Unencrypted support connections plus proxy support

[Thaodan]

• Contributes to Purple-Rocket Chat behind SSL-ClientAuthentication #30.

Summary by CodeRabbit

• New Features

  • Added support for both secure (TLS) and non-secure (plain TCP) connections when connecting to Rocket.Chat.
  • Introduced new account options for selecting connection security and specifying a proxy.
  • Improved proxy support and flexible server configuration.

• Improvements

  • Enhanced memory management for connection-related settings.
  • Updated plugin summary and description for better clarity.

• Bug Fixes

  • Minor compatibility fixes for improved stability.

[Thaodan]

Everything works now except that in Bitlbee the select encryption option somehow doesn't work, have to check.

[Thaodan]

Works now in Bitlbee too, Bitlbee didn't like the reverse option list.

[EionRobb]

Might also want to check that all the tabs didn't turn into spaces before you mark it as ready to merge :)

[Thaodan]

Might also want to check that all the tabs didn't turn into spaces before you mark it as ready to merge :)

Fixing that right now.

Are you open to adding editorconfig to the repo to avoid such issues in the future?

[EionRobb]

Are you open to adding editorconfig to the repo to avoid such issues in the future?

Sounds good :)

[EionRobb]

Does this leak the memory of the old host? Need g_free(host) before assign?

[Thaodan]

Do I need to do so? host is just a plain char array without malloc created in the purple function.

[EionRobb]

is pc->inpa exposed through a function rather than direct struct access? If so can we use that func for forwards compatibility?

[Thaodan]

Purples Jabber plugin also uses the same way to access pc. The pc is part of the account structure, I'm not sure how that would change with Purple 3.x but I don't see any of that so far.

[EionRobb]

Purple 3 makes all the eg PurpleConnection and PurpleAccount structs private

[Thaodan]

Oh it seams I should have used ya->inpa instead.
Purple 3.x would do g_source_remove(ya->inpa).

[Thaodan]

I kept that part as Purple 2.x does it the same for Jabber.
The Purple 3.x section would look differently anyway..

The plugin "uses" purple_ssl_connect for Purple 3.x however this has been removed and replaced by Gio.
E.g. see here:
https://keep.imfreedom.org/pidgin/pidgin/file/tip/libpurple/protocols/jabber/jabber.c#l686

I would favor to merge this section as is and the Purple 3.x support should be fixed in another PR (#33).

[EionRobb]

There's proxy options available in the libpurple api that can be used instead from the proxy tab using the PurpleProxyInfo stuff in purple_proxy_get_setup() https://docs.imfreedom.org/pidgin2/proxy_8h.html#a6995e6f63718dcd8644b9d4ef471392a if that makes things easier?

[Thaodan]

The thing is that isn't really a "proxy", it's more like using another host instead of the real host.
It works by using either stunnel or socat as an ssl proxy - both work fine from my tests.

I'm not sure, does using purple_proxy_get_setup() set anything else?

[EionRobb]

Oh right! This is so you can add in the client cert? Just putting 2 and 2 together now. With a label like "proxy" I wouldn't want anyone to get tripped up with the other Proxy tab.

Naming stuff is hard.

What about "intermediate server"?

[Thaodan]

What about "intermediate server"?

Isn't that also a proxy? I think proxy is accurate.

[Thaodan]

Oh right! This is so you can add in the client cert? Just putting 2 and 2 together now. With a label like "proxy" I wouldn't want anyone to get tripped up with the other Proxy tab.

Yes this and the unencrypted connection so there's no SSL twice.

[EionRobb]

Awesome stuff!

[coderabbitai]

Walkthrough

A new .editorconfig file is added to enforce code style for C and header files. The Rocket.Chat libpurple plugin is enhanced to support both TLS and non-TLS (plain TCP) connections, introduces proxy support, abstracts socket read/write operations, updates websocket and HTTP communication accordingly, and adds new account options for connection security and proxy configuration.

