From e0d51530193f5dd01d55fa409ff8ec13de06b95d Mon Sep 17 00:00:00 2001
From: Marcos Spessatto Defendi <marcos.defendi@ulbra.inf.br>
Date: Thu, 19 Sep 2019 14:33:02 -0300
Subject: [PATCH] [FIX] Fix file uploads JWT (#15412)

* Fix file uploads JWT

* fix review
---
 app/livechat/server/api/v1/message.js         |  8 ++++----
 app/livechat/server/hooks/externalMessage.js  |  4 ++--
 .../server/hooks/saveAnalyticsData.js         |  4 ++--
 app/livechat/server/hooks/sendToCRM.js        |  4 ++--
 app/livechat/server/hooks/sendToFacebook.js   |  4 ++--
 app/livechat/server/sendMessageBySMS.js       |  4 ++--
 .../functions/normalizeMessageAttachments.js  | 18 ------------------
 .../functions/normalizeMessageFileUpload.js   | 19 +++++++++++++++++++
 8 files changed, 33 insertions(+), 32 deletions(-)
 delete mode 100644 app/utils/server/functions/normalizeMessageAttachments.js
 create mode 100644 app/utils/server/functions/normalizeMessageFileUpload.js

diff --git a/app/livechat/server/api/v1/message.js b/app/livechat/server/api/v1/message.js
index 67311c3eba9..9fb8ba33e02 100644
--- a/app/livechat/server/api/v1/message.js
+++ b/app/livechat/server/api/v1/message.js
@@ -8,7 +8,7 @@ import { API } from '../../../../api';
 import { loadMessageHistory } from '../../../../lib';
 import { findGuest, findRoom, normalizeHttpHeaderData } from '../lib/livechat';
 import { Livechat } from '../../lib/Livechat';
-import { normalizeMessageAttachments } from '../../../../utils/server/functions/normalizeMessageAttachments';
+import { normalizeMessageFileUpload } from '../../../../utils/server/functions/normalizeMessageFileUpload';
 
 API.v1.addRoute('livechat/message', {
 	post() {
@@ -97,7 +97,7 @@ API.v1.addRoute('livechat/message/:_id', {
 			}
 
 			if (message.file) {
-				message = normalizeMessageAttachments(message);
+				message = normalizeMessageFileUpload(message);
 			}
 
 			return API.v1.success({ message });
@@ -140,7 +140,7 @@ API.v1.addRoute('livechat/message/:_id', {
 			if (result) {
 				let message = Messages.findOneById(_id);
 				if (message.file) {
-					message = normalizeMessageAttachments(message);
+					message = normalizeMessageFileUpload(message);
 				}
 
 				return API.v1.success({ message });
@@ -238,7 +238,7 @@ API.v1.addRoute('livechat/messages.history/:rid', {
 
 			const messages = loadMessageHistory({ userId: guest._id, rid, end, limit, ls })
 				.messages
-				.map(normalizeMessageAttachments);
+				.map(normalizeMessageFileUpload);
 			return API.v1.success({ messages });
 		} catch (e) {
 			return API.v1.failure(e);
diff --git a/app/livechat/server/hooks/externalMessage.js b/app/livechat/server/hooks/externalMessage.js
index facbdbbf513..1e1f4ee242c 100644
--- a/app/livechat/server/hooks/externalMessage.js
+++ b/app/livechat/server/hooks/externalMessage.js
@@ -5,7 +5,7 @@ import { settings } from '../../../settings';
 import { callbacks } from '../../../callbacks';
 import { SystemLogger } from '../../../logger';
 import { LivechatExternalMessage } from '../../lib/LivechatExternalMessage';
-import { normalizeMessageAttachments } from '../../../utils/server/functions/normalizeMessageAttachments';
+import { normalizeMessageFileUpload } from '../../../utils/server/functions/normalizeMessageFileUpload';
 
 let knowledgeEnabled = false;
 let apiaiKey = '';
@@ -35,7 +35,7 @@ callbacks.add('afterSaveMessage', function(message, room) {
 	}
 
 	if (message.file) {
-		message = normalizeMessageAttachments(message);
+		message = normalizeMessageFileUpload(message);
 	}
 
 	// if the message hasn't a token, it was not sent by the visitor, so ignore it
diff --git a/app/livechat/server/hooks/saveAnalyticsData.js b/app/livechat/server/hooks/saveAnalyticsData.js
index 7849e4c73da..4ca8832c153 100644
--- a/app/livechat/server/hooks/saveAnalyticsData.js
+++ b/app/livechat/server/hooks/saveAnalyticsData.js
@@ -1,6 +1,6 @@
 import { callbacks } from '../../../callbacks';
 import { LivechatRooms } from '../../../models';
-import { normalizeMessageAttachments } from '../../../utils/server/functions/normalizeMessageAttachments';
+import { normalizeMessageFileUpload } from '../../../utils/server/functions/normalizeMessageFileUpload';
 
 callbacks.add('afterSaveMessage', function(message, room) {
 	// skips this callback if the message was edited
@@ -14,7 +14,7 @@ callbacks.add('afterSaveMessage', function(message, room) {
 	}
 
 	if (message.file) {
-		message = normalizeMessageAttachments(message);
+		message = normalizeMessageFileUpload(message);
 	}
 
 	const now = new Date();
diff --git a/app/livechat/server/hooks/sendToCRM.js b/app/livechat/server/hooks/sendToCRM.js
index 827b2f9952d..adaa1d039ea 100644
--- a/app/livechat/server/hooks/sendToCRM.js
+++ b/app/livechat/server/hooks/sendToCRM.js
@@ -2,7 +2,7 @@ import { settings } from '../../../settings';
 import { callbacks } from '../../../callbacks';
 import { Messages, LivechatRooms } from '../../../models';
 import { Livechat } from '../lib/Livechat';
-import { normalizeMessageAttachments } from '../../../utils/server/functions/normalizeMessageAttachments';
+import { normalizeMessageFileUpload } from '../../../utils/server/functions/normalizeMessageFileUpload';
 
 const msgNavType = 'livechat_navigation_history';
 
