From 38134a3c455df5a21e42ce332cb23091b055a889 Mon Sep 17 00:00:00 2001
From: Deepak Bhagat <deepak988088@gmail.com>
Date: Fri, 30 Jan 2026 03:45:57 +0530
Subject: [PATCH 1/2] fix: privacy leak in getRoomInfo and UI crash safety

---
 packages/api/src/EmbeddedChatApi.ts           | 76 +++++++++----------
 .../react/src/views/ChatHeader/ChatHeader.js  |  2 +-
 2 files changed, 35 insertions(+), 43 deletions(-)

diff --git a/packages/api/src/EmbeddedChatApi.ts b/packages/api/src/EmbeddedChatApi.ts
index 72e25a046..64990af08 100644
--- a/packages/api/src/EmbeddedChatApi.ts
+++ b/packages/api/src/EmbeddedChatApi.ts
@@ -73,21 +73,21 @@ export default class EmbeddedChatApi {
 
     const payload = acsCode
       ? JSON.stringify({
-          serviceName: "google",
-          accessToken: tokens.access_token,
-          idToken: tokens.id_token,
-          expiresIn: 3600,
-          totp: {
-            code: acsPayload,
-          },
-        })
+        serviceName: "google",
+        accessToken: tokens.access_token,
+        idToken: tokens.id_token,
+        expiresIn: 3600,
+        totp: {
+          code: acsPayload,
+        },
+      })
       : JSON.stringify({
-          serviceName: "google",
-          accessToken: tokens.access_token,
-          idToken: tokens.id_token,
-          expiresIn: 3600,
-          scope: "profile",
-        });
+        serviceName: "google",
+        accessToken: tokens.access_token,
+        idToken: tokens.id_token,
+        expiresIn: 3600,
+        scope: "profile",
+      });
 
     try {
       const req = await fetch(`${this.host}/api/v1/login`, {
@@ -363,7 +363,7 @@ export default class EmbeddedChatApi {
       typingHandlerLock = 0;
     }, 2000);
     // eslint-disable-next-line no-empty
-    while (typingHandlerLock) {}
+    while (typingHandlerLock) { }
     typingHandlerLock = 1;
     // move user to front if typing else remove it.
     const idx = this.typingUsers.indexOf(typingUser);
@@ -495,34 +495,26 @@ export default class EmbeddedChatApi {
     try {
       const { userId, authToken } = (await this.auth.getCurrentUser()) || {};
       const response = await fetch(
-        `${this.host}/api/v1/method.call/rooms%3Aget`,
+        `${this.host}/api/v1/rooms.info?roomId=${this.rid}`,
         {
-          body: JSON.stringify({
-            message: JSON.stringify({
-              msg: "method",
-              id: null,
-              method: "rooms/get",
-              params: [],
-            }),
-          }),
           headers: {
             "Content-Type": "application/json",
             "X-Auth-Token": authToken,
             "X-User-Id": userId,
           },
-          method: "POST",
+          method: "GET",
         }
       );
 
       const result = await response.json();
 
-      if (result.success && result.message) {
-        const parsedMessage = JSON.parse(result.message);
-        return parsedMessage;
+      if (result.success && result.room) {
+        return { result: [result.room] };
       }
-      return null;
+      return { result: [] };
     } catch (err) {
       console.error(err);
+      return { result: [] };
     }
   }
 
@@ -561,9 +553,9 @@ export default class EmbeddedChatApi {
       query?: object | undefined;
       field?: object | undefined;
     } = {
-      query: undefined,
-      field: undefined,
-    },
+        query: undefined,
+        field: undefined,
+      },
     isChannelPrivate = false
   ) {
     const roomType = isChannelPrivate ? "groups" : "channels";
@@ -600,10 +592,10 @@ export default class EmbeddedChatApi {
       field?: object | undefined;
       offset?: number;
     } = {
-      query: undefined,
-      field: undefined,
-      offset: 50,
-    },
+        query: undefined,
+        field: undefined,
+        offset: 50,
+      },
     isChannelPrivate = false
   ) {
     const roomType = isChannelPrivate ? "groups" : "channels";
@@ -751,13 +743,13 @@ export default class EmbeddedChatApi {
     const messageObj =
       typeof message === "string"
         ? {
-            rid: this.rid,
-            msg: message,
-          }
+          rid: this.rid,
+          msg: message,
+        }
         : {
-            ...message,
-            rid: this.rid,
-          };
+          ...message,
+          rid: this.rid,
+        };
     if (threadId) {
       messageObj.tmid = threadId;
     }
diff --git a/packages/react/src/views/ChatHeader/ChatHeader.js b/packages/react/src/views/ChatHeader/ChatHeader.js
index 0986104ae..18399ae17 100644
--- a/packages/react/src/views/ChatHeader/ChatHeader.js
+++ b/packages/react/src/views/ChatHeader/ChatHeader.js
@@ -199,7 +199,7 @@ const ChatHeader = ({
         setIsChannelArchived(true);
         const roomInfo = await RCInstance.getRoomInfo();
         const roomData = roomInfo.result[roomInfo.result.length - 1];
-        setChannelInfo(roomData);
+        setChannelInfo(roomData || {});
       } else if ('errorType' in res && res.errorType === 'Not Allowed') {
         dispatchToastMessage({
           type: 'error',

