Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SDK does not work with Rocket.Chat 7.1.0 #169

Open
paulchen opened this issue Dec 4, 2024 · 6 comments
Open

SDK does not work with Rocket.Chat 7.1.0 #169

paulchen opened this issue Dec 4, 2024 · 6 comments

Comments

@paulchen
Copy link

paulchen commented Dec 4, 2024

Description

Rocket.Chat 7.1.0 introduced several data validations for security reasons. This includes the field bot of a message: https://github.com/RocketChat/Rocket.Chat/blob/develop/apps/meteor/app/lib/server/methods/sendMessage.ts#L135

This field is documented to be a Boolean: https://developer.rocket.chat/v1-api/apidocs/message

However, the SDK sets the field bot to {i: 'js.SDK'} (https://github.com/RocketChat/Rocket.Chat.js.SDK/blob/master/src/lib/message.ts#L17). Although the value js.SDK is configurable via the environment variable INTEGRATION_ID, this value is always put into bot.i.

Rocket.Chat 7.0.0 allows arbitrary data for the bot field which is why the SDK works with Rocket.Chat 7.0.0. Using Rocket.Chat 7.1.0, sending a message fails.

Steps to reproduce

  • Create a bot according to the "Quick start" section in README.md
  • Try to connect it to a Rocket.Chat instance running version 7.1.0.

Expected result

  • The bot successfully sends a message:

image

Actual result

  • Sending the message fails:

image

Server-side logs:

Exception while invoking method 'sendMessage' Error: Match error: Expected boolean, got object in field bot
    at format (packages/check/match.js:11:15)
    at check (packages/check/match.js:53:13)
    at MethodInvocation.sendMessage (app/lib/server/methods/sendMessage.ts:126:3)
    at maybeAuditArgumentChecks (packages/ddp-server/livedata_server.js:1974:12)
    at packages/ddp-server/livedata_server.js:826:19
    at EnvironmentVariableAsync.<anonymous> (packages/meteor.js:1294:16)
    at packages/meteor.js:765:17
    at AsyncLocalStorage.run (node:async_hooks:346:14)
    at Object.Meteor._runAsync (packages/meteor.js:762:14)
    at EnvironmentVariableAsync.withValue (packages/meteor.js:1290:19)
    at packages/ddp-server/livedata_server.js:824:46
    at EnvironmentVariableAsync.<anonymous> (packages/meteor.js:1294:16)
    at packages/meteor.js:765:17
    at AsyncLocalStorage.run (node:async_hooks:346:14)
    at Object.Meteor._runAsync (packages/meteor.js:762:14)
    at EnvironmentVariableAsync.withValue (packages/meteor.js:1290:19)
    at packages/ddp-server/livedata_server.js:822:46
    at new Promise (<anonymous>)
    at Session.method (packages/ddp-server/livedata_server.js:796:23)
    at runHandlers (packages/ddp-server/livedata_server.js:648:58)
    at processNext (packages/ddp-server/livedata_server.js:665:7)
    at Session.processMessage (packages/ddp-server/livedata_server.js:668:5)
    at SockJSConnection.<anonymous> (packages/ddp-server/livedata_server.js:1549:31)
    at SockJSConnection.emit (node:events:519:28)
    at SockJSConnection.emit (node:domain:488:12)
    at RawWebsocketSessionReceiver.didMessage (/app/bundle/programs/server/npm/node_modules/meteor/ddp-server/node_modules/sockjs/lib/trans-websocket.js:198:25)
    at WebSocket.<anonymous> (/app/bundle/programs/server/npm/node_modules/meteor/ddp-server/node_modules/sockjs/lib/trans-websocket.js:190:24)
    at WebSocket.emit (node:events:519:28)
    at WebSocket.emit (node:domain:488:12)
    at WebSocket.dispatchEvent (/app/bundle/programs/server/npm/node_modules/meteor/ddp-server/node_modules/faye-websocket/lib/faye/websocket/api/event_target.js:26:10)
    at WebSocket._receiveMessage (/app/bundle/programs/server/npm/node_modules/meteor/ddp-server/node_modules/faye-websocket/lib/faye/websocket/api.js:154:10)
    at Hybi.<anonymous> (/app/bundle/programs/server/npm/node_modules/meteor/ddp-server/node_modules/faye-websocket/lib/faye/websocket/api.js:36:49)
    at Hybi.emit (node:events:531:35)
    at Hybi.emit (node:domain:488:12)
Sanitized and reported to the client as: errorClass [Error]: Match failed [400]
    at errorClass.<anonymous> (packages/check/match.js:103:27)
    at new errorClass (packages/meteor.js:609:17)
    at format (packages/check/match.js:11:15)
    at check (packages/check/match.js:53:13)
    at MethodInvocation.sendMessage (app/lib/server/methods/sendMessage.ts:126:3)
    at maybeAuditArgumentChecks (packages/ddp-server/livedata_server.js:1974:12)
    at packages/ddp-server/livedata_server.js:826:19
    at EnvironmentVariableAsync.<anonymous> (packages/meteor.js:1294:16)
    at packages/meteor.js:765:17
    at AsyncLocalStorage.run (node:async_hooks:346:14)
    at Object.Meteor._runAsync (packages/meteor.js:762:14)
    at EnvironmentVariableAsync.withValue (packages/meteor.js:1290:19)
    at packages/ddp-server/livedata_server.js:824:46
    at EnvironmentVariableAsync.<anonymous> (packages/meteor.js:1294:16)
    at packages/meteor.js:765:17
    at AsyncLocalStorage.run (node:async_hooks:346:14)
    at Object.Meteor._runAsync (packages/meteor.js:762:14)
    at EnvironmentVariableAsync.withValue (packages/meteor.js:1290:19)
    at packages/ddp-server/livedata_server.js:822:46
    at new Promise (<anonymous>)
    at Session.method (packages/ddp-server/livedata_server.js:796:23)
    at runHandlers (packages/ddp-server/livedata_server.js:648:58)
    at processNext (packages/ddp-server/livedata_server.js:665:7)
    at Session.processMessage (packages/ddp-server/livedata_server.js:668:5)
    at SockJSConnection.<anonymous> (packages/ddp-server/livedata_server.js:1549:31)
    at SockJSConnection.emit (node:events:519:28)
    at SockJSConnection.emit (node:domain:488:12)
    at RawWebsocketSessionReceiver.didMessage (/app/bundle/programs/server/npm/node_modules/meteor/ddp-server/node_modules/sockjs/lib/trans-websocket.js:198:25)
    at WebSocket.<anonymous> (/app/bundle/programs/server/npm/node_modules/meteor/ddp-server/node_modules/sockjs/lib/trans-websocket.js:190:24)
    at WebSocket.emit (node:events:519:28)
    at WebSocket.emit (node:domain:488:12)
    at WebSocket.dispatchEvent (/app/bundle/programs/server/npm/node_modules/meteor/ddp-server/node_modules/faye-websocket/lib/faye/websocket/api/event_target.js:26:10)
    at WebSocket._receiveMessage (/app/bundle/programs/server/npm/node_modules/meteor/ddp-server/node_modules/faye-websocket/lib/faye/websocket/api.js:154:10)
    at Hybi.<anonymous> (/app/bundle/programs/server/npm/node_modules/meteor/ddp-server/node_modules/faye-websocket/lib/faye/websocket/api.js:36:49) {
  isClientSafe: true,
  error: 400,
  reason: 'Match failed',
  details: undefined,
  errorType: 'Meteor.Error'
}
undefined undefined

