) + ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts[accountFixtureName]) + ctx.Set(oauth.SessionAuthorizedToken, oauth.DBTokenToToken(suite.testTokens[tokenFixtureName])) + ctx.Set(oauth.SessionAuthorizedApplication, suite.testApplications["application_1"]) + ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers[accountFixtureName]) + + // create the request + requestUrl := config.GetProtocol() + "://" + config.GetHost() + "/api" + push.SubscriptionPath + ctx.Request = httptest.NewRequest(http.MethodDelete, requestUrl, nil) + + // trigger the handler + suite.pushModule.PushSubscriptionDELETEHandler(ctx) + + // read the response + result := recorder.Result() + defer func() { + _ = result.Body.Close() + }() + + if resultCode := recorder.Code; expectedHTTPStatus != resultCode { + return fmt.Errorf("expected %d got %d", expectedHTTPStatus, resultCode) + } + + return nil +} + +// Delete a subscription that should exist. +func (suite *PushTestSuite) TestDeleteSubscription() { + accountFixtureName := "local_account_1" + // This token should have a subscription associated with it already. + tokenFixtureName := "local_account_1" + + err := suite.deleteSubscription(accountFixtureName, tokenFixtureName, 200) + suite.NoError(err) +} + +// Delete a subscription that should not exist, which should succeed anyway. +func (suite *PushTestSuite) TestDeleteMissingSubscription() { + accountFixtureName := "local_account_1" + // This token should not have a subscription. + tokenFixtureName := "local_account_1_user_authorization_token" + + err := suite.deleteSubscription(accountFixtureName, tokenFixtureName, 200) + suite.NoError(err) +} diff --git a/internal/api/client/push/pushsubscriptionget.go b/internal/api/client/push/pushsubscriptionget.go new file mode 100644 index 000000000..10774b862 --- /dev/null +++ b/internal/api/client/push/pushsubscriptionget.go @@ -0,0 +1,71 @@ +// GoToSocial +// Copyright (C) GoToSocial Authors admin@gotosocial.org +// SPDX-License-Identifier: AGPL-3.0-or-later +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see <http://www.gnu.org/licenses/>. + +package push + +import ( + "net/http" + + "github.com/gin-gonic/gin" + apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util" + "github.com/superseriousbusiness/gotosocial/internal/gtserror" + "github.com/superseriousbusiness/gotosocial/internal/oauth" +) + +// PushSubscriptionGETHandler swagger:operation GET /api/v1/push/subscription pushSubscriptionGet +// +// Get the push subscription for the current access token. +// +// --- +// tags: +// - push +// +// produces: +// - application/json +// +// security: +// - OAuth2 Bearer: +// - push +// +// responses: +// '200': +// description: Web Push subscription for current access token. +// schema: +// "$ref": "#/definitions/webPushSubscription" +// '400': +// description: bad request +// '401': +// description: unauthorized +// '404': +// description: This access token doesn't have an associated subscription. +// '500': +// description: internal server error +func (m *Module) PushSubscriptionGETHandler(c *gin.Context) { + authed, err := oauth.Authed(c, true, true, true, true) + if err != nil { + apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1) + return + } + + apiSubscription, errWithCode := m.processor.Push().Get(c, authed.Token.GetAccess()) + if errWithCode != nil { + apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1) + return + } + + apiutil.JSON(c, http.StatusOK, apiSubscription) +} diff --git a/internal/api/client/push/pushsubscriptionget_test.go b/internal/api/client/push/pushsubscriptionget_test.go new file mode 100644 index 000000000..23fb9e7f2 --- /dev/null +++ b/internal/api/client/push/pushsubscriptionget_test.go @@ -0,0 +1,102 @@ +// GoToSocial +// Copyright (C) GoToSocial Authors admin@gotosocial.org +// SPDX-License-Identifier: AGPL-3.0-or-later +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see <http://www.gnu.org/licenses/>. + +package push_test + +import ( + "encoding/json" + "fmt" + "io" + "net/http" + "net/http/httptest" + + "github.com/superseriousbusiness/gotosocial/internal/api/client/push" + apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model" + "github.com/superseriousbusiness/gotosocial/internal/config" + "github.com/superseriousbusiness/gotosocial/internal/oauth" + "github.com/superseriousbusiness/gotosocial/testrig" +) + +// getSubscription gets the push subscription for the named account and token. +func (suite *PushTestSuite) getSubscription( + accountFixtureName string, + tokenFixtureName string, + expectedHTTPStatus int, +) (*apimodel.WebPushSubscription, error) { + // instantiate