chore(deps): update dependency typeorm to v0.3.28

README.md

@@ -8,7 +8,7 @@
 <p align="center">
 <a href="https://discord.gg/seerr"><img src="https://img.shields.io/discord/783137440809746482" alt="Discord"></a>
 <a href="https://hub.docker.com/r/seerr/seerr"><img src="https://img.shields.io/docker/pulls/seerr/seerr" alt="Docker pulls"></a>
-<a href="https://translate.seerr.dev/engage/seerr/"><img src="https://translate.seerr.dev/widget/seerr/svg-badge.svg" alt="Translation status" /></a>
+<a href="https://translate.seerr.dev/engage/seerr/"><img src="https://translate.seerr.dev/widget/seerr/seerr-frontend/svg-badge.svg" alt="Translation status" /></a>
 <a href="https://github.com/seerr-team/seerr/blob/develop/LICENSE"><img alt="GitHub" src="https://img.shields.io/github/license/seerr-team/seerr"></a>
 
 **Seerr** is a free and open source software application for managing requests for your media library. It integrates with the media server of your choice: [Jellyfin](https://jellyfin.org), [Plex](https://plex.tv), and [Emby](https://emby.media/). In addition, it integrates with your existing services, such as **[Sonarr](https://sonarr.tv/)**, **[Radarr](https://radarr.video/)**.

package.json

@@ -103,7 +103,7 @@
     "swagger-ui-express": "4.6.2",
     "swr": "2.3.7",
     "tailwind-merge": "^2.6.0",
-    "typeorm": "0.3.12",
+    "typeorm": "0.3.28",
     "ua-parser-js": "^1.0.35",
     "undici": "^7.16.0",
     "validator": "^13.15.23",

server/entity/UserPushSubscription.ts

@@ -1,15 +1,8 @@
 import { DbAwareColumn } from '@server/utils/DbColumnHelper';
-import {
-  Column,
-  Entity,
-  ManyToOne,
-  PrimaryGeneratedColumn,
-  Unique,
-} from 'typeorm';
+import { Column, Entity, ManyToOne, PrimaryGeneratedColumn } from 'typeorm';
 import { User } from './User';
 
 @Entity()
-@Unique(['endpoint', 'user'])
 export class UserPushSubscription {
   @PrimaryGeneratedColumn()
   public id: number;

server/lib/notifications/agents/webpush.ts

@@ -24,15 +24,6 @@ interface PushNotificationPayload {
   isAdmin?: boolean;
 }
 
-interface WebPushError extends Error {
-  statusCode?: number;
-  status?: number;
-  body?: string | unknown;
-  response?: {
-    body?: string | unknown;
-  };
-}
-
 class WebPushAgent
   extends BaseAgent<NotificationAgentConfig>
   implements NotificationAgent
@@ -197,30 +188,19 @@ class WebPushAgent
           notificationPayload
         );
       } catch (e) {
-        const webPushError = e as WebPushError;
-        const statusCode = webPushError.statusCode || webPushError.status;
-        const errorMessage = webPushError.message || String(e);
-
-        // RFC 8030: 410/404 are permanent failures, others are transient
-        const isPermanentFailure = statusCode === 410 || statusCode === 404;
-
         logger.error(
-          isPermanentFailure
-            ? 'Error sending web push notification; removing invalid subscription'
-            : 'Error sending web push notification (transient error, keeping subscription)',
+          'Error sending web push notification; removing subscription',
           {
             label: 'Notifications',
             recipient: pushSub.user.displayName,
             type: Notification[type],
             subject: payload.subject,
-            errorMessage,
-            statusCode: statusCode || 'unknown',
+            errorMessage: e.message,
           }
         );
 
-        if (isPermanentFailure) {
-          await userPushSubRepository.remove(pushSub);
-        }
+        // Failed to send notification so we need to remove the subscription
+        userPushSubRepository.remove(pushSub);
       }
     };
 

server/migration/postgres/1765233385034-AddUniqueConstraintToPushSubscription.ts

@@ -1,19 +0,0 @@
-import type { MigrationInterface, QueryRunner } from 'typeorm';
-
-export class AddUniqueConstraintToPushSubscription1765233385034
-  implements MigrationInterface
-{
-  name = 'AddUniqueConstraintToPushSubscription1765233385034';
-
-  public async up(queryRunner: QueryRunner): Promise<void> {
-    await queryRunner.query(
-      `ALTER TABLE "user_push_subscription" ADD CONSTRAINT "UQ_6427d07d9a171a3a1ab87480005" UNIQUE ("endpoint", "userId")`
-    );
-  }
-
-  public async down(queryRunner: QueryRunner): Promise<void> {
-    await queryRunner.query(
-      `ALTER TABLE "user_push_subscription" DROP CONSTRAINT "UQ_6427d07d9a171a3a1ab87480005"`
-    );
-  }
-}

