* Simplify invite_people email parsing
Replace backwards in-place mutation loop with a straightforward forward
filter into a new slice. Extract into parseEmailList so the logic can be
unit tested directly.
* MM-68150: Upgrade golangci-lint to v2.12.2
Remove //go:fix inline from NewPointer, which is a generic function not
yet supported by the inline analyzer, and fix 11 slicesbackward
modernize issues flagged by the new version.
* MM-68150: Enable all linters by default; disable those with >20 existing issues
Switch from opt-in (default: none) to opt-out (default: all) so new
linters added to golangci-lint are evaluated automatically. Explicitly
disable every linter that has more than 20 pre-existing violations,
deferring those for later cleanup. Also disable a handful of linters
whose violations are intentional patterns in this codebase (nilerr,
dogsled, sqlclosecheck, iotamixing, predeclared, containedctx, iface,
gocheckcompilerdirectives, promlinter, goprintffuncname, gomoddirectives).
* MM-68150: Fix mirror linter issues
Replace Write([]byte(s)) with WriteString(s), and FindIndex([]byte(s))
with FindStringIndex(s), to avoid unnecessary allocations.
* MM-68150: Fix nosprintfhostport linter issue
Use net.JoinHostPort to construct host:port strings instead of
fmt.Sprintf with a manually formatted pattern.
* MM-68150: Fix rowserrcheck and sqlclosecheck linter issues
Check rows.Err() after iteration loops in schema_dump.go. In the
sqlx_wrapper test, defer rows.Close() rather than closing inline.
* MM-68150: Fix nilnesserr linter issues — wrong variable in error handlers
In 11 places, a stale variable (often the outer err from a prior
assignment) was used instead of the freshly-checked error variable
(appErr, rowErr, jsonErr, writeErr, esErr). Each produces a typed-nil
wrapped in a non-nil interface, silently discarding the real error.
* MM-68150: Add i18n string for app.compile_csv_chunks.write_error
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* feat: include connection id in the plugin context
* refactor: group ConnectionId next to SessionId in plugin Context
Addresses review feedback to keep related identifier fields adjacent.
* fix(files): forward Connection-Id on file uploads to plugin hooks
The webapp uploadFile XHR didn't attach the Connection-Id header, so
FileWillBeUploaded plugin hooks always received an empty ConnectionId.
Read it from the websocket selector and set it on the request, matching
how drafts and channel bookmarks already do it. Adds a server-side test
asserting the connection id propagates through pluginContext.
* fix(lint): reorder file_actions imports to satisfy import/order
* Document ConnectionId on request.Context
* initial commit for POC of Plugin Bridge
* Updates
* POC for plugin bridge
* Updates from collaboration
* Fixes
* Refactor Plugin Bridge to use HTTP/REST instead of RPC
- Remove ExecuteBridgeCall hook and Context.SourcePluginId
- Implement HTTP-based bridge using existing PluginHTTP infrastructure
- Add CallPlugin API method with endpoint parameter instead of method name
- Update CallPluginBridge to construct HTTP POST requests
- Add proper headers: Mattermost-User-Id, Mattermost-Plugin-ID
- Use 'com.mattermost.server' as plugin ID for core server calls
- Update ai.go to use REST endpoint /inter-plugin/v1/completion
- Add comprehensive spec documentation in server/spec.md
- Add MIGRATION_GUIDE.md for plugin developers
- Fix 401/404 issues by setting correct headers and URL paths
* Improve Plugin Bridge security and architecture
- Create ServeInternalPluginRequest for internal plugin calls (core + plugin-to-plugin)
- Move header-setting logic from CallPluginBridge to ServeInternalPluginRequest
- Improve separation of concerns: business logic vs HTTP transport
- Add security documentation explaining header protection
Security Improvements:
- ServeInternalPluginRequest is NOT exposed as HTTP route (internal only)
- Headers (Mattermost-User-Id, Mattermost-Plugin-ID) are set by trusted server code
- External requests cannot spoof these headers (stripped by servePluginRequest)
- Core calls use 'com.mattermost.server' as plugin ID for authorization
- Plugin-to-plugin calls use real plugin ID (enforced by server)
Backward Compatibility:
- Keep ServeInterPluginRequest for existing API.PluginHTTP callers (deprecated)
- All tests pass
Docs:
- Update spec.md with security model explanation
- Update MIGRATION_GUIDE.md with correct header usage examples
* Space
* cursor please stop creating markdown files
* Fix style
* Fix i18n, linter
* REMOVE MARKDOWN
* Remove CallPlugin method from plugin API interface
Per review feedback, this method is no longer needed.
