diff --git a/.changeset/bump-patch-1700162556041.md b/.changeset/bump-patch-1700162556041.md new file mode 100644 index 000000000000..e1eaa7980afb --- /dev/null +++ b/.changeset/bump-patch-1700162556041.md @@ -0,0 +1,5 @@ +--- +'@rocket.chat/meteor': patch +--- + +Bump @rocket.chat/meteor version. diff --git a/.changeset/sour-keys-tickle.md b/.changeset/sour-keys-tickle.md new file mode 100644 index 000000000000..5f76883145a4 --- /dev/null +++ b/.changeset/sour-keys-tickle.md @@ -0,0 +1,5 @@ +--- +'@rocket.chat/meteor': patch +--- + +Add additional checks to the OAuth tokens to prevent future issues diff --git a/apps/meteor/.docker/Dockerfile.alpine b/apps/meteor/.docker/Dockerfile.alpine index 003baa57aa8b..94baef809217 100644 --- a/apps/meteor/.docker/Dockerfile.alpine +++ b/apps/meteor/.docker/Dockerfile.alpine @@ -12,7 +12,7 @@ RUN set -x \ && npm install --production \ # Start hack for sharp... && rm -rf npm/node_modules/sharp \ - && npm install sharp@0.30.4 \ + && npm install sharp@0.32.6 \ && mv node_modules/sharp npm/node_modules/sharp \ # End hack for sharp # Start hack for isolated-vm... diff --git a/apps/meteor/package.json b/apps/meteor/package.json index 8acca096a753..b39beb3059ad 100644 --- a/apps/meteor/package.json +++ b/apps/meteor/package.json @@ -405,7 +405,7 @@ "redis": "^4.0.6", "sanitize-html": "^2.7.2", "semver": "^7.3.7", - "sharp": "^0.30.7", + "sharp": "^0.32.6", "sip.js": "^0.20.1", "sodium-native": "^3.3.0", "sodium-plus": "^0.9.0", diff --git a/apps/meteor/server/models/raw/OAuthAccessTokens.ts b/apps/meteor/server/models/raw/OAuthAccessTokens.ts index b8b3daac8772..6143a6379e2f 100644 --- a/apps/meteor/server/models/raw/OAuthAccessTokens.ts +++ b/apps/meteor/server/models/raw/OAuthAccessTokens.ts @@ -18,11 +18,17 @@ export class OAuthAccessTokensRaw extends BaseRaw implements ]; } - findOneByAccessToken(accessToken: string, options?: FindOptions): Promise { + async findOneByAccessToken(accessToken: string, options?: FindOptions): Promise { + if (!accessToken) { + return null; + } return this.findOne({ accessToken }, options); } - findOneByRefreshToken(refreshToken: string, options?: FindOptions): Promise { + async findOneByRefreshToken(refreshToken: string, options?: FindOptions): Promise { + if (!refreshToken) { + return null; + } return this.findOne({ refreshToken }, options); } } diff --git a/ee/apps/ddp-streamer/package.json b/ee/apps/ddp-streamer/package.json index 393a674ef3ca..95f42366b76b 100644 --- a/ee/apps/ddp-streamer/package.json +++ b/ee/apps/ddp-streamer/package.json @@ -39,7 +39,7 @@ "nats": "^2.4.0", "pino": "^8.15.0", "polka": "^0.5.2", - "sharp": "^0.30.7", + "sharp": "^0.32.6", "underscore": "^1.13.6", "uuid": "^7.0.3", "ws": "^8.8.1" diff --git a/yarn.lock b/yarn.lock index 