feat: add new setting for encrypted PDFs size limit for previews

[nazabucciarelli]

Relates to RocketChat/Rocket.Chat#40517

I added ‘blob:’ as a supported protocol in src/documentViewer/ipc.ts so that the sent blob is served by the PDF viewer in Electron. Also, a new setting for managing the max size for preview of encrypted PDFs was added following other settings as reference. e2ePdfPreviewSizeLimit setting title and description were approved by product team.

Related task: SUP-1022

Summary by CodeRabbit

• New Features

  • New General setting to limit PDF preview size in end-to-end encrypted rooms (numeric input, persisted, default 10 MB, accepts 1–500 MB).
  • Desktop bridge exposes a method to read the current PDF preview size limit.
  • UI translations added for the new setting.

• Bug Fixes

  • Document viewer now accepts blob: document sources with origin validation.

• Tests

  • Server tests refactored to mock fetch instead of using a real HTTP server.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Adds a persisted numeric setting e2ePdfPreviewSizeLimit (state, migration, selector, actions, reducer, preload getter, UI, i18n) and expands the document viewer IPC allowlist to accept blob: URLs.

Changes

Blob URL Protocol Support

Layer / File(s)	Summary
Blob protocol support in document viewer IPC handler src/documentViewer/ipc.ts	The document-viewer/open-window allowed URL protocols are updated to include blob: and blob URLs are origin-validated against the IPC event origin.

E2E PDF preview size limit

Layer / File(s)	Summary
Persistable values and migration src/constants.ts, src/app/PersistableValues.ts	Adds DEFAULT_E2E_PDF_PREVIEW_SIZE_LIMIT_MB = 10, introduces PersistableValues_4_15_0 with e2ePdfPreviewSizeLimit: number, and adds a '>=4.15.0' migration that defaults it to the constant.
Actions, reducer, and store wiring src/ui/actions.ts, src/ui/reducers/e2ePdfPreviewSizeLimit.ts, src/store/rootReducer.ts	Introduces SETTINGS_SET_E2E_PDF_PREVIEW_SIZE_LIMIT_CHANGED, its payload typing, the e2ePdfPreviewSizeLimit reducer (default from the new constant), and registers the reducer in rootReducer.
Persistable selector src/app/selectors.ts	Adds e2ePdfPreviewSizeLimit to selectPersistableValues mapped from RootState.e2ePdfPreviewSizeLimit.
Preload getter and API exposure src/servers/preload/e2ePdfPreviewSizeLimit.ts, src/servers/preload/api.ts	Adds getE2ePdfPreviewSizeLimit() (returns persisted value or default) and exposes it on window.RocketChatDesktop with typings and registration.
Settings UI component and i18n src/ui/components/SettingsView/features/E2ePdfPreviewSizeLimit.tsx, src/ui/components/SettingsView/GeneralTab.tsx, src/i18n/en.i18n.json	Adds E2ePdfPreviewSizeLimit component (numeric input with clamping 1–500, validation, dispatch), inserts it into GeneralTab, and adds English translation keys for title and description.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Suggested labels

type: feature

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main feature addition: a new setting to limit encrypted PDF preview sizes, which aligns with the primary changes across the codebase (new e2ePdfPreviewSizeLimit setting, component, reducer, and related infrastructure).
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

Warning

Review ran into problems

🔥 Problems

Errors were encountered while retrieving linked issues.

