refactor: use chat.update endpoint instead of updateMessage method (RocketChat#37138)

cardoso · web-flow · commit c4b31539a3cc · 2025-10-11T00:17:52.000Z
diff --git a/apps/meteor/app/api/server/v1/chat.ts b/apps/meteor/app/api/server/v1/chat.ts
@@ -282,6 +282,77 @@ const chatEndpoints = API.v1
 
 			return API.v1.success();
 		},
+	)
+	.post(
+		'chat.update',
+		{
+			authRequired: true,
+			body: isChatUpdateProps,
+			response: {
+				400: validateBadRequestErrorResponse,
+				401: validateUnauthorizedErrorResponse,
+				200: ajv.compile<{ message: IMessage }>({
+					type: 'object',
+					properties: {
+						message: { $ref: '#/components/schemas/IMessage' },
+						success: {
+							type: 'boolean',
+							enum: [true],
+						},
+					},
+					required: ['message', 'success'],
+					additionalProperties: false,
+				}),
+			},
+		},
+		async function action() {
+			const { bodyParams } = this;
+
+			const msg = await Messages.findOneById(bodyParams.msgId);
+
+			// Ensure the message exists
+			if (!msg) {
+				return API.v1.failure(`No message found with the id of "${bodyParams.msgId}".`);
+			}
+
+			if (bodyParams.roomId !== msg.rid) {
+				return API.v1.failure('The room id provided does not match where the message is from.');
+			}
+
+			const hasContent = 'content' in bodyParams;
+
+			if (hasContent && msg.t !== 'e2e') {
+				return API.v1.failure('Only encrypted messages can have content updated.');
+			}
+
+			const updateData: Parameters<typeof executeUpdateMessage> = [
+				this.userId,
+				hasContent
+					? {
+							_id: msg._id,
+							rid: msg.rid,
+							content: bodyParams.content,
+							...(bodyParams.e2eMentions && { e2eMentions: bodyParams.e2eMentions }),
+						}
+					: {
+							_id: msg._id,
+							rid: msg.rid,
+							msg: bodyParams.text,
+							...(bodyParams.customFields && { customFields: bodyParams.customFields }),
+						},
+				'previewUrls' in bodyParams ? bodyParams.previewUrls : undefined,
+			];
+
+			// Permission checks are already done in the updateMessage method, so no need to duplicate them
+			await applyAirGappedRestrictionsValidation(() => executeUpdateMessage(...updateData));
+
+			const updatedMessage = await Messages.findOneById(msg._id);
+			const [message] = await normalizeMessagesForUser(updatedMessage ? [updatedMessage] : [], this.userId);
+
+			return API.v1.success({
+				message,
+			});
+		},
 	);
 
 API.v1.addRoute(
@@ -421,48 +492,6 @@ API.v1.addRoute(
 	},
 );
 
-API.v1.addRoute(
-	'chat.update',
-	{ authRequired: true, validateParams: isChatUpdateProps },
-	{
-		async post() {
-			const msg = await Messages.findOneById(this.bodyParams.msgId);
-
-			// Ensure the message exists
-			if (!msg) {
-				return API.v1.failure(`No message found with the id of "${this.bodyParams.msgId}".`);
-			}
-
-			if (this.bodyParams.roomId !== msg.rid) {
-				return API.v1.failure('The room id provided does not match where the message is from.');
-			}
-
-			const msgFromBody = this.bodyParams.text;
-
-			// Permission checks are already done in the updateMessage method, so no need to duplicate them
-			await applyAirGappedRestrictionsValidation(() =>
-				executeUpdateMessage(
-					this.userId,
-					{
-						_id: msg._id,
-						msg: msgFromBody,
-						rid: msg.rid,
-						...(this.bodyParams.customFields && { customFields: this.bodyParams.customFields }),
-					},
-					this.bodyParams.previewUrls,
-				),
-			);
-
-			const updatedMessage = await Messages.findOneById(msg._id);
-			const [message] = await normalizeMessagesForUser(updatedMessage ? [updatedMessage] : [], this.userId);
-
-			return API.v1.success({
-				message,
-			});
-		},
-	},
-);
-
 API.v1.addRoute(
 	'chat.react',
 	{ authRequired: true, validateParams: isChatReactProps },
diff --git a/apps/meteor/app/lib/server/functions/updateMessage.ts b/apps/meteor/app/lib/server/functions/updateMessage.ts
@@ -11,7 +11,7 @@ import { notifyOnRoomChangedById, notifyOnMessageChange } from '../lib/notifyLis
 import { validateCustomMessageFields } from '../lib/validateCustomMessageFields';
 
