feat(notifications): fingerprint for multiple grants

6 files changed, 46 insertions, 17 deletions

diff --git a/src/lib/Database/SB/User/notifications.ts b/src/lib/Database/SB/User/notifications.ts
index b07a0a3a..add0c8a8 100644
--- a/src/lib/Database/SB/User/notifications.ts
+++ b/src/lib/Database/SB/User/notifications.ts
@@ -5,6 +5,7 @@ export interface UserNotifications {
 	updated_at: string;
 	user_id: number;
 	subscription: JSON;
+	fingerprint: string;
 }
 
 export const getUserSubscription = async (userId: number) =>
@@ -18,15 +19,20 @@ export const getUserSubscriptions = async () => {
 	return data as UserNotifications[];
 };
 
-export const deleteUserSubscription = async (userId: number) =>
-	await sb.from('user_notifications').delete().eq('user_id', userId);
+export const deleteUserSubscription = async (userId: number, fingerprint: string) =>
+	await sb.from('user_notifications').delete().eq('user_id', userId).eq('fingerprint', fingerprint);
 
-export const setUserSubscription = async (userId: number, subscription: JSON) =>
+export const setUserSubscription = async (
+	userId: number,
+	subscription: JSON,
+	fingerprint: string
+) =>
 	await sb.from('user_notifications').upsert(
 		{
 			user_id: userId,
 			updated_at: new Date().toISOString(),
-			subscription: subscription
+			subscription: subscription,
+			fingerprint
 		},
 		{ onConflict: 'user_id' }
 	);
diff --git a/src/lib/Settings/Categories/Display.svelte b/src/lib/Settings/Categories/Display.svelte
index ceb8638e..85a3c922 100644
--- a/src/lib/Settings/Categories/Display.svelte
+++ b/src/lib/Settings/Categories/Display.svelte
@@ -5,6 +5,7 @@
 	import root from '$lib/Utility/root';
 	import locale from '$stores/locale';
 	import { requestNotifications } from '$lib/Utility/notifications';
+	import { getFingerprint } from '$lib/Utility/fingerprint';
 
 	const onHelperChange = () => {
 		const mai = document.getElementById('mai') as HTMLImageElement;
@@ -221,12 +222,16 @@
 	text={$locale().settings.display.categories.motionAndAccessibility.fields
 		.enableAniListNotifications}
 	onChange={() => {
-		console.log($settings.displayAniListNotifications);
-		if ($settings.displayAniListNotifications) requestNotifications().then();
+		if ($settings.displayAniListNotifications)
+			requestNotifications().then(() => {
+				return;
+			});
 		else
-			fetch('/api/notifications/unsubscribe', {
+			fetch(`/api/notifications/unsubscribe?p=${getFingerprint()}`, {
 				method: 'POST'
-			}).then();
+			}).then(() => {
+				return;
+			});
 	}}
 >
 	<SettingHint lineBreak>
diff --git a/src/lib/Utility/fingerprint.ts b/src/lib/Utility/fingerprint.ts
new file mode 100644
index 00000000..d526d332
--- /dev/null
+++ b/src/lib/Utility/fingerprint.ts
@@ -0,0 +1,14 @@
+export const getFingerprint = () =>
+	btoa(
+		`${(() => {
+			const gl = new OffscreenCanvas(0, 0).getContext('webgl');
+
+			if (!gl) return 'none';
+
+			const debugInfo = gl.getExtension('WEBGL_debug_renderer_info');
+
+			return debugInfo ? gl.getParameter(debugInfo.UNMASKED_RENDERER_WEBGL) : 'unknown';
+		})()}-${
+			navigator === null || navigator === void 0 ? void 0 : navigator.hardwareConcurrency
+		}-${new Date().getTimezoneOffset()}`
+	);
diff --git a/src/lib/Utility/notifications.ts b/src/lib/Utility/notifications.ts
index 6356650c..44fa0dd7 100644
--- a/src/lib/Utility/notifications.ts
+++ b/src/lib/Utility/notifications.ts
@@ -1,17 +1,18 @@
 import { env } from '$env/dynamic/public';
+import { getFingerprint } from './fingerprint';
 import root from './root';
 
 export const requestNotifications = async () => {
-	if ('Notification' in window && navigator.serviceWorker)
+	if ('Notification' in window && navigator.serviceWorker) {
 		if ((await Notification.requestPermission()) === 'granted') {
 			const pushSubscription = await (
 				await navigator.serviceWorker.ready
 			).pushManager.subscribe({
-				userVisibleOnly: false,
+				userVisibleOnly: true,
 				applicationServerKey: env.PUBLIC_VAPID_PUBLIC_KEY
 			});
 
-			await fetch(root('/api/notifications/subscribe'), {
+			await fetch(root(`/api/notifications/subscribe?p=${getFingerprint()}`), {
 				method: 'POST',
 				headers: {
 					'Content-Type': 'application/json'
@@ -19,4 +20,5 @@ export const requestNotifications = async () => {
 				body: JSON.stringify(pushSubscription)
 			});
 		}
+	}
 };
diff --git a/src/routes/api/notifications/subscribe/+server.ts b/src/routes/api/notifications/subscribe/+server.ts
index 23a63a56..3ffa0331 100644
--- a/src/routes/api/notifications/subscribe/+server.ts
+++ b/src/routes/api/notifications/subscribe/+server.ts
@@ -3,10 +3,11 @@ import { setUserSubscription } from '$lib/Database/SB/User/notifications';
 
 const unauthorised = new Response('Unauthorised', { status: 401 });
 
-export const POST = async ({ cookies, request }) => {
+export const POST = async ({ cookies, request, url }) => {
 	const userCookie = cookies.get('user');
+	const fingerprint = url.searchParams.get('p');
 
-	if (!userCookie) return unauthorised;
+	if (!userCookie || !fingerprint) return unauthorised;
 
 	const user = JSON.parse(userCookie);
 	const userId = (
@@ -20,7 +21,7 @@ export const POST = async ({ cookies, request }) => {
 
 	if (!userId) return unauthorised;
 
-	await setUserSubscription(userId, await request.json());
+	await setUserSubscription(userId, await request.json(), fingerprint);
 
 	return new Response(null, { status: 200 });
 };
diff --git a/src/routes/api/notifications/unsubscribe/+server.ts b/src/routes/api/notifications/unsubscribe/+server.ts
index 94d7da2f..92494ce7 100644
--- a/src/routes/api/notifications/unsubscribe/+server.ts
+++ b/src/routes/api/notifications/unsubscribe/+server.ts
@@ -3,10 +3,11 @@ import { deleteUserSubscription } from '$lib/Database/SB/User/notifications';
 
 const unauthorised = new Response('Unauthorised', { status: 401 });
 
-export const POST = async ({ cookies }) => {
+export const POST = async ({ cookies, url }) => {
 	const userCookie = cookies.get('user');
+	const fingerprint = url.searchParams.get('p');
 
-	if (!userCookie) return unauthorised;
+	if (!userCookie || !fingerprint) return unauthorised;
 
 	const user = JSON.parse(userCookie);
 	const userId = (
@@ -20,7 +21,7 @@ export const POST = async ({ cookies }) => {
 
 	if (!userId) return unauthorised;
 
-	await deleteUserSubscription(userId);
+	await deleteUserSubscription(userId, fingerprint);
 
 	return new Response(null, { status: 200 });
 };