server/migration/sqlite/1765233385034-AddUniqueConstraintToPushSubscription.ts

@@ -1,17 +0,0 @@
-import type { MigrationInterface, QueryRunner } from 'typeorm';
-
-export class AddUniqueConstraintToPushSubscription1765233385034
-  implements MigrationInterface
-{
-  name = 'AddUniqueConstraintToPushSubscription1765233385034';
-
-  public async up(queryRunner: QueryRunner): Promise<void> {
-    await queryRunner.query(
-      `CREATE UNIQUE INDEX "UQ_6427d07d9a171a3a1ab87480005" ON "user_push_subscription" ("endpoint", "userId")`
-    );
-  }
-
-  public async down(queryRunner: QueryRunner): Promise<void> {
-    await queryRunner.query(`DROP INDEX "UQ_6427d07d9a171a3a1ab87480005"`);
-  }
-}

server/routes/auth.ts

@@ -626,6 +626,76 @@ authRoutes.post('/local', async (req, res, next) => {
       });
     }
 
+    const mainUser = await userRepository.findOneOrFail({
+      select: { id: true, plexToken: true, plexId: true },
+      where: { id: 1 },
+    });
+    const mainPlexTv = new PlexTvAPI(mainUser.plexToken ?? '');
+
+    if (!user.plexId) {
+      try {
+        const plexUsersResponse = await mainPlexTv.getUsers();
+        const account = plexUsersResponse.MediaContainer.User.find(
+          (account) =>
+            account.$.email &&
+            account.$.email.toLowerCase() === user.email.toLowerCase()
+        )?.$;
+
+        if (
+          account &&
+          (await mainPlexTv.checkUserAccess(parseInt(account.id)))
+        ) {
+          logger.info(
+            'Found matching Plex user; updating user with Plex data',
+            {
+              label: 'API',
+              ip: req.ip,
+              email: body.email,
+              userId: user.id,
+              plexId: account.id,
+              plexUsername: account.username,
+            }
+          );
+
+          user.plexId = parseInt(account.id);
+          user.avatar = account.thumb;
+          user.email = account.email;
+          user.plexUsername = account.username;
+          user.userType = UserType.PLEX;
+
+          await userRepository.save(user);
+        }
+      } catch (e) {
+        logger.error('Something went wrong fetching Plex users', {
+          label: 'API',
+          errorMessage: e.message,
+        });
+      }
+    }
+
+    if (
+      user.plexId &&
+      user.plexId !== mainUser.plexId &&
+      !(await mainPlexTv.checkUserAccess(user.plexId))
+    ) {
+      logger.warn(
+        'Failed sign-in attempt from Plex user without access to the media server',
+        {
+          label: 'API',
+          account: {
+            ip: req.ip,
+            email: body.email,
+            userId: user.id,
+            plexId: user.plexId,
+          },
+        }
+      );
+      return next({
+        status: 403,
+        message: 'Access denied.',
+      });
+    }
+
     // Set logged in session
     if (user && req.session) {
       req.session.userId = user.id;
@@ -705,7 +775,7 @@ authRoutes.post('/logout', async (req, res, next) => {
         });
         return next({ status: 500, message: 'Failed to destroy session.' });
       }
-      logger.debug('Successfully logged out user', {
+      logger.info('Successfully logged out user', {
         label: 'Auth',
         userId,
       });

server/routes/user/index.ts

@@ -4,7 +4,7 @@ import TautulliAPI from '@server/api/tautulli';
 import { MediaType } from '@server/constants/media';
 import { MediaServerType } from '@server/constants/server';
 import { UserType } from '@server/constants/user';
-import dataSource, { getRepository } from '@server/datasource';
+import { getRepository } from '@server/datasource';
 import Media from '@server/entity/Media';
 import { MediaRequest } from '@server/entity/MediaRequest';
 import { User } from '@server/entity/User';
@@ -25,8 +25,7 @@ import { getHostname } from '@server/utils/getHostname';
 import { Router } from 'express';
 import gravatarUrl from 'gravatar-url';
 import { findIndex, sortBy } from 'lodash';
-import type { EntityManager } from 'typeorm';
-import { In, Not } from 'typeorm';
+import { In } from 'typeorm';
 import userSettingsRoutes from './usersettings';
 
 const router = Router();
@@ -189,82 +188,30 @@ router.post<
   }
 >('/registerPushSubscription', async (req, res, next) => {
   try {
-    // This prevents race conditions where two requests both pass the checks
-    await dataSource.transaction(
-      async (transactionalEntityManager: EntityManager) => {
-        const transactionalRepo =
-          transactionalEntityManager.getRepository(UserPushSubscription);
+    const userPushSubRepository = getRepository(UserPushSubscription);
 