 export const updateMessage = async function (
-	message: AtLeast<IMessage, '_id' | 'rid' | 'msg' | 'customFields'>,
+	message: AtLeast<IMessage, '_id' | 'rid' | 'msg' | 'customFields'> | AtLeast<IMessage, '_id' | 'rid' | 'content'>,
 	user: IUser,
 	originalMsg?: IMessage,
 	previewUrls?: string[],
diff --git a/apps/meteor/app/lib/server/methods/updateMessage.ts b/apps/meteor/app/lib/server/methods/updateMessage.ts
@@ -15,7 +15,7 @@ const allowedEditedFields = ['tshow', 'alias', 'attachments', 'avatar', 'emoji',
 
 export async function executeUpdateMessage(
 	uid: IUser['_id'],
-	message: AtLeast<IMessage, '_id' | 'rid' | 'msg' | 'customFields'>,
+	message: AtLeast<IMessage, '_id' | 'rid' | 'msg' | 'customFields'> | AtLeast<IMessage, '_id' | 'rid' | 'content'>,
 	previewUrls?: string[],
 ) {
 	const originalMessage = await Messages.findOneById(message._id);
diff --git a/apps/meteor/client/lib/chats/data.ts b/apps/meteor/client/lib/chats/data.ts
@@ -1,4 +1,5 @@
 import {
+	isEncryptedMessageContent,
 	isOTRAckMessage,
 	isOTRMessage,
 	type IEditedMessage,
@@ -176,8 +177,24 @@ export const createDataAPI = ({ rid, tmid }: { rid: IRoom['_id']; tmid: IMessage
 		Messages.state.store({ ...message, rid, ...(tmid && { tmid }) });
 	};
 
-	const updateMessage = async (message: IEditedMessage, previewUrls?: string[]): Promise<void> =>
-		sdk.call('updateMessage', message, previewUrls);
+	const updateMessage = async (message: IEditedMessage, previewUrls?: string[]): Promise<void> => {
+		const params = isEncryptedMessageContent(message)
+			? {
+					msgId: message._id,
+					roomId: message.rid,
+					content: message.content,
+					e2eMentions: message.e2eMentions,
+				}
+			: {
+					previewUrls,
+					msgId: message._id,
+					roomId: message.rid,
+					customFields: message.customFields,
+					text: message.msg,
+				};
+
+		await sdk.rest.post('/v1/chat.update', params);
+	};
 