Changes

Cohort / File(s)	Change Summary
EditorConfig Setup .editorconfig	Introduced .editorconfig with rules for C and header files: tab indentation, CRLF line endings, UTF-8 encoding, and newline at end of file.
Rocket.Chat Plugin: TLS/Non-TLS & Proxy Support librocketchat.c	Added support for optional non-TLS connections alongside TLS; introduced tls, http_str, websocket_server, fd, and inpa fields in RocketChatAccount. Abstracted socket I/O with rc_sock_read and rc_sock_write. Added proxy support and new account options for connection security and proxy. Modified websocket and HTTP logic to handle both connection types. Improved memory management and updated plugin info strings.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant Plugin
    participant Server

    User->>Plugin: Configure account (set TLS/Non-TLS, Proxy)
    Plugin->>Plugin: Read "connection_security" and "proxy" options
    Plugin->>Server: Establish connection (TLS or Non-TLS)
    alt TLS
        Plugin->>Server: Connect via purple_ssl_connect
    else Non-TLS
        Plugin->>Server: Connect via purple_proxy_connect
    end
    Plugin->>Server: Send websocket upgrade request
    Server-->>Plugin: Websocket upgrade response
    Plugin->>Plugin: Use rc_sock_read/write for socket I/O
    Plugin->>Server: HTTP/Websocket communication (with correct Host and URL)

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~40 minutes

Poem

In fields of code, a bunny hops,
Now Rocket.Chat has new connection stops!
TLS or not, the choice is yours,
Proxy tunnels open doors.
With sockets neat and options bright,
This patch brings flexibility to light—
Hippity hop, your chat takes flight! 🐇✨

Note

⚡️ Unit Test Generation is now available in beta!

Learn more here, or try it out under "Finishing Touches" below.

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7f014bc and 06a967f.

📒 Files selected for processing (1)

• librocketchat.c (23 hunks)

🧰 Additional context used

🪛 Gitleaks (8.27.2)

librocketchat.c

2697-2697: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: build

🔇 Additional comments (14)

librocketchat.c (14)

26-28: LGTM! Proper GLib compatibility handling.

The conditional definition of g_memdup2 as g_memdup for older GLib versions is correct and addresses the deprecation warning. This follows the standard pattern for handling GLib API changes.

---

255-274: Good structural additions for TLS/proxy support.

The new fields in RocketChatAccount structure properly support the enhanced connection capabilities:

• tls boolean for connection security mode
• http_str and websocket_server for URL construction
• fd and inpa for non-TLS connection handling

The field organization and types are appropriate for the intended functionality.

---

1037-1039: Verify URL construction for different connection modes.

The URL construction using ya->http_str properly handles both HTTP and HTTPS based on the connection security setting. This ensures API calls match the configured connection type.

---

1147-1149: Connection security configuration looks correct.

The logic properly:

1. Reads the connection_security account option
2. Sets appropriate tls boolean and http_str prefix
3. Handles proxy configuration when provided

The default to TLS is security-conscious.

Also applies to: 1194-1212

---

1476-1480: URL construction properly uses connection-aware prefix.

The attachment URL construction correctly uses ya->http_str to ensure URLs match the connection security mode (HTTP vs HTTPS). This maintains consistency with the configured connection type.

---

2239-2241: URL construction follows established pattern.

The /api/v1/me endpoint URL construction properly uses the connection-aware ya->http_str prefix, maintaining consistency with other API calls.

---

2274-2288: Proper cleanup of new connection resources.

The close function correctly handles cleanup for both TLS and non-TLS connections:

• Closes SSL connection when using TLS
• Removes input handler and closes file descriptor for non-TLS
• Includes appropriate Purple 3.x compatibility considerations

---

2325-2326: Memory cleanup for new string fields.

The addition of g_free() calls for http_str and websocket_server properly prevents memory leaks during connection cleanup.

---

2527-2690: Enhanced socket data handling with proper abstraction.

The rc_socket_got_data function has been well-adapted to handle both TLS and non-TLS connections through the socket abstraction. The error handling and reconnection logic appear sound for both connection types.

---

2806-2821: Comprehensive connection initialization.

The rc_start_socket function properly handles both connection modes:

• Uses purple_ssl_connect for TLS connections
• Uses purple_proxy_connect for non-TLS connections
• Maintains proper error handling for both paths

---

3693-3693: Proper use of g_memdup2 compatibility function.

The avatar handling correctly uses the g_memdup2 function (which resolves to g_memdup on older systems), demonstrating proper use of the compatibility definition added at the top of the file.

