mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-08-06 08:47:45 +02:00
Code Issues Releases Wiki Activity

Merge pull request #6416 from marc1706/ticket/17010

Browse Source 
[ticket/17010] Implement notification method for web push
This commit is contained in:
Marc Alexander
2024-04-03 20:05:23 +02:00
committed by GitHub
parent 98ad0750f0 7c36c0c5bd
commit 70d61a4e91
39 changed files with 5512 additions and 253 deletions
Download Patch File Download Diff File Expand all files Collapse all files

101
phpBB/phpbb/db/migration/data/v400/add_webpush.php Normal file
View File

@@ -0,0 +1,101 @@
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
namespace phpbb\db\migration\data\v400;
use phpbb\db\migration\migration;
class add_webpush extends migration
{
public static function depends_on(): array
{
return [
'\phpbb\db\migration\data\v400\dev',
];
}
public function effectively_installed(): bool
{
return $this->db_tools->sql_table_exists($this->table_prefix . 'notification_push');
}
public function update_schema(): array
{
return [
'add_tables' => [
$this->table_prefix . 'notification_push' => [
'COLUMNS' => [
'notification_type_id' => ['USINT', 0],
'item_id' => ['ULINT', 0],
'item_parent_id' => ['ULINT', 0],
'user_id' => ['ULINT', 0],
'push_data' => ['MTEXT', ''],
'notification_time' => ['TIMESTAMP', 0]
],
'PRIMARY_KEY' => ['notification_type_id', 'item_id', 'item_parent_id', 'user_id'],
],
$this->table_prefix . 'push_subscriptions' => [
'COLUMNS' => [
'subscription_id' => ['ULINT', null, 'auto_increment'],
'user_id' => ['ULINT', 0],
'endpoint' => ['TEXT', ''],
'expiration_time' => ['TIMESTAMP', 0],
'p256dh' => ['VCHAR', ''],
'auth' => ['VCHAR', ''],
],
'PRIMARY_KEY' => ['subscription_id', 'user_id'],
]
],
];
}
public function revert_schema(): array
{
return [
'drop_tables' => [
$this->table_prefix . 'notification_push',
$this->table_prefix . 'push_subscriptions',
],
];
}
public function update_data(): array
{
return [
['config.add', ['webpush_enable', false]],
['config.add', ['webpush_vapid_public', '']],
['config.add', ['webpush_vapid_private', '']],
['module.add', [
'acp',
'ACP_BOARD_CONFIGURATION',
[
'module_basename' => 'acp_board',
'module_langname' => 'ACP_WEBPUSH_SETTINGS',
'module_mode' => 'webpush',
'module_auth' => 'acl_a_board',
'after' => ['settings', 'ACP_JABBER_SETTINGS'],
],
]],
];
}
public function revert_data(): array
{
return [
['config.remove', ['webpush_enable']],
['config.remove', ['webpush_vapid_public']],
['config.remove', ['webpush_vapid_private']],
['module.remove', ['acp', 'ACP_BOARD_CONFIGURATION', 'ACP_WEBPUSH_SETTINGS']]
];
}
}