From 5cfd968f667d1f0e910c390f6580a87c1c52dbb1 Mon Sep 17 00:00:00 2001
From: Deepak Bhagat <deepak988088@gmail.com>
Date: Fri, 30 Jan 2026 03:52:09 +0530
Subject: [PATCH 2/2] style: fix formatting in EmbeddedChatApi.ts

---
 packages/api/src/EmbeddedChatApi.ts | 56 ++++++++++++++---------------
 1 file changed, 28 insertions(+), 28 deletions(-)

diff --git a/packages/api/src/EmbeddedChatApi.ts b/packages/api/src/EmbeddedChatApi.ts
index 64990af08..59a2f7e98 100644
--- a/packages/api/src/EmbeddedChatApi.ts
+++ b/packages/api/src/EmbeddedChatApi.ts
@@ -73,21 +73,21 @@ export default class EmbeddedChatApi {
 
     const payload = acsCode
       ? JSON.stringify({
-        serviceName: "google",
-        accessToken: tokens.access_token,
-        idToken: tokens.id_token,
-        expiresIn: 3600,
-        totp: {
-          code: acsPayload,
-        },
-      })
+          serviceName: "google",
+          accessToken: tokens.access_token,
+          idToken: tokens.id_token,
+          expiresIn: 3600,
+          totp: {
+            code: acsPayload,
+          },
+        })
       : JSON.stringify({
-        serviceName: "google",
-        accessToken: tokens.access_token,
-        idToken: tokens.id_token,
-        expiresIn: 3600,
-        scope: "profile",
-      });
+          serviceName: "google",
+          accessToken: tokens.access_token,
+          idToken: tokens.id_token,
+          expiresIn: 3600,
+          scope: "profile",
+        });
 
     try {
       const req = await fetch(`${this.host}/api/v1/login`, {
@@ -363,7 +363,7 @@ export default class EmbeddedChatApi {
       typingHandlerLock = 0;
     }, 2000);
     // eslint-disable-next-line no-empty
-    while (typingHandlerLock) { }
+    while (typingHandlerLock) {}
     typingHandlerLock = 1;
     // move user to front if typing else remove it.
     const idx = this.typingUsers.indexOf(typingUser);
@@ -553,9 +553,9 @@ export default class EmbeddedChatApi {
       query?: object | undefined;
       field?: object | undefined;
     } = {
-        query: undefined,
-        field: undefined,
-      },
+      query: undefined,
+      field: undefined,
+    },
     isChannelPrivate = false
   ) {
     const roomType = isChannelPrivate ? "groups" : "channels";
@@ -592,10 +592,10 @@ export default class EmbeddedChatApi {
       field?: object | undefined;
       offset?: number;
     } = {
-        query: undefined,
-        field: undefined,
-        offset: 50,
-      },
+      query: undefined,
+      field: undefined,
+      offset: 50,
+    },
     isChannelPrivate = false
   ) {
     const roomType = isChannelPrivate ? "groups" : "channels";
@@ -743,13 +743,13 @@ export default class EmbeddedChatApi {
     const messageObj =
       typeof message === "string"
         ? {
-          rid: this.rid,
-          msg: message,
-        }
+            rid: this.rid,
+            msg: message,
+          }
         : {
-          ...message,
-          rid: this.rid,
-        };
+            ...message,
+            rid: this.rid,
+          };
     if (threadId) {
       messageObj.tmid = threadId;
     }