Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[NEW][APPS] Allowing apps to register authenticated routes #25937

Merged
merged 7 commits into from
Jun 28, 2022
Merged

[NEW][APPS] Allowing apps to register authenticated routes #25937

merged 7 commits into from
Jun 28, 2022

Conversation

d-gubert
Copy link
Member

@d-gubert d-gubert commented Jun 20, 2022
edited
Loading

Proposed changes (including videos or screenshots)

Adds adaptations that allow apps to declare an API endpoint that requires authorization from Rocket.Chat prior to executing

Issue(s)

Steps to test or reproduce

Further comments

PR on Apps-Engine side RocketChat/Rocket.Chat.Apps-engine#523

@d-gubert d-gubert requested a review from a team June 20, 2022 23:12
github-advanced-security[bot]
github-advanced-security bot found potential problems Jun 20, 2022
View reviewed changes
apps/meteor/app/apps/server/communication/uikit.ts
router.use(apiLimiter);
});

router.use((req, res, next) => {
const { 'x-user-id': userId, 'x-auth-token': authToken, 'x-visitor-token': visitorToken } = req.headers;
router.use(authenticationMiddleware({ rejectUnauthorized: false }));

Check failure

Code scanning / CodeQL

Missing rate limiting

This route handler performs [authorization](1), but is not rate-limited. This route handler performs [authorization](2), but is not rate-limited.
@lgtm-com
Copy link

lgtm-com bot commented Jun 20, 2022

This pull request introduces 1 alert and fixes 1 when merging c6e8b3f into 63d4e30 - view on LGTM.com

new alerts:

  • 1 for Missing rate limiting

fixed alerts:

  • 1 for Missing rate limiting

@d-gubert d-gubert mentioned this pull request Jun 21, 2022
Merged
tapiarafael
tapiarafael previously approved these changes Jun 21, 2022
View reviewed changes
@d-gubert d-gubert added this to the 5.0.0 milestone Jun 21, 2022
@lgtm-com
Copy link

lgtm-com bot commented Jun 22, 2022

This pull request introduces 1 alert and fixes 1 when merging 421cf6e into 70f5fbe - view on LGTM.com

new alerts:

  • 1 for Missing rate limiting

fixed alerts:

  • 1 for Missing rate limiting

tapiarafael
tapiarafael previously approved these changes Jun 23, 2022
View reviewed changes
@d-gubert d-gubert marked this pull request as ready for review June 24, 2022 19:22
@d-gubert d-gubert requested a review from a team as a code owner June 24, 2022 19:22
tapiarafael
tapiarafael previously approved these changes Jun 24, 2022
View reviewed changes
@github-actions github-actions bot added stat: ready to merge PR tested and approved waiting for merge and removed stat: needs QA labels Jun 24, 2022
@lgtm-com
Copy link

lgtm-com bot commented Jun 24, 2022

This pull request introduces 1 alert and fixes 1 when merging 0457a4d into d9ffbd6 - view on LGTM.com

new alerts:

  • 1 for Missing rate limiting

fixed alerts:

  • 1 for Missing rate limiting

@lgtm-com
Copy link

lgtm-com bot commented Jun 27, 2022

This pull request introduces 1 alert and fixes 1 when merging b638c0c into 89546dd - view on LGTM.com

new alerts:

  • 1 for Missing rate limiting

fixed alerts:

  • 1 for Missing rate limiting

@kodiakhq kodiakhq bot removed the stat: ready to merge PR tested and approved waiting for merge label Jun 27, 2022
@kodiakhq
Copy link
Contributor

kodiakhq bot commented Jun 27, 2022

This PR currently has a merge conflict. Please resolve this and then re-add the ['stat: ready to merge', 'automerge'] label.

@ggazzo ggazzo added the stat: ready to merge PR tested and approved waiting for merge label Jun 28, 2022
@lgtm-com
Copy link

lgtm-com bot commented Jun 28, 2022

This pull request introduces 1 alert and fixes 1 when merging 150a684 into 957c69d - view on LGTM.com

new alerts:

  • 1 for Missing rate limiting

fixed alerts:

  • 1 for Missing rate limiting

@kodiakhq kodiakhq bot merged commit 887c133 into develop Jun 28, 2022
@kodiakhq kodiakhq bot deleted the apps/authenticated-endpoints branch June 28, 2022 18:43
gabriellsh added a commit that referenced this pull request Jun 28, 2022
@gabriellsh
Merge branch 'develop' of github.com:RocketChat/Rocket.Chat into impr…
44cff8b 
…ove/message-renderer-tweaks

* 'develop' of github.com:RocketChat/Rocket.Chat:
  Chore: Bump fuselage and update icon (#26036)
  [NEW][APPS] Allowing apps to register authenticated routes (#25937)
gabriellsh added a commit that referenced this pull request Jun 29, 2022
@gabriellsh
Merge branch 'develop' of github.com:RocketChat/Rocket.Chat into move…
86260eb 
…/clientPackage

* 'develop' of github.com:RocketChat/Rocket.Chat: (80 commits)
  [NEW] Community Edition Watermark (#25844)
  [BREAK] remove unused endpoints and restify others (#25889)
  Chore: add underscore to ddp-streamer
  [IMPROVE] VoIP admin page cleanup: remove unused settings (#25993)
  Regression: Fix micro services (#26054)
  Regression: Fix threads list (#26052)
  [NEW] VoIP Input/Output Device Selection (#25966)
  Chore: Account/Profile to TS (#25929)
  Chore: Add missing Swedish livechat translations (#26048)
  [IMPROVE] Expand the feature set of the new message rendering (#25970)
  Chore: Bump fuselage and update icon (#26036)
  [NEW][APPS] Allowing apps to register authenticated routes (#25937)
  [NEW] Enable outbound calling for EE (#25843) (#25960)
  Chore: Introduce new index to query active livechat conversations for cloud scaling (#26047)
  [FIX] Importer fails to download files from URLs with query string params (#25934)
  [IMPROVE] Moved call hold/unhold to EE (#26007)
  [NEW] Engagement Metrics - Phase 2 (#25505)
  Chore: Convert usePreventDefault, useQueryOptions, useShortcutOpenMenu (#26035)
  [FIX] Importer files are unnecessarily transferred over the network. (#25919)
  Chore: test turbo params (#26038)
  ...
@sampaiodiego sampaiodiego mentioned this pull request Jul 13, 2022
Merged
@murtaza98 murtaza98 mentioned this pull request Jul 21, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tapiarafael tapiarafael tapiarafael approved these changes

Assignees
No one assigned
Labels
stat: QA skipped stat: ready to merge PR tested and approved waiting for merge
Projects
None yet
Milestone
5.0.0
Development

Successfully merging this pull request may close these issues.
3 participants
@d-gubert @tapiarafael @ggazzo