pwa_webpush.pages.inc in Progressive Web App 7.2

<?php

/**
 * @param $endpoint_sha256
 *
 * @return array|string[]
 */
function pwa_webpush_register($endpoint_sha256) {
  $out = [
    'status' => 'ok',
  ];
  $uid = $GLOBALS['user']->uid;
  $function = '_pwa_webpush_subscription_' . $_SERVER['REQUEST_METHOD'];
  if (function_exists($function)) {
    $function($endpoint_sha256, $uid, $out);
  }
  else {
    $out['status'] = 'error';
    $out['error'] = 'HTTP Method ' . $_SERVER['REQUEST_METHOD'] . ' not supported';
  }
  return $out;
}

/**
 * @param $endpoint_sha256
 * @param $uid
 *
 * @return mixed
 */
function _pwa_webpush_subscription_exists($endpoint_sha256, $uid) {
  $sub = db_query('SELECT * FROM {pwa_webpush_subscription} WHERE endpoint_sha256 = :sha AND uid = :uid', [
    ':sha' => $endpoint_sha256,
    ':uid' => $uid,
  ])
    ->fetchObject();
  return $sub;
}

/**
 * @param $endpoint_sha256
 * @param $uid
 * @param $out
 *
 * @return mixed
 * @throws \InvalidMergeQueryException
 */
function _pwa_webpush_subscription_DELETE($endpoint_sha256, $uid, &$out) {
  if ($sub = _pwa_webpush_subscription_exists($endpoint_sha256, $uid)) {
    db_merge('pwa_webpush_subscription')
      ->key([
      'uid' => $uid,
      'endpoint_sha256' => $endpoint_sha256,
    ])
      ->fields([
      'expired' => REQUEST_TIME,
    ])
      ->execute();
    $out['sid'] = $sub->sid;
    $out['action'] = 'remove';
    return $out;
  }
  else {
    drupal_add_http_header('Status', '400 Bad Request');
    $out['status'] = 'error';
    $out['error'] = 'Subscription "' . $endpoint_sha256 . '" missing for user ' . $uid;
    return $out;
  }
}

/**
 * @param $endpoint_sha256
 * @param $uid
 * @param $out
 *
 * @return mixed
 */
function _pwa_webpush_subscription_POST($endpoint_sha256, $uid, &$out) {
  $json = file_get_contents('php://input');
  $data = drupal_json_decode($json);
  if (empty($json) || empty($data['sub']) || empty($data['sub']['endpoint'])) {
    drupal_add_http_header('Status', '400 Bad Request');
    $out['status'] = 'error';
    $out['error'] = 'Required parameters missing';
    return $out;
  }

  // check that the sha256 matches between front and backend.
  if (hash('sha256', $data['sub']['endpoint']) !== $endpoint_sha256) {
    $out['status'] = 'error';
    $out['error'] = 'SHA is not valid for this endpoint';
    return $out;
  }

  // Check that the subscription doesn't exists already (especially useful for
  // anonymous users). Returns the same format as an insertion to keep the
  // frontend code working.
  if ($sub = _pwa_webpush_subscription_exists($endpoint_sha256, $uid)) {
    $out['sid'] = $sub->sid;
    $out['saved'] = $sub;
    $out['action'] = 'add';
    return $out;
  }
  $save = [
    'uid' => $uid,
    'created' => REQUEST_TIME,
    'last_used' => 0,
    'expired' => 0,
    // For unicity.
    'endpoint_sha256' => $endpoint_sha256,
    'json' => drupal_json_encode($data['sub']),
  ];

  // Wrap in a try/catch in case there is an SQL error.
  try {
    $query = db_insert('pwa_webpush_subscription')
      ->fields($save)
      ->execute();
    if (!$query) {
      drupal_add_http_header('Status', '500 Server error');
      $out['status'] = 'error';
      $out['error'] = 'Could not save the subscription to the database';
    }
    else {
      $out['sid'] = $query;
      $out['saved'] = [
        'sid' => $query,
      ] + $save;
      $out['action'] = 'add';
    }
  } catch (Exception $exception) {
    drupal_add_http_header('Status', '500 Server error');
    $out['status'] = 'exception';
    $out['exception'] = $exception
      ->getMessage();
  }
  return $out;
}