recorder + test context + recorder := httptest.NewRecorder() + ctx, _ := testrig.CreateGinTestContext(recorder, nil) + ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts[accountFixtureName]) + ctx.Set(oauth.SessionAuthorizedToken, oauth.DBTokenToToken(suite.testTokens[tokenFixtureName])) + ctx.Set(oauth.SessionAuthorizedApplication, suite.testApplications["application_1"]) + ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers[accountFixtureName]) + + // create the request + requestUrl := config.GetProtocol() + "://" + config.GetHost() + "/api" + push.SubscriptionPath + ctx.Request = httptest.NewRequest(http.MethodGet, requestUrl, nil) + ctx.Request.Header.Set("accept", "application/json") + + // trigger the handler + suite.pushModule.PushSubscriptionGETHandler(ctx) + + // read the response + result := recorder.Result() + defer func() { + _ = result.Body.Close() + }() + + b, err := io.ReadAll(result.Body) + if err != nil { + return nil, err + } + + if resultCode := recorder.Code; expectedHTTPStatus != resultCode { + return nil, fmt.Errorf("expected %d got %d", expectedHTTPStatus, resultCode) + } + + resp := &apimodel.WebPushSubscription{} + if err := json.Unmarshal(b, resp); err != nil { + return nil, err + } + + return resp, nil +} + +// Get a subscription that should exist. +func (suite *PushTestSuite) TestGetSubscription() { + accountFixtureName := "local_account_1" + // This token should have a subscription associated with it already, with all event types turned on. + tokenFixtureName := "local_account_1" + + subscription, err := suite.getSubscription(accountFixtureName, tokenFixtureName, 200) + if suite.NoError(err) { + suite.NotEmpty(subscription.ID) + suite.NotEmpty(subscription.Endpoint) + suite.NotEmpty(subscription.ServerKey) + suite.True(subscription.Alerts.Mention) + } +} + +// Get a subscription that should not exist, which should fail. +func (suite *PushTestSuite) TestGetMissingSubscription() { + accountFixtureName := "local_account_1" + // This token should not have a subscription. + tokenFixtureName := "local_account_1_user_authorization_token" + + _, err := suite.getSubscription(accountFixtureName, tokenFixtureName, 404) + suite.NoError(err) +} diff --git a/internal/api/client/push/pushsubscriptionpost.go b/internal/api/client/push/pushsubscriptionpost.go new file mode 100644 index 000000000..a7e299894 --- /dev/null +++ b/internal/api/client/push/pushsubscriptionpost.go @@ -0,0 +1,284 @@ +// GoToSocial +// Copyright (C) GoToSocial Authors admin@gotosocial.org +// SPDX-License-Identifier: AGPL-3.0-or-later +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see <http://www.gnu.org/licenses/>. + +package push + +import ( + "crypto/ecdh" + "encoding/base64" + "errors" + "fmt" + "net/http" + "net/url" + + "github.com/gin-gonic/gin" + apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model" + apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util" + "github.com/superseriousbusiness/gotosocial/internal/gtserror" + "github.com/superseriousbusiness/gotosocial/internal/oauth" +) + +// PushSubscriptionPOSTHandler swagger:operation POST /api/v1/push/subscription pushSubscriptionPost +// +// Create a new Web Push subscription for the current access token, or replace the existing one. +// +// --- +// tags: +// - push +// +// consumes: +// - application/json +// - application/x-www-form-urlencoded +// +// produces: +// - application/json +// +// parameters: +// - +// name: subscription[endpoint] +// in: formData +// type: string +// required: true +// minLength: 1 +// description: The URL to which Web Push notifications will be sent. +// - +// name: subscription[keys][auth] +// in: formData +// type: string +// required: true +// minLength: 1 +// description: The auth secret, a Base64 encoded string of 16 bytes of random data. +// - +// name: subscription[keys][p256dh] +// in: formData +// type: string +// required: true +// minLength: 1 +// description: The user agent public key, a Base64 encoded string of a public key from an ECDH keypair using the prime256v1 curve. +// - +// name: data[alerts][follow] +// in: formData +// type: boolean +// default: false +// description: Receive a push notification when someone has followed you? +// - +// name: data[alerts][follow_request] +// in: formData +// type: boolean +// default: false +// description: Receive a push notification when someone has requested to follow you? +// - +// name: data[alerts][favourite] +// in: formData +// type: boolean +// default: false +// description: Receive a push notification when a status you created has been favourited by someone else? +// - +// name: