1- import type { IMethodConnection , IUser , RequiredField } from '@rocket.chat/core-typings' ;
1+ import type { IMethodConnection , IUser } from '@rocket.chat/core-typings' ;
22import type { Route , Router } from '@rocket.chat/http-router' ;
33import { License } from '@rocket.chat/license' ;
44import { Logger } from '@rocket.chat/logger' ;
@@ -41,6 +41,8 @@ import type {
4141} from './definition' ;
4242import { getUserInfo } from './helpers/getUserInfo' ;
4343import { parseJsonQuery } from './helpers/parseJsonQuery' ;
44+ import { authenticationMiddlewareForHono } from './middlewares/authenticationHono' ;
45+ import type { APIActionContext } from './router' ;
4446import { RocketChatAPIRouter } from './router' ;
4547import { license } from '../../../ee/app/api-enterprise/server/middlewares/license' ;
4648import { isObject } from '../../../lib/utils/isObject' ;
@@ -57,7 +59,7 @@ const logger = new Logger('API');
5759// We have some breaking changes planned to the API.
5860// To avoid conflicts or missing something during the period we are adopting a 'feature flag approach'
5961// TODO: MAJOR check if this is still needed
60- const applyBreakingChanges = shouldBreakInVersion ( '9.0.0' ) ;
62+ export const applyBreakingChanges = shouldBreakInVersion ( '9.0.0' ) ;
6163type MinimalRoute = {
6264 method : 'GET' | 'POST' | 'PUT' | 'DELETE' ;
6365 path : string ;
@@ -166,7 +168,7 @@ export class APIClass<TBasePath extends string = '', TOperations extends Record<
166168
167169 private _routes : { path : string ; options : Options ; endpoints : Record < string , string > } [ ] = [ ] ;
168170
169- public authMethods : ( ( routeContext : GenericRouteExecutionContext ) => Promise < IUser | undefined > ) [ ] ;
171+ public authMethods : ( ( routeContext : APIActionContext ) => Promise < IUser | undefined > ) [ ] ;
170172
171173 protected helperMethods : Map < string , ( ) => any > = new Map ( ) ;
172174
@@ -248,7 +250,7 @@ export class APIClass<TBasePath extends string = '', TOperations extends Record<
248250 return parseJsonQuery ( routeContext ) ;
249251 }
250252
251- public addAuthMethod ( func : ( routeContext : GenericRouteExecutionContext ) => Promise < IUser | undefined > ) : void {
253+ public addAuthMethod ( func : ( routeContext : APIActionContext ) => Promise < IUser | undefined > ) : void {
252254 this . authMethods . push ( func ) ;
253255 }
254256
@@ -825,37 +827,9 @@ export class APIClass<TBasePath extends string = '', TOperations extends Record<
825827 this . queryFields = options . queryFields ;
826828 this . logger = logger ;
827829
828- const user = await api . authenticatedRoute ( this ) ;
829-
830- const isUserWithUsername = ( user : IUser | null ) : user is RequiredField < IUser , 'username' > => {
831- return user !== null && typeof user === 'object' && 'username' in user && user . username !== undefined ;
832- } ;
833-
834- this . user = user ! ;
835- this . userId = this . user ?. _id ;
836830 const authToken = this . request . headers . get ( 'x-auth-token' ) ;
837831 this . token = Accounts . _hashLoginToken ( String ( authToken ) ) ! ;
838832
839- const shouldPreventAnonymousRead = ! this . user && options . authOrAnonRequired && ! settings . get ( 'Accounts_AllowAnonymousRead' ) ;
840- const shouldPreventUserRead = ! this . user && options . authRequired ;
841-
842- if ( shouldPreventAnonymousRead || shouldPreventUserRead ) {
843- const result = api . unauthorized ( 'You must be logged in to do this.' ) ;
844- // compatibility with the old API
845- // TODO: MAJOR
846- if ( ! applyBreakingChanges ) {
847- Object . assign ( result . body , {
848- status : 'error' ,
849- message : 'You must be logged in to do this.' ,
850- } ) ;
851- }
852- return result ;
853- }
854-
855- if ( user && ! options . userWithoutUsername && ! isUserWithUsername ( user ) ) {
856- throw new Meteor . Error ( 'error-unauthorized' , 'Users must have a username' ) ;
857- }
858-
859833 const objectForRateLimitMatch = {
860834 IPAddr : this . requestIp ,
861835 route : api . getFullRouteName ( route , this . request . method . toLowerCase ( ) ) ,
@@ -961,6 +935,12 @@ export class APIClass<TBasePath extends string = '', TOperations extends Record<
961935 this . router [ method . toLowerCase ( ) as 'get' | 'post' | 'put' | 'delete' ] (
962936 `/${ route } ` . replaceAll ( '//' , '/' ) ,
963937 { ..._options , tags } as TypedOptions ,
938+ authenticationMiddlewareForHono ( this , {
939+ authRequired : options . authRequired ,
940+ authOrAnonRequired : options . authOrAnonRequired ,
941+ userWithoutUsername : options . userWithoutUsername ,
942+ logger,
943+ } ) ,
964944 license ( _options as TypedOptions , License ) ,
965945 ( operations [ method as keyof Operations < TPathPattern , TOptions > ] as Record < string , any > ) . action ,
966946 ) ;
@@ -978,7 +958,7 @@ export class APIClass<TBasePath extends string = '', TOperations extends Record<
978958 } ) ;
979959 }
980960
981- protected async authenticatedRoute ( routeContext : GenericRouteExecutionContext ) : Promise < IUser | null > {
961+ public async authenticatedRoute ( routeContext : APIActionContext ) : Promise < IUser | null > {
982962 const userId = routeContext . request . headers . get ( 'x-user-id' ) ;
983963 const userToken = routeContext . request . headers . get ( 'x-auth-token' ) ;
984964
0 commit comments