-        // Check for existing subscription by auth or endpoint within transaction
-        const existingSubscription = await transactionalRepo.findOne({
-          relations: { user: true },
-          where: [
-            { auth: req.body.auth, user: { id: req.user?.id } },
-            { endpoint: req.body.endpoint, user: { id: req.user?.id } },
-          ],
-        });
+    const existingSubs = await userPushSubRepository.find({
+      relations: { user: true },
+      where: { auth: req.body.auth, user: { id: req.user?.id } },
+    });
 
-        if (existingSubscription) {
-          // If endpoint matches but auth is different, update with new keys (iOS refresh case)
-          if (
-            existingSubscription.endpoint === req.body.endpoint &&
-            existingSubscription.auth !== req.body.auth
-          ) {
-            existingSubscription.auth = req.body.auth;
-            existingSubscription.p256dh = req.body.p256dh;
-            existingSubscription.userAgent = req.body.userAgent;
+    if (existingSubs.length > 0) {
+      logger.debug(
+        'User push subscription already exists. Skipping registration.',
+        { label: 'API' }
+      );
+      return res.status(204).send();
+    }
 
-            await transactionalRepo.save(existingSubscription);
+    const userPushSubscription = new UserPushSubscription({
+      auth: req.body.auth,
+      endpoint: req.body.endpoint,
+      p256dh: req.body.p256dh,
+      userAgent: req.body.userAgent,
+      user: req.user,
+    });
 
-            logger.debug(
-              'Updated existing push subscription with new keys for same endpoint.',
-              { label: 'API' }
-            );
-            return;
-          }
-
-          logger.debug(
-            'Duplicate subscription detected. Skipping registration.',
-            { label: 'API' }
-          );
-          return;
-        }
-
-        // Clean up old subscriptions from the same device (userAgent) for this user
-        // iOS can silently refresh endpoints, leaving stale subscriptions in the database
-        // Only clean up if we're creating a new subscription (not updating an existing one)
-        if (req.body.userAgent) {
-          const staleSubscriptions = await transactionalRepo.find({
-            relations: { user: true },
-            where: {
-              userAgent: req.body.userAgent,
-              user: { id: req.user?.id },
-              // Only remove subscriptions with different endpoints (stale ones)
-              // Keep subscriptions that might be from different browsers/tabs
-              endpoint: Not(req.body.endpoint),
-            },
-          });
-
-          if (staleSubscriptions.length > 0) {
-            await transactionalRepo.remove(staleSubscriptions);
-            logger.debug(
-              `Removed ${staleSubscriptions.length} stale push subscription(s) from same device.`,
-              { label: 'API' }
-            );
-          }
-        }
-
-        const userPushSubscription = new UserPushSubscription({
-          auth: req.body.auth,
-          endpoint: req.body.endpoint,
-          p256dh: req.body.p256dh,
-          userAgent: req.body.userAgent,
-          user: req.user,
-        });
-
-        await transactionalRepo.save(userPushSubscription);
-      }
-    );
+    userPushSubRepository.save(userPushSubscription);
 
     return res.status(204).send();
   } catch (e) {

src/components/UserProfile/UserSettings/UserNotificationSettings/UserNotificationsWebPush/index.tsx

@@ -109,28 +109,15 @@ const UserWebPushSettings = () => {
   // Deletes/disables corresponding push subscription from database
   const disablePushNotifications = async (endpoint?: string) => {
     try {
-      const unsubscribedEndpoint = await unsubscribeToPushNotifications(
-        user?.id,
-        endpoint
-      );
+      await unsubscribeToPushNotifications(user?.id, endpoint);
+
+      // Delete from backend if endpoint is available
+      if (subEndpoint) {
+        await deletePushSubscriptionFromBackend(subEndpoint);
+      }
 
