[BREAK] Suspend push notifications when login token is invalidated

apps/meteor/app/api/server/v1/push.ts

@@ -38,6 +38,7 @@ API.v1.addRoute(
 				Meteor.call('raix:push-update', {
 					id: deviceId,
 					token: { [type]: value },
+					authToken: this.request.headers['x-auth-token'],
 					appName,
 					userId: this.userId,
 				}),

apps/meteor/app/push/server/methods.js

@@ -12,6 +12,7 @@ Meteor.methods({
 		check(options, {
 			id: Match.Optional(String),
 			token: _matchToken,
+			authToken: String,
 			appName: String,
 			userId: Match.OneOf(String, null),
 			metadata: Match.Optional(Object),
@@ -48,6 +49,7 @@ Meteor.methods({
 			// Rig default doc
 			doc = {
 				token: options.token,
+				authToken: options.authToken,
 				appName: options.appName,
 				userId: options.userId,
 				enabled: true,
@@ -71,6 +73,7 @@ Meteor.methods({
 					$set: {
 						updatedAt: new Date(),
 						token: options.token,
+						authToken: options.authToken,
 					},
 				},
 			);

apps/meteor/app/push/server/push.js

@@ -8,6 +8,7 @@ import { initAPN, sendAPN } from './apn';
 import { sendGCM } from './gcm';
 import { logger } from './logger';
 import { settings } from '../../settings/server';
+import { Users } from '../../models/server';
 
 export const _matchToken = Match.OneOf({ apn: String }, { gcm: String });
 export const appTokensCollection = new Mongo.Collection('_raix_push_app_tokens');
@@ -77,17 +78,60 @@ export class PushClass {
 		return !!this.options.gateways && settings.get('Register_Server') && settings.get('Cloud_Service_Agree_PrivacyTerms');
 	}
 
+	_validateAuthTokenByPushToken(pushToken) {
+		const pushTokenQuery = appTokensCollection.findOne({ token: pushToken });
+
+		if (!pushTokenQuery) {
+			return false;
+		}
+
+		const { authToken, userId, expiration, usesLeft, _id } = pushTokenQuery;
+		if (!authToken) {
+			if (expiration && expiration > Date.now()) {
+				return true;
+			}
+			if (usesLeft > 0) {
+				appTokensCollection.rawCollection().updateOne(
+					{
+						_id,
+					},
+					{
+						$inc: {
+							usesLeft: -1,
+						},
+					},
+				);
+
+				return true;
+			}
+		}
+
+		const user = authToken && userId && Users.findOneByIdAndLoginToken(userId, authToken, { projection: { _id: 1 } });
+
+		if (!user) {
+			this._removeToken(pushToken);
+			return false;
+		}
+
+		return true;
+	}
+
 	sendNotificationNative(app, notification, countApn, countGcm) {
 		logger.debug('send to token', app.token);
 
+		const validToken = (app.token.apn || app.token.gcm) && this._validateAuthTokenByPushToken(app.token);
+		if (!validToken) {
+			throw new Error('send got a faulty query');
+		}
+
 		if (app.token.apn) {
 			countApn.push(app._id);
 			// Send to APN
 			if (this.options.apn) {
 				notification.topic = app.appName;
 				sendAPN({ userToken: app.token.apn, notification, _removeToken: this._removeToken });
 			}
-		} else if (app.token.gcm) {
+		} else {
 			countGcm.push(app._id);
 
 			// Send to GCM
@@ -102,8 +146,6 @@ export class PushClass {
 					options: this.options,
 				});
 			}
-		} else {
-			throw new Error('send got a faulty query');
 		}
 	}
 
@@ -169,6 +211,11 @@ export class PushClass {
 		for (const gateway of this.options.gateways) {
 			logger.debug('send to token', app.token);
 
+			const validToken = (app.token.apn || app.token.gcm) && this._validateAuthTokenByPushToken(app.token);
+			if (!validToken) {
+				continue;
+			}
+
 			if (app.token.apn) {
 				countApn.push(app._id);
 				notification.topic = app.appName;

apps/meteor/server/startup/migrations/index.ts

@@ -94,4 +94,5 @@ import './v267';
 import './v268';
 import './v269';
 import './v271';
+import './v272';
 import './xrun';

apps/meteor/server/startup/migrations/v272.ts

@@ -0,0 +1,17 @@
+import { appTokensCollection } from '../../../app/push/server/push';
+import { addMigration } from '../../lib/migrations';
+
+addMigration({
+	version: 272,
+	async up() {
+		return appTokensCollection.rawCollection().updateMany(
+			{},
+			{
+				$set: {
+					expiration: new Date(Date.now() + 7 * 24 * 60 * 60 * 1000),
+					usesLeft: 7,
+				},
+			},
+		);
+	},
+});