data[alerts][mention] +// in: formData +// type: boolean +// default: false +// description: Receive a push notification when someone else has mentioned you in a status? +// - +// name: data[alerts][reblog] +// in: formData +// type: boolean +// default: false +// description: Receive a push notification when a status you created has been boosted by someone else? +// - +// name: data[alerts][poll] +// in: formData +// type: boolean +// default: false +// description: Receive a push notification when a poll you voted in or created has ended? +// - +// name: data[alerts][status] +// in: formData +// type: boolean +// default: false +// description: Receive a push notification when a subscribed account posts a status? +// - +// name: data[alerts][update] +// in: formData +// type: boolean +// default: false +// description: Receive a push notification when a status you interacted with has been edited? +// - +// name: data[alerts][admin.sign_up] +// in: formData +// type: boolean +// default: false +// description: Receive a push notification when a new user has signed up? +// - +// name: data[alerts][admin.report] +// in: formData +// type: boolean +// default: false +// description: Receive a push notification when a new report has been filed? +// - +// name: data[alerts][pending.favourite] +// in: formData +// type: boolean +// default: false +// description: Receive a push notification when a fave is pending? +// - +// name: data[alerts][pending.reply] +// in: formData +// type: boolean +// default: false +// description: Receive a push notification when a reply is pending? +// - +// name: data[alerts][pending.reblog] +// in: formData +// type: boolean +// default: false +// description: Receive a push notification when a boost is pending? +// +// security: +// - OAuth2 Bearer: +// - push +// +// responses: +// '200': +// description: Web Push subscription for current access token. +// schema: +// "$ref": "#/definitions/webPushSubscription" +// '400': +// description: bad request +// '401': +// description: unauthorized +// '403': +// description: forbidden +// '404': +// description: not found +// '406': +// description: not acceptable +// '500': +// description: internal server error +func (m *Module) PushSubscriptionPOSTHandler(c *gin.Context) { + authed, err := oauth.Authed(c, true, true, true, true) + if err != nil { + apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1) + return + } + + if authed.Account.IsMoving() { + apiutil.ForbiddenAfterMove(c) + return + } + + if _, err := apiutil.NegotiateAccept(c, apiutil.JSONAcceptHeaders...); err != nil { + apiutil.ErrorHandler(c, gtserror.NewErrorNotAcceptable(err, err.Error()), m.processor.InstanceGetV1) + return + } + + form := &apimodel.WebPushSubscriptionCreateRequest{} + if err := c.ShouldBind(form); err != nil { + apiutil.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGetV1) + return + } + + if err := validateNormalizeCreate(form); err != nil { + apiutil.ErrorHandler(c, gtserror.NewErrorUnprocessableEntity(err, err.Error()), m.processor.InstanceGetV1) + return + } + + apiSubscription, errWithCode := m.processor.Push().CreateOrReplace(c, authed.Account.ID, authed.Token.GetAccess(), form) + if errWithCode != nil { + apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1) + return + } + + apiutil.JSON(c, http.StatusOK, apiSubscription) +} + +// validateNormalizeCreate checks subscription endpoint format and keys decodability, +// and copies form fields to their canonical JSON equivalents. +func validateNormalizeCreate(request *apimodel.WebPushSubscriptionCreateRequest) error { + if request.Subscription == nil { + request.Subscription = &apimodel.WebPushSubscriptionRequestSubscription{} + } + + // Normalize and validate endpoint URL. + if request.SubscriptionEndpoint != nil { + request.Subscription.Endpoint = *request.SubscriptionEndpoint + } + + if request.Subscription.Endpoint == "" { + return errors.New("endpoint is required") + } + endpointURL, err := url.Parse(request.Subscription.Endpoint) + if err != nil { + return errors.New("endpoint must be a valid URL") + } + if endpointURL.Scheme != "https" { + return errors.New("endpoint must be an https:// URL") + } + if endpointURL.Host == "" { + return errors.New("endpoint URL must have a host") + } + if endpointURL.Fragment != "" { + return errors.New("endpoint URL must not have a fragment") + } + + // Normalize and validate auth secret. + if request.SubscriptionKeysAuth != nil { + request.Subscription.Keys.Auth = *request.SubscriptionKeysAuth + } + + authBytes, err := base64DecodeAny("auth", request.Subscription.Keys.Auth) + if err != nil { + return err + } + if len(authBytes) != 16 { + return fmt.Errorf("auth must be 16 bytes long, got %d", len(authBytes)) + } + + // Normalize and validate public key. + if request.SubscriptionKeysP256dh != nil { + request.Subscription.Keys.P256dh = *request.SubscriptionKeysP256dh + } + + p256dhBytes, err := base64DecodeAny("p256dh", request.Subscription.Keys.P256dh) + if err != nil { + return err + } + _, err = ecdh.P256().NewPublicKey(p256dhBytes) + if err != nil { + return fmt.Errorf("p256dh must be a valid public key on the NIST P-256 curve: %w", err) + } + + return validateNormalizeUpdate(&request.WebPushSubscriptionUpdateRequest) +} + +// base64DecodeAny tries decoding a string with standard and URL alphabets of Base64, with and without padding. +func base64DecodeAny(name string, value string) ([]byte, error) { + encodings := []*base64.Encoding{ + base64.StdEncoding, + base64.URLEncoding, + base64.RawStdEncoding, + base64.RawURLEncoding, + } + + for _, encoding := range encodings { + if bytes, err := encoding.DecodeString(value); err == nil { + return bytes, nil + } + } + + return nil, fmt.Errorf("%s is not valid Base64 data", name) +} diff --git a/internal/api/client/push/pushsubscriptionpost_test.go b/internal/api/client/push/pushsubscriptionpost_test.go new file mode 100644 index 000000000..bdd22d729 --- /dev/null +++ b/internal/api/client/push/pushsubscriptionpost_test.go @@ -0,0 +1,346 @@ +// GoToSocial +// Copyright (C) GoToSocial Authors admin@gotosocial.org +// SPDX-License-Identifier: AGPL-3.0-or-later +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see <http://www.gnu.org/licenses/>. + +package push_test + +import ( + "encoding/json" + "fmt" + "io" + "net/http" + "net/http/httptest" + "net/url" + "strconv" + "strings" + + "github.com/superseriousbusiness/gotosocial/internal/api/client/push" + apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model" + "github.com/superseriousbusiness/gotosocial/internal/config" + "github.com/superseriousbusiness/gotosocial/internal/oauth" + "github.com/superseriousbusiness/gotosocial/testrig" +) + +// postSubscription creates or replaces the push subscription for the named account and token. +// It only allows updating two event types if using the form API. Add more if you need them. +func (suite *PushTestSuite) postSubscription( + accountFixtureName string, + tokenFixtureName string, + endpoint *string, + auth *string, + p256dh *string, + alertsMention *bool, + alertsStatus *bool, + requestJson *string, + expectedHTTPStatus int, +) (*apimodel.WebPushSubscription, error) { + // instantiate recorder + test context + recorder := httptest.NewRecorder() + ctx, _ := testrig.CreateGinTestContext(recorder, nil) + ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts[accountFixtureName]) + ctx.Set(oauth.SessionAuthorizedToken, oauth.DBTokenToToken(suite.testTokens[tokenFixtureName])) + ctx.Set(oauth.SessionAuthorizedApplication, suite.testApplications["application_1"]) + ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers[accountFixtureName]) + + // create the request + requestUrl := config.GetProtocol() + "://" + config.GetHost() + "/api" + push.SubscriptionPath + ctx.Request = httptest.NewRequest(http.MethodPost, requestUrl, nil) + ctx.Request.Header.Set("accept", "application/json") + + if requestJson != nil { + ctx.Request.Header.Set("content-type", "application/json") + ctx.Request.Body = io.NopCloser(strings.NewReader(*requestJson)) + } else { + ctx.Request.Form = make(url.Values) + if endpoint != nil { + ctx.Request.Form["subscription[endpoint]"] = []string{*endpoint} + } + if auth != nil { + ctx.Request.Form["subscription[keys][auth]"] = []string{*auth} + } + if p256dh != nil { + ctx.Request.Form["subscription[keys][p256dh]"] = []string{*p256dh} + } + if alertsMention != nil { + ctx.Request.Form["data[alerts][mention]"] = []string{strconv.FormatBool(*alertsMention)} + } + if alertsStatus != nil { + ctx.Request.Form["data[alerts][status]"] = []string{strconv.FormatBool(*alertsStatus)} + } + } + + // trigger the handler + suite.pushModule.PushSubscriptionPOSTHandler(ctx) + + // read the response + result := recorder.Result() + defer func() { + _ = result.Body.Close() + }() + + b, err := io.ReadAll(result.Body) + if err != nil { + return nil, err + } + + if resultCode := recorder.Code; expectedHTTPStatus != resultCode { + return nil, fmt.Errorf("expected %d got %d", expectedHTTPStatus, resultCode) + } + + resp := &apimodel.WebPushSubscription{} + if err := json.Unmarshal(b, resp); err != nil { + return nil, err + } + + return resp, nil +} + +// Create a new subscription. +func (suite *PushTestSuite) TestPostSubscription() { + accountFixtureName := "local_account_1" + // This token should not have a subscription. + tokenFixtureName := "local_account_1_user_authorization_token" + + endpoint := "https://example.test/push" + auth := "cgna/fzrYLDQyPf5hD7IsA==" + p256dh := "BMYVItYVOX+AHBdtA62Q0i6c+F7MV2Gia3aoDr8mvHkuPBNIOuTLDfmFcnBqoZcQk6BtLcIONbxhHpy2R+mYIUY=" + alertsMention := true + alertsStatus := false + subscription, err := suite.postSubscription( + accountFixtureName, + tokenFixtureName, + &endpoint, + &auth, + &p256dh, + &alertsMention, + &alertsStatus, + nil, + 200, + ) + if suite.NoError(err) { + suite.NotEmpty(subscription.ID) + suite.NotEmpty(subscription.Endpoint) + suite.NotEmpty(subscription.ServerKey) + suite.True(subscription.Alerts.Mention) + suite.False(subscription.Alerts.Status) + // Omitted event types should default to off. + suite.False(subscription.Alerts.Favourite) + } +} + +// Create a new subscription with only required fields. +func (suite *PushTestSuite) TestPostSubscriptionMinimal() { + accountFixtureName := "local_account_1" + // This token should not have a subscription. + tokenFixtureName := "local_account_1_user_authorization_token" + + endpoint := "https://example.test/push" + auth := "cgna/fzrYLDQyPf5hD7IsA==" + p256dh := "BMYVItYVOX+AHBdtA62Q0i6c+F7MV2Gia3aoDr8mvHkuPBNIOuTLDfmFcnBqoZcQk6BtLcIONbxhHpy2R+mYIUY=" + subscription, err := suite.postSubscription( + accountFixtureName, + tokenFixtureName, + &endpoint, + &auth, + &p256dh, + nil, + nil, + nil, + 200, + ) + if suite.NoError(err) { + suite.NotEmpty(subscription.ID) + suite.NotEmpty(subscription.Endpoint) + suite.NotEmpty(subscription.ServerKey) + // All event types should default to off. + suite.False(subscription.Alerts.Mention) + suite.False(subscription.Alerts.Status) + suite.False(subscription.Alerts.Favourite) + } +} + +// Create a new subscription with a missing endpoint, which should fail. +func (suite *PushTestSuite) TestPostInvalidSubscription() { + accountFixtureName := "local_account_1" + // This token should not have a subscription. + tokenFixtureName := "local_account_1_user_authorization_token" + + // No endpoint. + auth := "cgna/fzrYLDQyPf5hD7IsA==" + p256dh := "BMYVItYVOX+AHBdtA62Q0i6c+F7MV2Gia3aoDr8mvHkuPBNIOuTLDfmFcnBqoZcQk6BtLcIONbxhHpy2R+mYIUY=" + alertsMention := true + alertsStatus := false + _, err := suite.postSubscription( + accountFixtureName, + tokenFixtureName, + nil, + &auth, + &p256dh, + &alertsMention, + &alertsStatus, + nil, + 422, + ) + suite.NoError(err) +} + +// Create a new subscription, using the JSON format. +func (suite *PushTestSuite) TestPostSubscriptionJSON() { + accountFixtureName := "local_account_1" + // This token should not have a subscription. + tokenFixtureName := "local_account_1_user_authorization_token" + + requestJson := `{ + "subscription": { + "endpoint": "https://example.test/push", + "keys": { + "auth": "cgna/fzrYLDQyPf5hD7IsA==", + "p256dh": "BMYVItYVOX+AHBdtA62Q0i6c+F7MV2Gia3aoDr8mvHkuPBNIOuTLDfmFcnBqoZcQk6BtLcIONbxhHpy2R+mYIUY=" + } + }, + "data": { + "alerts": { + "mention": true, + "status": false + } + } + }` + subscription, err := suite.postSubscription( + accountFixtureName, + tokenFixtureName, + nil, + nil, + nil, + nil, + nil, + &requestJson, + 200, + ) + if suite.NoError(err) { + suite.NotEmpty(subscription.ID) + suite.NotEmpty(subscription.Endpoint) + suite.NotEmpty(subscription.ServerKey) + suite.True(subscription.Alerts.Mention) + suite.False(subscription.Alerts.Status) + // Omitted event types should default to off. + suite.False(subscription.Alerts.Favourite) + } +} + +// Create a new subscription, using the JSON format and only required fields. +func (suite *PushTestSuite) TestPostSubscriptionJSONMinimal() { + accountFixtureName := "local_account_1" + // This token should not have a subscription. + tokenFixtureName := "local_account_1_user_authorization_token" + + requestJson := `{ + "subscription": { + "endpoint": "https://example.test/push", + "keys": { + "auth": "cgna/fzrYLDQyPf5hD7IsA==", + "p256dh": "BMYVItYVOX+AHBdtA62Q0i6c+F7MV2Gia3aoDr8mvHkuPBNIOuTLDfmFcnBqoZcQk6BtLcIONbxhHpy2R+mYIUY=" + } + } + }` + subscription, err := suite.postSubscription( + accountFixtureName, + tokenFixtureName, + nil, + nil, + nil, + nil, + nil, + &requestJson, + 200, + ) + if suite.NoError(err) { + suite.NotEmpty(subscription.ID) + suite.NotEmpty(subscription.Endpoint) + suite.NotEmpty(subscription.ServerKey) + // All event types should default to off. + suite.False(subscription.Alerts.Mention) + suite.False(subscription.Alerts.Status) + suite.False(subscription.Alerts.Favourite) + } +} + +// Create a new