104
phpBB/phpbb/form/form_helper.php Normal file
View File

@@ -0,0 +1,104 @@
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
namespace phpbb\form;
use phpbb\config\config;
use phpbb\request\request_interface;
use phpbb\user;
class form_helper
{
/** @var config */
protected $config;
/** @var request_interface */
protected $request;
/** @var user */
protected $user;
/**
* Constructor for form_helper
*
* @param config $config
* @param request_interface $request
* @param user $user
*/
public function __construct(config $config, request_interface $request, user $user)
{
$this->config = $config;
$this->request = $request;
$this->user = $user;
}
/**
* Get form tokens for form
*
* @param string $form_name Name of form
* @param int|null $now Token generation time
* @param string|null $token_sid SID used for form token
* @param string|null $token Generated token
*
* @return array Array containing form_token and creation_time of form token
*/
public function get_form_tokens(string $form_name, ?int &$now = 0, ?string &$token_sid = '', ?string &$token = ''): array
{
$now = time();
$token_sid = ($this->user->data['user_id'] == ANONYMOUS && !empty($this->config['form_token_sid_guests'])) ? $this->user->session_id : '';
$token = sha1($now . $this->user->data['user_form_salt'] . $form_name . $token_sid);
return [
'creation_time' => $now,
'form_token' => $token,
];
}
/**
* Check form token for form
*
* @param string $form_name Name of form
* @param int|null $timespan Lifetime of token or null if default value should be used
* @return bool True if form token is valid, false if not
*/
public function check_form_tokens(string $form_name, ?int $timespan = null): bool
{
if ($timespan === null)
{
// we enforce a minimum value of half a minute here.
$timespan = ($this->config['form_token_lifetime'] == -1) ? -1 : max(30, $this->config['form_token_lifetime']);
}
if ($this->request->is_set_post('creation_time') && $this->request->is_set_post('form_token'))
{
$creation_time = abs($this->request->variable('creation_time', 0));
$token = $this->request->variable('form_token', '');
$diff = time() - $creation_time;
// If creation_time and the time() now is zero we can assume it was not a human doing this (the check for if ($diff)...
if (defined('DEBUG_TEST') || $diff && ($diff <= $timespan || $timespan === -1))
{
$token_sid = ($this->user->data['user_id'] == ANONYMOUS && !empty($this->config['form_token_sid_guests'])) ? $this->user->session_id : '';
$key = sha1($creation_time . $this->user->data['user_form_salt'] . $form_name . $token_sid);
if (hash_equals($key, $token))
{
return true;
}
}
}
return false;
}
}

29
phpBB/phpbb/notification/method/extended_method_interface.php Normal file
View File

@@ -0,0 +1,29 @@
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
namespace phpbb\notification\method;
use phpbb\controller\helper;
use phpbb\form\form_helper;
interface extended_method_interface extends method_interface
{
/**
* Get UCP template data for type
*
* @param helper $controller_helper
* @param form_helper $form_helper
* @return array Template data
*/
public function get_ucp_template_data(helper $controller_helper, form_helper $form_helper): array;
}

