mirror of
https://gh.wpcy.net/https://github.com/discourse/discourse.git
synced 2026-05-06 05:24:51 +08:00
75718576c6
## Summary - Unifies the two parallel push notification delivery paths (web push via VAPID and hub/native app relay) into a single `DeliverPushNotification` job - Extracts hub push delivery into `HubPushNotificationPusher` service, symmetric with the existing `PushNotificationPusher` for web push - Adds `UserApiKey.push_clients_for(user)` to encapsulate hub client lookup previously inlined in PostAlerter - Simplifies `PostAlerter.push_notification()` from two parallel enqueue blocks to a single call - Converts old jobs (`SendPushNotification`, `PushNotification`) to thin delegators for Sidekiq backward compatibility with in-flight jobs ## Test plan - [ ] `bin/rspec spec/jobs/deliver_push_notification_spec.rb` — new unified job tests - [ ] `bin/rspec spec/services/hub_push_notification_pusher_spec.rb` — new hub pusher tests - [ ] `bin/rspec spec/jobs/send_push_notification_spec.rb spec/jobs/push_notification_spec.rb` — backward compat delegation - [ ] `bin/rspec spec/services/post_alerter_spec.rb` — PostAlerter integration - [ ] `bin/rspec spec/services/push_notification_pusher_spec.rb` — web push unchanged - [ ] `bin/rspec plugins/chat/spec/jobs/regular/chat/notify_watching_spec.rb plugins/chat/spec/jobs/regular/chat/notify_mentioned_spec.rb` — chat plugin callers
119 lines
3.7 KiB
Ruby
119 lines
3.7 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
class UserApiKey < ActiveRecord::Base
|
|
self.ignored_columns = [
|
|
"client_id", # TODO: Add post-migration to remove column after 3.4.0 stable release (not before early 2025)
|
|
"application_name", # TODO: Add post-migration to remove column after 3.4.0 stable release (not before early 2025)
|
|
]
|
|
|
|
REVOKE_MATCHER = RouteMatcher.new(actions: "user_api_keys#revoke", methods: :post, params: [:id])
|
|
|
|
belongs_to :user
|
|
belongs_to :client, class_name: "UserApiKeyClient", foreign_key: "user_api_key_client_id"
|
|
has_many :scopes, class_name: "UserApiKeyScope", dependent: :destroy
|
|
|
|
scope :active, -> { where(revoked_at: nil) }
|
|
scope :with_key, ->(key) { where(key_hash: ApiKey.hash_key(key)) }
|
|
|
|
after_initialize :generate_key
|
|
|
|
def generate_key
|
|
if !self.key_hash
|
|
@key ||= SecureRandom.hex
|
|
self.key_hash = ApiKey.hash_key(@key)
|
|
end
|
|
end
|
|
|
|
def key
|
|
unless key_available?
|
|
raise ApiKey::KeyAccessError.new "API key is only accessible immediately after creation"
|
|
end
|
|
@key
|
|
end
|
|
|
|
def key_available?
|
|
@key.present?
|
|
end
|
|
|
|
def ensure_allowed!(env)
|
|
raise Discourse::InvalidAccess.new if !allow?(env)
|
|
end
|
|
|
|
def update_last_used(client_id)
|
|
update_args = { last_used_at: Time.zone.now }
|
|
if client_id.present? && client_id != self.client.client_id
|
|
new_client =
|
|
UserApiKeyClient.create!(
|
|
client_id: client_id,
|
|
application_name: self.client.application_name,
|
|
)
|
|
update_args[:user_api_key_client_id] = new_client.id
|
|
end
|
|
self.update_columns(**update_args)
|
|
end
|
|
|
|
# Scopes allowed to be requested by external services
|
|
def self.allowed_scopes
|
|
Set.new(SiteSetting.allow_user_api_key_scopes.split("|"))
|
|
end
|
|
|
|
def self.available_scopes
|
|
@available_scopes ||= Set.new(UserApiKeyScopes.all_scopes.keys.map(&:to_s))
|
|
end
|
|
|
|
def has_push?
|
|
scopes.any? { |s| s.name == "push" || s.name == "notifications" } && push_url.present? &&
|
|
SiteSetting.allowed_user_api_push_urls.include?(push_url)
|
|
end
|
|
|
|
def self.push_clients_for(user)
|
|
return [] if SiteSetting.allow_user_api_key_scopes.split("|").exclude?("push")
|
|
return [] if SiteSetting.allowed_user_api_push_urls.blank?
|
|
|
|
user
|
|
.user_api_keys
|
|
.joins(:scopes, :client)
|
|
.where("user_api_key_scopes.name IN ('push', 'notifications')")
|
|
.where("push_url IS NOT NULL AND push_url <> ''")
|
|
.where("position(push_url IN ?) > 0", SiteSetting.allowed_user_api_push_urls)
|
|
.where("revoked_at IS NULL")
|
|
.order("user_api_key_clients.client_id ASC")
|
|
.pluck("user_api_key_clients.client_id, user_api_keys.push_url")
|
|
end
|
|
|
|
def allow?(env)
|
|
scopes.any? { |s| s.permits?(env) } || is_revoke_self_request?(env)
|
|
end
|
|
|
|
private
|
|
|
|
def revoke_self_matcher
|
|
REVOKE_MATCHER.with_allowed_param_values({ "id" => [nil, id.to_s] })
|
|
end
|
|
|
|
def is_revoke_self_request?(env)
|
|
revoke_self_matcher.match?(env: env)
|
|
end
|
|
end
|
|
|
|
# == Schema Information
|
|
#
|
|
# Table name: user_api_keys
|
|
#
|
|
# id :integer not null, primary key
|
|
# user_id :integer not null
|
|
# push_url :string
|
|
# created_at :datetime not null
|
|
# updated_at :datetime not null
|
|
# revoked_at :datetime
|
|
# last_used_at :datetime not null
|
|
# key_hash :string not null
|
|
# user_api_key_client_id :bigint
|
|
#
|
|
# Indexes
|
|
#
|
|
# index_user_api_keys_on_client_id (client_id) UNIQUE
|
|
# index_user_api_keys_on_key_hash (key_hash) UNIQUE
|
|
# index_user_api_keys_on_user_api_key_client_id (user_api_key_client_id)
|
|
# index_user_api_keys_on_user_id (user_id)
|
|
#
|
