feat: extend 4 REST endpoints + migrate 7 DDP callers

.changeset/ddp-migrate-batch2-callers.md

@@ -0,0 +1,12 @@
+---
+'@rocket.chat/meteor': patch
+---
+
+Migrate six client DDP callers to their REST equivalents (the DDP methods stay registered on the server for external SDK/mobile clients, with a deprecation log pointing at the REST route until 9.0.0 removes them):
+
+- `loadMissedMessages` → `GET /v1/chat.syncMessages`
+- `joinRoom` → `POST /v1/channels.join` (channel-only; non-`c` rooms now error via REST the same way they used to via DDP)
+- `userSetUtcOffset` → `POST /v1/users.setPreferences` (new `utcOffset` field)
+- `deleteFileMessage` → `POST /v1/chat.delete` (new `fileId` body shape)
+- `spotlight` → `GET /v1/spotlight` (new `usernames` / `type` / `rid` query params)
+- `listCustomSounds` → `GET /v1/custom-sounds.list`

.changeset/rest-chat-delete-by-fileid.md

@@ -0,0 +1,6 @@
+---
+'@rocket.chat/rest-typings': minor
+'@rocket.chat/meteor': minor
+---
+
+`POST /v1/chat.delete` now accepts `{ fileId, asUser? }` as an alternative to `{ msgId, roomId, asUser? }`. When `fileId` is provided the server resolves the owning message via `Messages.getMessageByFileId` before running the existing permission and deletion flow.

.changeset/rest-spotlight-params-and-anonymous.md

@@ -0,0 +1,11 @@
+---
+'@rocket.chat/rest-typings': minor
+'@rocket.chat/meteor': minor
+---
+
+`GET /v1/spotlight` now mirrors the DDP `spotlight` method:
+
+- accepts optional `usernames` (comma-separated string), `type` (JSON-encoded `{ users?, mentions?, rooms?, includeFederatedRooms? }`) and `rid` query params;
+- response items expose `nickname` / `outside` (users) and `uids` / `usernames` / `fname` (rooms);
+- `status` on each user is now optional — outside/federated users were already being returned without one and the previous required-field schema rejected them as `Response validation failed`;
+- the endpoint is no longer auth-gated, allowing anonymous-read flows (e.g. `Accounts_AllowAnonymousRead`) to keep finding public channels through the navbar search.

.changeset/rest-users-setpreferences-utcoffset.md

@@ -0,0 +1,6 @@
+---
+'@rocket.chat/rest-typings': minor
+'@rocket.chat/meteor': minor
+---
+
+`POST /v1/users.setPreferences` now accepts an optional `data.utcOffset` (number) field. The value is stored at the user-document root via `Users.setUtcOffset` (not under `settings.preferences`), matching what the legacy `userSetUtcOffset` DDP method did.

apps/meteor/app/api/server/v1/chat.ts

@@ -521,7 +521,7 @@ const chatEndpoints = API.v1
 			authRequired: true,
 			body: isChatDeleteProps,
 			response: {
-				200: ajv.compile<{ _id: string; ts: string; message: Pick<IMessage, '_id' | 'rid' | 'u'> }>({
+				200: ajv.compile<{ _id?: string; ts?: string; message?: Pick<IMessage, '_id' | 'rid' | 'u'> }>({
 					type: 'object',
 					properties: {
 						_id: { type: 'string' },
@@ -538,21 +538,30 @@ const chatEndpoints = API.v1
 						},
 						success: { type: 'boolean', enum: [true] },
 					},
-					required: ['_id', 'ts', 'message', 'success'],
+					required: ['success'],
 					additionalProperties: false,
 				}),
 				400: validateBadRequestErrorResponse,
 				401: validateUnauthorizedErrorResponse,
 			},
 		},
 		async function action() {
-			const msg = await Messages.findOneById(this.bodyParams.msgId, { projection: { u: 1, rid: 1 } });
+			// Deleting by fileId resolves the message that references the file and deletes it.
+			// An orphan upload (a file with no associated message) is not deletable through this
+			// endpoint and intentionally returns a failure below.
+			const msg =
+				'fileId' in this.bodyParams
+					? await Messages.getMessageByFileId(this.bodyParams.fileId)
+					: await Messages.findOneById(this.bodyParams.msgId, { projection: { u: 1, rid: 1 } });
 
 			if (!msg) {
+				if ('fileId' in this.bodyParams) {
+					return API.v1.failure(`No message found with the file id: "${this.bodyParams.fileId}".`);
+				}
 				return API.v1.failure(`No message found with the id of "${this.bodyParams.msgId}".`);
 			}
 