Errors (1)

• SUP-1022: Request failed with status code 401

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[CLAassistant]

All committers have signed the CLA.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/ui/reducers/e2ePdfPreviewSizeLimit.ts`:
- Around line 14-16: The reducer e2ePdfPreviewSizeLimit must validate that any
incoming value is a positive integer before updating state: for the load branch
where you read action.payload.e2ePdfPreviewSizeLimit and for the
SETTINGS_SET_E2E_PDF_PREVIEW_SIZE_LIMIT_CHANGED branch where you return
action.payload, check with Number.isInteger(value) && value > 0 (or equivalent)
and only commit that value; otherwise return the existing state. Update the
branches referencing action.payload.e2ePdfPreviewSizeLimit and the
SETTINGS_SET_E2E_PDF_PREVIEW_SIZE_LIMIT_CHANGED case to perform this validation
and fall back to state on invalid input.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: a1c6b876-c1e5-4ee1-9fa4-464fbcaedf7f

📥 Commits

Reviewing files that changed from the base of the PR and between bf462cb and 7709099.

📒 Files selected for processing (10)

• src/app/PersistableValues.ts
• src/app/selectors.ts
• src/i18n/en.i18n.json
• src/servers/preload/api.ts
• src/servers/preload/e2ePdfPreviewSizeLimit.ts
• src/store/rootReducer.ts
• src/ui/actions.ts
• src/ui/components/SettingsView/GeneralTab.tsx
• src/ui/components/SettingsView/features/E2ePdfPreviewSizeLimit.tsx
• src/ui/reducers/e2ePdfPreviewSizeLimit.ts

📜 Review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: check (ubuntu-latest)
• GitHub Check: check (windows-latest)

🧰 Additional context used

📓 Path-based instructions (1)

**/*.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.{ts,tsx}: Use TypeScript for all new code in this codebase unless explicitly told otherwise
Use Fuselage components from @rocket.chat/fuselage for all UI work — only create custom components when Fuselage doesn't provide the needed functionality
Check Theme.d.ts for valid color tokens when working with Fuselage components
Use optional chaining with fallbacks for platform-specific APIs instead of mocks (e.g., process.getuid?.() ?? 1000) to ensure code works across all platforms without requiring mocks
TypeScript code must use strict mode
Use React functional components with hooks instead of class components
Redux actions must follow the FSA (Flux Standard Action) pattern
Use camelCase for file naming
Use PascalCase for component file names (React components)
Write self-documenting code through clear naming — avoid unnecessary comments

Files:

• src/ui/reducers/e2ePdfPreviewSizeLimit.ts
• src/store/rootReducer.ts
• src/app/selectors.ts
• src/servers/preload/e2ePdfPreviewSizeLimit.ts
• src/ui/components/SettingsView/GeneralTab.tsx
• src/ui/actions.ts
• src/app/PersistableValues.ts
• src/servers/preload/api.ts
• src/ui/components/SettingsView/features/E2ePdfPreviewSizeLimit.tsx

🔇 Additional comments (9)

src/app/PersistableValues.ts (1)

109-115: LGTM!

Also applies to: 208-211

src/ui/actions.ts (1)

131-132: LGTM!

Also applies to: 271-271

src/store/rootReducer.ts (1)

24-24: LGTM!

Also applies to: 115-115

src/app/selectors.ts (1)

86-87: LGTM!

src/servers/preload/e2ePdfPreviewSizeLimit.ts (1)

3-4: LGTM!

src/servers/preload/api.ts (1)

21-21: LGTM!

Also applies to: 53-53, 100-100

src/ui/components/SettingsView/features/E2ePdfPreviewSizeLimit.tsx (1)

1-72: LGTM!

src/ui/components/SettingsView/GeneralTab.tsx (1)

5-5: LGTM!

Also applies to: 39-39

src/i18n/en.i18n.json (1)

339-342: LGTM!

[Copilot]

Pull request overview

Adds an Electron-side setting and bridge method to control the maximum size (in MB) for PDF previews in end-to-end encrypted rooms, and expands the document viewer to accept blob: URLs so decrypted PDF blobs can be rendered in the embedded viewer.

Changes:

• Added a persisted Redux setting (e2ePdfPreviewSizeLimit, default 10) with UI control in Settings > General.
• Exposed the current limit via the preload bridge (RocketChatDesktop.getE2ePdfPreviewSizeLimit()).
• Allowed blob: protocol in the document viewer open-window IPC handler.