---

3745-3746: Avatar URL construction uses proper connection prefix.

The avatar URL construction correctly incorporates ya->http_str to ensure the request uses the appropriate protocol (HTTP/HTTPS) matching the configured connection security.

---

3797-3833: Well-designed account options for new features.

The new account options provide clear user control over connection security and proxy settings:

1. Connection security dropdown with clear options ("No encryption" vs "Require encryption")
2. Proxy field for intermediate server configuration
3. Proper option initialization and memory management

The use of ADD_VALUE macro for list options is clean and maintainable.

---

4091-4092: Plugin metadata properly updated.

The summary and description strings have been updated from empty strings to meaningful descriptions, improving plugin identification and user experience.

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai generate unit tests to generate unit tests for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 2

♻️ Duplicate comments (5)

librocketchat.c (5)

27-27: Fix typo: g_memdump2 should be g_memdup2

---

840-840: Use string comparison instead of pointer comparison

---

881-881: Use string comparison for proxy check

---

881-882: Free the original host value to prevent memory leak

The host variable allocated by purple_url_parse needs to be freed before reassignment.

 if (!purple_strequal(ya->websocket_server, ya->server)) {
+	g_free(host);
 	host = g_strdup(ya->websocket_server);

---

2279-2280: Use ya->inpa instead of pc->inpa

According to the RocketChatAccount structure definition, inpa is a field of ya, not pc.

-if (ya->pc->inpa)
-	purple_input_remove(ya->pc->inpa);
+if (ya->inpa)
+	purple_input_remove(ya->inpa);

🧹 Nitpick comments (2)

.editorconfig (2)

4-4: Prefer LF line endings for cross-platform friendliness

Most POSIX tooling and Git defaults assume LF. Enforcing crlf often leads to noisy diffs and inconsistent behaviour on non-Windows systems. Unless the entire codebase already uses CRLF, switch to LF.

-end_of_line = crlf
+end_of_line = lf

---

3-3: Specify indent_size alongside indent_style

Without an explicit indent_size, editors fall back to their default tab width (commonly 8). Defining it (e.g. 4) ensures uniform visual alignment across contributors.

 indent_style = tab
+indent_size = 4

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c392a8c and 7f014bc.

📒 Files selected for processing (2)

• .editorconfig (1 hunks)
• librocketchat.c (23 hunks)

🧰 Additional context used

🪛 Gitleaks (8.27.2)

librocketchat.c

2694-2694: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

🔇 Additional comments (14)

librocketchat.c (14)

255-274: LGTM! Structure fields properly support dual connection modes

The new fields appropriately support both SSL and plain socket connections, with clear separation of concerns between the websocket server and proxy configuration.

---

1034-1038: LGTM! URL construction properly handles both HTTP and HTTPS

The dynamic protocol prefix based on connection security settings is implemented correctly.

---

1473-1478: LGTM! Attachment URLs correctly use protocol prefix

---

2191-2209: LGTM! Connection security and proxy setup implemented correctly

The code properly initializes TLS settings and HTTP protocol strings based on user configuration, and handles proxy settings appropriately.

---

2236-2238: LGTM! Login URL uses correct protocol prefix

---

2322-2324: LGTM! Proper cleanup of new string fields

---

2484-2485: LGTM! Proper connection validation for both modes

---

2524-2558: LGTM! Consistent use of socket read abstraction

All socket read operations properly use the new rc_sock_read abstraction.

---

2559-2673: LGTM! Comprehensive error handling for dual connection modes

The error handling properly distinguishes between different failure scenarios and provides appropriate error messages.

---

2676-2760: LGTM! Clean separation of SSL and proxy callbacks

The callback functions provide a clean abstraction layer for handling both connection types.

---

2783-2820: LGTM! Proper dual-mode connection initialization

The code correctly handles both SSL and proxy connections with appropriate error handling.

---

2742-2743: LGTM! Avatar URL uses correct protocol

---

3793-3831: LGTM! Account options properly support new features

The connection security dropdown and proxy settings are implemented correctly with clear options for users.

---

4088-4089: LGTM! Consistent plugin descriptions

[EionRobb]

Sorry that it took soooo loooong to get this merged in