-			if (this.bodyParams.roomId !== msg.rid) {
+			if ('roomId' in this.bodyParams && this.bodyParams.roomId !== msg.rid) {
 				return API.v1.failure('The room id provided does not match where the message is from.');
 			}
 
@@ -576,7 +585,7 @@ const chatEndpoints = API.v1
 			return API.v1.success({
 				_id: msg._id,
 				ts: Date.now().toString(),
-				message: msg,
+				message: { _id: msg._id, rid: msg.rid, u: msg.u },
 			});
 		},
 	)

apps/meteor/app/api/server/v1/misc.ts

@@ -6,6 +6,8 @@ import {
 	ajv,
 	isShieldSvgProps,
 	isSpotlightProps,
+	parseSpotlightUsernames,
+	parseSpotlightType,
 	isDirectoryProps,
 	isFingerprintProps,
 	isMeteorCall,
@@ -339,7 +341,11 @@ API.v1.get(
 );
 
 const spotlightResponseSchema = ajv.compile<{
-	users: Pick<IUser, 'name' | 'status' | 'statusText' | 'avatarETag' | '_id' | 'username'>[];
+	users: (Pick<IUser, 'name' | '_id' | 'username'> &
+		Partial<Pick<IUser, 'status' | 'statusText' | 'avatarETag'>> & {
+			nickname?: string;
+			outside?: boolean;
+		})[];
 	rooms: Pick<IRoom, 't' | 'name' | 'lastMessage' | '_id'>[];
 }>({
 	type: 'object',
@@ -356,7 +362,7 @@ const spotlightResponseSchema = ajv.compile<{
 					statusText: { type: 'string' },
 					avatarETag: { type: 'string' },
 				},
-				required: ['_id', 'name', 'username', 'status'],
+				required: ['_id', 'name', 'username'],
 				additionalProperties: true,
 			},
 		},
@@ -383,7 +389,10 @@ const spotlightResponseSchema = ajv.compile<{
 API.v1.get(
 	'spotlight',
 	{
-		authRequired: true,
+		// DDP `spotlight` accepts anonymous calls (Accounts_AllowAnonymousRead).
+		// Keep parity so anonymous-user / embedded-layout flows can still
+		// resolve a public channel through the navbar search.
+		authRequired: false,
 		query: isSpotlightProps,
 		response: {
 			200: spotlightResponseSchema,
@@ -392,9 +401,15 @@ API.v1.get(
 		},
 	},
 	async function action() {
-		const { query } = this.queryParams;
+		const { query, usernames, type, rid } = this.queryParams;
 
-		const result = await spotlightMethod({ text: query, userId: this.userId });
+		const result = await spotlightMethod({
+			text: query,
+			userId: this.userId,
+			usernames: parseSpotlightUsernames(usernames),
+			type: parseSpotlightType(type),
+			rid,
+		});
 
 		return API.v1.success(result);
 	},

apps/meteor/app/custom-sounds/server/methods/listCustomSounds.ts

@@ -3,6 +3,8 @@ import type { ServerMethods } from '@rocket.chat/ddp-client';
 import { CustomSounds } from '@rocket.chat/models';
 import { Meteor } from 'meteor/meteor';
 
+import { methodDeprecationLogger } from '../../../lib/server/lib/deprecationWarningLogger';
+
 declare module '@rocket.chat/ddp-client' {
 	// eslint-disable-next-line @typescript-eslint/naming-convention
 	interface ServerMethods {
@@ -12,6 +14,7 @@ declare module '@rocket.chat/ddp-client' {
 
 Meteor.methods<ServerMethods>({
 	async listCustomSounds() {
+		methodDeprecationLogger.method('listCustomSounds', '9.0.0', '/v1/custom-sounds.list');
 		return CustomSounds.find({}).toArray();
 	},
 });

apps/meteor/app/lib/server/methods/joinRoom.ts

@@ -5,6 +5,8 @@ import { Rooms } from '@rocket.chat/models';
 import { check } from 'meteor/check';
 import { Meteor } from 'meteor/meteor';
 
+import { methodDeprecationLogger } from '../lib/deprecationWarningLogger';
+
 declare module '@rocket.chat/ddp-client' {
 	// eslint-disable-next-line @typescript-eslint/naming-convention
 	interface ServerMethods {
@@ -14,6 +16,7 @@ declare module '@rocket.chat/ddp-client' {
 
 Meteor.methods<ServerMethods>({
 	async joinRoom(rid, code) {
+		methodDeprecationLogger.method('joinRoom', '9.0.0', '/v1/channels.join');
 		check(rid, String);
 
 		const user = await Meteor.userAsync();

apps/meteor/client/hooks/useJoinRoom.ts

@@ -1,9 +1,7 @@
 import type { IRoom } from '@rocket.chat/core-typings';
-import { useToastMessageDispatch } from '@rocket.chat/ui-contexts';
+import { useEndpoint, useToastMessageDispatch } from '@rocket.chat/ui-contexts';
 import { useMutation, useQueryClient } from '@tanstack/react-query';
 