@@ -61,7 +61,7 @@ function sendToCRM(type, room, includeMessages = true) {
 				msg.attachments = message.attachments;
 			}
 
-			postData.messages.push(normalizeMessageAttachments(msg));
+			postData.messages.push(normalizeMessageFileUpload(msg));
 		});
 	}
 
diff --git a/app/livechat/server/hooks/sendToFacebook.js b/app/livechat/server/hooks/sendToFacebook.js
index e479b7e2ff2..1af4767e365 100644
--- a/app/livechat/server/hooks/sendToFacebook.js
+++ b/app/livechat/server/hooks/sendToFacebook.js
@@ -1,7 +1,7 @@
 import { callbacks } from '../../../callbacks';
 import { settings } from '../../../settings';
 import OmniChannel from '../lib/OmniChannel';
-import { normalizeMessageAttachments } from '../../../utils/server/functions/normalizeMessageAttachments';
+import { normalizeMessageFileUpload } from '../../../utils/server/functions/normalizeMessageFileUpload';
 
 callbacks.add('afterSaveMessage', function(message, room) {
 	// skips this callback if the message was edited
@@ -29,7 +29,7 @@ callbacks.add('afterSaveMessage', function(message, room) {
 	}
 
 	if (message.file) {
-		message = normalizeMessageAttachments(message);
+		message = normalizeMessageFileUpload(message);
 	}
 
 	OmniChannel.reply({
diff --git a/app/livechat/server/sendMessageBySMS.js b/app/livechat/server/sendMessageBySMS.js
index ec1704ee6ac..722ccd92e2e 100644
--- a/app/livechat/server/sendMessageBySMS.js
+++ b/app/livechat/server/sendMessageBySMS.js
@@ -2,7 +2,7 @@ import { callbacks } from '../../callbacks';
 import { settings } from '../../settings';
 import { SMS } from '../../sms';
 import { LivechatVisitors } from '../../models';
-import { normalizeMessageAttachments } from '../../utils/server/functions/normalizeMessageAttachments';
+import { normalizeMessageFileUpload } from '../../utils/server/functions/normalizeMessageFileUpload';
 
 callbacks.add('afterSaveMessage', function(message, room) {
 	// skips this callback if the message was edited
@@ -31,7 +31,7 @@ callbacks.add('afterSaveMessage', function(message, room) {
 
 
 	if (message.file) {
-		message = normalizeMessageAttachments(message);
+		message = normalizeMessageFileUpload(message);
 	}
 
 	const SMSService = SMS.getService(settings.get('SMS_Service'));
diff --git a/app/utils/server/functions/normalizeMessageAttachments.js b/app/utils/server/functions/normalizeMessageAttachments.js
deleted file mode 100644
index 20b4332f0c6..00000000000
--- a/app/utils/server/functions/normalizeMessageAttachments.js
+++ /dev/null
@@ -1,18 +0,0 @@
-import { FileUpload } from '../../../file-upload/server';
-
-export const normalizeMessageAttachments = (message) => {
-	if (message.file && message.attachments && Array.isArray(message.attachments) && message.attachments.length) {
-		const jwt = FileUpload.generateJWTToFileUrls({ rid: message.rid, userId: message.u._id, fileId: message.file._id });
-		if (jwt) {
-			message.attachments.forEach((attachment) => {
-				if (attachment.title_link) {
-					attachment.title_link = `${ attachment.title_link }?token=${ jwt }`;
-				}
-				if (attachment.image_url) {
-					attachment.image_url = `${ attachment.image_url }?token=${ jwt }`;
-				}
-			});
-		}
-	}
-	return message;
-};
diff --git a/app/utils/server/functions/normalizeMessageFileUpload.js b/app/utils/server/functions/normalizeMessageFileUpload.js
new file mode 100644
index 00000000000..77be075e977
--- /dev/null
+++ b/app/utils/server/functions/normalizeMessageFileUpload.js
@@ -0,0 +1,19 @@
+import { FileUpload } from '../../../file-upload/server';
+import { Uploads } from '../../../models/server';
+import { settings } from '../../../settings/server';
+
+export const normalizeMessageFileUpload = (message) => {
+	if (message.file && !message.fileUpload) {
+		const jwt = FileUpload.generateJWTToFileUrls({ rid: message.rid, userId: message.u._id, fileId: message.file._id });
+		const file = Uploads.findOne({ _id: message.file._id });
+		if (!file) {
+			return message;
+		}
+		message.fileUpload = {
+			publicFilePath: `${ settings.get('Site_Url') }${ FileUpload.getPath(`${ file._id }/${ encodeURI(file.name) }`).substring(1) }${ jwt ? `?token=${ jwt }` : '' }`,
+			type: file.type,
+			size: file.size,
+		};
+	}
+	return message;
+};