about summary refs log tree commit diff
path: root/app/controllers/api
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers/api')
-rw-r--r--app/controllers/api/web/push_subscriptions_controller.rb25
1 files changed, 16 insertions, 9 deletions
diff --git a/app/controllers/api/web/push_subscriptions_controller.rb b/app/controllers/api/web/push_subscriptions_controller.rb
index 68ccbd5e2..c611031ab 100644
--- a/app/controllers/api/web/push_subscriptions_controller.rb
+++ b/app/controllers/api/web/push_subscriptions_controller.rb
@@ -7,9 +7,6 @@ class Api::Web::PushSubscriptionsController < Api::BaseController
   protect_from_forgery with: :exception
 
   def create
-    params.require(:subscription).require(:endpoint)
-    params.require(:subscription).require(:keys).require([:auth, :p256dh])
-
     active_session = current_session
 
     unless active_session.web_push_subscription.nil?
@@ -29,12 +26,12 @@ class Api::Web::PushSubscriptionsController < Api::BaseController
       },
     }
 
-    data.deep_merge!(params[:data]) if params[:data]
+    data.deep_merge!(data_params) if params[:data]
 
     web_subscription = ::Web::PushSubscription.create!(
-      endpoint: params[:subscription][:endpoint],
-      key_p256dh: params[:subscription][:keys][:p256dh],
-      key_auth: params[:subscription][:keys][:auth],
+      endpoint: subscription_params[:endpoint],
+      key_p256dh: subscription_params[:keys][:p256dh],
+      key_auth: subscription_params[:keys][:auth],
       data: data
     )
 
@@ -44,12 +41,22 @@ class Api::Web::PushSubscriptionsController < Api::BaseController
   end
 
   def update
-    params.require([:id, :data])
+    params.require([:id])
 
     web_subscription = ::Web::PushSubscription.find(params[:id])
 
-    web_subscription.update!(data: params[:data])
+    web_subscription.update!(data: data_params)
 
     render json: web_subscription.as_payload
   end
+
+  private
+
+  def subscription_params
+    @subscription_params ||= params.require(:subscription).permit(:endpoint, keys: [:auth, :p256dh])
+  end
+
+  def data_params
+    @data_params ||= params.require(:data).permit(:alerts)
+  end
 end