fix: use invite_room_state from payload

[sampaiodiego]

Proposed changes (including videos or screenshots)

Issue(s)

Steps to test or reproduce

Further comments

Summary by CodeRabbit

• Bug Fixes

  • Strengthened federation invite handling with additional validation checks to ensure proper event data structure and comprehensive error logging to better diagnose issues when operations fail.

• Chores

  • Updated federation SDK dependencies to the latest version for improved stability and compatibility across federation and core services components.

[dionisio-bot]

Looks like this PR is not ready to merge, because of the following issues:

• This PR is missing the 'stat: QA assured' label
• This PR is missing the required milestone or project

Please fix the issues and try again

If you have any trouble, please check the PR guidelines

[changeset-bot]

⚠️ No Changeset found

Latest commit: 358ea34

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

Walkthrough

Updated the federation-sdk dependency from 0.1.31 to 0.1.32 across two package.json files. Enhanced the Matrix invite API to capture and validate room state events (invite_room_state), requiring an m.room.create event, and added logging for error handling in the invite processing flow.

Changes

Cohort / File(s)	Summary
Dependency Updates ee/packages/federation-matrix/package.json, packages/core-services/package.json	Bumped @rocket.chat/federation-sdk from 0.1.31 to 0.1.32
Invite API Enhancement ee/packages/federation-matrix/src/api/_matrix/invite.ts	Added Logger instantiation; captures and validates strippedStateEvents (invite_room_state) with required m.room.create event validation; passes strippedStateEvents to invite processing and room joining flows; adds error logging for processing failures

Sequence Diagram

sequenceDiagram
    participant Client
    participant Invite Endpoint
    participant Validation
    participant Processing
    
    Client->>Invite Endpoint: POST /v2/invite/:roomId/:eventId<br/>(with invite_room_state)
    Invite Endpoint->>Validation: Extract strippedStateEvents
    Validation->>Validation: Check for m.room.create event
    alt m.room.create exists
        Validation-->>Invite Endpoint: ✓ Valid
        Invite Endpoint->>Processing: invite.processInvite(strippedStateEvents)
        Processing->>Processing: startJoiningRoom(strippedStateEvents)
        Processing-->>Invite Endpoint: Success
        Invite Endpoint-->>Client: 200 OK
    else m.room.create missing
        Validation-->>Invite Endpoint: ✗ Invalid
        Invite Endpoint->>Invite Endpoint: logger.error()
        Invite Endpoint-->>Client: 400 M_MISSING_PARAM
    end

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

The changes consist of straightforward dependency bumps (trivial) and focused validation/logging additions to a single API endpoint with consistent patterns—validation, data threading, and error handling that follow established conventions.

Possibly related PRs

• fix: fixes reviews of chore/federation-backup #37016: Modifies invite processing flow and user handling in the same invite.ts file
• fix(federation): add missing federation fields #37015: Adds federation metadata handling to newly created users in the invite endpoint
• fix(federation): allow to join non-private or encrypted rooms based on settings #37227: Handles NotAllowedError and 403 responses in the same invite processing logic

Suggested labels

stat: QA assured

Suggested reviewers

• ggazzo
• rodrigok
• ricardogarim

Poem

🐰 Hop, hop, state events now align,
m.room.create must shine so fine,
Invites flow with validation true,
Logging guides when things fall through,
Federation dreams in SDK's latest brew! 🚀

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title concisely and accurately describes the primary change in the pull request, which implements using the invite_room_state field from the payload in the matrix invite handling flow.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix-invite_room_state-validation

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 15d6bf1 and 358ea34.

⛔ Files ignored due to path filters (1)

• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (3)

• ee/packages/federation-matrix/package.json (1 hunks)
• ee/packages/federation-matrix/src/api/_matrix/invite.ts (5 hunks)
• packages/core-services/package.json (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: 📦 Build Packages
• GitHub Check: CodeQL-Build
• GitHub Check: CodeQL-Build

🔇 Additional comments (6)

packages/core-services/package.json (1)

38-38: LGTM! Consistent dependency update.

The dependency bump matches the update in ee/packages/federation-matrix/package.json, ensuring version consistency across packages.

ee/packages/federation-matrix/src/api/_matrix/invite.ts (4)

13-13: LGTM! Good logging practice.

Adding structured logging with an appropriately named logger instance will improve observability and debugging capabilities for invite processing.

Also applies to: 327-328

---

343-343: LGTM! Clear payload extraction.

Capturing invite_room_state as strippedStateEvents aligns with Matrix federation specifications and makes the intent clear.

---

410-411: LGTM! Error logging correctly placed.

The error logging now occurs before the response return, ensuring errors are properly captured. This addresses structured logging for debugging invite processing failures.

---

378-378: Confirm processInvite supports strippedStateEvents
Verify that in @rocket.chat/federation-sdk@0.1.32 the invite.processInvite method signature has been updated to accept the new strippedStateEvents parameter—adjust your SDK version or type definitions if it’s not yet supported.

ee/packages/federation-matrix/package.json (1)

41-41: No issues found with the dependency update.

Version 0.1.32 of @rocket.chat/federation-sdk is valid and published on npm. No security advisories were detected for this package. The patch-level update is safe to proceed.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull Request Overview

This PR fixes Matrix federation invite handling by properly using the invite_room_state from the payload and adding validation to ensure required room state events are present.

• Updates federation SDK dependency from 0.1.31 to 0.1.32
• Adds validation for required m.room.create event in invite room state
• Passes stripped state events to the invite processing function

Reviewed Changes

Copilot reviewed 3 out of 4 changed files in this pull request and generated 2 comments.

File	Description
packages/core-services/package.json	Updates federation SDK dependency to 0.1.32
ee/packages/federation-matrix/package.json	Updates federation SDK dependency to 0.1.32
ee/packages/federation-matrix/src/api/_matrix/invite.ts	Adds invite room state validation and error logging

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[Copilot]

Using any type weakens type safety. Consider defining a proper interface for the state event or using a more specific type that includes at least the type property.

Suggested change

	if (!strippedStateEvents?.some((e: any) => e.type === 'm.room.create')) {
	if (!strippedStateEvents?.some((e: { type: string }) => e.type === 'm.room.create')) {

[Copilot]

The error logging occurs after the response is returned, which means the logging won't happen if the function returns early. Consider moving this before the return statement or using a more structured error handling approach.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
⚠️ Please upload report for BASE (release-7.11.0@15d6bf1). Learn more about missing BASE report.

Additional details and impacted files

@@                Coverage Diff                @@
##             release-7.11.0   #37249   +/-   ##
=================================================
  Coverage                  ?   66.35%           
=================================================
  Files                     ?     3386           
  Lines                     ?   115636           
  Branches                  ?    21355           
=================================================
  Hits                      ?    76729           
  Misses                    ?    36298           
  Partials                  ?     2609           

Flag	Coverage Δ
e2e	57.24% <ø> (?)
unit	71.21% <ø> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.