432
phpBB/phpbb/notification/method/webpush.php Normal file
View File

@@ -0,0 +1,432 @@
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
namespace phpbb\notification\method;
use Minishlink\WebPush\Subscription;
use phpbb\config\config;
use phpbb\controller\helper;
use phpbb\db\driver\driver_interface;
use phpbb\form\form_helper;
use phpbb\log\log_interface;
use phpbb\notification\type\type_interface;
use phpbb\user;
use phpbb\user_loader;
/**
* Web Push notification method class
* This class handles sending push messages for notifications
*/
class webpush extends messenger_base implements extended_method_interface
{
/** @var config */
protected $config;
/** @var driver_interface */
protected $db;
/** @var log_interface */
protected $log;
/** @var user */
protected $user;
/** @var string Notification Web Push table */
protected $notification_webpush_table;
/** @var string Notification push subscriptions table */
protected $push_subscriptions_table;
/**
* Notification Method Web Push constructor
*
* @param config $config
* @param driver_interface $db
* @param log_interface $log
* @param user_loader $user_loader
* @param user $user
* @param string $phpbb_root_path
* @param string $php_ext
* @param string $notification_webpush_table
* @param string $push_subscriptions_table
*/
public function __construct(config $config, driver_interface $db, log_interface $log, user_loader $user_loader, user $user, string $phpbb_root_path,
string $php_ext, string $notification_webpush_table, string $push_subscriptions_table)
{
parent::__construct($user_loader, $phpbb_root_path, $php_ext);
$this->config = $config;
$this->db = $db;
$this->log = $log;
$this->user = $user;
$this->notification_webpush_table = $notification_webpush_table;
$this->push_subscriptions_table = $push_subscriptions_table;
}
/**
* {@inheritDoc}
*/
public function get_type(): string
{
return 'notification.method.webpush';
}
/**
* {@inheritDoc}
*/
public function is_available(type_interface $notification_type = null): bool
{
return parent::is_available($notification_type) && $this->config['webpush_enable']
&& !empty($this->config['webpush_vapid_public']) && !empty($this->config['webpush_vapid_private']);
}
/**
* {@inheritdoc}
*/
public function get_notified_users($notification_type_id, array $options): array
{
$notified_users = [];
$sql = 'SELECT user_id
FROM ' . $this->notification_webpush_table . '
WHERE notification_type_id = ' . (int) $notification_type_id .
(isset($options['item_id']) ? ' AND item_id = ' . (int) $options['item_id'] : '') .
(isset($options['item_parent_id']) ? ' AND item_parent_id = ' . (int) $options['item_parent_id'] : '') .
(isset($options['user_id']) ? ' AND user_id = ' . (int) $options['user_id'] : '');
$result = $this->db->sql_query($sql);
while ($row = $this->db->sql_fetchrow($result))
{
$notified_users[$row['user_id']] = $row;
}
$this->db->sql_freeresult($result);
return $notified_users;
}
/**
* Parse the queue and notify the users
*/
public function notify()
{
$insert_buffer = new \phpbb\db\sql_insert_buffer($this->db, $this->notification_webpush_table);
/** @var type_interface $notification */
foreach ($this->queue as $notification)
{
$data = $notification->get_insert_array();
$data += [
'push_data' => json_encode([
'heading' => $this->config['sitename'],
'title' => strip_tags($notification->get_title()),
'text' => strip_tags($notification->get_reference()),
'url' => htmlspecialchars_decode($notification->get_url()),
'avatar' => $notification->get_avatar(),
]),
'notification_time' => time(),
];
$data = self::clean_data($data);
$insert_buffer->insert($data);
}
$insert_buffer->flush();
$this->notify_using_webpush();
return false;
}
/**
* Notify using Web Push
*
* @return void
*/
protected function notify_using_webpush(): void
{
if (empty($this->queue))
{
return;
}