Reviewed changes

Copilot reviewed 11 out of 11 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
src/ui/reducers/e2ePdfPreviewSizeLimit.ts	New reducer for storing the PDF preview size limit and loading it from persisted settings.
src/ui/components/SettingsView/GeneralTab.tsx	Wires the new setting component into the General settings tab.
src/ui/components/SettingsView/features/E2ePdfPreviewSizeLimit.tsx	New numeric input setting UI for the limit.
src/ui/actions.ts	Adds the new UI action type and payload mapping.
src/store/rootReducer.ts	Registers the new reducer in the root reducer.
src/servers/preload/e2ePdfPreviewSizeLimit.ts	Adds a preload getter to read the setting from Redux safely.
src/servers/preload/api.ts	Exposes the getter on the RocketChatDesktop preload API surface.
src/i18n/en.i18n.json	Adds EN strings for the setting title/description.
src/documentViewer/ipc.ts	Allows blob: URLs for opening the document viewer window.
src/app/selectors.ts	Persists the new setting value as part of persistable values.
src/app/PersistableValues.ts	Adds migration to introduce e2ePdfPreviewSizeLimit with a default value.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[jeanfbrito]

Thanks for the contribution — the implementation follows the existing settings patterns closely (mirrors OutlookCalendarSyncInterval), and the blob: origin validation in documentViewer/ipc.ts correctly scopes blob URLs to the calling server's origin. Nice work addressing the earlier bot feedback with the shared constant and origin check.

I pushed two commits to this branch to unblock it:

1. Merge of master (conflict resolution)
The branch conflicted with recently merged work in selectors.ts, api.ts, and GeneralTab.tsx (plus auto-merged en.i18n.json / rootReducer.ts). Resolved as the union of both sides — no behavior changes to your code.

2. fix: target 4.15.0 migration and clamp PDF preview size limit input

• PersistableValues_4_14_0 / '>=4.14.0' → PersistableValues_4_15_0 / '>=4.15.0'. 4.14.x has already shipped, and electron-store skips migrations whose range the user's previously-migrated version already satisfies — so the 4.14.0 migration would never run for existing users (the feature still worked only via the reducer's ?? state fallback). Targeting 4.15.0 makes it actually run on the next release.
• Added an upper bound to the input (max={500} + clamp in handleChange, same pattern as OutlookCalendarSyncInterval). Without it, an arbitrarily large limit would let any encrypted PDF be loaded fully into memory.

Verified locally: tsc --noEmit clean, lint clean, full Jest suite passing (20 suites / 253 tests).

One ask before merge: could you confirm the blob preview was tested on a packaged build (not just dev)? The blob URL is created in the server webview and consumed by a separate viewer webview — it should resolve via the shared persist: partition, but worth one explicit pass.

[github-actions]

Linux installer download

• rocketchat-4.14.1-linux-amd64.deb
• rocketchat-4.14.1-linux-amd64.snap
• rocketchat-4.14.1-linux-x86_64.AppImage

[github-actions]

Windows installer download

• rocketchat-4.14.1-win-arm64.exe
• rocketchat-4.14.1-win-arm64.msi
• rocketchat-4.14.1-win-ia32.exe
• rocketchat-4.14.1-win-ia32.msi
• rocketchat-4.14.1-win-x64.exe
• rocketchat-4.14.1-win-x64.msi
• rocketchat-4.14.1-win.exe

[github-actions]

macOS installer download

• rocketchat-4.14.1-mac.dmg
• rocketchat-4.14.1-mac.pkg

[nazabucciarelli]

One ask before merge: could you confirm the blob preview was tested on a packaged build (not just dev)? The blob URL is created in the server webview and consumed by a separate viewer webview — it should resolve via the shared persist: partition, but worth one explicit pass.

I just downloaded the .dmg file to test it with the packaged build and it works exactly as on dev mode, so I think we are good to go with it