RocketChat · ggazzo · Sep 3, 2024 · Aug 19, 2024 · Aug 19, 2024 · Aug 19, 2024
diff --git a/.changeset/bump-patch-1724077277110.md b/.changeset/bump-patch-1724077277110.md
@@ -0,0 +1,5 @@
+---
+'@rocket.chat/meteor': patch
+---
+
+Bump @rocket.chat/meteor version.
diff --git a/.changeset/gentle-bugs-think.md b/.changeset/gentle-bugs-think.md
@@ -0,0 +1,5 @@
+---
+"@rocket.chat/meteor": patch
+---
+
+Prevent `processRoomAbandonment` callback from erroring out when a room was inactive during a day Business Hours was not configured for.
diff --git a/.changeset/orange-clocks-wait.md b/.changeset/orange-clocks-wait.md
@@ -0,0 +1,5 @@
+---
+'@rocket.chat/meteor': patch
+---
+
+Security Hotfix (https://docs.rocket.chat/docs/security-fixes-and-updates)
diff --git a/.changeset/strong-rings-rush.md b/.changeset/strong-rings-rush.md
@@ -0,0 +1,5 @@
+---
+"@rocket.chat/meteor": patch
+---
+
+Restored tooltips to the unit edit department field selected options
diff --git a/.changeset/two-bikes-crash.md b/.changeset/two-bikes-crash.md
@@ -0,0 +1,7 @@
+---
+'@rocket.chat/meteor': patch
+---
+
+Fixed an issue related to setting Accounts_ForgetUserSessionOnWindowClose, this setting was not working as expected.
+
+The new meteor 2.16 release introduced a new option to configure the Accounts package and choose between the local storage or session storage. They also changed how Meteor.\_localstorage works internally. Due to these changes in Meteor, our setting to use session storage wasn't working as expected. This PR fixes this issue and configures the Accounts package according to the workspace settings.
diff --git a/.changeset/wise-avocados-taste.md b/.changeset/wise-avocados-taste.md
@@ -0,0 +1,5 @@
+---
+'@rocket.chat/meteor': patch
+---
+
+Fixes an issue where multi-step modals were closing unexpectedly
diff --git a/apps/meteor/app/lib/server/functions/getModifiedHttpHeaders.ts b/apps/meteor/app/lib/server/functions/getModifiedHttpHeaders.ts
@@ -0,0 +1,20 @@
+export const getModifiedHttpHeaders = (httpHeaders: Record<string, any>) => {
+	const modifiedHttpHeaders = { ...httpHeaders };
+
+	if ('x-auth-token' in modifiedHttpHeaders) {
+		modifiedHttpHeaders['x-auth-token'] = '[redacted]';
+	}
+
+	if (modifiedHttpHeaders.cookie) {
+		const cookies = modifiedHttpHeaders.cookie.split('; ');
+		const modifiedCookies = cookies.map((cookie: string) => {
+			if (cookie.startsWith('rc_token=')) {
+				return 'rc_token=[redacted]';
+			}
+			return cookie;
+		});
+		modifiedHttpHeaders.cookie = modifiedCookies.join('; ');
+	}
+
+	return modifiedHttpHeaders;
+};
diff --git a/apps/meteor/app/lib/server/lib/debug.js b/apps/meteor/app/lib/server/lib/debug.js
@@ -7,6 +7,7 @@
 import { getMethodArgs } from '../../../../server/lib/logger/logPayloads';
 import { metrics } from '../../../metrics/server';
 import { settings } from '../../../settings/server';
+import { getModifiedHttpHeaders } from '../functions/getModifiedHttpHeaders';
 
 const logger = new Logger('Meteor');
 
@@ -41,7 +42,7 @@
 		console.log(name, {
 			id: connection.id,
 			clientAddress: connection.clientAddress,
-			httpHeaders: connection.httpHeaders,
+			httpHeaders: getModifiedHttpHeaders(connection.httpHeaders),
 			userId,
 		});
 	} else {
@@ -80,7 +81,7 @@
 const originalMeteorMethods = Meteor.methods;

 Meteor.methods = function (methodMap) {
 	_.each(methodMap, (handler, name) => {
 		wrapMethods(name, handler, methodMap);
 	});
 	originalMeteorMethods(methodMap);