// Load all users we want to notify
$user_ids = [];
foreach ($this->queue as $notification)
{
$user_ids[] = $notification->user_id;
}
// Do not send push notifications to banned users
if (!function_exists('phpbb_get_banned_user_ids'))
{
include($this->phpbb_root_path . 'includes/functions_user.' . $this->php_ext);
}
$banned_users = phpbb_get_banned_user_ids($user_ids);
// Load all the users we need
$notify_users = array_diff($user_ids, $banned_users);
$this->user_loader->load_users($notify_users, array(USER_IGNORE));
// Get subscriptions for users
$user_subscription_map = $this->get_user_subscription_map($notify_users);
$auth = [
'VAPID' => [
'subject' => generate_board_url(false),
'publicKey' => $this->config['webpush_vapid_public'],
'privateKey' => $this->config['webpush_vapid_private'],
],
];
$web_push = new \Minishlink\WebPush\WebPush($auth);
$number_of_notifications = 0;
$remove_subscriptions = [];
// Time to go through the queue and send notifications
/** @var type_interface $notification */
foreach ($this->queue as $notification)
{
$user = $this->user_loader->get_user($notification->user_id);
$user_subscriptions = $user_subscription_map[$notification->user_id] ?? [];
if ($user['user_type'] == USER_INACTIVE && $user['user_inactive_reason'] == INACTIVE_MANUAL
|| empty($user_subscriptions))
{
continue;
}
// Add actual Web Push data
$data = [
'item_id' => $notification->item_id,
'type_id' => $notification->notification_type_id,
];
$json_data = json_encode($data);
foreach ($user_subscriptions as $subscription)
{
try
{
$push_subscription = Subscription::create([
'endpoint' => $subscription['endpoint'],
'keys' => [
'p256dh' => $subscription['p256dh'],
'auth' => $subscription['auth'],
],
]);
$web_push->queueNotification($push_subscription, $json_data);
$number_of_notifications++;
}
catch (\ErrorException $exception)
{
$remove_subscriptions[] = $subscription['subscription_id'];
$this->log->add('user', $user['user_id'], $user['user_ip'] ?? '', 'LOG_WEBPUSH_SUBSCRIPTION_REMOVED', false, [
'reportee_id' => $user['user_id'],
$user['username'],
]);
}
}
}
// Remove any subscriptions that couldn't be queued, i.e. that have invalid data
$this->remove_subscriptions($remove_subscriptions);
// List to fill with expired subscriptions based on return
$expired_endpoints = [];
try
{
foreach ($web_push->flush($number_of_notifications) as $report)
{
if (!$report->isSuccess())
{
// Fill array of endpoints to remove if subscription has expired
if ($report->isSubscriptionExpired())
{
$expired_endpoints[] = $report->getEndpoint();
}
else
{
$report_data = \phpbb\json\sanitizer::sanitize($report->jsonSerialize());
$this->log->add('admin', ANONYMOUS, '', 'LOG_WEBPUSH_MESSAGE_FAIL', false, [$report_data['reason']]);
}
}
}
}
catch (\ErrorException $exception)
{
$this->log->add('critical', ANONYMOUS, '', 'LOG_WEBPUSH_MESSAGE_FAIL', false, [$exception->getMessage()]);
}
$this->clean_expired_subscriptions($user_subscription_map, $expired_endpoints);
// We're done, empty the queue
$this->empty_queue();
}
/**
* {@inheritdoc}
*/
public function mark_notifications($notification_type_id, $item_id, $user_id, $time = false, $mark_read = true)
{
$sql = 'DELETE FROM ' . $this->notification_webpush_table . '
WHERE ' . ($notification_type_id !== false ? $this->db->sql_in_set('notification_type_id', is_array($notification_type_id) ? $notification_type_id : [$notification_type_id]) : '1=1') .
($user_id !== false ? ' AND ' . $this->db->sql_in_set('user_id', $user_id) : '') .
($item_id !== false ? ' AND ' . $this->db->sql_in_set('item_id', $item_id) : '');
$this->db->sql_query($sql);
}
/**
* {@inheritdoc}
*/
public function mark_notifications_by_parent($notification_type_id, $item_parent_id, $user_id, $time = false, $mark_read = true)
{
$sql = 'DELETE FROM ' . $this->notification_webpush_table . '