-import { sdk } from '../../app/utils/client/lib/SDKClient';
-
 type UseJoinRoomMutationFunctionProps = {
 	rid: IRoom['_id'];
 	reference: string;
@@ -13,11 +11,15 @@ type UseJoinRoomMutationFunctionProps = {
 export const useJoinRoom = () => {
 	const queryClient = useQueryClient();
 	const dispatchToastMessage = useToastMessageDispatch();
+	// TODO(ddp-removal): /v1/channels.join only resolves public channels; non-`c`
+	// rooms will error here (same as DDP `joinRoom` would, just via REST).
+	// Replace with a unified `/v1/rooms.join` (or per-type endpoints) before
+	// the 9.0.0 sweep removes the DDP method.
+	const joinChannel = useEndpoint('POST', '/v1/channels.join');
 
 	return useMutation({
 		mutationFn: async ({ rid, reference, type }: UseJoinRoomMutationFunctionProps) => {
-			await sdk.call('joinRoom', rid);
-
+			await joinChannel({ roomId: rid });
 			return { reference, type };
 		},
 		onSuccess: (data) => {

apps/meteor/client/lib/chats/data.ts

@@ -274,7 +274,10 @@ export const createDataAPI = ({ rid, tmid }: { rid: IRoom['_id']; tmid: IMessage
 	const isSubscribedToRoom = async (): Promise<boolean> => !!Subscriptions.state.find((record) => record.rid === rid);
 
 	const joinRoom = async (): Promise<void> => {
-		await sdk.call('joinRoom', rid);
+		// TODO(ddp-removal): only public channels resolve through this endpoint;
+		// private groups, DMs and livechat used to error via DDP too — REST keeps
+		// that behavior. Replace with a unified `/v1/rooms.join` when available.
+		await sdk.rest.post('/v1/channels.join', { roomId: rid });
 	};
 
 	const findDiscussionByID = async (drid: IRoom['_id']): Promise<IRoom | undefined> =>

apps/meteor/client/navbar/NavBarSearch/hooks/useSearchItems.ts

@@ -1,6 +1,6 @@
 import { escapeRegExp } from '@rocket.chat/string-helpers';
 import type { SubscriptionWithRoom } from '@rocket.chat/ui-contexts';
-import { useMethod, useUserSubscriptions } from '@rocket.chat/ui-contexts';
+import { useEndpoint, useUserSubscriptions } from '@rocket.chat/ui-contexts';
 import { useQuery, type UseQueryResult } from '@tanstack/react-query';
 import { useMemo } from 'react';
 
@@ -47,7 +47,7 @@ export const useSearchItems = (filterText: string): UseQueryResult<SubscriptionW
 		return { users: true, rooms: true, includeFederatedRooms: true };
 	}, [searchForChannels, searchForDMs]);
 
-	const getSpotlight = useMethod('spotlight');
+	const getSpotlight = useEndpoint('GET', '/v1/spotlight');
 
 	return useQuery({
 		queryKey: ['sidebar/search/spotlight', name, usernamesFromClient, type, localRooms.map(({ _id, name }) => _id + name)],
@@ -57,7 +57,11 @@ export const useSearchItems = (filterText: string): UseQueryResult<SubscriptionW
 				return localRooms;
 			}
 
-			const spotlight = await getSpotlight(name, usernamesFromClient, type);
+			const spotlight = await getSpotlight({
+				query: name,
+				usernames: usernamesFromClient.join(','),
+				type: JSON.stringify(type),
+			});
 
 			const filterUsersUnique = ({ _id }: { _id: string }, index: number, arr: { _id: string }[]): boolean =>
 				index === arr.findIndex((user) => _id === user._id);

apps/meteor/client/providers/CustomSoundProvider/CustomSoundProvider.tsx

@@ -1,11 +1,10 @@
 import type { ICustomSound } from '@rocket.chat/core-typings';
 import { useStableCallback } from '@rocket.chat/fuselage-hooks';
-import { CustomSoundContext, useStream, useUserPreference } from '@rocket.chat/ui-contexts';
+import { CustomSoundContext, useEndpoint, useStream, useUserPreference } from '@rocket.chat/ui-contexts';
 import { useQuery, useQueryClient } from '@tanstack/react-query';
 import { useEffect, useMemo, useRef, type ReactNode } from 'react';
 
 import { defaultSounds, getCustomSoundURL, formatVolume } from './lib';
-import { sdk } from '../../../app/utils/client/lib/SDKClient';
 import { useUserSoundPreferences } from '../../hooks/useUserSoundPreferences';
 
