From 76ebfbd305e0b5caa66503bab4a049b3c9e4bc5e Mon Sep 17 00:00:00 2001
From: Hongbo Wu <hongbo@omnivore.app>
Date: Fri, 5 Jul 2024 17:03:27 +0800
Subject: [PATCH] create separate intercom secret and return the hash based on
 the client

---
 .../api/src/resolvers/function_resolvers.ts   | 25 ++++++++++++++-----
 packages/api/src/util.ts                      |  9 +++++++
 2 files changed, 28 insertions(+), 6 deletions(-)

diff --git a/packages/api/src/resolvers/function_resolvers.ts b/packages/api/src/resolvers/function_resolvers.ts
index 91a511036..43bd5cf5e 100644
--- a/packages/api/src/resolvers/function_resolvers.ts
+++ b/packages/api/src/resolvers/function_resolvers.ts
@@ -4,6 +4,7 @@
 /* eslint-disable @typescript-eslint/no-unsafe-member-access */
 /* eslint-disable @typescript-eslint/explicit-module-boundary-types */
 import { createHmac } from 'crypto'
+import * as httpContext from 'express-http-context2'
 import { isError } from 'lodash'
 import { Highlight } from '../entity/highlight'
 import { LibraryItem, LibraryItemState } from '../entity/library_item'
@@ -355,14 +356,26 @@ export const functionResolvers = {
   },
   User: {
     async intercomHash(user: User) {
-      if (env.intercom.secretKey) {
-        const userIdentifier = user.id.toString()
+      let secret: string
 
-        return createHmac('sha256', env.intercom.secretKey)
-          .update(userIdentifier)
-          .digest('hex')
+      const client = httpContext.get('client') as string
+      switch (client.toLowerCase()) {
+        case 'ios':
+          secret = env.intercom.iosSecret
+          break
+        case 'android':
+          secret = env.intercom.androidSecret
+          break
+        default:
+          secret = env.intercom.webSecret
       }
-      return undefined
+
+      if (!secret) {
+        return undefined
+      }
+
+      const userIdentifier = user.id
+      return createHmac('sha256', secret).update(userIdentifier).digest('hex')
     },
     async features(_: User, __: Record<string, unknown>, ctx: ResolverContext) {
       if (!ctx.claims?.uid) {
diff --git a/packages/api/src/util.ts b/packages/api/src/util.ts
index 14a192c74..9590c2cd6 100755
--- a/packages/api/src/util.ts
+++ b/packages/api/src/util.ts
@@ -54,6 +54,9 @@ export interface BackendEnv {
   intercom: {
     token: string
     secretKey: string
+    webSecret: string
+    iosSecret: string
+    androidSecret: string
   }
   sentry: {
     dsn: string
@@ -193,6 +196,9 @@ const nullableEnvVars = [
   'PG_REPLICA_USER',
   'PG_REPLICA_PASSWORD',
   'PG_REPLICA_DB',
+  'INTERCOM_WEB_SECRET',
+  'INTERCOM_IOS_SECRET',
+  'INTERCOM_ANDROID_SECRET',
 ] // Allow some vars to be null/empty
 
 const envParser =
@@ -268,6 +274,9 @@ export function getEnv(): BackendEnv {
   const intercom = {
     token: parse('INTERCOM_TOKEN'),
     secretKey: parse('INTERCOM_SECRET_KEY'),
+    webSecret: parse('INTERCOM_WEB_SECRET'),
+    iosSecret: parse('INTERCOM_IOS_SECRET'),
+    androidSecret: parse('INTERCOM_ANDROID_SECRET'),
   }
   const sentry = {
     dsn: parse('SENTRY_DSN'),