fix: add userId and rcToken on attachmentURL only if protect files is…

… enabled (#6078)
RocketChat · Feb 27, 2025 · 435fdc3 · 435fdc3
1 parent 44e19e3
commit 435fdc3
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 2 deletions.
diff --git a/app/lib/constants/defaultSettings.ts b/app/lib/constants/defaultSettings.ts
@@ -111,6 +111,9 @@ export const defaultSettings = {
 	E2E_Enable_Encrypt_Files: {
 		type: 'valueAsBoolean'
 	},
+	FileUpload_ProtectFiles: {
+		type: 'valueAsBoolean'
+	},
 	Accounts_Directory_DefaultView: {
 		type: 'valueAsString'
 	},

diff --git a/app/lib/methods/helpers/formatAttachmentUrl.ts b/app/lib/methods/helpers/formatAttachmentUrl.ts
@@ -11,19 +11,24 @@ function setParamInUrl({ url, token, userId }: { url: string; token: string; use
 }
 
 export const formatAttachmentUrl = (attachmentUrl: string | undefined, userId: string, token: string, server: string): string => {
+	const protectFiles = store.getState().settings.FileUpload_ProtectFiles;
+
 	if ((attachmentUrl && isImageBase64(attachmentUrl)) || attachmentUrl?.startsWith('file://')) {
 		return attachmentUrl;
 	}
 	if (attachmentUrl && attachmentUrl.startsWith('http')) {
 		if (attachmentUrl.includes('rc_token')) {
 			return encodeURI(attachmentUrl);
 		}
-		return setParamInUrl({ url: attachmentUrl, token, userId });
+
+		if (protectFiles) return setParamInUrl({ url: attachmentUrl, token, userId });
+		return attachmentUrl;
 	}
 	let cdnPrefix = store?.getState().settings.CDN_PREFIX as string;
 	cdnPrefix = cdnPrefix?.trim();
 	if (cdnPrefix && cdnPrefix.startsWith('http')) {
 		server = cdnPrefix.replace(/\/+$/, '');
 	}
-	return setParamInUrl({ url: `${server}${attachmentUrl}`, token, userId });
+	if (protectFiles) return setParamInUrl({ url: `${server}${attachmentUrl}`, token, userId });
+	return `${server}${attachmentUrl}`;
 };