Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BREAK] Validate incoming message schema #9922

Merged
merged 10 commits into from
Apr 21, 2018
Merged

[BREAK] Validate incoming message schema #9922

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
c7a169e
Added validation in chat.postMessage endpoint
MarcosSpessatto Feb 27, 2018
b42d221
fix required parameters and add more tests cases.
MarcosSpessatto Feb 27, 2018
c8d047a
Added the same validation to chat.sendMessage method too.
MarcosSpessatto Feb 28, 2018
ad512fb
changed validation level, set in sendMessage method
MarcosSpessatto Mar 2, 2018
2c2f4e7
Merge branch 'develop' into fix-rest-api-chat-postmessage-validations
MarcosSpessatto Mar 27, 2018
392729f
Merge commit 'a9fb4da5c847a456990a5d60369f0f52ff4a8bd8' into fix-rest…
MarcosSpessatto Apr 19, 2018
be4a6ef
Improvements in the sendMessage function, removed underscore uses, an…
MarcosSpessatto Apr 19, 2018
e957d88
Merge branch 'develop' into fix-rest-api-chat-postmessage-validations
MarcosSpessatto Apr 20, 2018
c770bf4
Fix test in chat.sendMessage endpoint, and fix error in sendMessage f…
MarcosSpessatto Apr 20, 2018
d948c97
fix review
ggazzo Apr 20, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
63 changes: 62 additions & 1 deletion packages/rocketchat-api/server/v1/chat.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ RocketChat.API.v1.addRoute('chat.delete', { authRequired: true }, {
asUser: Match.Maybe(Boolean)
}));

const msg = RocketChat.models.Messages.findOneById(this.bodyParams.msgId, { fields: { u: 1, rid: 1 }});
const msg = RocketChat.models.Messages.findOneById(this.bodyParams.msgId, { fields: { u: 1, rid: 1 } });

if (!msg) {
return RocketChat.API.v1.failure(`No message found with the id of "${ this.bodyParams.msgId }".`);
Expand Down Expand Up @@ -106,6 +106,67 @@ RocketChat.API.v1.addRoute('chat.pinMessage', { authRequired: true }, {

RocketChat.API.v1.addRoute('chat.postMessage', { authRequired: true }, {
post() {
const validateBodyAttachments = (attachments) => {

const validateAttachmentsFields = (attachmentFields) => {
check(attachmentFields, Match.ObjectIncluding({
short: Match.Maybe(Boolean),
title: String,
value: String
}));
};

const validateAttachment = (attachment) => {
check(attachment, Match.ObjectIncluding({
color: Match.Maybe(String),
text: Match.Maybe(String),
ts: Match.Maybe(String),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ts is a String? 🤔

thumb_url: Match.Maybe(String),
message_link: Match.Maybe(String),
collapsed: Match.Maybe(Boolean),
author_name: Match.Maybe(String),
author_link: Match.Maybe(String),
author_icon: Match.Maybe(String),
title: Match.Maybe(String),
title_link: Match.Maybe(String),
title_link_download: Match.Maybe(Boolean),
image_url: Match.Maybe(String),
audio_url: Match.Maybe(String),
video_url: Match.Maybe(String)
}));

if (attachment.fields.length) {
attachment.fields.map(validateAttachmentsFields);
}
};

attachments.map(validateAttachment);
};

const validateBodyParams = (bodyParams) => {
check(bodyParams, Match.ObjectIncluding({
roomId: Match.Maybe(String),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Isn't this one REQUIRED?

channel: Match.Maybe(String),
text: Match.Maybe(String),
alias: Match.Maybe(String),
emoji: Match.Maybe(String),
avatar: Match.Maybe(String),
attachments: Match.Maybe(Array)
}));

if (Array.isArray(bodyParams.attachments) && bodyParams.attachments.length) {
validateBodyAttachments(bodyParams.attachments);
}
};

try {
validateBodyParams(this.bodyParams);
} catch (error) {
return RocketChat.API.v1.failure({
error: error.message
});
}

const messageReturn = processWebhookMessage(this.bodyParams, this.user, undefined, true)[0];

if (!messageReturn) {
Expand Down
2 changes: 1 addition & 1 deletion tests/end-to-end/api/05-chat.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ describe('[Chat]', function() {
author_icon: 'https://avatars.githubusercontent.com/u/850391?v=3',
title: 'Attachment Example',
title_link: 'https://youtube.com',
title_link_download: 'https://rocket.chat/download',
title_link_download: true,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we can have more tests here, with lots of different variations and some fail case. Can you do that, please?

image_url: 'http://res.guggy.com/logo_128.png',
audio_url: 'http://www.w3schools.com/tags/horse.mp3',
video_url: 'http://www.w3schools.com/tags/movie.mp4',
Expand Down