From 24f336c5edd6fedd7909c87f0ba61f53f47e14cb Mon Sep 17 00:00:00 2001
From: Andy Wang <41224501+andy-t-wang@users.noreply.github.com>
Date: Mon, 13 Jan 2025 15:08:39 -0800
Subject: [PATCH] Remove notification restriction (#1130)

* Remove notification restriction

* fix tests and add permission check
---
 web/api/helpers/app-store.ts                  |  5 -----
 .../graphql/fetch-metadata.generated.ts       |  4 ++++
 .../graphql/fetch-metadata.graphql            |  2 ++
 web/api/v2/minikit/send-notification/index.ts | 15 +++++---------
 web/tests/api/v2/minikit-app-metadata.test.ts |  2 ++
 web/tests/api/v2/send-notification.test.ts    | 20 +++++++++++++++----
 6 files changed, 29 insertions(+), 19 deletions(-)

diff --git a/web/api/helpers/app-store.ts b/web/api/helpers/app-store.ts
index 9a698b032..82339dff5 100644
--- a/web/api/helpers/app-store.ts
+++ b/web/api/helpers/app-store.ts
@@ -1,6 +1,5 @@
 import { getLocalisedCategory } from "@/lib/categories";
 import {
-  notificationPermissions,
   whitelistedAppsContracts,
   whitelistedAppsPermit2,
 } from "@/lib/constants";
@@ -107,10 +106,6 @@ export const formatAppMetadata = async (
     team_name: app.team.name ?? "",
     permit2_tokens: permit2Tokens,
     contracts: contracts,
-    // TODO: Remove this once we have the forms
-    is_allowed_unlimited_notifications: notificationPermissions[
-      process.env.NEXT_PUBLIC_APP_ENV as "staging" | "production"
-    ].includes(app.team.id),
   };
 };
 
diff --git a/web/api/v2/minikit/send-notification/graphql/fetch-metadata.generated.ts b/web/api/v2/minikit/send-notification/graphql/fetch-metadata.generated.ts
index a10e540f0..3defea841 100644
--- a/web/api/v2/minikit/send-notification/graphql/fetch-metadata.generated.ts
+++ b/web/api/v2/minikit/send-notification/graphql/fetch-metadata.generated.ts
@@ -15,6 +15,8 @@ export type GetAppMetadataQuery = {
     name: string;
     app_id: string;
     is_reviewer_app_store_approved: boolean;
+    is_allowed_unlimited_notifications?: boolean | null;
+    max_notifications_per_day?: number | null;
     app: { __typename?: "app"; team: { __typename?: "team"; id: string } };
   }>;
 };
@@ -31,6 +33,8 @@ export const GetAppMetadataDocument = gql`
       name
       app_id
       is_reviewer_app_store_approved
+      is_allowed_unlimited_notifications
+      max_notifications_per_day
       app {
         team {
           id
diff --git a/web/api/v2/minikit/send-notification/graphql/fetch-metadata.graphql b/web/api/v2/minikit/send-notification/graphql/fetch-metadata.graphql
index fd43b7cc2..17a3436ad 100644
--- a/web/api/v2/minikit/send-notification/graphql/fetch-metadata.graphql
+++ b/web/api/v2/minikit/send-notification/graphql/fetch-metadata.graphql
@@ -9,6 +9,8 @@ query GetAppMetadata($app_id: String!) {
     name
     app_id
     is_reviewer_app_store_approved
+    is_allowed_unlimited_notifications
+    max_notifications_per_day
     app {
       team {
         id
diff --git a/web/api/v2/minikit/send-notification/index.ts b/web/api/v2/minikit/send-notification/index.ts
index ba398c75b..ef07d5869 100644
--- a/web/api/v2/minikit/send-notification/index.ts
+++ b/web/api/v2/minikit/send-notification/index.ts
@@ -2,7 +2,6 @@ import { errorResponse } from "@/api/helpers/errors";
 import { getAPIServiceGraphqlClient } from "@/api/helpers/graphql";
 import { verifyHashedSecret } from "@/api/helpers/utils";
 import { validateRequestSchema } from "@/api/helpers/validate-request-schema";
-import { notificationPermissions } from "@/lib/constants";
 import { logger } from "@/lib/logger";
 import { createSignedFetcher } from "aws-sigv4-fetch";
 import { GraphQLClient } from "graphql-request";
@@ -205,17 +204,14 @@ export const POST = async (req: NextRequest) => {
   const appMetadata = app_metadata?.[0];
   const teamId = appMetadata.app.team.id;
 
