refactor(api): migrate push endpoints to chained API pattern

smirk-dev · claude · smirk-dev · commit bc76410e2805 · 2026-03-14T10:41:16.000Z
Migrate push.get and push.info endpoints from legacy API.v1.addRoute() to the new chained router API with AJV validators and typed response schemas. Merges them into the existing push endpoint chain. Part of #38876 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
diff --git a/apps/meteor/app/api/server/v1/push.ts b/apps/meteor/app/api/server/v1/push.ts
@@ -1,107 +1,247 @@
-import type { IAppsTokens } from '@rocket.chat/core-typings';
-import { Messages, AppsTokens, Users, Rooms, Settings } from '@rocket.chat/models';
-import { Random } from '@rocket.chat/random';
-import { ajv, validateBadRequestErrorResponse, validateUnauthorizedErrorResponse } from '@rocket.chat/rest-typings';
-import { Match, check } from 'meteor/check';
+import { Push } from '@rocket.chat/core-services';
+import type { IPushToken } from '@rocket.chat/core-typings';
+import { Messages, PushToken, Users, Rooms, Settings } from '@rocket.chat/models';
+import {
+	ajv,
+	isPushGetProps,
+	validateNotFoundErrorResponse,
+	validateBadRequestErrorResponse,
+	validateUnauthorizedErrorResponse,
+	validateForbiddenErrorResponse,
+} from '@rocket.chat/rest-typings';
+import type { JSONSchemaType } from 'ajv';
 import { Meteor } from 'meteor/meteor';
 
 import { executePushTest } from '../../../../server/lib/pushConfig';
 import { canAccessRoomAsync } from '../../../authorization/server/functions/canAccessRoom';
-import { pushUpdate } from '../../../push/server/methods';
 import PushNotification from '../../../push-notifications/server/lib/PushNotification';
 import { settings } from '../../../settings/server';
 import type { ExtractRoutesFromAPI } from '../ApiClass';
 import { API } from '../api';
+import type { SuccessResult } from '../definition';
 
-API.v1.addRoute(
-	'push.token',
-	{ authRequired: true },
-	{
-		async post() {
-			const { id, type, value, appName } = this.bodyParams;
+type PushTokenPOST = {
+	id?: string;
+	type: 'apn' | 'gcm';
+	value: string;
+	appName: string;
+};
 
-			if (id && typeof id !== 'string') {
-				throw new Meteor.Error('error-id-param-not-valid', 'The required "id" body param is invalid.');
-			}
+const PushTokenPOSTSchema: JSONSchemaType<PushTokenPOST> = {
+	type: 'object',
+	properties: {
+		id: {
+			type: 'string',
+			nullable: true,
+		},
+		type: {
+			type: 'string',
+			enum: ['apn', 'gcm'],
+		},
+		value: {
+			type: 'string',
+			minLength: 1,
+		},
+		appName: {
+			type: 'string',
+			minLength: 1,
+		},
+	},
+	required: ['type', 'value', 'appName'],
+	additionalProperties: false,
+};
 
-			const deviceId = id || Random.id();
+export const isPushTokenPOSTProps = ajv.compile<PushTokenPOST>(PushTokenPOSTSchema);
 
-			if (!type || (type !== 'apn' && type !== 'gcm')) {
-				throw new Meteor.Error('error-type-param-not-valid', 'The required "type" body param is missing or invalid.');
-			}
+type PushTokenDELETE = {
+	token: string;
+};
 
-			if (!value || typeof value !== 'string') {
-				throw new Meteor.Error('error-token-param-not-valid', 'The required "value" body param is missing or invalid.');
-			}
+const PushTokenDELETESchema: JSONSchemaType<PushTokenDELETE> = {
+	type: 'object',
+	properties: {
+		token: {
+			type: 'string',
+			minLength: 1,
+		},
+	},
+	required: ['token'],
+	additionalProperties: false,
+};
 
-			if (!appName || typeof appName !== 'string') {
-				throw new Meteor.Error('error-appName-param-not-valid', 'The required "appName" body param is missing or invalid.');
-			}
+export const isPushTokenDELETEProps = ajv.compile<PushTokenDELETE>(PushTokenDELETESchema);
 