 	const canDeleteMessage = async (message: IMessage): Promise<boolean> => {
 		const uid = getUserId();
diff --git a/apps/meteor/tests/e2e/e2e-encryption/e2ee-encrypted-channels.spec.ts b/apps/meteor/tests/e2e/e2e-encryption/e2ee-encrypted-channels.spec.ts
@@ -319,4 +319,64 @@ test.describe('E2EE Encrypted Channels', () => {
 		await lastStarredMessage.locator('role=button[name="More"]').click();
 		await expect(page.locator('role=menuitem[name="Copy link"]')).toHaveClass(/disabled/);
 	});
+
+	test('expect to edit encrypted message', async ({ page }) => {
+		const channelName = faker.string.uuid();
+		const originalMessage = 'This is the original encrypted message';
+		const editedMessage = 'This is the edited encrypted message';
+
+		await poHomeChannel.sidenav.createEncryptedChannel(channelName);
+		await expect(page).toHaveURL(`/group/${channelName}`);
+		await expect(poHomeChannel.content.encryptedRoomHeaderIcon).toBeVisible();
+
+		await poHomeChannel.content.sendMessage(originalMessage);
+
+		await expect(poHomeChannel.content.lastUserMessageBody).toHaveText(originalMessage);
+		await expect(poHomeChannel.content.lastUserMessage.locator('.rcx-icon--name-key')).toBeVisible();
+
+		await poHomeChannel.content.openLastMessageMenu();
+		await poHomeChannel.content.btnOptionEditMessage.click();
+		await poHomeChannel.content.inputMessage.fill(editedMessage);
+
+		await page.keyboard.press('Enter');
+
+		await expect(poHomeChannel.content.lastUserMessageBody).toHaveText(editedMessage);
+		await expect(poHomeChannel.content.lastUserMessage.locator('.rcx-icon--name-key')).toBeVisible();
+	});
+
+	test('expect to edit encrypted message to include mention', async ({ page }) => {
+		const channelName = faker.string.uuid();
+		const originalMessage = 'This is the original encrypted message';
+		const editedMessage = 'This is the edited encrypted message with a mention to @user1 and #general';
+		const displayedMessage = 'This is the edited encrypted message with a mention to user1 and general';
+
+		await poHomeChannel.sidenav.createEncryptedChannel(channelName);
+		await expect(page).toHaveURL(`/group/${channelName}`);
+		await expect(poHomeChannel.content.encryptedRoomHeaderIcon).toBeVisible();
+
+		await poHomeChannel.content.sendMessage(originalMessage);
+		await expect(poHomeChannel.content.lastUserMessageBody).toHaveText(originalMessage);
+		await expect(poHomeChannel.content.lastUserMessage.locator('.rcx-icon--name-key')).toBeVisible();
+
+		await poHomeChannel.content.openLastMessageMenu();
+		await poHomeChannel.content.btnOptionEditMessage.click();
+		await poHomeChannel.content.inputMessage.fill(editedMessage);
+
+		await page.keyboard.press('Enter');
+
+		await expect(poHomeChannel.content.lastUserMessageBody).toHaveText(displayedMessage);
+		await expect(poHomeChannel.content.lastUserMessage.locator('.rcx-icon--name-key')).toBeVisible();
+
+		const userMention = page.getByRole('button', {
+			name: 'user1',
+		});
+
+		await expect(userMention).toBeVisible();
+
+		const channelMention = page.getByRole('button', {
+			name: 'general',
+		});
+
+		await expect(channelMention).toBeVisible();
+	});
 });
diff --git a/apps/meteor/tests/e2e/messaging.spec.ts b/apps/meteor/tests/e2e/messaging.spec.ts
@@ -173,10 +173,7 @@ test.describe('Messaging', () => {
 
 			await test.step('send edited message', async () => {
 				const editPromise = page.waitForResponse(
-					(response) =>
-						/api\/v1\/method.call\/updateMessage/.test(response.url()) &&
-						response.status() === 200 &&
-						response.request().method() === 'POST',
+					(response) => /api\/v1\/chat.update/.test(response.url()) && response.status() === 200 && response.request().method() === 'POST',
 				);
 
 				await poHomeChannel.content.sendMessage('edited msg2', false);
@@ -187,10 +184,7 @@ test.describe('Messaging', () => {
 
 			await test.step('stress test on message editions', async () => {
 				const editPromise = page.waitForResponse(
-					(response) =>
-						/api\/v1\/method.call\/updateMessage/.test(response.url()) &&
-						response.status() === 200 &&
-						response.request().method() === 'POST',
+					(response) => /api\/v1\/chat.update/.test(response.url()) && response.status() === 200 && response.request().method() === 'POST',
 				);
 
 				for (const element of ['edited msg2 a', 'edited msg2 b', 'edited msg2 c', 'edited msg2 d', 'edited msg2 e']) {
diff --git a/apps/meteor/tests/e2e/page-objects/fragments/home-content.ts b/apps/meteor/tests/e2e/page-objects/fragments/home-content.ts
@@ -1,9 +1,16 @@
 import fs from 'fs/promises';
+import { resolve, join, relative } from 'node:path';
 
 import type { Locator, Page } from '@playwright/test';
 
 import { expect } from '../../utils/test';
 
