moved a number of sanity checks to also be in canMessage, so they are all consolidated into one exported method. (@barisusakli)

src/messaging.js

@@ -298,7 +298,32 @@ var db = require('./database'),
 	};
 
 	Messaging.canMessage = function(fromUid, toUid, callback) {
+		if (parseInt(meta.config.disableChat) === 1) {
+			return callback(new Error('[[error:chat-disabled]]'));
+		} else if (toUid === fromUid) {
+			return callback(new Error('[[error:cant-chat-with-yourself]]'));
+		} else if (fromUid === 0) {
+			return callback(new Error('[[error:not-logged-in]]'));
+		}
+
 		async.waterfall([
+			function(next) {
+				user.getUserFields(fromUid, ['banned', 'email:confirmed'], function(err, userData) {
+					if (err) {
+						return callback(err);
+					}
+
+					if (parseInt(userData.banned, 10) === 1) {
+						return callback(new Error('[[error:user-banned]]'));
+					}
+
+					if (parseInt(meta.config.requireEmailConfirmation, 10) === 1 && parseInt(userData['email:confirmed'], 10) !== 1) {
+						return callback(new Error('[[error:email-not-confirmed-chat]]'));
+					}
+
+					next();
+				});
+			},
 			function(next) {
 				user.getSettings(toUid, next);
 			},

src/socket.io/modules.js

@@ -139,67 +139,46 @@ SocketModules.chats.send = function(socket, data, callback) {
 		return callback(new Error('[[error:invalid-data]]'));
 	}
 
-	if (parseInt(meta.config.disableChat) === 1) {
+	var now = Date.now(),
-		return callback(new Error('[[error:chat-disabled]]'));
+		touid = parseInt(data.touid, 10);
-	}
 
-	var touid = parseInt(data.touid, 10);
+	// Websocket rate limiting
-	if (touid === socket.uid || socket.uid === 0) {
-		return;
-	}
-
-	var now = Date.now();
 	socket.lastChatMessageTime = socket.lastChatMessageTime || 0;
-
 	if (now - socket.lastChatMessageTime < 200) {
 		return callback(new Error('[[error:too-many-messages]]'));
+	} else {
+		socket.lastChatMessageTime = now;
 	}
 
-	socket.lastChatMessageTime = now;
+	Messaging.canMessage(socket.uid, touid, function(err, allowed) {
-
+		if (err || !allowed) {
-	user.getUserFields(socket.uid, ['banned', 'email:confirmed'], function(err, userData) {
+			return callback(err || new Error('[[error:chat-restricted]]'));
-		if (err) {
-			return callback(err);
-		}
-
-		if (parseInt(userData.banned, 10) === 1) {
-			return callback(new Error('[[error:user-banned]]'));
-		}
-
-		if (parseInt(meta.config.requireEmailConfirmation, 10) === 1 && parseInt(userData['email:confirmed'], 10) !== 1) {
-			return callback(new Error('[[error:email-not-confirmed-chat]]'));
 		}
 
-		Messaging.canMessage(socket.uid, touid, function(err, allowed) {
+		Messaging.addMessage(socket.uid, touid, data.message, function(err, message) {
-			if (err || !allowed) {
+			if (err) {
-				return callback(err || new Error('[[error:chat-restricted]]'));
+				return callback(err);
 			}
 
-			Messaging.addMessage(socket.uid, touid, data.message, function(err, message) {
+			Messaging.notifyUser(socket.uid, touid, message);
-				if (err) {
-					return callback(err);
-				}
-
-				Messaging.notifyUser(socket.uid, touid, message);
-
-				// Recipient
-				SocketModules.chats.pushUnreadCount(touid);
-				server.in('uid_' + touid).emit('event:chats.receive', {
-					withUid: socket.uid,
-					message: message,
-					self: 0
-				});
 
-				// Sender
+			// Recipient
-				SocketModules.chats.pushUnreadCount(socket.uid);
+			SocketModules.chats.pushUnreadCount(touid);
-				server.in('uid_' + socket.uid).emit('event:chats.receive', {
+			server.in('uid_' + touid).emit('event:chats.receive', {
-					withUid: touid,
+				withUid: socket.uid,
-					message: message,
+				message: message,
-					self: 1
+				self: 0
-				});
+			});
 
-				callback();
+			// Sender
+			SocketModules.chats.pushUnreadCount(socket.uid);
+			server.in('uid_' + socket.uid).emit('event:chats.receive', {
+				withUid: touid,
+				message: message,
+				self: 1
 			});
+
+			callback();
 		});
 	});
 };