WHERE ' . ($notification_type_id !== false ? $this->db->sql_in_set('notification_type_id', is_array($notification_type_id) ? $notification_type_id : [$notification_type_id]) : '1=1') .
($user_id !== false ? ' AND ' . $this->db->sql_in_set('user_id', $user_id) : '') .
($item_parent_id !== false ? ' AND ' . $this->db->sql_in_set('item_parent_id', $item_parent_id, false, true) : '');
$this->db->sql_query($sql);
}
/**
* {@inheritDoc}
*/
public function prune_notifications($timestamp, $only_read = true): void
{
$sql = 'DELETE FROM ' . $this->notification_webpush_table . '
WHERE notification_time < ' . (int) $timestamp;
$this->db->sql_query($sql);
$this->config->set('read_notification_last_gc', (string) time(), false);
}
/**
* Clean data to contain only what we need for webpush notifications table
*
* @param array $data Notification data
* @return array Cleaned notification data
*/
public static function clean_data(array $data): array
{
$row = [
'notification_type_id' => null,
'item_id' => null,
'item_parent_id' => null,
'user_id' => null,
'push_data' => null,
'notification_time' => null,
];
return array_intersect_key($data, $row);
}
public function get_ucp_template_data(helper $controller_helper, form_helper $form_helper): array
{
$subscription_map = $this->get_user_subscription_map([$this->user->id()]);
$subscriptions = [];
if (isset($subscription_map[$this->user->id()]))
{
foreach ($subscription_map[$this->user->id()] as $subscription)
{
$subscriptions[] = [
'endpoint' => $subscription['endpoint'],
'expirationTime' => $subscription['expiration_time'],
];
}
}
return [
'NOTIFICATIONS_WEBPUSH_ENABLE' => true,
'U_WEBPUSH_SUBSCRIBE' => $controller_helper->route('phpbb_ucp_push_subscribe_controller'),
'U_WEBPUSH_UNSUBSCRIBE' => $controller_helper->route('phpbb_ucp_push_unsubscribe_controller'),
'VAPID_PUBLIC_KEY' => $this->config['webpush_vapid_public'],
'U_WEBPUSH_WORKER_URL' => $controller_helper->route('phpbb_ucp_push_worker_controller'),
'SUBSCRIPTIONS' => $subscriptions,
'WEBPUSH_FORM_TOKENS' => $form_helper->get_form_tokens(\phpbb\ucp\controller\webpush::FORM_TOKEN_UCP),
];
}
/**
* Get subscriptions for notify users
*
* @param array $notify_users Users to notify
*
* @return array Subscription map
*/
protected function get_user_subscription_map(array $notify_users): array
{
// Get subscriptions for users
$user_subscription_map = [];
$sql = 'SELECT subscription_id, user_id, endpoint, p256dh, auth, expiration_time
FROM ' . $this->push_subscriptions_table . '
WHERE ' . $this->db->sql_in_set('user_id', $notify_users);
$result = $this->db->sql_query($sql);
while ($row = $this->db->sql_fetchrow($result))
{
$user_subscription_map[$row['user_id']][] = $row;
}
$this->db->sql_freeresult($result);
return $user_subscription_map;
}
/**
* Remove subscriptions
*
* @param array $subscription_ids Subscription ids to remove
* @return void
*/
public function remove_subscriptions(array $subscription_ids): void
{
if (count($subscription_ids))
{
$sql = 'DELETE FROM ' . $this->push_subscriptions_table . '
WHERE ' . $this->db->sql_in_set('subscription_id', $subscription_ids);
$this->db->sql_query($sql);
}
}
/**
* Clean expired subscriptions from the database
*
* @param array $user_subscription_map User subscription map
* @param array $expired_endpoints Expired endpoints
* @return void
*/
protected function clean_expired_subscriptions(array $user_subscription_map, array $expired_endpoints): void
{
if (!count($expired_endpoints))
{
return;
}
$remove_subscriptions = [];
foreach ($expired_endpoints as $endpoint)
{
foreach ($user_subscription_map as $subscriptions)
{
foreach ($subscriptions as $subscription)
{
if (isset($subscription['endpoint']) && $subscription['endpoint'] == $endpoint)
{
$remove_subscriptions[] = $subscription['subscription_id'];
}
}
}
}
$this->remove_subscriptions($remove_subscriptions);
}
}