@@ -31,63 +31,72 @@ import { findVisitorInfo } from '../lib/visitors';
 
 const isAgentWithInfo = (agentObj: ILivechatAgent | { hiddenInfo: boolean }): agentObj is ILivechatAgent => !('hiddenInfo' in agentObj);
 
-API.v1.addRoute('livechat/room', {
-	async get() {
-		// I'll temporary use check for validation, as validateParams doesnt support what's being done here
-		const extraCheckParams = await onCheckRoomParams({
-			token: String,
-			rid: Match.Maybe(String),
-			agentId: Match.Maybe(String),
-		});
-
-		check(this.queryParams, extraCheckParams as any);
-
-		const { token, rid, agentId, ...extraParams } = this.queryParams;
-
-		const guest = token && (await findGuest(token));
-		if (!guest) {
-			throw new Error('invalid-token');
-		}
-
-		if (!rid) {
-			const room = await LivechatRooms.findOneOpenByVisitorToken(token, {});
-			if (room) {
-				return API.v1.success({ room, newRoom: false });
-			}
-
-			let agent: SelectedAgent | undefined;
-			const agentObj = agentId && (await findAgent(agentId));
-			if (agentObj) {
-				if (isAgentWithInfo(agentObj)) {
-					const { username = undefined } = agentObj;
-					agent = { agentId, username };
-				} else {
-					agent = { agentId };
-				}
+API.v1.addRoute(
+	'livechat/room',
+	{
+		rateLimiterOptions: {
+			numRequestsAllowed: 5,
+			intervalTimeInMS: 60000,
+		},
+	},
+	{
+		async get() {
+			// I'll temporary use check for validation, as validateParams doesnt support what's being done here
+			const extraCheckParams = await onCheckRoomParams({
+				token: String,
+				rid: Match.Maybe(String),
+				agentId: Match.Maybe(String),
+			});
+
+			check(this.queryParams, extraCheckParams as any);
+
+			const { token, rid, agentId, ...extraParams } = this.queryParams;
+
+			const guest = token && (await findGuest(token));
+			if (!guest) {
+				throw new Error('invalid-token');
 			}
 
-			const roomInfo = {
-				source: {
-					type: isWidget(this.request.headers) ? OmnichannelSourceType.WIDGET : OmnichannelSourceType.API,
-				},
-			};
+			if (!rid) {
+				const room = await LivechatRooms.findOneOpenByVisitorToken(token, {});
+				if (room) {
+					return API.v1.success({ room, newRoom: false });
+				}
 
-			const newRoom = await LivechatTyped.createRoom({ visitor: guest, roomInfo, agent, extraData: extraParams });
+				let agent: SelectedAgent | undefined;
+				const agentObj = agentId && (await findAgent(agentId));
+				if (agentObj) {
+					if (isAgentWithInfo(agentObj)) {
+						const { username = undefined } = agentObj;
+						agent = { agentId, username };
+					} else {
+						agent = { agentId };
+					}
+				}
 
-			return API.v1.success({
-				room: newRoom,
-				newRoom: true,
-			});
-		}
+				const roomInfo = {
+					source: {
+						type: isWidget(this.request.headers) ? OmnichannelSourceType.WIDGET : OmnichannelSourceType.API,
+					},
+				};
+
+				const newRoom = await LivechatTyped.createRoom({ visitor: guest, roomInfo, agent, extraData: extraParams });
 
-		const froom = await LivechatRooms.findOneOpenByRoomIdAndVisitorToken(rid, token, {});
-		if (!froom) {
-			throw new Error('invalid-room');
-		}
+				return API.v1.success({
+					room: newRoom,
+					newRoom: true,
+				});
+			}
+
+			const froom = await LivechatRooms.findOneOpenByRoomIdAndVisitorToken(rid, token, {});
+			if (!froom) {
+				throw new Error('invalid-room');
+			}
 
-		return API.v1.success({ room: froom, newRoom: false });
+			return API.v1.success({ room: froom, newRoom: false });
+		},
 	},
-});
+);
 
 // Note: use this route if a visitor is closing a room
 // If a RC user(like eg agent) is closing a room, use the `livechat/room.closeByUser` route