- # frozen_string_literal: true
- # == Schema Information
- #
- # Table name: web_push_subscriptions
- #
- # id :bigint(8) not null, primary key
- # endpoint :string not null
- # key_p256dh :string not null
- # key_auth :string not null
- # data :json
- # created_at :datetime not null
- # updated_at :datetime not null
- # access_token_id :bigint(8)
- # user_id :bigint(8)
- #
-
- class Web::PushSubscription < ApplicationRecord
- belongs_to :user, optional: true
- belongs_to :access_token, class_name: 'Doorkeeper::AccessToken', optional: true
-
- has_one :session_activation, foreign_key: 'web_push_subscription_id', inverse_of: :web_push_subscription
-
- validates :endpoint, presence: true
- validates :key_p256dh, presence: true
- validates :key_auth, presence: true
-
- delegate :locale, to: :associated_user
-
- def encrypt(payload)
- Webpush::Encryption.encrypt(payload, key_p256dh, key_auth)
- end
-
- def audience
- @audience ||= Addressable::URI.parse(endpoint).normalized_site
- end
-
- def crypto_key_header
- p256ecdsa = vapid_key.public_key_for_push_header
-
- "p256ecdsa=#{p256ecdsa}"
- end
-
- def authorization_header
- jwt = JWT.encode({ aud: audience, exp: 24.hours.from_now.to_i, sub: "mailto:#{contact_email}" }, vapid_key.curve, 'ES256', typ: 'JWT')
-
- "WebPush #{jwt}"
- end
-
- def pushable?(notification)
- policy_allows_notification?(notification) && alert_enabled_for_notification_type?(notification)
- end
-
- def associated_user
- return @associated_user if defined?(@associated_user)
-
- @associated_user = begin
- if user_id.nil?
- session_activation.user
- else
- user
- end
- end
- end
-
- def associated_access_token
- return @associated_access_token if defined?(@associated_access_token)
-
- @associated_access_token = begin
- if access_token_id.nil?
- find_or_create_access_token.token
- else
- access_token.token
- end
- end
- end
-
- class << self
- def unsubscribe_for(application_id, resource_owner)
- access_token_ids = Doorkeeper::AccessToken.where(application_id: application_id, resource_owner_id: resource_owner.id, revoked_at: nil).pluck(:id)
- where(access_token_id: access_token_ids).delete_all
- end
- end
-
- private
-
- def find_or_create_access_token
- Doorkeeper::AccessToken.find_or_create_for(
- application: Doorkeeper::Application.find_by(superapp: true),
- resource_owner: user_id || session_activation.user_id,
- scopes: Doorkeeper::OAuth::Scopes.from_string('read write follow push'),
- expires_in: Doorkeeper.configuration.access_token_expires_in,
- use_refresh_token: Doorkeeper.configuration.refresh_token_enabled?
- )
- end
-
- def vapid_key
- @vapid_key ||= Webpush::VapidKey.from_keys(Rails.configuration.x.vapid_public_key, Rails.configuration.x.vapid_private_key)
- end
-
- def contact_email
- @contact_email ||= ::Setting.site_contact_email
- end
-
- def alert_enabled_for_notification_type?(notification)
- truthy?(data&.dig('alerts', notification.type.to_s))
- end
-
- def policy_allows_notification?(notification)
- case data&.dig('policy')
- when nil, 'all'
- true
- when 'none'
- false
- when 'followed'
- notification.account.following?(notification.from_account)
- when 'follower'
- notification.from_account.following?(notification.account)
- end
- end
-
- def truthy?(val)
- ActiveModel::Type::Boolean.new.cast(val)
- end
- end
|