Merge branch 'develop' of github.com:RocketChat/Rocket.Chat into fix/…

…lists * 'develop' of github.com:RocketChat/Rocket.Chat: Chore: Move admin sidebarItems registration to the main file (#25442) [FIX] Sanitize customUserStatus and fix infinite loop (#25449) [IMPROVE] Fix multiple bugs with Matrix bridge (#25318) Chore: Convert `UserStatusMenu` to TS (#25265) Chore: Chore add validation option to rest endpoints (#25443) Chore: Add channel endpoints (rest-typings) (#25279) Update Codeowners Chore: Dedicated package for UI contexts (#25432)
RocketChat · May 10, 2022 · 109fa3b · 109fa3b
2 parents 7a9fc13 + c068743
commit 109fa3b
Show file tree

Hide file tree

Showing 903 changed files with 3,899 additions and 3,469 deletions.
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -1,9 +1,11 @@
 /packages/* @RocketChat/chat-engine
 /packages/core-typings/ @RocketChat/chat-engine
 /packages/rest-typings/ @RocketChat/chat-engine
+/packages/ui-contexts/ @RocketChat/frontend
 /packages/eslint-config/ @RocketChat/chat-engine
 /packages/livechat/ @RocketChat/frontend @RocketChat/chat-engine
 /.vscode/ @RocketChat/chat-engine
 /.github/ @RocketChat/chat-engine
 /_templates/ @RocketChat/chat-engine
 /apps/meteor/client/ @RocketChat/frontend
+/apps/meteor/tests/ @RocketChat/chat-engine
diff --git a/apps/meteor/app/api/server/api.d.ts b/apps/meteor/app/api/server/api.d.ts
@@ -8,6 +8,7 @@ import type {
 	UrlParams,
 } from '@rocket.chat/rest-typings';
 import type { IUser, IMethodConnection } from '@rocket.chat/core-typings';
+import type { ValidateFunction } from 'ajv';
 
 import { ITwoFactorOptions } from '../../2fa/server/code';
 
@@ -54,7 +55,7 @@ export type NonEnterpriseTwoFactorOptions = {
 	twoFactorOptions: ITwoFactorOptions;
 };
 
-type Options =
+type Options = (
 	| {
 			permissionsRequired?: string[];
 			authRequired?: boolean;
@@ -64,7 +65,10 @@ type Options =
 			authRequired: true;
 			twoFactorRequired: true;
 			twoFactorOptions?: ITwoFactorOptions;
-	  };
+	  }
+) & {
+	validateParams?: ValidateFunction;
+};
 
 type Request = {
 	method: 'GET' | 'POST' | 'PUT' | 'DELETE';
@@ -80,9 +84,17 @@ type PartialThis = {
 type ActionThis<TMethod extends Method, TPathPattern extends PathPattern, TOptions> = {
 	urlParams: UrlParams<TPathPattern>;
 	// TODO make it unsafe
-	readonly queryParams: TMethod extends 'GET' ? Partial<OperationParams<TMethod, TPathPattern>> : Record<string, string>;
+	readonly queryParams: TMethod extends 'GET'
+		? TOptions extends { validateParams: ValidateFunction<infer T> }
+			? T
+			: Partial<OperationParams<TMethod, TPathPattern>>
+		: Record<string, string>;
 	// TODO make it unsafe
-	readonly bodyParams: TMethod extends 'GET' ? Record<string, unknown> : Partial<OperationParams<TMethod, TPathPattern>>;
+	readonly bodyParams: TMethod extends 'GET'
+		? Record<string, unknown>
+		: TOptions extends { validateParams: ValidateFunction<infer T> }
+		? T
+		: Partial<OperationParams<TMethod, TPathPattern>>;
 	readonly request: Request;
 	requestParams(): OperationParams<TMethod, TPathPattern>;
 	getLoggedInUser(): IUser | undefined;
@@ -95,6 +107,7 @@ type ActionThis<TMethod extends Method, TPathPattern extends PathPattern, TOptio
 		fields: Record<string, unknown>;
 		query: Record<string, unknown>;
 	};
+	/* @deprecated */
 	getUserFromParams(): IUser;
 } & (TOptions extends { authRequired: true }
 	? {

diff --git a/apps/meteor/app/api/server/api.js b/apps/meteor/app/api/server/api.js
@@ -397,6 +397,9 @@ export class APIClass extends Restivus {
 					try {
 						api.enforceRateLimit(objectForRateLimitMatch, this.request, this.response, this.userId);
 
+						if (_options.validateParams && _options.validateParams(this.request.method === 'GET' ? this.queryParams : this.bodyParams)) {
+							throw new Meteor.Error('error-invalid-params', _options.validateParams.errors?.map((error) => error.message).join('\n '));
+						}
 						if (shouldVerifyPermissions && (!this.userId || !hasAllPermission(this.userId, _options.permissionsRequired))) {
 							throw new Meteor.Error('error-unauthorized', 'User does not have the permissions required for this action', {
 								permissions: _options.permissionsRequired,

diff --git a/apps/meteor/app/api/server/index.ts b/apps/meteor/app/api/server/index.ts
@@ -12,7 +12,8 @@ import './helpers/requestParams';
 import './helpers/isWidget';
 import './default/info';
 import './v1/assets';
-import './v1/channels';
+import './v1/channels.js';
+import './v1/channels.ts';
 import './v1/chat';
 import './v1/cloud';
 import './v1/commands';