       localStorage.setItem('pushNotificationsEnabled', 'false');
       setWebPushEnabled(false);
-
-      // Only delete the current browser's subscription, not all devices
-      const endpointToDelete = unsubscribedEndpoint || subEndpoint || endpoint;
-      if (endpointToDelete) {
-        try {
-          await axios.delete(
-            `/api/v1/user/${user?.id}/pushSubscription/${encodeURIComponent(
-              endpointToDelete
-            )}`
-          );
-        } catch {
-          // Ignore deletion failures - backend cleanup is best effort
-        }
-      }
-
       addToast(intl.formatMessage(messages.webpushhasbeendisabled), {
         autoDismiss: true,
         appearance: 'success',
@@ -170,33 +157,7 @@ const UserWebPushSettings = () => {
   useEffect(() => {
     const verifyWebPush = async () => {
       const enabled = await verifyPushSubscription(user?.id, currentSettings);
-      let isEnabled = enabled;
-
-      if (!enabled && 'serviceWorker' in navigator) {
-        const { subscription } = await getPushSubscription();
-        if (subscription) {
-          isEnabled = true;
-        }
-      }
-
-      if (!isEnabled && dataDevices && dataDevices.length > 0) {
-        const currentUserAgent = navigator.userAgent;
-        const hasMatchingDevice = dataDevices.some(
-          (device) => device.userAgent === currentUserAgent
-        );
-
-        if (hasMatchingDevice) {
-          isEnabled = true;
-        }
-      }
-
-      setWebPushEnabled(isEnabled);
-      if (localStorage.getItem('pushNotificationsEnabled') === null) {
-        localStorage.setItem(
-          'pushNotificationsEnabled',
-          isEnabled ? 'true' : 'false'
-        );
-      }
+      setWebPushEnabled(enabled);
     };
 
     if (user?.id) {

src/utils/pushSubscriptionHelpers.ts

@@ -49,17 +49,13 @@ export const verifyPushSubscription = async (
       currentSettings.vapidPublic
     ).toString();
 
-    if (currentServerKey !== expectedServerKey) {
-      return false;
-    }
-
     const endpoint = subscription.endpoint;
 
     const { data } = await axios.get<UserPushSubscription>(
       `/api/v1/user/${userId}/pushSubscription/${encodeURIComponent(endpoint)}`
     );
 
-    return data.endpoint === endpoint;
+    return expectedServerKey === currentServerKey && data.endpoint === endpoint;
   } catch {
     return false;
   }
@@ -69,39 +65,20 @@ export const verifyAndResubscribePushSubscription = async (
   userId: number | undefined,
   currentSettings: PublicSettingsResponse
 ): Promise<boolean> => {
-  if (!userId) {
-    return false;
-  }
-
-  const { subscription } = await getPushSubscription();
   const isValid = await verifyPushSubscription(userId, currentSettings);
 
   if (isValid) {
     return true;
   }
 
-  if (subscription) {
-    return false;
-  }
-
   if (currentSettings.enablePushRegistration) {
     try {
-      const oldEndpoint = await unsubscribeToPushNotifications(userId);
+      // Unsubscribe from the backend to clear the existing push subscription (keys and endpoint)
+      await unsubscribeToPushNotifications(userId);
 
+      // Subscribe again to generate a fresh push subscription with updated keys and endpoint
       await subscribeToPushNotifications(userId, currentSettings);
 
-      if (oldEndpoint) {
-        try {
-          await axios.delete(
-            `/api/v1/user/${userId}/pushSubscription/${encodeURIComponent(
-              oldEndpoint
-            )}`
-          );
-        } catch (error) {
-          // Ignore errors when deleting old endpoint (it might not exist)
-        }
-      }
-
       return true;
     } catch (error) {
       throw new Error(`[SW] Resubscribe failed: ${error.message}`);
@@ -159,26 +136,24 @@ export const subscribeToPushNotifications = async (
 export const unsubscribeToPushNotifications = async (
   userId: number | undefined,
   endpoint?: string
-): Promise<string | null> => {
+) => {
   if (!('serviceWorker' in navigator) || !userId) {
-    return null;
+    return;
   }
 
   try {
     const { subscription } = await getPushSubscription();
 
     if (!subscription) {
-      return null;
+      return false;
     }
 
     const { endpoint: currentEndpoint } = subscription.toJSON();
 
     if (!endpoint || endpoint === currentEndpoint) {
       await subscription.unsubscribe();
-      return currentEndpoint ?? null;
+      return true;
     }
-
-    return null;
   } catch (error) {
     throw new Error(
       `Issue unsubscribing to push notifications: ${error.message}`