RocketChat · sampaiodiego · Jan 10, 2020 · Jan 9, 2020 · Jan 10, 2020
diff --git a/app/apps/server/bridges/messages.js b/app/apps/server/bridges/messages.js
@@ -1,9 +1,9 @@
-import { Meteor } from 'meteor/meteor';
 import { Random } from 'meteor/random';
 
 import { Messages, Users, Subscriptions } from '../../../models';
 import { Notifications } from '../../../notifications';
 import { updateMessage } from '../../../lib/server/functions/updateMessage';
+import { executeSendMessage } from '../../../lib/server/methods/sendMessage';
 
 export class AppMessageBridge {
 	constructor(orch) {
@@ -13,13 +13,11 @@ export class AppMessageBridge {
 	async create(message, appId) {
 		this.orch.debugLog(`The App ${ appId } is creating a new message.`);
 
-		let msg = this.orch.getConverters().get('messages').convertAppMessage(message);
+		const convertedMessage = this.orch.getConverters().get('messages').convertAppMessage(message);
 
-		Meteor.runAsUser(msg.u._id, () => {
-			msg = Meteor.call('sendMessage', msg);
-		});
+		const sentMessage = executeSendMessage(convertedMessage.u._id, convertedMessage, true);
 
-		return msg._id;
+		return sentMessage._id;
 	}
 
 	async getById(messageId, appId) {

diff --git a/app/lib/server/functions/sendMessage.js b/app/lib/server/functions/sendMessage.js
@@ -165,13 +165,16 @@ const validateUserIdentity = (message, _id) => {
 	}
 };
 
-export const sendMessage = function(user, message, room, upsert = false) {
+export const sendMessage = function(user, message, room, upsert = false, trustedSender = false) {
 	if (!user || !message || !room._id) {
 		return false;
 	}
 	const { _id, username, name } = user;
 
-	validateUserIdentity(message, _id);
+	if (!trustedSender) {
+		validateUserIdentity(message, _id);
+	}
+
 	validateMessage(message);
 
 	if (!message.ts) {

diff --git a/app/lib/server/methods/sendMessage.js b/app/lib/server/methods/sendMessage.js
@@ -15,89 +15,93 @@ import { RateLimiter } from '../lib';
 import { canSendMessage } from '../../../authorization/server';
 import { SystemLogger } from '../../../logger/server';
 
-Meteor.methods({
-	sendMessage(message) {
-		check(message, Object);
+export function executeSendMessage(uid, message, trustedSender = false) {
+	if (message.tmid && !settings.get('Threads_enabled')) {
+		throw new Meteor.Error('error-not-allowed', 'not-allowed', {
+			method: 'sendMessage',
+		});
+	}
 
-		const uid = Meteor.userId();
-		if (!uid) {
-			throw new Meteor.Error('error-invalid-user', 'Invalid user', {
+	if (message.ts) {
+		const tsDiff = Math.abs(moment(message.ts).diff());
+		if (tsDiff > 60000) {
+			throw new Meteor.Error('error-message-ts-out-of-sync', 'Message timestamp is out of sync', {
 				method: 'sendMessage',
+				message_ts: message.ts,
+				server_ts: new Date().getTime(),
 			});
+		} else if (tsDiff > 10000) {
+			message.ts = new Date();
 		}
+	} else {
+		message.ts = new Date();
+	}
+
+	if (message.msg) {
+		const adjustedMessage = messageProperties.messageWithoutEmojiShortnames(message.msg);
 
-		if (message.tmid && !settings.get('Threads_enabled')) {
-			throw new Meteor.Error('error-not-allowed', 'not-allowed', {
+		if (messageProperties.length(adjustedMessage) > settings.get('Message_MaxAllowedSize')) {
+			throw new Meteor.Error('error-message-size-exceeded', 'Message size exceeds Message_MaxAllowedSize', {
 				method: 'sendMessage',
 			});
 		}
+	}
 