 type CustomSoundProviderProps = {
@@ -17,18 +16,32 @@ const CustomSoundProvider = ({ children }: CustomSoundProviderProps) => {
 
 	const queryClient = useQueryClient();
 	const streamAll = useStream('notify-all');
+	const getCustomSounds = useEndpoint('GET', '/v1/custom-sounds.list');
 
 	const newRoomNotification = useUserPreference<string>('newRoomNotification') || 'door';
 	const newMessageNotification = useUserPreference<string>('newMessageNotification') || 'chime';
 	const { notificationsSoundVolume, voipRingerVolume } = useUserSoundPreferences();
 
 	const { data: list } = useQuery({
 		queryFn: async (): Promise<Omit<ICustomSound, '_updatedAt'>[]> => {
-			const customSoundsList = await sdk.call('listCustomSounds');
-			if (!customSoundsList.length) {
+			// `/v1/custom-sounds.list` is paginated, so we page through all results to
+			// load every custom sound into the provider (the legacy `listCustomSounds`
+			// method returned them all at once).
+			const sounds: Awaited<ReturnType<typeof getCustomSounds>>['sounds'] = [];
+			let total = Infinity;
+			while (sounds.length < total) {
+				const page = await getCustomSounds({ count: 100, offset: sounds.length });
+				total = page.total;
+				sounds.push(...page.sounds);
+				if (!page.sounds.length) {
+					break;
+				}
+			}
+
+			if (!sounds.length) {
 				return defaultSounds;
 			}
-			return [...customSoundsList.map((sound) => ({ ...sound, src: getCustomSoundURL(sound) })), ...defaultSounds];
+			return [...sounds.map(({ _updatedAt: _, ...sound }) => ({ ...sound, src: getCustomSoundURL(sound) })), ...defaultSounds];
 		},
 		queryKey: ['listCustomSounds'],
 		initialData: defaultSounds,

apps/meteor/client/providers/CustomSoundProvider/lib/helpers.ts

@@ -4,7 +4,7 @@ import { getURL } from '../../../../app/utils/client';
 
 export const getAssetUrl = (asset: string, params?: Record<string, any>) => getURL(asset, params, undefined, true);
 
-export const getCustomSoundURL = (sound: ICustomSound) => {
+export const getCustomSoundURL = (sound: Pick<ICustomSound, '_id' | 'extension'> & Pick<Partial<ICustomSound>, 'random'>) => {
 	return getAssetUrl(`/custom-sounds/${sound._id}.${sound.extension}`, { _dc: sound.random || 0 });
 };
 

apps/meteor/client/startup/startup.ts

@@ -34,7 +34,7 @@ if (!sdkTransportEnabled) {
 
 		const utcOffset = -new Date().getTimezoneOffset() / 60;
 		if (user.utcOffset !== utcOffset) {
-			sdk.call('userSetUtcOffset', utcOffset);
+			void sdk.rest.post('/v1/users.setPreferences', { data: { utcOffset } });
 		}
 
 		emitStatusChange(user.status);
@@ -79,7 +79,7 @@ if (!sdkTransportEnabled) {
 
 		const utcOffset = -new Date().getTimezoneOffset() / 60;
 		if (user.utcOffset !== utcOffset) {
-			sdk.call('userSetUtcOffset', utcOffset);
+			void sdk.rest.post('/v1/users.setPreferences', { data: { utcOffset } });
 		}
 
 		emitStatusChange(user.status);

apps/meteor/client/views/room/contextualBar/RoomFiles/hooks/useDeleteFile.tsx

@@ -1,19 +1,19 @@
 import type { IUpload } from '@rocket.chat/core-typings';
 import { useStableCallback } from '@rocket.chat/fuselage-hooks';
 import { GenericModal } from '@rocket.chat/ui-client';
-import { useSetModal, useToastMessageDispatch, useMethod } from '@rocket.chat/ui-contexts';
+import { useSetModal, useToastMessageDispatch, useEndpoint } from '@rocket.chat/ui-contexts';
 import { useTranslation } from 'react-i18next';
 
 export const useDeleteFile = (reload: () => void) => {
 	const { t } = useTranslation();
 	const setModal = useSetModal();
 	const dispatchToastMessage = useToastMessageDispatch();
-	const deleteFile = useMethod('deleteFileMessage');
+	const deleteMessage = useEndpoint('POST', '/v1/chat.delete');
 
 	const handleDelete = useStableCallback((_id: IUpload['_id']) => {
 		const onConfirm = async () => {
 			try {
-				await deleteFile(_id);
+				await deleteMessage({ fileId: _id });
 				dispatchToastMessage({ type: 'success', message: t('Deleted') });
 				reload();
 			} catch (error) {