Co-authored-by: Nick Misasi <nickmisasi@users.noreply.github.com>
* Remove CallPlugin method implementation from PluginAPI
Co-authored-by: Nick Misasi <nickmisasi@users.noreply.github.com>
* fixes
* Add AI OpenAPI spec
* fix openapi spec
* Use agents client (#34225)
* Use agents client
* Remove default agent
* Fixes
* fix: modify system prompts to ensure JSON is being returned
* remove webapp changes
* Add feature flags for rewrites and ai bridge, clean up
* Remove comments that aren't helpful
* Fix i18n
* Remove rewrites
* Fix tests
* Fix i18n
* adjust i18n again
* Add back translations
* Remove leftover mock code
* remove model file
* Make the real substitutions
* Include a basic invokation of the client with noop to ensure build works
* Remove unneeded change
* Updates from review
* Fixes
* Use v1.5.0 of agents plugin
---------
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
Co-authored-by: Nick Misasi <nickmisasi@users.noreply.github.com>
Co-authored-by: Christopher Speller <crspeller@gmail.com>
Co-authored-by: Felipe Martin <me@fmartingr.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
* Revert "MM-13657: Set ExperimentalStrictCSRFEnforcement to true by default (#33444)"
This reverts commit 257eec43ed.
* Fix call to checkCSRFToken
* Adapt test that relied on strict CSRF enforcement
This test was added after
https://github.com/mattermost/mattermost/pull/33444, so it assumed
strict CSRF enforcement to be enabled. When reverting that PR, we need
to adapt the test to account for both cases.
* Fix newer tests to use older setting
https://mattermost.atlassian.net/browse/MM-13657
```release-note
We change ServiceSettings.ExperimentalStrictCSRFEnforcement to be
true by default for new installations. For existing installations,
the value will remain unchanged.
```
* Remove ''Experimental'' prefix from CSRF enforcement field
Change field name from ExperimentalStrictCSRFEnforcement to StrictCSRFEnforcement across all files
Co-authored-by: Agniva De Sarker <agnivade@users.noreply.github.com>
* lint fix
```release-note
NONE
```
* fix test
```release-note
NONE
```
* set StrictCSRFEnforcement to false on starting a test server
---------
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
Co-authored-by: Agniva De Sarker <agnivade@users.noreply.github.com>
Co-authored-by: Saturnino Abril <5334504+saturninoabril@users.noreply.github.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
This originated from https://github.com/mattermost/mattermost/issues/15249.
However, the original idea was discarded https://github.com/mattermost/mattermost/issues/15249#issuecomment-709713065
as being too complicated to implement. Then I had another
idea to implement it just for session objects.
My thinking was that since every single request allocates a new
session struct, it would be good to use a sync.Pool for that.
However, 4 years later, now we know that the primary bottleneck
in app performance comes from websocket event marshalling.
Therefore, while it would be good to do this, it is difficult
to do it correctly (as shown by the numerous racy tests).
Hence, reverting this.
```release-note
NONE
```
* remove the authorization header if the request is from an authenticated MM user
* fix lint
Co-authored-by: Michael Kochell <6913320+mickmister@users.noreply.github.com>
---------
Co-authored-by: Michael Kochell <6913320+mickmister@users.noreply.github.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
It was a good decision in hindsight to keep the public module as 0.x
because this would have been a breaking change again.
https://mattermost.atlassian.net/browse/MM-53032
```release-note
Changed the Go module path from github.com/mattermost/mattermost-server/server/v8 to github.com/mattermost/mattermost/server/v8.
For the public facing module, it's path is also changed from github.com/mattermost/mattermost-server/server/public to github.com/mattermost/mattermost/server/public
```
https://mattermost.atlassian.net/browse/MM-52079
```release-note
We upgrade the module version to 8.0. The new module path is github.com/mattermost-server/server/v8.
```
Co-authored-by: Doug Lauder <wiggin77@warpmail.net>
