Skip to content

Commit

Permalink
..
Browse files Browse the repository at this point in the history
  • Loading branch information
ggazzo committed Jun 7, 2022
1 parent 29da686 commit 2265954
Show file tree
Hide file tree
Showing 2 changed files with 43 additions and 29 deletions.
41 changes: 18 additions & 23 deletions apps/meteor/app/api/server/v1/misc.ts
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,14 @@ import { TAPi18n } from 'meteor/rocketchat:tap-i18n';
import { EJSON } from 'meteor/ejson';
import { DDPRateLimiter } from 'meteor/ddp-rate-limiter';
import { escapeHTML } from '@rocket.chat/string-helpers';
import { isShieldSvgProps, isSpotlightProps, isDirectoryProps, isMethodCallProps, isMethodCallAnonProps } from '@rocket.chat/rest-typings';
import {
isShieldSvgProps,
isSpotlightProps,
isDirectoryProps,
isMethodCallProps,
isMethodCallAnonProps,
isMeteorCall,
} from '@rocket.chat/rest-typings';

import { hasPermission } from '../../../authorization/server';
import { Users } from '../../../models/server';
Expand Down Expand Up @@ -467,27 +474,21 @@ API.v1.addRoute(
{
authRequired: true,
rateLimiterOptions: false,
validateParams: isMethodCallProps,
validateParams: isMeteorCall,
},
{
post() {
check(this.bodyParams, {
message: String,
});

const { method, params, id } = EJSON.parse(this.bodyParams.message);
const data = EJSON.parse(this.bodyParams.message);

if (typeof method !== 'string') {
return API.v1.failure('Method must be a string');
if (!isMethodCallProps(data)) {
return API.v1.failure('Invalid method call');
}

if (!Array.isArray(params)) {
return API.v1.failure('Params must be an array');
}

if (typeof id !== 'string') {
return API.v1.failure('Id must be a string');
}
const { method, params, id } = data;

const connectionId =
this.token ||
Expand Down Expand Up @@ -532,27 +533,21 @@ API.v1.addRoute(
{
authRequired: false,
rateLimiterOptions: false,
validateParams: isMethodCallAnonProps,
validateParams: isMeteorCall,
},
{
post() {
check(this.bodyParams, {
message: String,
});

const { method, params, id } = EJSON.parse(this.bodyParams.message);
const data = EJSON.parse(this.bodyParams.message);

if (typeof method !== 'string') {
return API.v1.failure('Method must be a string');
if (!isMethodCallAnonProps(data)) {
return API.v1.failure('Invalid method call');
}

if (!Array.isArray(params)) {
return API.v1.failure('Params must be an array');
}

if (typeof id !== 'string') {
return API.v1.failure('Id must be a string');
}
const { method, params, id } = data;

const connectionId =
this.token ||
Expand Down
31 changes: 25 additions & 6 deletions packages/rest-typings/src/v1/misc.ts
Original file line number Diff line number Diff line change
Expand Up @@ -107,7 +107,7 @@ const DirectorySchema = {

export const isDirectoryProps = ajv.compile<Directory>(DirectorySchema);

type MethodCall = { method: string; params: {}; id: string }; // params: unknown
type MethodCall = { method: string; params: unknown[]; id: string; msg: string };

const MethodCallSchema = {
type: 'object',
Expand All @@ -116,19 +116,35 @@ const MethodCallSchema = {
type: 'string',
},
params: {
type: 'object',
type: 'array',
},
id: {
type: 'string',
},
msg: {
type: 'string',
},
},
required: ['method', 'params', 'id'],
required: ['method', 'params', 'id', 'msg'],
additionalProperties: false,
};

export const isMethodCallProps = ajv.compile<MethodCall>(MethodCallSchema);

type MethodCallAnon = { method: string; params: {}; id: string }; // params: unknown
export const isMeteorCall = ajv.compile<{
message: string;
}>({
type: 'object',
properties: {
message: {
type: 'string',
},
},
required: ['message'],
additionalProperties: false,
});

type MethodCallAnon = { method: string; params: unknown[]; id: string; msg: string };

const MethodCallAnonSchema = {
type: 'object',
Expand All @@ -137,13 +153,16 @@ const MethodCallAnonSchema = {
type: 'string',
},
params: {
type: 'object',
type: 'array',
},
id: {
type: 'string',
},
msg: {
type: 'string',
},
},
required: ['method', 'params', 'id'],
required: ['method', 'params', 'id', 'msg'],
additionalProperties: false,
};

Expand Down

0 comments on commit 2265954

Please sign in to comment.