Rocket.Chat/server/methods/createDirectMessage.js

Meteor.methods({
	createDirectMessage(username) {
		check(username, String);

		if (!Meteor.userId()) {
			throw new Meteor.Error('error-invalid-user', 'Invalid user', {
				method: 'createDirectMessage'
			});
		}

		const me = Meteor.user();

		if (!me.username) {
			throw new Meteor.Error('error-invalid-user', 'Invalid user', {
				method: 'createDirectMessage'
			});
		}

		if (RocketChat.settings.get('Message_AllowDirectMessagesToYourself') === false && me.username === username) {
			throw new Meteor.Error('error-invalid-user', 'Invalid user', {
				method: 'createDirectMessage'
			});
		}

		if (!RocketChat.authz.hasPermission(Meteor.userId(), 'create-d')) {
			throw new Meteor.Error('error-not-allowed', 'Not allowed', {
				method: 'createDirectMessage'
			});
		}

		const to = RocketChat.models.Users.findOneByUsername(username);

		if (!to) {
			throw new Meteor.Error('error-invalid-user', 'Invalid user', {
				method: 'createDirectMessage'
			});
		}

		const rid = [me._id, to._id].sort().join('');

		const now = new Date();

		// Make sure we have a room
		RocketChat.models.Rooms.upsert({
			_id: rid
		}, {
			$set: {
				usernames: [me.username, to.username]
			},
			$setOnInsert: {
				t: 'd',
				msgs: 0,
				ts: now
			}
		});

		// Make user I have a subcription to this room
		const upsertSubscription = {
			$set: {
				ts: now,
				ls: now,
				open: true
			},
			$setOnInsert: {
				name: to.username,
				t: 'd',
				alert: false,
				unread: 0,
				userMentions: 0,
				groupMentions: 0,
				u: {
					_id: me._id,
					username: me.username
				}
			}
		};

		if (to.active === false) {
			upsertSubscription.$set.archived = true;
		}

		RocketChat.models.Subscriptions.upsert({
			rid,
			$and: [{'u._id': me._id}] // work around to solve problems with upsert and dot
		}, upsertSubscription);

		RocketChat.models.Subscriptions.upsert({
			rid,
			$and: [{'u._id': to._id}] // work around to solve problems with upsert and dot
		}, {
			$setOnInsert: {
				name: me.username,
				t: 'd',
				open: false,
				alert: false,
				unread: 0,
				userMentions: 0,
				groupMentions: 0,
				u: {
					_id: to._id,
					username: to.username
				}
			}
		});

		return {
			rid
		};
	}
});

RocketChat.RateLimiter.limitMethod('createDirectMessage', 10, 60000, {
	userId(userId) {
		return !RocketChat.authz.hasPermission(userId, 'send-many-messages');
	}
});