[NEW] Add new API endpoints

[rodrigok]

Closes #8002, #8864, #8891

• API endpoint that returns all subscriptions at once
• API endpoint that returns all rooms at once
• API endpoint that returns all the auth methods from the server (FB, email, Twitter, Google, etc....)
• API endpoint to authenticate with 2FA
• API endpoint that returns the “terms” and “policy” of the server (SETTINGS)
• API endpoint to upload a file (one method, with room + message text)
• API endpoint to create and delete a push token
• API endpoint to authenticate at Google
• API endpoint to search messages in a room
• API endpoint to use the sendMessage Meteor method (allow passing _id)

Will be implemented later via DDP and will be available automatically to REST

• API endpoint to authenticate at Facebook
• API endpoint to authenticate at Twitter
• API endpoint to authenticate with oAuth

GET v1/rooms.get

• Query Params
  • updatedSince -> Date as ISO string

Get all of the rooms

curl "http://localhost:3000/api/v1/rooms.get" \
    -H "X-Auth-Token: $AUTH_TOKEN" \
    -H "X-User-Id: $USER_ID" 

Get the rooms which have changed after the provided date

curl "http://localhost:3000/api/v1/rooms.get?updatedSince=2017-11-25T15:08:17.264Z" \
    -H "X-Auth-Token: $AUTH_TOKEN" \
    -H "X-User-Id: $USER_ID" 

Both of these have the same result structure, however when you provide the updatedSince query parameter then the update will contain only those updated and remove will contain those which have been removed.

{
  "update": [
    {
      "_id": "GENERAL",
      "name": "general",
      "t": "c",
      "_updatedAt": "2017-11-25T15:08:17.265Z",
      "default": true
    }
  ],
  "remove": [],
  "success": true
}

GET v1/subscriptions.get

• Query Params
  • updatedSince -> Date as ISO string

Get all subscriptions

curl "http://localhost:3000/api/v1/subscriptions.get" \
    -H "X-Auth-Token: $AUTH_TOKEN" \
    -H "X-User-Id: $USER_ID" 

Get subscriptions changed after a date

curl "http://localhost:3000/api/v1/subscriptions.get?updatedSince=2017-11-25T15:08:17.248Z" \
    -H "X-Auth-Token: $AUTH_TOKEN" \
    -H "X-User-Id: $USER_ID" 

Both of these have the same result structure, however when you provide the updatedSince query parameter then the update will contain only those updated and remove will contain those which have been removed.

{
  "update": [
    {
      "t": "c",
      "ts": "2017-11-25T15:08:17.249Z",
      "name": "general",
      "fname": null,
      "rid": "GENERAL",
      "u": {
        "_id": "EoyAmF4mxx5HxJHJB",
        "username": "rodrigo.nascimento",
        "name": "Rodrigo Nascimento"
      },
      "open": true,
      "alert": true,
      "unread": 1,
      "userMentions": 1,
      "groupMentions": 0,
      "_updatedAt": "2017-11-25T15:08:17.249Z",
      "_id": "5ALsG3QhpJfdMpyc8"
    }
  ],
  "remove": [],
  "success": true
}

POST v1/login

When 2FA is required and not passed

curl http://localhost:3000/api/v1/login -d "username=bob&password=pass"

{
  "status": "error",
  "error": "totp-required",
  "reason": "TOTP Required",
  "message": "TOTP Required [totp-required]"
}

Passing 2FA (code)

curl http://localhost:3000/api/v1/login -d "username=bob&password=pass&code=123456"

{
  "status": "success",
  "data": {
    "authToken": "xxx",
    "userId": "xxx"
  }
}

DDP compatible (now it's possible to use the same data passed to DDP)

curl http://localhost:3000/api/v1/login -H "content-type: application/json" -d '{"user": {"username": "bob"}, "password": "pass"}'

curl -i http://localhost:3000/api/v1/login -H "content-type: application/json" -d '{"loginToken": "my-token"}'

GET v1/service.configurations

curl http://localhost:3000/api/v1/service.configurations"

{
  "configurations": [
    {
      "_id": "wDWiEK5eiCGEfoYJj",
      "service": "facebook",
      "appId": "12j3h"
    }
  ],
  "success": true
}

