Describe the bug / problem
In apps/meteor/app/lib/server/functions/sendMessage.ts, the helper prepareMessageObject currently accepts a user argument where username is optional, but then casts it to string:
export function prepareMessageObject(> message: Partial,> rid: IRoom['_id'],> user: { _id: string; username?: string; name?: string },> ): asserts message is IMessage {> // ...> const { _id, username, name } = user;> message.u = {> _id,> username: username as string, // unsafe cast> name,> };> }>
This breaks type safety and can lead to message.u.username being undefined at runtime if callers ever omit username.
Proposed solution
- Require username in the user parameter type and remove the unsafe cast:
- Change the signature to user: { _id: string; username: string; name?: string }.
- Assign username directly in message.u.
- Existing call sites already pass username, so this should not change runtime behavior.
Why this is safe
- insertMessage already calls prepareMessageObject with user: Pick<IUser, '_id' | 'username'>.
- sendMessage passes user as any, which remains assignable.
- The change tightens types and removes a // FIXME without altering logic.
