Review

RocketChat · Jun 9, 2022 · 6e132d7 · 6e132d7
1 parent 8f69717
commit 6e132d7
Show file tree

Hide file tree

Showing 4 changed files with 37 additions and 36 deletions.
diff --git a/apps/meteor/app/apps/server/communication/methods.ts b/apps/meteor/app/apps/server/communication/methods.ts
@@ -50,7 +50,6 @@ export class AppMethods {
 	_addMethods(): void {
 		// eslint-disable-next-line @typescript-eslint/no-this-alias
 		const instance = this;
-		const uid = Meteor.userId();
 
 		Meteor.methods({
 			'apps/is-enabled'() {
@@ -62,6 +61,7 @@ export class AppMethods {
 			},
 
 			'apps/go-enable': twoFactorRequired(function _appsGoEnable() {
+				const uid = Meteor.userId();
 				if (!uid) {
 					throw new Meteor.Error('error-invalid-user', 'Invalid user', {
 						method: 'apps/go-enable',
@@ -80,6 +80,7 @@ export class AppMethods {
 			}),
 
 			'apps/go-disable': twoFactorRequired(function _appsGoDisable() {
+				const uid = Meteor.userId();
 				if (!uid) {
 					throw new Meteor.Error('error-invalid-user', 'Invalid user', {
 						method: 'apps/go-enable',

diff --git a/apps/meteor/app/apps/server/communication/uikit.ts b/apps/meteor/app/apps/server/communication/uikit.ts
@@ -31,22 +31,6 @@ settings.watch('API_CORS_Origin', (value: string) => {
 		: [];
 });
 
-const corsOptions = {
-	origin: (origin: string, callback: Function): void => {
-		if (
-			!origin ||
-			!corsEnabled ||
-			allowListOrigins.includes('*') ||
-			allowListOrigins.includes(origin) ||
-			origin === settings.get('Site_Url')
-		) {
-			callback(null, true);
-		} else {
-			callback('Not allowed by CORS', false);
-		}
-	},
-};
-
 WebApp.connectHandlers.use(apiServer);
 
 // eslint-disable-next-line new-cap
@@ -89,7 +73,23 @@ router.use((req, res, next) => {
 	next();
 });
 
-apiServer.use('/api/apps/ui.interaction/', cors(corsOptions).rateLimiter, router); // didn't have the rateLimiter option
+const corsOptions = {
+	origin: (origin: string | undefined, callback: Function): void => {
+		if (
+			!origin ||
+			!corsEnabled ||
+			allowListOrigins.includes('*') ||
+			allowListOrigins.includes(origin) ||
+			origin === settings.get('Site_Url')
+		) {
+			callback(null, true);
+		} else {
+			callback('Not allowed by CORS', false);
+		}
+	},
+};
+
+apiServer.use('/api/apps/ui.interaction/', cors(corsOptions), router); // didn't have the rateLimiter option
 
 const getPayloadForType = (type: UIKitIncomingInteractionType, req: Request): {} => {
 	if (type === UIKitIncomingInteractionType.BLOCK) {

diff --git a/apps/meteor/package.json b/apps/meteor/package.json
@@ -90,11 +90,11 @@
 		"@types/chai-spies": "^1.0.3",
 		"@types/clipboard": "^2.0.7",
 		"@types/cookie-parser": "^1.4.2",
-		"@types/cors": "^2.8.12",
+		"@types/cors": "^2.8.5",
 		"@types/dompurify": "^2.2.2",
 		"@types/ejson": "^2.2.0",
 		"@types/express": "^4.17.12",
-		"@types/express-rate-limit": "^6.0.0",
+		"@types/express-rate-limit": "^5.1.3",
 		"@types/fibers": "^3.1.1",
 		"@types/google-libphonenumber": "^7.4.21",
 		"@types/imap": "^0.8.35",

diff --git a/yarn.lock b/yarn.lock
@@ -4839,11 +4839,11 @@ __metadata:
     "@types/clipboard": ^2.0.7
     "@types/cookie": ^0.5.1
     "@types/cookie-parser": ^1.4.2
-    "@types/cors": ^2.8.12
+    "@types/cors": ^2.8.5
     "@types/dompurify": ^2.2.2
     "@types/ejson": ^2.2.0
     "@types/express": ^4.17.12
-    "@types/express-rate-limit": ^6.0.0
+    "@types/express-rate-limit": ^5.1.3
     "@types/fibers": ^3.1.1
     "@types/google-libphonenumber": ^7.4.21
     "@types/imap": ^0.8.35
@@ -7101,7 +7101,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@types/cors@npm:^2.8.12":
+"@types/cors@npm:^2.8.5":
   version: 2.8.12
   resolution: "@types/cors@npm:2.8.12"
   checksum: 8c45f112c7d1d2d831b4b266f2e6ed33a1887a35dcbfe2a18b28370751fababb7cd045e745ef84a523c33a25932678097bf79afaa367c6cb3fa0daa7a6438257
@@ -7145,12 +7145,12 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@types/express-rate-limit@npm:^6.0.0":
-  version: 6.0.0
-  resolution: "@types/express-rate-limit@npm:6.0.0"
+"@types/express-rate-limit@npm:^5.1.3":
+  version: 5.1.3
+  resolution: "@types/express-rate-limit@npm:5.1.3"
   dependencies:
-    express-rate-limit: "*"
-  checksum: fde7ba340887a0862cd8abc1ff1dcba18b8d5eeddddfde5a6c35d3a97cc80b8a3c1d6ce42bbc4085643f62b01a90e44533f764d388e44ee39f893b5207b17407
+    "@types/express": "*"
+  checksum: 44c0b79e48a9416309459e4aad7dbac6bdf0e1777ed2d9620d1512eecfacbd32d7d1b86789c116ced32e926b595ea55d212076b46ea934676ab352e260233686
   languageName: node
   linkType: hard
 
@@ -15657,7 +15657,14 @@ __metadata:
   languageName: node
   linkType: hard
 
-"express-rate-limit@npm:*, express-rate-limit@npm:^6.2.0":
+"express-rate-limit@npm:^5.5.1":
+  version: 5.5.1
+  resolution: "express-rate-limit@npm:5.5.1"
+  checksum: 264820bd5fe350794f90497c5bdc7b323eec4394873cd4b9f9d3654b2c47b285e87270a5a11721fb7fb895d56218e9657ea7bb9a544dd43770c6e7beaad217e8
+  languageName: node
+  linkType: hard
+
+"express-rate-limit@npm:^6.2.0":
   version: 6.4.0
   resolution: "express-rate-limit@npm:6.4.0"
   peerDependencies:
@@ -15666,13 +15673,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"express-rate-limit@npm:^5.5.1":
-  version: 5.5.1
-  resolution: "express-rate-limit@npm:5.5.1"
-  checksum: 264820bd5fe350794f90497c5bdc7b323eec4394873cd4b9f9d3654b2c47b285e87270a5a11721fb7fb895d56218e9657ea7bb9a544dd43770c6e7beaad217e8
-  languageName: node
-  linkType: hard
-
 "express@npm:^4.17.1, express@npm:^4.17.2, express@npm:^4.17.3":
   version: 4.17.3
   resolution: "express@npm:4.17.3"