diff --git a/package.json b/package.json index a3fd4a47b879..7feac0e67a14 100644 --- a/package.json +++ b/package.json @@ -2,7 +2,6 @@ "name": "Rocket.Chat", "description": "The Ultimate Open Source WebChat Platform", "version": "0.73.0-develop", - "author": { "name": "Rocket.Chat", "url": "https://rocket.chat/" @@ -151,6 +150,7 @@ "fibers": "^3.1.1", "file-type": "^10.6.0", "filesize": "^3.6.1", + "google-libphonenumber": "3.2.1", "grapheme-splitter": "^1.0.4", "gridfs-stream": "^1.1.1", "he": "^1.2.0", diff --git a/packages/rocketchat-api/server/v1/misc.js b/packages/rocketchat-api/server/v1/misc.js index 28d580bec27b..573e178fe760 100644 --- a/packages/rocketchat-api/server/v1/misc.js +++ b/packages/rocketchat-api/server/v1/misc.js @@ -2,6 +2,9 @@ import { Meteor } from 'meteor/meteor'; import { check } from 'meteor/check'; import { TAPi18n } from 'meteor/tap:i18n'; import { RocketChat } from 'meteor/rocketchat:lib'; +import { PhoneNumberUtil } from 'google-libphonenumber'; + +const phoneUtil = PhoneNumberUtil.getInstance(); RocketChat.API.v1.addRoute('info', { authRequired: false }, { get() { @@ -202,6 +205,10 @@ RocketChat.API.v1.addRoute('invite.sms', { authRequired: true }, { throw new Meteor.Error('error-phone-param-not-provided', 'The required "phone" param is required.'); } const phone = this.bodyParams.phone.replace(/-|\s/g, ''); + if (!phoneUtil.isValidNumber(phoneUtil.parse(phone))) { + return RocketChat.API.v1.failure('Invalid number'); + } + const result = Meteor.runAsUser(this.userId, () => Meteor.call('sendInvitationSMS', [phone])); if (result.indexOf(phone) >= 0) { return RocketChat.API.v1.success();