-			const authToken = this.request.headers.get('x-auth-token');
-			if (!authToken) {
+type PushTokenResult = Pick<IPushToken, '_id' | 'token' | 'appName' | 'userId' | 'enabled' | 'createdAt' | '_updatedAt'>;
+
+/**
+ * Pick only the attributes we actually want to return on the endpoint, ensuring nothing from older schemas get mixed in
+ */
+function cleanTokenResult(result: Omit<IPushToken, 'authToken'>): PushTokenResult {
+	const { _id, token, appName, userId, enabled, createdAt, _updatedAt } = result;
+
+	return {
+		_id,
+		token,
+		appName,
+		userId,
+		enabled,
+		createdAt,
+		_updatedAt,
+	};
+}
+
+const pushEndpoints = API.v1
+	.post(
+		'push.token',
+		{
+			response: {
+				200: ajv.compile<SuccessResult<{ result: PushTokenResult }>['body']>({
+					additionalProperties: false,
+					type: 'object',
+					properties: {
+						success: {
+							type: 'boolean',
+							description: 'Indicates if the request was successful.',
+						},
+						result: {
+							type: 'object',
+							description: 'The updated token data for this device',
+							properties: {
+								_id: {
+									type: 'string',
+								},
+								token: {
+									type: 'object',
+									properties: {
+										apn: {
+											type: 'string',
+										},
+										gcm: {
+											type: 'string',
+										},
+									},
+									required: [],
+									additionalProperties: false,
+								},
+								appName: {
+									type: 'string',
+								},
+								userId: {
+									type: 'string',
+									nullable: true,
+								},
+								enabled: {
+									type: 'boolean',
+								},
+								createdAt: {
+									type: 'string',
+								},
+								_updatedAt: {
+									type: 'string',
+								},
+							},
+							additionalProperties: false,
+						},
+					},
+					required: ['success', 'result'],
+				}),
+				400: validateBadRequestErrorResponse,
+				401: validateUnauthorizedErrorResponse,
+				403: validateForbiddenErrorResponse,
+			},
+			body: isPushTokenPOSTProps,
+			authRequired: true,
+		},
+		async function action() {
+			const { id, type, value, appName } = this.bodyParams;
+
+			const rawToken = this.request.headers.get('x-auth-token');
+			if (!rawToken) {
 				throw new Meteor.Error('error-authToken-param-not-valid', 'The required "authToken" header param is missing or invalid.');
 			}
+			const authToken = Accounts._hashLoginToken(rawToken);
 
-			const result = await pushUpdate({
-				id: deviceId,
-				token: { [type]: value } as IAppsTokens['token'],
+			const result = await Push.registerPushToken({
+				...(id && { _id: id }),
+				token: { [type]: value } as IPushToken['token'],
 				authToken,
 				appName,
 				userId: this.userId,
 			});
 
-			return API.v1.success({ result });
+			return API.v1.success({ result: cleanTokenResult(result) });
+		},
+	)
+	.delete(
+		'push.token',
+		{
+			response: {
+				200: ajv.compile<void>({
+					additionalProperties: false,
+					type: 'object',
+					properties: {
+						success: {
+							type: 'boolean',
+						},
+					},
+					required: ['success'],
+				}),
+				400: validateBadRequestErrorResponse,
+				401: validateUnauthorizedErrorResponse,
+				403: validateForbiddenErrorResponse,
+				404: validateNotFoundErrorResponse,
+			},
+			body: isPushTokenDELETEProps,
+			authRequired: true,
 		},
-		async delete() {
+		async function action() {
 			const { token } = this.bodyParams;
 
-			if (!token || typeof token !== 'string') {
-				throw new Meteor.Error('error-token-param-not-valid', 'The required "token" body param is missing or invalid.');
-			}
-
-			const affectedRecords = (
-				await AppsTokens.deleteMany({
-					$or: [
-						{
-							'token.apn': token,
-						},
-						{
-							'token.gcm': token,
-						},
-					],
-					userId: this.userId,
-				})
-			).deletedCount;
+			const removeResult = await PushToken.removeAllByTokenStringAndUserId(token, this.userId);
 