+const FIXTURES_PATH = relative(process.cwd(), resolve(__dirname, '../../fixtures/files'));
+
+export function getFilePath(fileName: string): string {
+	return join(FIXTURES_PATH, fileName);
+}
+
 export class HomeContent {
 	protected readonly page: Page;
 
@@ -379,7 +386,7 @@ export class HomeContent {
 	}
 
 	async dragAndDropTxtFile(): Promise<void> {
-		const contract = await fs.readFile('./tests/e2e/fixtures/files/any_file.txt', 'utf-8');
+		const contract = await fs.readFile(getFilePath('any_file.txt'), 'utf-8');
 		const dataTransfer = await this.page.evaluateHandle((contract) => {
 			const data = new DataTransfer();
 			const file = new File([`${contract}`], 'any_file.txt', {
@@ -395,7 +402,7 @@ export class HomeContent {
 	}
 
 	async dragAndDropLstFile(): Promise<void> {
-		const contract = await fs.readFile('./tests/e2e/fixtures/files/lst-test.lst', 'utf-8');
+		const contract = await fs.readFile(getFilePath('lst-test.lst'), 'utf-8');
 		const dataTransfer = await this.page.evaluateHandle((contract) => {
 			const data = new DataTransfer();
 			const file = new File([`${contract}`], 'lst-test.lst', {
@@ -411,7 +418,7 @@ export class HomeContent {
 	}
 
 	async dragAndDropTxtFileToThread(): Promise<void> {
-		const contract = await fs.readFile('./tests/e2e/fixtures/files/any_file.txt', 'utf-8');
+		const contract = await fs.readFile(getFilePath('any_file.txt'), 'utf-8');
 		const dataTransfer = await this.page.evaluateHandle((contract) => {
 			const data = new DataTransfer();
 			const file = new File([`${contract}`], 'any_file.txt', {
@@ -427,7 +434,7 @@ export class HomeContent {
 	}
 
 	async sendFileMessage(fileName: string): Promise<void> {
-		await this.page.locator('input[type=file]').setInputFiles(`./tests/e2e/fixtures/files/${fileName}`);
+		await this.page.locator('input[type=file]').setInputFiles(getFilePath(fileName));
 	}
 
 	async openLastMessageMenu(): Promise<void> {
diff --git a/apps/meteor/tests/end-to-end/api/chat.ts b/apps/meteor/tests/end-to-end/api/chat.ts
@@ -1734,6 +1734,27 @@ describe('[Chat]', () => {
 				});
 		});
 
+		it('should fail updating a message with "content" if it is not encrypted', (done) => {
+			void request
+				.post(api('chat.update'))
+				.set(credentials)
+				.send({
+					roomId: testChannel._id,
+					msgId: message._id,
+					content: {
+						algorithm: 'rc.v1.aes-sha2',
+						ciphertext: 'U2FsdGVkX1+u3j0u2+oXg4o3kw5y4t7D9sdfsdff==',
+					},
+				})
+				.expect('Content-Type', 'application/json')
+				.expect(400)
+				.expect((res) => {
+					expect(res.body).to.have.property('success', false);
+					expect(res.body).to.have.property('error', 'Only encrypted messages can have content updated.');
+				})
+				.end(done);
+		});
+
 		it('should update a message successfully', (done) => {
 			void request
 				.post(api('chat.update'))
diff --git a/packages/rest-typings/src/v1/chat.ts b/packages/rest-typings/src/v1/chat.ts