subscription with a missing endpoint, using the JSON format, which should fail. +func (suite *PushTestSuite) TestPostInvalidSubscriptionJSON() { + accountFixtureName := "local_account_1" + // This token should not have a subscription. + tokenFixtureName := "local_account_1_user_authorization_token" + + // No endpoint. + requestJson := `{ + "subscription": { + "keys": { + "auth": "cgna/fzrYLDQyPf5hD7IsA==", + "p256dh": "BMYVItYVOX+AHBdtA62Q0i6c+F7MV2Gia3aoDr8mvHkuPBNIOuTLDfmFcnBqoZcQk6BtLcIONbxhHpy2R+mYIUY=" + } + }, + "data": { + "alerts": { + "mention": true, + "status": false + } + } + }` + _, err := suite.postSubscription( + accountFixtureName, + tokenFixtureName, + nil, + nil, + nil, + nil, + nil, + &requestJson, + 422, + ) + suite.NoError(err) +} + +// Replace a subscription that already exists. +func (suite *PushTestSuite) TestPostExistingSubscription() { + accountFixtureName := "local_account_1" + // This token should have a subscription associated with it already, with all event types turned on. + tokenFixtureName := "local_account_1" + + endpoint := "https://example.test/push" + auth := "JMFtMRgZaeHpwsDjBnhcmQ==" + p256dh := "BMYVItYVOX+AHBdtA62Q0i6c+F7MV2Gia3aoDr8mvHkuPBNIOuTLDfmFcnBqoZcQk6BtLcIONbxhHpy2R+mYIUY=" + alertsMention := true + alertsStatus := false + subscription, err := suite.postSubscription( + accountFixtureName, + tokenFixtureName, + &endpoint, + &auth, + &p256dh, + &alertsMention, + &alertsStatus, + nil, + 200, + ) + if suite.NoError(err) { + suite.NotEqual(suite.testWebPushSubscriptions["local_account_1_token_1"].ID, subscription.ID) + suite.NotEmpty(subscription.Endpoint) + suite.NotEmpty(subscription.ServerKey) + suite.True(subscription.Alerts.Mention) + suite.False(subscription.Alerts.Status) + // Omitted event types should default to off. + suite.False(subscription.Alerts.Favourite) + } +} diff --git a/internal/api/client/push/pushsubscriptionput.go b/internal/api/client/push/pushsubscriptionput.go new file mode 100644 index 000000000..06575f4ee --- /dev/null +++ b/internal/api/client/push/pushsubscriptionput.go @@ -0,0 +1,232 @@ +// GoToSocial +// Copyright (C) GoToSocial Authors admin@gotosocial.org +// SPDX-License-Identifier: AGPL-3.0-or-later +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see <http://www.gnu.org/licenses/>. + +package push + +import ( + "net/http" + + "github.com/gin-gonic/gin" + apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model" + apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util" + "github.com/superseriousbusiness/gotosocial/internal/gtserror" + "github.com/superseriousbusiness/gotosocial/internal/oauth" +) + +// PushSubscriptionPUTHandler swagger:operation PUT /api/v1/push/subscription pushSubscriptionPut +// +// Update the Web Push subscription for the current access token. +// Only which notifications you receive can be updated. +// +// --- +// tags: +// - push +// +// consumes: +// - application/json +// - application/x-www-form-urlencoded +// +// produces: +// - application/json +// +// parameters: +// - +// name: data[alerts][follow] +// in: formData +// type: boolean +// default: false +// description: Receive a push notification when someone has followed you? +// - +// name: data[alerts][follow_request] +// in: formData +// type: boolean +// default: false +// description: Receive a push notification when someone has requested to follow you? +// - +// name: data[alerts][favourite] +// in: formData +// type: boolean +// default: false +// description: Receive a push notification when a status you created has been favourited by someone else? +// - +// name: data[alerts][mention] +// in: formData +// type: boolean +// default: false +// description: Receive a push notification when someone else has mentioned you in a status? +// - +// name: data[alerts][reblog] +// in: formData +// type: boolean +// default: false +// description: Receive a push notification when a status you created has been boosted by someone else? +// - +// name: data[alerts][poll] +// in: formData +// type: boolean +// default: false +// description: Receive a push notification when a poll you voted in or created has ended? +// - +// name: data[alerts][status] +// in: formData +// type: boolean +// default: false +// description: Receive a push notification when a subscribed account posts a status? +// - +// name: data[alerts][update] +// in: formData +// type: boolean +// default: false +// description: Receive a push notification when a status you interacted with has been edited? +// - +// name: data[alerts][admin.sign_up] +// in: formData +// type: boolean +// default: false +// description: Receive