6aa0214e0a20..72f1f1ca4e91 100644 --- a/yarn.lock +++ b/yarn.lock @@ -8028,7 +8028,7 @@ __metadata: pino: ^8.15.0 pino-pretty: ^7.6.1 polka: ^0.5.2 - sharp: ^0.30.7 + sharp: ^0.32.6 ts-node: ^10.9.1 typescript: ~5.2.2 underscore: ^1.13.6 @@ -8257,9 +8257,9 @@ __metadata: "@rocket.chat/icons": "*" "@rocket.chat/prettier-config": "*" "@rocket.chat/styled": "*" - "@rocket.chat/ui-contexts": 2.0.5 + "@rocket.chat/ui-contexts": 2.0.6 "@rocket.chat/ui-kit": "*" - "@rocket.chat/ui-video-conf": 2.0.5 + "@rocket.chat/ui-video-conf": 2.0.6 "@tanstack/react-query": "*" react: "*" react-dom: "*" @@ -8341,14 +8341,14 @@ __metadata: ts-jest: ~29.0.5 typescript: ~5.2.2 peerDependencies: - "@rocket.chat/core-typings": 6.4.5 + "@rocket.chat/core-typings": 6.4.6 "@rocket.chat/css-in-js": "*" "@rocket.chat/fuselage": "*" "@rocket.chat/fuselage-tokens": "*" "@rocket.chat/message-parser": "*" "@rocket.chat/styled": "*" - "@rocket.chat/ui-client": 2.0.5 - "@rocket.chat/ui-contexts": 2.0.5 + "@rocket.chat/ui-client": 2.0.6 + "@rocket.chat/ui-contexts": 2.0.6 katex: "*" react: "*" languageName: unknown @@ -8896,7 +8896,7 @@ __metadata: rewire: ^6.0.0 sanitize-html: ^2.7.2 semver: ^7.3.7 - sharp: ^0.30.7 + sharp: ^0.32.6 sinon: ^14.0.2 sip.js: ^0.20.1 sodium-native: ^3.3.0 @@ -9471,7 +9471,7 @@ __metadata: "@rocket.chat/fuselage": "*" "@rocket.chat/fuselage-hooks": "*" "@rocket.chat/icons": "*" - "@rocket.chat/ui-contexts": 2.0.5 + "@rocket.chat/ui-contexts": 2.0.6 react: ~17.0.2 languageName: unknown linkType: soft @@ -9623,7 +9623,7 @@ __metadata: "@rocket.chat/fuselage-hooks": "*" "@rocket.chat/icons": "*" "@rocket.chat/styled": "*" - "@rocket.chat/ui-contexts": 2.0.5 + "@rocket.chat/ui-contexts": 2.0.6 react: ^17.0.2 react-dom: ^17.0.2 languageName: unknown @@ -9707,7 +9707,7 @@ __metadata: typescript: ~5.2.2 peerDependencies: "@rocket.chat/layout": "*" - "@rocket.chat/ui-contexts": 2.0.5 + "@rocket.chat/ui-contexts": 2.0.6 "@tanstack/react-query": "*" react: "*" react-hook-form: "*" @@ -12590,7 +12590,7 @@ __metadata: "@types/mocha@github:whitecolor/mocha-types": version: 8.0.0 resolution: "@types/mocha@https://github.com/whitecolor/mocha-types.git#commit=da22474cf43f48a56c86f8c23a5a0ea36e295768" - checksum: 7764cc52fb09efeb48edce9bb3927948896e38600edaae8800e0116b46fb7c2e4b7d2331ccfed982a205d7a3729fa3963f7c4313d624d6ff3febcef0d60c1a28 + checksum: 52fa6eb58ff6752a14b9ef4f3f81cbc4114614cb0a1d000926da19c0a790071f58c97e6aaa9b391f06c17f2b443d61d7caf3afd0ff17bd8b0bf13dceb4445d55 languageName: node linkType: hard @@ -15095,6 +15095,13 @@ __metadata: languageName: node linkType: hard +"b4a@npm:^1.6.4": + version: 1.6.4 + resolution: "b4a@npm:1.6.4" + checksum: 81b086f9af1f8845fbef4476307236bda3d660c158c201db976f19cdce05f41f93110ab6b12fd7a2696602a490cc43d5410ee36a56d6eef93afb0d6ca69ac3b2 + languageName: node + linkType: hard + "babel-jest@npm:^29.0.3, babel-jest@npm:^29.5.0, babel-jest@npm:^29.6.1": version: 29.6.1 resolution: "babel-jest@npm:29.6.1" @@ -19070,13 +19077,20 @@ __metadata: languageName: node linkType: hard -"detect-libc@npm:^2.0.0, detect-libc@npm:^2.0.1": +"detect-libc@npm:^2.0.0": version: 2.0.1 resolution: "detect-libc@npm:2.0.1" checksum: ccb05fcabbb555beb544d48080179c18523a343face9ee4e1a86605a8715b4169f94d663c21a03c310ac824592f2ba9a5270218819bb411ad7be578a527593d7 languageName: node linkType: hard +"detect-libc@npm:^2.0.2": + version: 2.0.2 + resolution: "detect-libc@npm:2.0.2" + checksum: 2b2cd3649b83d576f4be7cc37eb3b1815c79969c8b1a03a40a4d55d83bc74d010753485753448eacb98784abf22f7dbd3911fd3b60e29fda28fed2d1a997944d + languageName: node + linkType: hard + "detect-newline@npm:^3.0.0": version: 3.1.0 resolution: "detect-newline@npm:3.1.0" @@ -21067,6 +21081,13 @@ __metadata: languageName: node linkType: hard +"fast-fifo@npm:^1.1.0, fast-fifo@npm:^1.2.0": + version: 1.3.2 + resolution: "fast-fifo@npm:1.3.2" + checksum: 6bfcba3e4df5af7be3332703b69a7898a8ed7020837ec4395bb341bd96cc3a6d86c3f6071dd98da289618cf2234c70d84b2a6f09a33dd6f988b1ff60d8e54275 + languageName: node + linkType: hard + "fast-glob@npm:^2.2.6": version: 2.2.7 resolution: "fast-glob@npm:2.2.7" @@ -26614,7 +26635,7 @@ __metadata: resolution: "lamejs@https://github.com/zhuker/lamejs.git#commit=582bbba6a12f981b984d8fb9e1874499fed85675" dependencies: use-strict: 1.0.1 - checksum: fa829e0c170a65573e653b4d908a44aaf06a50e1bbade3b1217a300a03ccd59a537e294e2d924a584f9d70c7726a12d4c3af9c675436d48d08be5fb94b5eb400 + checksum: ed7f6f1c9629b53c17023eb04b4fc5a222e9c34fcb4a2f61214488fc64e5cfea825e4588d959c5fb20f3a91f0120103fa60307dd43df995d498ff5ddb6200cd9 languageName: node linkType: hard @@ -28987,12 +29008,12 @@ __metadata: languageName: node linkType: hard -"node-addon-api@npm:^5.0.0": - version: 5.0.0 - resolution: "node-addon-api@npm:5.0.0" +"node-addon-api@npm:^6.1.0": + version: 6.1.0 + resolution: "node-addon-api@npm:6.1.0" dependencies: node-gyp: latest - checksum: 7c5e2043ac37f6108784d94ed73a44ae6d3e68eb968de60680922fc6bc3d17fa69448c0feb4e0c9d3f4c74a0324822e566a8340a56916d9d6f23cb3e85620334 + checksum: 3a539510e677cfa3a833aca5397300e36141aca064cdc487554f2017110709a03a95da937e98c2a14ec3c626af7b2d1b6dabe629a481f9883143d0d5bff07bf2 languageName: node linkType: hard @@ -32443,6 +32464,13 @@ __metadata: languageName: node linkType: hard +"queue-tick@npm:^1.0.1": + version: 1.0.1 + resolution: "queue-tick@npm:1.0.1" + checksum: 57c3292814b297f87f792fbeb99ce982813e4e54d7a8bdff65cf53d5c084113913289d4a48ec8bbc964927a74b847554f9f4579df43c969a6c8e0f026457ad01 + languageName: node + linkType: hard + "queue@npm:6.0.2, queue@npm:^6.0.1": version: 6.0.2 resolution: "queue@npm:6.0.2" @@ -34661,6 +34689,17 @@ __metadata: languageName: node linkType: hard +"semver@npm:^7.5.4": + version: 7.5.4 + resolution: "semver@npm:7.5.4" + dependencies: + lru-cache: ^6.0.0 + bin: + semver: bin/semver.js + checksum: 12d8ad952fa353b0995bf180cdac205a4068b759a140e5d3c608317098b3575ac2f1e09182206bf2eb26120e1c0ed8fb92c48c592f6099680de56bb071423ca3 + languageName: node + linkType: hard + "semver@npm:~5.3.0": version: 5.3.0 resolution: "semver@npm:5.3.0" @@ -34890,20 +34929,20 @@ __metadata: languageName: node linkType: hard -"sharp@npm:^0.30.7": - version: 0.30.7 - resolution: "sharp@npm:0.30.7" +"sharp@npm:^0.32.6": + version: 0.32.6 + resolution: "sharp@npm:0.32.6" dependencies: color: ^4.2.3 - detect-libc: ^2.0.1 - node-addon-api: ^5.0.0 + detect-libc: ^2.0.2 + node-addon-api: ^6.1.0 node-gyp: latest prebuild-install: ^7.1.1 - semver: ^7.3.7 + semver: ^7.5.4 simple-get: ^4.0.1 - tar-fs: ^2.1.1 + tar-fs: ^3.0.4 tunnel-agent: ^0.6.0 - checksum: bbc63ca3c7ea8a5bff32cd77022cfea30e25a03f5bd031e935924bf6cf0e11e3388e8b0e22b3137bf8816aa73407f1e4fbeb190f3a35605c27ffca9f32b91601 + checksum: 0cca1d16b1920800c0e22d27bc6305f4c67c9ebe44f67daceb30bf645ae39e7fb7dfbd7f5d6cd9f9eebfddd87ac3f7e2695f4eb906d19b7a775286238e6a29fc languageName: node linkType: hard @@ -35828,6 +35867,16 @@ __metadata: languageName: node linkType: hard +"streamx@npm:^2.15.0": + version: 2.15.5 + resolution: "streamx@npm:2.15.5" + dependencies: + fast-fifo: ^1.1.0 + queue-tick: ^1.0.1 + checksum: 52e0ec94026d67c9e2e2e1090f05e5b138c2f2822462d9a8ef4a4805625a31d103e55ea5267fcd9bfe041374926424e42aec2dda28a85cb9de42c2a16d416d94 + languageName: node + linkType: hard + "strict-uri-encode@npm:^1.0.0": version: 1.1.0 resolution: "strict-uri-encode@npm:1.1.0" @@ -36581,6 +36630,17 @@ __metadata: languageName: node linkType: hard +"tar-fs@npm:^3.0.4": + version: 3.0.4 + resolution: "tar-fs@npm:3.0.4" + dependencies: + mkdirp-classic: ^0.5.2 + pump: ^3.0.0 + tar-stream: ^3.1.5 + checksum: dcf4054f9e92ca0efe61c2b3f612914fb259a47900aa908a63106513a6d006c899b426ada53eb88d9dbbf089b5724c8e90b96a2c4ca6171845fa14203d734e30 + languageName: node + linkType: hard + "tar-stream@npm:^1.5.2, tar-stream@npm:^1.6.2": version: 1.6.2 resolution: "tar-stream@npm:1.6.2" @@ -36609,6 +36669,17 @@ __metadata: languageName: node linkType: hard +"tar-stream@npm:^3.1.5": + version: 3.1.6 + resolution: "tar-stream@npm:3.1.6" + dependencies: + b4a: ^1.6.4 + fast-fifo: ^1.2.0 + streamx: ^2.15.0 + checksum: f3627f918581976e954ff03cb8d370551053796b82564f8c7ca8fac84c48e4d042026d0854fc222171a34ff9c682b72fae91be9c9b0a112d4c54f9e4f443e9c5 + languageName: node + linkType: hard + "tar@npm:^4": version: 4.4.19 resolution: "tar@npm:4.4.19"