Quick fix

Changing https://github.com/RocketChat/Rocket.Chat.js.SDK/blob/master/src/lib/message.ts#L17 from

this.bot = { i: integrationId };

to

this.bot = true;

allows the bot to send messages to Rocket.Chat 7.1.0:

image

However, fixing this properly would include changing the integrationId to be a Boolean or to completely get rid of it.

@mathematisse
Copy link

I have the same problem, because i believe the problem is linked not to the sdk, but the validation and types on the server side, I've created an issue on the rocket chat server repo : RocketChat/Rocket.Chat#34131

@mischah
Copy link

mischah commented Dec 20, 2024

Same Problem over here. RocketChat/Rocket.Chat#34131 is closed as a duplicate.
I don’t see this getting fixed over here, since the SDK Repo looks kinda abandoned with the latest commit being 5 years ago 😢

@mathematisse
Copy link

Yeah, I didn't react to them closing as duplicate out of frustration, as it is a breaking change introduced by a minor version update of the server, not the sdk... One option would be to close that issue and reopen it there as that is what they were proposing, but not sure that's what they really meant.

For now, as the fix is a single line, the change is directly into my Dockerfile after installation of the dependencies of my bot, to not have a local version or fork but you can imagine that is not an ideal solution...

RUN sed -i 's/this\.bot = { i: integrationId };/this.bot = true;/g' \
    node_modules/@rocket.chat/sdk/dist/lib/message.js

A lot of things were talked about on many issues, like moving the sdk to a new repo under their monorepo, turning this SDK to open source, but I'm not sure where they're at right now. The mobile branch of the sdk is still getting updated, but the community could need a nice update on that I think.

@mathematisse
Copy link

Okay guuuys some updates ! 🥳

There was a merged pull request on the server-side link

They fixed the server-side breaking change for the sdk (even if the fix was nearly flagged as a ... breaking-change 😅 )

It should apparently be brought in for the 7.2.0 !

Thanks a lot to @sampaiodiego, merry Christmas and happy new year in advance to all !

@piaskal
Copy link

piaskal commented Dec 30, 2024

RUN sed -i 's/this\.bot = { i: integrationId };/this.bot = true;/g' \
    node_modules/@rocket.chat/sdk/dist/lib/message.js

Thank you, this is working great when sending plain-text messages, but for any messages with attachments I'm still getting the same 'Match failed [400]' error

@paulchen
Copy link
Author

Thank you, this is working great when sending plain-text messages, but for any messages with attachments I'm still getting the same 'Match failed [400]' error

I guess you use driver.sendMessage with a message including the key attachments?

I just gave that a try and can confirm this problem.

On the client side, it looks the same, but in the server logs, you have a different error message:

Exception while invoking method 'sendMessage' Error: Match error: Unknown key in field attachments

When checking the input from the client, the server-side check does not allow the key attachments: https://github.com/RocketChat/Rocket.Chat/blob/develop/apps/meteor/app/lib/server/methods/sendMessage.ts#L126-L143

As the documentation for POST /api/v1/chat.sendMessage features an example including the key attachments, I think this is a bug that needs to be fixed in Rocket.Chat.

@sampaiodiego FYI

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants