diff options
| author | Fuwn <[email protected]> | 2024-08-24 03:05:43 -0700 |
|---|---|---|
| committer | Fuwn <[email protected]> | 2024-08-24 03:05:43 -0700 |
| commit | c654c46477602b162b931689902ecd09f574fbb1 (patch) | |
| tree | 8a8c2db5314f52a344c3dff96dc5145e897f697d /src/routes | |
| parent | refactor(Data): rename database references (diff) | |
| download | due.moe-c654c46477602b162b931689902ecd09f574fbb1.tar.xz due.moe-c654c46477602b162b931689902ecd09f574fbb1.zip | |
feat(notifications): fingerprint for multiple grants
Diffstat (limited to 'src/routes')
| -rw-r--r-- | src/routes/api/notifications/subscribe/+server.ts | 7 | ||||
| -rw-r--r-- | src/routes/api/notifications/unsubscribe/+server.ts | 7 |
2 files changed, 8 insertions, 6 deletions
diff --git a/src/routes/api/notifications/subscribe/+server.ts b/src/routes/api/notifications/subscribe/+server.ts index 23a63a56..3ffa0331 100644 --- a/src/routes/api/notifications/subscribe/+server.ts +++ b/src/routes/api/notifications/subscribe/+server.ts @@ -3,10 +3,11 @@ import { setUserSubscription } from '$lib/Database/SB/User/notifications'; const unauthorised = new Response('Unauthorised', { status: 401 }); -export const POST = async ({ cookies, request }) => { +export const POST = async ({ cookies, request, url }) => { const userCookie = cookies.get('user'); + const fingerprint = url.searchParams.get('p'); - if (!userCookie) return unauthorised; + if (!userCookie || !fingerprint) return unauthorised; const user = JSON.parse(userCookie); const userId = ( @@ -20,7 +21,7 @@ export const POST = async ({ cookies, request }) => { if (!userId) return unauthorised; - await setUserSubscription(userId, await request.json()); + await setUserSubscription(userId, await request.json(), fingerprint); return new Response(null, { status: 200 }); }; diff --git a/src/routes/api/notifications/unsubscribe/+server.ts b/src/routes/api/notifications/unsubscribe/+server.ts index 94d7da2f..92494ce7 100644 --- a/src/routes/api/notifications/unsubscribe/+server.ts +++ b/src/routes/api/notifications/unsubscribe/+server.ts @@ -3,10 +3,11 @@ import { deleteUserSubscription } from '$lib/Database/SB/User/notifications'; const unauthorised = new Response('Unauthorised', { status: 401 }); -export const POST = async ({ cookies }) => { +export const POST = async ({ cookies, url }) => { const userCookie = cookies.get('user'); + const fingerprint = url.searchParams.get('p'); - if (!userCookie) return unauthorised; + if (!userCookie || !fingerprint) return unauthorised; const user = JSON.parse(userCookie); const userId = ( @@ -20,7 +21,7 @@ export const POST = async ({ cookies }) => { if (!userId) return unauthorised; - await deleteUserSubscription(userId); + await deleteUserSubscription(userId, fingerprint); return new Response(null, { status: 200 }); }; |