-  // TODO: Remove this enforcement
   if (
-    !notificationPermissions[
-      process.env.NEXT_PUBLIC_APP_ENV as "staging" | "production"
-    ].includes(teamId)
+    !appMetadata.is_allowed_unlimited_notifications &&
+    appMetadata.max_notifications_per_day === 0
   ) {
     return errorResponse({
-      statusCode: 403,
-      code: "forbidden",
-      detail: "You are not allowed to send notifications.",
-      attribute: "team_id",
+      statusCode: 400,
+      code: "not_allowed",
+      detail: "Notifications not enabled for this app",
       req,
     });
   }
@@ -266,7 +262,6 @@ export const POST = async (req: NextRequest) => {
     });
   }
   const response: SendNotificationResponse = data.result;
-  logger.warn("Notification sent successfully", response);
 
   logNotification(
     serviceClient,
diff --git a/web/tests/api/v2/minikit-app-metadata.test.ts b/web/tests/api/v2/minikit-app-metadata.test.ts
index a83a1d74b..ec9b29474 100644
--- a/web/tests/api/v2/minikit-app-metadata.test.ts
+++ b/web/tests/api/v2/minikit-app-metadata.test.ts
@@ -84,6 +84,7 @@ const validAppMetadataResponse = [
     supported_countries: ["us"],
     supported_languages: ["en"],
     associated_domains: ["https://worldcoin.org"],
+    is_allowed_unlimited_notifications: false,
     app: { team: { name: "test" }, rating_sum: 10, rating_count: 3 },
   },
 ];
@@ -181,6 +182,7 @@ describe("/api/v2/minikit/app-metadata/[app_id] [success cases]", () => {
           supported_countries: ["us"],
           supported_languages: ["en"],
           app: { team: { name: "test" }, rating_sum: 10, rating_count: 3 },
+          is_allowed_unlimited_notifications: false,
         },
       ],
     });
diff --git a/web/tests/api/v2/send-notification.test.ts b/web/tests/api/v2/send-notification.test.ts
index 55fc1a0b2..6fc035de9 100644
--- a/web/tests/api/v2/send-notification.test.ts
+++ b/web/tests/api/v2/send-notification.test.ts
@@ -32,7 +32,17 @@ jest.mock("aws-sigv4-fetch", () => ({
   createSignedFetcher: () =>
     jest.fn(() =>
       Promise.resolve({
-        json: () => ({}),
+        json: () => ({
+          result: {
+            results: [
+              {
+                walletAddress: "0x1234567890abcdef1234567890abcdef12345678",
+                sent: true,
+                reason: "User has disabled notifications",
+              },
+            ],
+          },
+        }),
         ok: true,
         status: 201,
       }),
@@ -234,7 +244,7 @@ describe("/api/v2/minikit/send-notification [error cases]", () => {
     expect((await res.json()).detail).toBe("API key is inactive.");
   });
 
-  it("returns 403 if app team is invalid", async () => {
+  it("returns 400 if not allowed to send notifications", async () => {
     const mockReq = createMockRequest({
       url: "http://localhost:3000/api/v2/minikit/send-notification",
       api_key: validApiKey,
@@ -247,15 +257,17 @@ describe("/api/v2/minikit/send-notification [error cases]", () => {
           name: "Example App",
           app_id: "app_staging_9cdd0a714aec9ed17dca660bc9ffe72a",
           is_reviewer_app_store_approved: true,
+          is_allowed_unlimited_notifications: false,
+          max_notifications_per_day: 0,
           app: { team: { id: "random" } },
         },
       ],
     });
 
     const res = await POST(mockReq);
-    expect(res.status).toBe(403);
+    expect(res.status).toBe(400);
     expect((await res.json()).detail).toBe(
-      "You are not allowed to send notifications.",
+      "Notifications not enabled for this app",
     );
   });
 });