-
Notifications
You must be signed in to change notification settings - Fork 10.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[NEW] Add JWT to uploaded files urls #15297
Changes from 11 commits
50f7ad3
749bcbb
bfa9413
6f33df3
5608041
57c4466
e68da32
1ac20e3
9f50a05
cfdf556
96a6c67
84938a8
2c26139
26a2825
c31d52a
a0466bf
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -8,6 +8,7 @@ import { API } from '../../../../api'; | |
import { loadMessageHistory } from '../../../../lib'; | ||
import { findGuest, findRoom, normalizeHttpHeaderData } from '../lib/livechat'; | ||
import { Livechat } from '../../lib/Livechat'; | ||
import { normalizeMessageAttachments } from '../../../../utils/server/functions/normalizeMessageAttachments'; | ||
|
||
API.v1.addRoute('livechat/message', { | ||
post() { | ||
|
@@ -95,9 +96,9 @@ API.v1.addRoute('livechat/message/:_id', { | |
throw new Meteor.Error('invalid-message'); | ||
} | ||
|
||
return API.v1.success({ message }); | ||
return API.v1.success({ message: normalizeMessageAttachments(message) }); | ||
} catch (e) { | ||
return API.v1.failure(e.error); | ||
return API.v1.failure(e); | ||
} | ||
}, | ||
|
||
|
@@ -134,12 +135,12 @@ API.v1.addRoute('livechat/message/:_id', { | |
const result = Livechat.updateMessage({ guest, message: { _id: msg._id, msg: this.bodyParams.msg } }); | ||
if (result) { | ||
const message = Messages.findOneById(_id); | ||
return API.v1.success({ message }); | ||
return API.v1.success({ message: normalizeMessageAttachments(message) }); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Do you mind of checking the |
||
} | ||
|
||
return API.v1.failure(); | ||
} catch (e) { | ||
return API.v1.failure(e.error); | ||
return API.v1.failure(e); | ||
} | ||
}, | ||
delete() { | ||
|
@@ -183,7 +184,7 @@ API.v1.addRoute('livechat/message/:_id', { | |
|
||
return API.v1.failure(); | ||
} catch (e) { | ||
return API.v1.failure(e.error); | ||
return API.v1.failure(e); | ||
} | ||
}, | ||
}); | ||
|
@@ -227,10 +228,12 @@ API.v1.addRoute('livechat/messages.history/:rid', { | |
limit = parseInt(this.queryParams.limit); | ||
} | ||
|
||
const messages = loadMessageHistory({ userId: guest._id, rid, end, limit, ls }); | ||
return API.v1.success(messages); | ||
const messages = loadMessageHistory({ userId: guest._id, rid, end, limit, ls }) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. The new implementation is returning an array of messages, but the original implementation needs to return an object containing a property called by |
||
.messages | ||
.map(normalizeMessageAttachments); | ||
return API.v1.success({ messages }); | ||
} catch (e) { | ||
return API.v1.failure(e.error); | ||
return API.v1.failure(e); | ||
} | ||
}, | ||
}); | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -5,6 +5,7 @@ import { settings } from '../../../settings'; | |
import { callbacks } from '../../../callbacks'; | ||
import { SystemLogger } from '../../../logger'; | ||
import { LivechatExternalMessage } from '../../lib/LivechatExternalMessage'; | ||
import { normalizeMessageAttachments } from '../../../utils/server/functions/normalizeMessageAttachments'; | ||
|
||
let knowledgeEnabled = false; | ||
let apiaiKey = ''; | ||
|
@@ -33,6 +34,8 @@ callbacks.add('afterSaveMessage', function(message, room) { | |
return message; | ||
} | ||
|
||
message = normalizeMessageAttachments(message); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Do you mind of checking the |
||
|
||
// if the message hasn't a token, it was not sent by the visitor, so ignore it | ||
if (!message.token) { | ||
return message; | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2,6 +2,7 @@ import { settings } from '../../../settings'; | |
import { callbacks } from '../../../callbacks'; | ||
import { Messages, LivechatRooms } from '../../../models'; | ||
import { Livechat } from '../lib/Livechat'; | ||
import { normalizeMessageAttachments } from '../../../utils/server/functions/normalizeMessageAttachments'; | ||
|
||
const msgNavType = 'livechat_navigation_history'; | ||
|
||
|
@@ -55,7 +56,12 @@ function sendToCRM(type, room, includeMessages = true) { | |
msg.navigation = message.navigation; | ||
} | ||
|
||
postData.messages.push(msg); | ||
if (message.file) { | ||
msg.file = message.file; | ||
msg.attachments = message.attachments; | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Why not call the |
||
} | ||
|
||
postData.messages.push(normalizeMessageAttachments(msg)); | ||
}); | ||
} | ||
|
||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,7 @@ | ||
import { callbacks } from '../../../callbacks'; | ||
import { settings } from '../../../settings'; | ||
import OmniChannel from '../lib/OmniChannel'; | ||