POST v1/push.token

• Body Params (json object)
  • type -> String: apn or gcm
  • value -> String: value of the token
  • appName -> String: your app's name
  • id -> String (optional): your internal id

curl -X POST "http://localhost:3000/api/v1/push.token" \
    -H "X-Auth-Token: $AUTH_TOKEN" \
    -H "X-User-Id: $USER_ID" \
    -H "Content-type: application/json" \
    -d '{ "type": "gcm", "value": "asdf0hsdnflsdf", "appName": "chat.rocket" }'

{
  "result": {
    "token": {
      "gcm": "asdf0hsdnflsdf"
    },
    "appName": "chat.rocket",
    "userId": "tcQrdyNYi4pMxcdjY",
    "enabled": true,
    "createdAt": "2017-12-02T05:59:43.992Z",
    "updatedAt": "2017-12-02T05:59:43.992Z",
    "_id": "AGzcKuzS6oKsPNLk7"
  },
  "success": true
}

DELETE v1/push.token

• Body Params (json object)
  • token -> String

curl -X DELETE "http://localhost:3000/api/v1/push.token" \
    -H "X-Auth-Token: $AUTH_TOKEN" \
    -H "X-User-Id: $USER_ID" \
    -H "Content-type: application/json" \
    -d '{ "token": "asdf0hsdnflsdf" }'

{
  "success": true
}

POST v1/rooms.upload/:_id

• URL Params
  • _id -> String (Room's id)

curl "http://localhost:3000/api/v1/rooms.upload/GENERAL" \
    -F file=@$HOME/Downloads/google.jpg \
    -F "msg=Random Message" \
    -F "description=File description" \
    -H "X-Auth-Token: $AUTH_TOKEN" \
    -H "X-User-Id: $USER_ID"

{
  "success": true
}

[luciofm]

Would be to hard to have the same response format for calls with and without the updatedAt filter?

[graywolf336]

Nope, not at all...aka check now. ;)

[graywolf336]

Can someone answer this question?

[geekgonecrazy]

Seems like we shouldn't be... This looks kinda like maybe duplicated from spotlight? As that's the only thing I can think of that returns all 3

[rodrigok]

@graywolf336 It probably was a copy of what slack does at that time:

I don't know if that is what we want now, need to discuss.

[geekgonecrazy]

Isn't this essentially what the spotlight methods do?

[rodrigok]

@geekgonecrazy Yes, but it was prior to the spotlight implementation

[rafaelks]

@sampaiodiego Good finding! 👍

[graywolf336]

@rodrigok are we just waiting on someone to review this pull request to merge it?

[rafaelks]

@rodrigok Can you add the APIs to list reactions and to react to some message in another PR?

[rodrigok]

@graywolf336 Yes, @sampaiodiego will do the review, but it would be helpful if you do the review too.

@rafaelks What?

[rafaelks]

@rodrigok

• API to list all custom emojis;
• API to react to a message;

[rodrigok]

@rafaelks I don't think I understand why you are asking this here, but yes, everything else will be added in another PR 😄 just keep that document listing the APIs mobile needs updated

[graywolf336]

@rodrigok I know this was intentional, but this is a huge breaking change - authentication tokens now expire. So, we will need to alert everyone to this as it is a MAJOR breaking change with how our REST API is consumed.

[sampaiodiego]

code looks good..

agreed to @graywolf336 the change on expiring API tokens should be listed as a breaking change on release notes (at least).

[rodrigok]

@graywolf336 @sampaiodiego I fixed it and it's keeping the old behavior. Thanks @graywolf336

[cardoso]

I'm receiving this field (along with the expected message and success fields) from the sendMessage API:

"developerWarning" : "[WARNING]: The \"usernames\" field has been removed for performance reasons. Please use the \"*.members\" endpoint to get a list of members\/users in a room."

Seems weird to me, but otherwise it's working.

[graywolf336]

@cardoso it's just a warning and can be ignored. Not everyone follows along with the development, so we are letting them know that usernames field has been removed.

[cardoso]

@graywolf336 looks like it's happening in other api calls

https://unstable.rocket.chat/api/v1/service.configurations
https://unstable.rocket.chat/api/v1/info

Maybe all?

That's pretty bad for network usage on mobile.

[graywolf336]

@cardoso feel free to open an issue about it so that someone can work on improving it. 👍