-			if (affectedRecords === 0) {
+			if (removeResult.deletedCount === 0) {
 				return API.v1.notFound();
 			}
 
 			return API.v1.success();
 		},
-	},
-);
-
-API.v1.addRoute(
-	'push.get',
-	{ authRequired: true },
-	{
-		async get() {
-			const params = this.queryParams;
-			check(
-				params,
-				Match.ObjectIncluding({
-					id: String,
+	)
+	.get(
+		'push.get',
+		{
+			authRequired: true,
+			query: isPushGetProps,
+			response: {
+				200: ajv.compile<{ data: { message: object; notification: object }; success: true }>({
+					type: 'object',
+					properties: {
+						data: {
+							type: 'object',
+							properties: {
+								message: { type: 'object', additionalProperties: true },
+								notification: { type: 'object', additionalProperties: true },
+							},
+							required: ['message', 'notification'],
+							additionalProperties: false,
+						},
+						success: { type: 'boolean', enum: [true] },
+					},
+					required: ['data', 'success'],
+					additionalProperties: false,
 				}),
-			);
+				400: validateBadRequestErrorResponse,
+				401: validateUnauthorizedErrorResponse,
+			},
+		},
+		async function action() {
+			const { id } = this.queryParams;
 
 			const receiver = await Users.findOneById(this.userId);
 			if (!receiver) {
 				throw new Error('error-user-not-found');
 			}
 
-			const message = await Messages.findOneById(params.id);
+			const message = await Messages.findOneById(id);
 			if (!message) {
 				throw new Error('error-message-not-found');
 			}
@@ -119,25 +259,36 @@ API.v1.addRoute(
 
 			return API.v1.success({ data });
 		},
-	},
-);
-
-API.v1.addRoute(
-	'push.info',
-	{ authRequired: true },
-	{
-		async get() {
+	)
+	.get(
+		'push.info',
+		{
+			authRequired: true,
+			response: {
+				200: ajv.compile<{ pushGatewayEnabled: boolean; defaultPushGateway: boolean; success: true }>({
+					type: 'object',
+					properties: {
+						pushGatewayEnabled: { type: 'boolean' },
+						defaultPushGateway: { type: 'boolean' },
+						success: { type: 'boolean', enum: [true] },
+					},
+					required: ['pushGatewayEnabled', 'defaultPushGateway', 'success'],
+					additionalProperties: false,
+				}),
+				401: validateUnauthorizedErrorResponse,
+			},
+		},
+		async function action() {
 			const defaultGateway = (await Settings.findOneById('Push_gateway', { projection: { packageValue: 1 } }))?.packageValue;
 			const defaultPushGateway = settings.get('Push_gateway') === defaultGateway;
 			return API.v1.success({
-				pushGatewayEnabled: settings.get('Push_enable'),
+				pushGatewayEnabled: settings.get<boolean>('Push_enable'),
 				defaultPushGateway,
 			});
 		},
-	},
-);
+	);
 
-const pushEndpoints = API.v1.post(
+const pushTestEndpoints = API.v1.post(
 	'push.test',
 	{
 		authRequired: true,
@@ -177,9 +328,13 @@ const pushEndpoints = API.v1.post(
 	},
 );
 
-export type PushEndpoints = ExtractRoutesFromAPI<typeof pushEndpoints>;
+type PushTestEndpoints = ExtractRoutesFromAPI<typeof pushTestEndpoints>;
+
+type PushTokenEndpoints = ExtractRoutesFromAPI<typeof pushEndpoints>;
+
+type PushAllEndpoints = PushTestEndpoints & PushTokenEndpoints;
 
 declare module '@rocket.chat/rest-typings' {
 	// eslint-disable-next-line @typescript-eslint/naming-convention, @typescript-eslint/no-empty-interface
-	interface Endpoints extends PushEndpoints {}
+	interface Endpoints extends PushAllEndpoints {}
 }
diff --git a/packages/rest-typings/src/index.ts b/packages/rest-typings/src/index.ts
@@ -257,5 +257,7 @@ export * from './v1/cloud';
 export * from './v1/banners';
 export * from './default';
 
+export * from './v1/push';
+
 // Export the ajv instance for use in other packages
 export * from './v1/Ajv';