2
phpBB/phpbb/notification/type/type_interface.php
View File

@@ -139,7 +139,7 @@ interface type_interface
/**
* Get the user's avatar (the user who caused the notification typically)
*
* @return string
* @return array
*/
public function get_avatar();

241
phpBB/phpbb/ucp/controller/webpush.php Normal file
View File

@@ -0,0 +1,241 @@
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
namespace phpbb\ucp\controller;
use phpbb\config\config;
use phpbb\controller\helper as controller_helper;
use phpbb\db\driver\driver_interface;
use phpbb\exception\http_exception;
use phpbb\form\form_helper;
use phpbb\json\sanitizer as json_sanitizer;
use phpbb\path_helper;
use phpbb\request\request_interface;
use phpbb\symfony_request;
use phpbb\user;
use Symfony\Component\HttpFoundation\JsonResponse;
use Symfony\Component\HttpFoundation\Response;
use Twig\Environment;
use Twig\Error\LoaderError;
use Twig\Error\RuntimeError;
use Twig\Error\SyntaxError;
class webpush
{
/** @var string UCP form token name */
public const FORM_TOKEN_UCP = 'ucp_webpush';
/** @var config */
protected $config;
/** @var controller_helper */
protected $controller_helper;
/** @var driver_interface */
protected $db;
/** @var form_helper */
protected $form_helper;
/** @var path_helper */
protected $path_helper;
/** @var request_interface */
protected $request;
/** @var user */
protected $user;
/** @var Environment */
protected $template;
/** @var string */
protected $notification_webpush_table;
/** @var string */
protected $push_subscriptions_table;
/**
* Constructor for webpush controller
*
* @param config $config
* @param controller_helper $controller_helper
* @param driver_interface $db
* @param form_helper $form_helper
* @param path_helper $path_helper
* @param request_interface $request
* @param user $user
* @param Environment $template
* @param string $notification_webpush_table
* @param string $push_subscriptions_table
*/
public function __construct(config $config, controller_helper $controller_helper, driver_interface $db, form_helper $form_helper, path_helper $path_helper,
request_interface $request, user $user, Environment $template, string $notification_webpush_table, string $push_subscriptions_table)
{
$this->config = $config;
$this->controller_helper = $controller_helper;
$this->db = $db;
$this->form_helper = $form_helper;
$this->path_helper = $path_helper;
$this->request = $request;
$this->user = $user;
$this->template = $template;
$this->notification_webpush_table = $notification_webpush_table;
$this->push_subscriptions_table = $push_subscriptions_table;
}
/**
* Handle request to retrieve notification data
*
* @return JsonResponse
*/
public function notification(): JsonResponse
{
// Subscribe should only be available for logged-in "normal" users
if (!$this->request->is_ajax() || $this->user->id() == ANONYMOUS || $this->user->data['is_bot']
|| $this->user->data['user_type'] == USER_IGNORE || $this->user->data['user_type'] == USER_INACTIVE)
{
throw new http_exception(Response::HTTP_FORBIDDEN, 'Forbidden');
}
$item_id = $this->request->variable('item_id', 0);
$type_id = $this->request->variable('type_id', 0);
$sql = 'SELECT push_data
FROM ' . $this->notification_webpush_table . '
WHERE user_id = ' . (int) $this->user->id() . '
AND notification_type_id = ' . (int) $type_id . '
AND item_id = ' . (int) $item_id;
$result = $this->db->sql_query($sql);
$notification_data = $this->db->sql_fetchfield('push_data');
$this->db->sql_freeresult($result);
$data = json_decode($notification_data, true);
$data['url'] = isset($data['url']) ? $this->path_helper->update_web_root_path($data['url']) : '';
return new JsonResponse($data);
}
/**
* Handle request to push worker javascript
*
* @return Response
* @throws LoaderError
* @throws RuntimeError
* @throws SyntaxError
*/
public function worker(): Response
{
// @todo: only work for logged in users, no anonymous & bot
$content = $this->template->render('push_worker.js.twig', [
'U_WEBPUSH_GET_NOTIFICATION' => $this->controller_helper->route('phpbb_ucp_push_get_notification_controller'),
]);
$response = new Response($content);
$response->headers->set('Content-Type', 'text/javascript; charset=UTF-8');
if (!empty($this->user->data['is_bot']))
{
// Let reverse proxies know we detected a bot.
$response->headers->set('X-PHPBB-IS-BOT', 'yes');
}
return $response;
}
/**
* Get template variables for subscribe type pages
*
* @return array
*/
protected function get_subscribe_vars(): array
{
return [
'U_WEBPUSH_SUBSCRIBE' => $this->controller_helper->route('phpbb_ucp_push_subscribe_controller'),
'U_WEBPUSH_UNSUBSCRIBE' => $this->controller_helper->route('phpbb_ucp_push_unsubscribe_controller'),
'FORM_TOKENS' => $this->form_helper->get_form_tokens(self::FORM_TOKEN_UCP),
];
}
/**
* Check (un)subscribe form for valid link hash
*
* @throws http_exception If form is invalid or user should not request (un)subscription
* @return void
*/
protected function check_subscribe_requests(): void
{
if (!$this->form_helper->check_form_tokens(self::FORM_TOKEN_UCP))
{
throw new http_exception(Response::HTTP_BAD_REQUEST, 'FORM_INVALID');
}
// Subscribe should only be available for logged-in "normal" users
if (!$this->request->is_ajax() || $this->user->id() == ANONYMOUS || $this->user->data['is_bot']
|| $this->user->data['user_type'] == USER_IGNORE || $this->user->data['user_type'] == USER_INACTIVE)
{
throw new http_exception(Response::HTTP_FORBIDDEN, 'NO_AUTH_OPERATION');
}
}
/**
* Handle subscribe requests
*
* @param symfony_request $symfony_request
* @return JsonResponse
*/
public function subscribe(symfony_request $symfony_request): JsonResponse
{
$this->check_subscribe_requests();
$data = json_sanitizer::decode($symfony_request->get('data', ''));
$sql = 'INSERT INTO ' . $this->push_subscriptions_table . ' ' . $this->db->sql_build_array('INSERT', [
'user_id' => $this->user->id(),
'endpoint' => $data['endpoint'],
'expiration_time' => $data['expiration_time'] ?? 0,
'p256dh' => $data['keys']['p256dh'],
'auth' => $data['keys']['auth'],
]);
$this->db->sql_query($sql);
return new JsonResponse([
'success' => true,
'form_tokens' => $this->form_helper->get_form_tokens(self::FORM_TOKEN_UCP),
]);
}
/**
* Handle unsubscribe requests
*
* @param symfony_request $symfony_request
* @return JsonResponse
*/
public function unsubscribe(symfony_request $symfony_request): JsonResponse
{
$this->check_subscribe_requests();
$data = json_sanitizer::decode($symfony_request->get('data', ''));
$endpoint = $data['endpoint'];
$sql = 'DELETE FROM ' . $this->push_subscriptions_table . '
WHERE user_id = ' . (int) $this->user->id() . "
AND endpoint = '" . $this->db->sql_escape($endpoint) . "'";
$this->db->sql_query($sql);
return new JsonResponse([
'success' => true,
'form_tokens' => $this->form_helper->get_form_tokens(self::FORM_TOKEN_UCP),
]);
}
}