diff --git a/packages/rocketchat-api/package.js b/packages/rocketchat-api/package.js index d2eee06b508..6918b5f1da8 100644 --- a/packages/rocketchat-api/package.js +++ b/packages/rocketchat-api/package.js @@ -20,7 +20,12 @@ Package.onUse(function(api) { api.addFiles('server/v1/helpers/getPaginationItems.js', 'server'); api.addFiles('server/v1/helpers/getUserFromParams.js', 'server'); api.addFiles('server/v1/helpers/parseJsonQuery.js', 'server'); + api.addFiles('server/v1/helpers/getLoggedInUser.js', 'server'); + //Register default helpers + api.addFiles('server/default/helpers/getLoggedInUser.js', 'server'); + + //Add default routes api.addFiles('server/default/info.js', 'server'); api.addFiles('server/default/metrics.js', 'server'); diff --git a/packages/rocketchat-api/server/default/helpers/getLoggedInUser.js b/packages/rocketchat-api/server/default/helpers/getLoggedInUser.js new file mode 100644 index 00000000000..bfca9f0d11b --- /dev/null +++ b/packages/rocketchat-api/server/default/helpers/getLoggedInUser.js @@ -0,0 +1,12 @@ +RocketChat.API.default.helperMethods.set('getLoggedInUser', function _getLoggedInUser() { + let user; + + if (this.request.headers['x-auth-token'] && this.request.headers['x-user-id']) { + user = RocketChat.models.Users.findOne({ + '_id': this.request.headers['x-user-id'], + 'services.resume.loginTokens.hashedToken': Accounts._hashLoginToken(this.request.headers['x-auth-token']) + }); + } + + return user; +}); diff --git a/packages/rocketchat-api/server/default/info.js b/packages/rocketchat-api/server/default/info.js index adf7a094db0..7093793ab9b 100644 --- a/packages/rocketchat-api/server/default/info.js +++ b/packages/rocketchat-api/server/default/info.js @@ -1,5 +1,15 @@ RocketChat.API.default.addRoute('info', { authRequired: false }, { get: function() { - return RocketChat.Info; + const user = this.getLoggedInUser(); + + if (user && RocketChat.authz.hasRole(user._id, 'admin')) { + return RocketChat.API.v1.success({ + info: RocketChat.Info + }); + } + + return RocketChat.API.v1.success({ + version: RocketChat.Info.version + }); } }); diff --git a/packages/rocketchat-api/server/v1/helpers/getLoggedInUser.js b/packages/rocketchat-api/server/v1/helpers/getLoggedInUser.js new file mode 100644 index 00000000000..ab9d141e813 --- /dev/null +++ b/packages/rocketchat-api/server/v1/helpers/getLoggedInUser.js @@ -0,0 +1,12 @@ +RocketChat.API.v1.helperMethods.set('getLoggedInUser', function _getLoggedInUser() { + let user; + + if (this.request.headers['x-auth-token'] && this.request.headers['x-user-id']) { + user = RocketChat.models.Users.findOne({ + '_id': this.request.headers['x-user-id'], + 'services.resume.loginTokens.hashedToken': Accounts._hashLoginToken(this.request.headers['x-auth-token']) + }); + } + + return user; +}); diff --git a/packages/rocketchat-api/server/v1/misc.js b/packages/rocketchat-api/server/v1/misc.js index 6a2a5802769..cc2cba7cea6 100644 --- a/packages/rocketchat-api/server/v1/misc.js +++ b/packages/rocketchat-api/server/v1/misc.js @@ -1,7 +1,17 @@ RocketChat.API.v1.addRoute('info', { authRequired: false }, { get: function() { + const user = this.getLoggedInUser(); + + if (user && RocketChat.authz.hasRole(user._id, 'admin')) { + return RocketChat.API.v1.success({ + info: RocketChat.Info + }); + } + return RocketChat.API.v1.success({ - info: RocketChat.Info + info: { + 'version': RocketChat.Info.version + } }); } }); diff --git a/tests/end-to-end/api/00-miscellaneous.js b/tests/end-to-end/api/00-miscellaneous.js index 9616af0f487..874f1db1708 100644 --- a/tests/end-to-end/api/00-miscellaneous.js +++ b/tests/end-to-end/api/00-miscellaneous.js @@ -29,14 +29,6 @@ describe('miscellaneous', function() { .expect(200) .expect((res) => { expect(res.body).to.have.property('version'); - expect(res.body).to.have.deep.property('build.date'); - expect(res.body).to.have.deep.property('build.nodeVersion'); - expect(res.body).to.have.deep.property('build.arch'); - expect(res.body).to.have.deep.property('build.platform'); - expect(res.body).to.have.deep.property('build.osRelease'); - expect(res.body).to.have.deep.property('build.totalMemory'); - expect(res.body).to.have.deep.property('build.freeMemory'); - expect(res.body).to.have.deep.property('build.cpus'); }) .end(done); });