a push notification when a new user has signed up? +// - +// name: data[alerts][admin.report] +// in: formData +// type: boolean +// default: false +// description: Receive a push notification when a new report has been filed? +// - +// name: data[alerts][pending.favourite] +// in: formData +// type: boolean +// default: false +// description: Receive a push notification when a fave is pending? +// - +// name: data[alerts][pending.reply] +// in: formData +// type: boolean +// default: false +// description: Receive a push notification when a reply is pending? +// - +// name: data[alerts][pending.reblog] +// in: formData +// type: boolean +// default: false +// description: Receive a push notification when a boost is pending? +// +// security: +// - OAuth2 Bearer: +// - push +// +// responses: +// '200': +// description: Web Push subscription for current access token. +// schema: +// "$ref": "#/definitions/webPushSubscription" +// '400': +// description: bad request +// '401': +// description: unauthorized +// '403': +// description: forbidden +// '404': +// description: This access token doesn't have an associated subscription. +// '406': +// description: not acceptable +// '500': +// description: internal server error +func (m *Module) PushSubscriptionPUTHandler(c *gin.Context) { + authed, err := oauth.Authed(c, true, true, true, true) + if err != nil { + apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1) + return + } + + if authed.Account.IsMoving() { + apiutil.ForbiddenAfterMove(c) + return + } + + if _, err := apiutil.NegotiateAccept(c, apiutil.JSONAcceptHeaders...); err != nil { + apiutil.ErrorHandler(c, gtserror.NewErrorNotAcceptable(err, err.Error()), m.processor.InstanceGetV1) + return + } + + form := &apimodel.WebPushSubscriptionUpdateRequest{} + if err := c.ShouldBind(form); err != nil { + apiutil.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGetV1) + return + } + + if err := validateNormalizeUpdate(form); err != nil { + apiutil.ErrorHandler(c, gtserror.NewErrorUnprocessableEntity(err, err.Error()), m.processor.InstanceGetV1) + return + } + + apiSubscription, errWithCode := m.processor.Push().Update(c, authed.Token.GetAccess(), form) + if errWithCode != nil { + apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1) + return + } + + apiutil.JSON(c, http.StatusOK, apiSubscription) +} + +// validateNormalizeUpdate copies form fields to their canonical JSON equivalents. +func validateNormalizeUpdate(request *apimodel.WebPushSubscriptionUpdateRequest) error { + if request.Data == nil { + request.Data = &apimodel.WebPushSubscriptionRequestData{} + } + + if request.Data.Alerts == nil { + request.Data.Alerts = &apimodel.WebPushSubscriptionAlerts{} + } + + if request.DataAlertsFollow != nil { + request.Data.Alerts.Follow = *request.DataAlertsFollow + } + if request.DataAlertsFollowRequest != nil { + request.Data.Alerts.FollowRequest = *request.DataAlertsFollowRequest + } + if request.DataAlertsMention != nil { + request.Data.Alerts.Mention = *request.DataAlertsMention + } + if request.DataAlertsReblog != nil { + request.Data.Alerts.Reblog = *request.DataAlertsReblog + } + if request.DataAlertsPoll != nil { + request.Data.Alerts.Poll = *request.DataAlertsPoll + } + if request.DataAlertsStatus != nil { + request.Data.Alerts.Status = *request.DataAlertsStatus + } + if request.DataAlertsUpdate != nil { + request.Data.Alerts.Update = *request.DataAlertsUpdate + } + if request.DataAlertsAdminSignup != nil { + request.Data.Alerts.AdminSignup = *request.DataAlertsAdminSignup + } + if request.DataAlertsAdminReport != nil { + request.Data.Alerts.AdminReport = *request.DataAlertsAdminReport + } + if request.DataAlertsPendingFavourite != nil { + request.Data.Alerts.PendingFavourite = *request.DataAlertsPendingFavourite + } + if request.DataAlertsPendingReply != nil { + request.Data.Alerts.PendingReply = *request.DataAlertsPendingReply + } + if request.DataAlertsPendingReblog != nil { + request.Data.Alerts.Reblog = *request.DataAlertsPendingReblog + } + + return nil +} diff --git a/internal/api/client/push/pushsubscriptionput_test.go b/internal/api/client/push/pushsubscriptionput_test.go new file mode 100644 index 000000000..924e3d475 --- /dev/null +++ b/internal/api/client/push/pushsubscriptionput_test.go @@ -0,0 +1,176 @@ +// GoToSocial +// Copyright (C) GoToSocial Authors admin@gotosocial.org +// SPDX-License-Identifier: AGPL-3.0-or-later +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see <http://www.gnu.org/licenses/>. + +package push_test + +import ( + "encoding/json" + "fmt" + "io" + "net/http" + "net/http/httptest" + "net/url" + "strconv" + "strings" + + "github.com/superseriousbusiness/gotosocial/internal/api/client/push" + apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model" + "github.com/superseriousbusiness/gotosocial/internal/config" + "github.com/superseriousbusiness/gotosocial/internal/oauth" + "github.com/superseriousbusiness/gotosocial/testrig" +) + +// putSubscription updates the push subscription for the named account and token. +// It only allows updating two event types if using the form API. Add more if you need them. +func (suite *PushTestSuite) putSubscription( + accountFixtureName string, + tokenFixtureName string, + alertsMention *bool, + alertsStatus *bool, + requestJson *string, + expectedHTTPStatus int, +) (*apimodel.WebPushSubscription, error) { + // instantiate recorder + test context + recorder := httptest.NewRecorder() + ctx, _ := testrig.CreateGinTestContext(recorder, nil) + ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts[accountFixtureName]) + ctx.Set(oauth.SessionAuthorizedToken, oauth.DBTokenToToken(suite.testTokens[tokenFixtureName])) + ctx.Set(oauth.SessionAuthorizedApplication, suite.testApplications["application_1"]) + ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers[accountFixtureName]) + + // create the request + requestUrl := config.GetProtocol() + "://" + config.GetHost() + "/api" + push.SubscriptionPath + ctx.Request = httptest.NewRequest(http.MethodPut, requestUrl, nil) + ctx.Request.Header.Set("accept", "application/json") + + if requestJson != nil { + ctx.Request.Header.Set("content-type", "application/json") + ctx.Request.Body = io.NopCloser(strings.NewReader(*requestJson)) + } else { + ctx.Request.Form = make(url.Values) + if alertsMention != nil { + ctx.Request.Form["data[alerts][mention]"] = []string{strconv.FormatBool(*alertsMention)} + } + if alertsStatus != nil { + ctx.Request.Form["data[alerts][status]"] = []string{strconv.FormatBool(*alertsStatus)} + } + } + + // trigger the handler + suite.pushModule.PushSubscriptionPUTHandler(ctx) + + // read the response + result := recorder.Result() + defer func() { + _ = result.Body.Close() + }() + + b, err := io.ReadAll(result.Body) + if err != nil { + return nil, err + } + + if resultCode := recorder.Code; expectedHTTPStatus != resultCode { + return nil, fmt.Errorf("expected %d got %d", expectedHTTPStatus, resultCode) + } + + resp := &apimodel.WebPushSubscription{} + if err := json.Unmarshal(b, resp); err != nil { + return nil, err + } + + return resp, nil +} + +// Update a subscription that already exists. +func (suite *PushTestSuite) TestPutSubscription() { + accountFixtureName := "local_account_1" + // This token should have a subscription associated with it already, with all event types turned on. + tokenFixtureName := "local_account_1" + + alertsMention := true + alertsStatus := false + subscription, err := suite.putSubscription( + accountFixtureName, + tokenFixtureName, + &alertsMention, + &alertsStatus, + nil, + 200, + ) + if suite.NoError(err) { + suite.NotEmpty(subscription.ID) + suite.NotEmpty(subscription.Endpoint) + suite.NotEmpty(subscription.ServerKey) + suite.True(subscription.Alerts.Mention) + suite.False(subscription.Alerts.Status) + // Omitted event types should default to off. + suite.False(subscription.Alerts.Favourite) + } +} + +// Update a subscription that already exists, using the JSON format. +func (suite *PushTestSuite) TestPutSubscriptionJSON() { + accountFixtureName := "local_account_1" + // This token should have a subscription associated with it already, with all event types turned on. + tokenFixtureName := "local_account_1" + + requestJson := `{ + "data": { + "alerts": { + "mention": true, + "status": false + } + } + }` + subscription, err := suite.putSubscription( + accountFixtureName, + tokenFixtureName, + nil, + nil, + &requestJson, + 200, + ) + if suite.NoError(err) { + suite.NotEmpty(subscription.ID) + suite.NotEmpty(subscription.Endpoint) + suite.NotEmpty(subscription.ServerKey) + suite.True(subscription.Alerts.Mention) + suite.False(subscription.Alerts.Status) + // Omitted event types should default to off. + suite.False(subscription.Alerts.Favourite) + } +} + +// Update a subscription that does not exist, which should fail. +func (suite *PushTestSuite) TestPutMissingSubscription() { + accountFixtureName := "local_account_1" + // This token should not have a subscription. + tokenFixtureName := "local_account_1_user_authorization_token" + + alertsMention := true + alertsStatus := false + _, err := suite.putSubscription( + accountFixtureName, + tokenFixtureName, + &alertsMention, + &alertsStatus, + nil, + 404, + ) + suite.NoError(err) +} |