import { normalizeMessageAttachments } from '../../../utils/server/functions/normalizeMessageAttachments'; | ||
|
||
callbacks.add('afterSaveMessage', function(message, room) { | ||
// skips this callback if the message was edited | ||
|
@@ -33,5 +34,5 @@ callbacks.add('afterSaveMessage', function(message, room) { | |
text: message.msg, | ||
}); | ||
|
||
return message; | ||
return normalizeMessageAttachments(message); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Do you mind of checking the |
||
}, callbacks.priority.LOW, 'sendMessageToFacebook'); |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2,6 +2,7 @@ import { callbacks } from '../../callbacks'; | |
import { settings } from '../../settings'; | ||
import { SMS } from '../../sms'; | ||
import { LivechatVisitors } from '../../models'; | ||
import { normalizeMessageAttachments } from '../../utils/server/functions/normalizeMessageAttachments'; | ||
|
||
callbacks.add('afterSaveMessage', function(message, room) { | ||
// skips this callback if the message was edited | ||
|
@@ -42,5 +43,5 @@ callbacks.add('afterSaveMessage', function(message, room) { | |
|
||
SMSService.send(room.sms.from, visitor.phone[0].phoneNumber, message.msg); | ||
|
||
return message; | ||
return normalizeMessageAttachments(message); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Do you mind of checking the |
||
}, callbacks.priority.LOW, 'sendMessageBySms'); |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
import { FileUpload } from '../../../file-upload/server'; | ||
|
||
export const normalizeMessageAttachments = (message) => { | ||
if (message.file && message.attachments && Array.isArray(message.attachments) && message.attachments.length) { | ||
const jwt = FileUpload.addJWTToFileUrl({ rid: message.rid, userId: message.u._id, fileId: message.file._id }); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Since the Thanks. |
||
message.attachments.forEach((attachment) => { | ||
if (attachment.title_link) { | ||
attachment.title_link = `${ attachment.title_link }?token=${ jwt }`; | ||
} | ||
if (attachment.image_url) { | ||
attachment.image_url = `${ attachment.image_url }?token=${ jwt }`; | ||
} | ||
}); | ||
} | ||
return message; | ||
}; |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
import { jws } from 'jsrsasign'; | ||
|
||
const HEADER = { | ||
typ: 'JWT', | ||
alg: 'HS256', | ||
}; | ||
|
||
export const generateJWT = (payload, secret) => { | ||
const tokenPayload = { | ||
iat: jws.IntDate.get('now'), | ||
nbf: jws.IntDate.get('now'), | ||
exp: jws.IntDate.get('now + 1hour'), | ||
aud: 'RocketChat', | ||
context: payload, | ||
}; | ||
|
||
const header = JSON.stringify(HEADER); | ||
|
||
return jws.JWS.sign(HEADER.alg, header, JSON.stringify(tokenPayload), { rstr: secret }); | ||
}; | ||
|
||
export const isValidJWT = (jwt, secret) => { | ||
try { | ||
return jws.JWS.verify(jwt, secret, HEADER); | ||
} catch (error) { | ||
return false; | ||
} | ||
}; |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -153,4 +153,5 @@ import './v152'; | |
import './v153'; | ||
import './v154'; | ||
import './v155'; | ||
import './v156'; | ||
import './xrun'; |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
import { Random } from 'meteor/random'; | ||
|
||
import { Migrations } from '../../../app/migrations/server'; | ||
import { Settings } from '../../../app/models/server'; | ||
import { settings } from '../../../app/settings/server'; | ||
|
||
Migrations.add({ | ||
version: 156, | ||
up() { | ||
Settings.upsert({ | ||
_id: 'FileUpload_Enable_json_web_token_for_files', | ||
}, | ||
{ | ||
_id: 'FileUpload_Enable_json_web_token_for_files', | ||
value: settings.get('FileUpload_ProtectFiles'), | ||
type: 'boolean', | ||
group: 'FileUpload', | ||
i18nLabel: 'FileUpload_Enable_json_web_token_for_files', | ||
i18nDescription: 'FileUpload_Enable_json_web_token_for_files_description', | ||
enableQuery: { | ||
_id: 'FileUpload_ProtectFiles', | ||
value: true, | ||
}, | ||
}); | ||
Settings.upsert({ | ||
_id: 'FileUpload_json_web_token_secret_for_files', | ||
}, | ||
{ | ||
_id: 'FileUpload_json_web_token_secret_for_files', | ||
value: Random.secret(), | ||
type: 'string', | ||
group: 'FileUpload', | ||
i18nLabel: 'FileUpload_json_web_token_secret_for_files', | ||
i18nDescription: 'FileUpload_json_web_token_secret_for_files_description', | ||
enableQuery: { | ||
_id: 'FileUpload_Enable_json_web_token_for_files', | ||
value: true, | ||
}, | ||
}); | ||
}, | ||
down() { | ||
// Down migration does not apply in this case | ||
}, | ||
}); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you mind of checking the
message.file
before returning? I think we should always return themessage
instead of thenormalizeMessageAttachments
.