-		if (message.ts) {
-			const tsDiff = Math.abs(moment(message.ts).diff());
-			if (tsDiff > 60000) {
-				throw new Meteor.Error('error-message-ts-out-of-sync', 'Message timestamp is out of sync', {
-					method: 'sendMessage',
-					message_ts: message.ts,
-					server_ts: new Date().getTime(),
-				});
-			} else if (tsDiff > 10000) {
-				message.ts = new Date();
-			}
-		} else {
-			message.ts = new Date();
-		}
+	const user = Users.findOneById(uid, {
+		fields: {
+			username: 1,
+			...!!settings.get('Message_SetNameToAliasEnabled') && { name: 1 },
+		},
+	});
+	let { rid } = message;
 
-		if (message.msg) {
-			const adjustedMessage = messageProperties.messageWithoutEmojiShortnames(message.msg);
+	// do not allow nested threads
+	if (message.tmid) {
+		const parentMessage = Messages.findOneById(message.tmid);
+		message.tmid = parentMessage.tmid || message.tmid;
+		rid = parentMessage.rid;
+	}
 
-			if (messageProperties.length(adjustedMessage) > settings.get('Message_MaxAllowedSize')) {
-				throw new Meteor.Error('error-message-size-exceeded', 'Message size exceeds Message_MaxAllowedSize', {
-					method: 'sendMessage',
-				});
-			}
-		}
+	if (!rid) {
+		throw new Error('The \'rid\' property on the message object is missing.');
+	}
 
-		const user = Users.findOneById(uid, {
-			fields: {
-				username: 1,
-				...!!settings.get('Message_SetNameToAliasEnabled') && { name: 1 },
-			},
-		});
-		let { rid } = message;
-
-		// do not allow nested threads
-		if (message.tmid) {
-			const parentMessage = Messages.findOneById(message.tmid);
-			message.tmid = parentMessage.tmid || message.tmid;
-			rid = parentMessage.rid;
+	try {
+		const room = canSendMessage(rid, { uid, username: user.username });
+		if (message.alias == null && settings.get('Message_SetNameToAliasEnabled')) {
+			message.alias = user.name;
 		}
 
-		if (!rid) {
-			throw new Error('The \'rid\' property on the message object is missing.');
+		metrics.messagesSent.inc(); // TODO This line needs to be moved to it's proper place. See the comments on: https://github.com/RocketChat/Rocket.Chat/pull/5736
+		return sendMessage(user, message, room, false, trustedSender);
+	} catch (error) {
+		if (error === 'error-not-allowed') {
+			throw new Meteor.Error('error-not-allowed');
 		}
 
-		try {
-			const room = canSendMessage(rid, { uid, username: user.username });
-			if (message.alias == null && settings.get('Message_SetNameToAliasEnabled')) {
-				message.alias = user.name;
-			}
+		SystemLogger.error('Error sending message:', error);
 
-			metrics.messagesSent.inc(); // TODO This line needs to be moved to it's proper place. See the comments on: https://github.com/RocketChat/Rocket.Chat/pull/5736
-			return sendMessage(user, message, room);
-		} catch (error) {
-			if (error === 'error-not-allowed') {
-				throw new Meteor.Error('error-not-allowed');
-			}
+		Notifications.notifyUser(uid, 'message', {
+			_id: Random.id(),
+			rid: message.rid,
+			ts: new Date(),
+			msg: TAPi18n.__(error, {}, user.language),
+		});
+	}
+}
 
-			SystemLogger.error('Error sending message:', error);
+Meteor.methods({
+	sendMessage(message) {
+		check(message, Object);
 
-			Notifications.notifyUser(uid, 'message', {
-				_id: Random.id(),
-				rid: message.rid,
-				ts: new Date(),
-				msg: TAPi18n.__(error, {}, user.language),
+		const uid = Meteor.userId();
+		if (!uid) {
+			throw new Meteor.Error('error-invalid-user', 'Invalid user', {
+				method: 'sendMessage',
 			});
 		}
+
+		return executeSendMessage(uid, message);
 	},
 });
 // Limit a user, who does not have the "bot" role, to sending 5 msgs/second