From bd27f2de6b30853dcaaf3dbb4f538100d353f3f7 Mon Sep 17 00:00:00 2001
From: Gauthier <mail@gauthierth.fr>
Date: Sat, 9 May 2026 11:18:22 +0200
Subject: [PATCH] fix(users): correct auth middleware for web push subscription
 (#3005)

---
 server/routes/user/index.ts | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/server/routes/user/index.ts b/server/routes/user/index.ts
index 326602348..663945027 100644
--- a/server/routes/user/index.ts
+++ b/server/routes/user/index.ts
@@ -324,8 +324,8 @@ router.post<
   }
 });
 
-router.get<{ userId: string }>(
-  '/:userId/pushSubscriptions',
+router.get<{ id: string }>(
+  '/:id/pushSubscriptions',
   isOwnProfileOrAdmin(),
   async (req, res, next) => {
     try {
@@ -333,7 +333,7 @@ router.get<{ userId: string }>(
 
       const userPushSubs = await userPushSubRepository.find({
         relations: { user: true },
-        where: { user: { id: Number(req.params.userId) } },
+        where: { user: { id: Number(req.params.id) } },
       });
 
       return res.status(200).json(userPushSubs);
@@ -343,8 +343,8 @@ router.get<{ userId: string }>(
   }
 );
 
-router.get<{ userId: string; endpoint: string }>(
-  '/:userId/pushSubscription/:endpoint',
+router.get<{ id: string; endpoint: string }>(
+  '/:id/pushSubscription/:endpoint',
   isOwnProfileOrAdmin(),
   async (req, res, next) => {
     try {
@@ -355,7 +355,7 @@ router.get<{ userId: string; endpoint: string }>(
           user: true,
         },
         where: {
-          user: { id: Number(req.params.userId) },
+          user: { id: Number(req.params.id) },
           endpoint: req.params.endpoint,
         },
       });
@@ -367,8 +367,8 @@ router.get<{ userId: string; endpoint: string }>(
   }
 );
 
-router.delete<{ userId: string; endpoint: string }>(
-  '/:userId/pushSubscription/:endpoint',
+router.delete<{ id: string; endpoint: string }>(
+  '/:id/pushSubscription/:endpoint',
   isOwnProfileOrAdmin(),
   async (req, res, next) => {
     try {
@@ -377,7 +377,7 @@ router.delete<{ userId: string; endpoint: string }>(
       const userPushSub = await userPushSubRepository.findOne({
         relations: { user: true },
         where: {
-          user: { id: Number(req.params.userId) },
+          user: { id: Number(req.params.id) },
           endpoint: req.params.endpoint,
         },
       });