2024-05-24 12:18:11 -04:00
|
|
|
const passport = require('passport');
|
2023-08-24 21:59:11 +02:00
|
|
|
const session = require('express-session');
|
2025-08-16 14:49:03 -04:00
|
|
|
const { isEnabled } = require('@librechat/api');
|
|
|
|
|
const { CacheKeys } = require('librechat-data-provider');
|
2026-01-19 12:01:43 -05:00
|
|
|
const { logger, DEFAULT_SESSION_EXPIRY } = require('@librechat/data-schemas');
|
2023-08-24 21:59:11 +02:00
|
|
|
const {
|
2025-08-16 14:49:03 -04:00
|
|
|
openIdJwtLogin,
|
|
|
|
|
facebookLogin,
|
|
|
|
|
discordLogin,
|
2024-05-24 12:18:11 -04:00
|
|
|
setupOpenId,
|
2023-08-24 21:59:11 +02:00
|
|
|
googleLogin,
|
|
|
|
|
githubLogin,
|
2025-01-31 15:49:09 +01:00
|
|
|
appleLogin,
|
2025-05-30 00:00:58 +09:00
|
|
|
setupSaml,
|
2024-05-24 12:18:11 -04:00
|
|
|
} = require('~/strategies');
|
2025-07-15 16:24:31 -06:00
|
|
|
const { getLogStores } = require('~/cache');
|
2025-08-16 14:49:03 -04:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Configures OpenID Connect for the application.
|
|
|
|
|
* @param {Express.Application} app - The Express application instance.
|
|
|
|
|
* @returns {Promise<void>}
|
|
|
|
|
*/
|
|
|
|
|
async function configureOpenId(app) {
|
|
|
|
|
logger.info('Configuring OpenID Connect...');
|
2026-01-19 12:01:43 -05:00
|
|
|
const isProduction = process.env.NODE_ENV === 'production';
|
|
|
|
|
const sessionExpiry = Number(process.env.SESSION_EXPIRY) || DEFAULT_SESSION_EXPIRY;
|
2025-08-16 14:49:03 -04:00
|
|
|
const sessionOptions = {
|
|
|
|
|
secret: process.env.OPENID_SESSION_SECRET,
|
|
|
|
|
resave: false,
|
|
|
|
|
saveUninitialized: false,
|
|
|
|
|
store: getLogStores(CacheKeys.OPENID_SESSION),
|
2026-01-19 12:01:43 -05:00
|
|
|
cookie: {
|
|
|
|
|
maxAge: sessionExpiry,
|
|
|
|
|
secure: isProduction,
|
|
|
|
|
},
|
2025-08-16 14:49:03 -04:00
|
|
|
};
|
|
|
|
|
app.use(session(sessionOptions));
|
|
|
|
|
app.use(passport.session());
|
|
|
|
|
|
|
|
|
|
const config = await setupOpenId();
|
|
|
|
|
if (!config) {
|
|
|
|
|
logger.error('OpenID Connect configuration failed - strategy not registered.');
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (isEnabled(process.env.OPENID_REUSE_TOKENS)) {
|
|
|
|
|
logger.info('OpenID token reuse is enabled.');
|
|
|
|
|
passport.use('openidJwt', openIdJwtLogin(config));
|
|
|
|
|
}
|
|
|
|
|
logger.info('OpenID Connect configured successfully.');
|
|
|
|
|
}
|
2023-08-24 21:59:11 +02:00
|
|
|
|
2024-01-11 11:37:54 -05:00
|
|
|
/**
|
|
|
|
|
*
|
|
|
|
|
* @param {Express.Application} app
|
|
|
|
|
*/
|
2025-05-22 14:19:24 +02:00
|
|
|
const configureSocialLogins = async (app) => {
|
2025-03-21 14:14:45 -04:00
|
|
|
logger.info('Configuring social logins...');
|
|
|
|
|
|
2023-08-24 21:59:11 +02:00
|
|
|
if (process.env.GOOGLE_CLIENT_ID && process.env.GOOGLE_CLIENT_SECRET) {
|
|
|
|
|
passport.use(googleLogin());
|
|
|
|
|
}
|
|
|
|
|
if (process.env.FACEBOOK_CLIENT_ID && process.env.FACEBOOK_CLIENT_SECRET) {
|
|
|
|
|
passport.use(facebookLogin());
|
|
|
|
|
}
|
|
|
|
|
if (process.env.GITHUB_CLIENT_ID && process.env.GITHUB_CLIENT_SECRET) {
|
|
|
|
|
passport.use(githubLogin());
|
|
|
|
|
}
|
|
|
|
|
if (process.env.DISCORD_CLIENT_ID && process.env.DISCORD_CLIENT_SECRET) {
|
|
|
|
|
passport.use(discordLogin());
|
2025-01-31 15:49:09 +01:00
|
|
|
}
|
|
|
|
|
if (process.env.APPLE_CLIENT_ID && process.env.APPLE_PRIVATE_KEY_PATH) {
|
|
|
|
|
passport.use(appleLogin());
|
2023-08-24 21:59:11 +02:00
|
|
|
}
|
|
|
|
|
if (
|
|
|
|
|
process.env.OPENID_CLIENT_ID &&
|
|
|
|
|
process.env.OPENID_CLIENT_SECRET &&
|
|
|
|
|
process.env.OPENID_ISSUER &&
|
|
|
|
|
process.env.OPENID_SCOPE &&
|
|
|
|
|
process.env.OPENID_SESSION_SECRET
|
|
|
|
|
) {
|
2025-08-16 14:49:03 -04:00
|
|
|
await configureOpenId(app);
|
2023-08-24 21:59:11 +02:00
|
|
|
}
|
2025-05-30 00:00:58 +09:00
|
|
|
if (
|
|
|
|
|
process.env.SAML_ENTRY_POINT &&
|
|
|
|
|
process.env.SAML_ISSUER &&
|
|
|
|
|
process.env.SAML_CERT &&
|
|
|
|
|
process.env.SAML_SESSION_SECRET
|
|
|
|
|
) {
|
|
|
|
|
logger.info('Configuring SAML Connect...');
|
2026-01-19 12:01:43 -05:00
|
|
|
const isProduction = process.env.NODE_ENV === 'production';
|
|
|
|
|
const sessionExpiry = Number(process.env.SESSION_EXPIRY) || DEFAULT_SESSION_EXPIRY;
|
2025-05-30 00:00:58 +09:00
|
|
|
const sessionOptions = {
|
|
|
|
|
secret: process.env.SAML_SESSION_SECRET,
|
|
|
|
|
resave: false,
|
|
|
|
|
saveUninitialized: false,
|
2025-07-15 16:24:31 -06:00
|
|
|
store: getLogStores(CacheKeys.SAML_SESSION),
|
2026-01-19 12:01:43 -05:00
|
|
|
cookie: {
|
|
|
|
|
maxAge: sessionExpiry,
|
|
|
|
|
secure: isProduction,
|
|
|
|
|
},
|
2025-05-30 00:00:58 +09:00
|
|
|
};
|
|
|
|
|
app.use(session(sessionOptions));
|
|
|
|
|
app.use(passport.session());
|
|
|
|
|
setupSaml();
|
|
|
|
|
|
|
|
|
|
logger.info('SAML Connect configured.');
|
|
|
|
|
}
|
2023-08-24 21:59:11 +02:00
|
|
|
};
|
|
|
|
|
|
2025-03-21 14:14:45 -04:00
|
|
|
module.exports = configureSocialLogins;
|
