LibreChat/packages/data-provider/src/request.ts

/* eslint-disable @typescript-eslint/no-explicit-any */
import axios, { AxiosRequestConfig, AxiosError } from 'axios';
/* TODO: fix dependency cycle */
// eslint-disable-next-line import/no-cycle
import { refreshToken } from './data-service';
import { setTokenHeader } from './headers-helpers';

let isRefreshing = false;
let failedQueue: { resolve: (value?: any) => void; reject: (reason?: any) => void }[] = [];

const processQueue = (error: AxiosError | null, token: string | null = null) => {
  failedQueue.forEach((prom) => {
    if (error) {
      prom.reject(error);
    } else {
      prom.resolve(token);
    }
  });
  failedQueue = [];
};

axios.interceptors.response.use(
  (response) => response,
  async (error) => {
    const originalRequest = error.config;

    if (error.response.status === 401 && !originalRequest._retry) {
      originalRequest._retry = true;

      if (isRefreshing) {
        try {
          const token = await new Promise((resolve, reject) => {
            failedQueue.push({ resolve, reject });
          });
          originalRequest.headers['Authorization'] = 'Bearer ' + token;
          return await axios(originalRequest);
        } catch (err) {
          return Promise.reject(err);
        }
      }

      isRefreshing = true;

      try {
        const { token } = await refreshToken(
          // Handle edge case where we get a blank screen if the initial 401 error is from a refresh token request
          originalRequest.url?.includes('api/auth/refresh') ? true : false,
        );

        if (token) {
          originalRequest.headers['Authorization'] = 'Bearer ' + token;
          setTokenHeader(token);
          window.dispatchEvent(new CustomEvent('tokenUpdated', { detail: token }));
          processQueue(null, token);
          return await axios(originalRequest);
        } else {
          window.location.href = '/login';
        }
      } catch (err) {
        processQueue(err as AxiosError, null);
        return Promise.reject(err);
      } finally {
        isRefreshing = false;
      }
    }

    return Promise.reject(error);
  },
);

async function _get<T>(url: string, options?: AxiosRequestConfig): Promise<T> {
  const response = await axios.get(url, { ...options });
  return response.data;
}

async function _post(url: string, data?: any) {
  const response = await axios.post(url, JSON.stringify(data), {
    headers: { 'Content-Type': 'application/json' },
  });
  return response.data;
}

async function _postMultiPart(url: string, formData: FormData, options?: AxiosRequestConfig) {
  const response = await axios.post(url, formData, {
    ...options,
    headers: { 'Content-Type': 'multipart/form-data' },
  });
  return response.data;
}

async function _put(url: string, data?: any) {
  const response = await axios.put(url, JSON.stringify(data), {
    headers: { 'Content-Type': 'application/json' },
  });
  return response.data;
}

async function _delete<T>(url: string): Promise<T> {
  const response = await axios.delete(url);
  return response.data;
}

async function _deleteWithOptions<T>(url: string, options?: AxiosRequestConfig): Promise<T> {
  const response = await axios.delete(url, { ...options });
  return response.data;
}

async function _patch(url: string, data?: any) {
  const response = await axios.patch(url, JSON.stringify(data), {
    headers: { 'Content-Type': 'application/json' },
  });
  return response.data;
}

export default {
  get: _get,
  post: _post,
  postMultiPart: _postMultiPart,
  put: _put,
  delete: _delete,
  deleteWithOptions: _deleteWithOptions,
  patch: _patch,
};
feat: Refresh Token for improved Session Security (#927) * feat(api): refresh token logic * feat(client): refresh token logic * feat(data-provider): refresh token logic * fix: SSE uses esm * chore: add default refresh token expiry to AuthService, add message about env var not set when generating a token * chore: update scripts to more compatible bun methods, ran bun install again * chore: update env.example and playwright workflow with JWT_REFRESH_SECRET * chore: update breaking changes docs * chore: add timeout to url visit * chore: add default SESSION_EXPIRY in generateToken logic, add act script for testing github actions * fix(e2e): refresh automatically in development environment to pass e2e tests 2023-09-11 13:10:46 -04:00			`/* eslint-disable @typescript-eslint/no-explicit-any */`
			`import axios, { AxiosRequestConfig, AxiosError } from 'axios';`
feat: OpenRouter Support & Improve Model Fetching ⇆ (#936) * chore(ChatGPTClient.js): add support for OpenRouter API chore(OpenAIClient.js): add support for OpenRouter API * chore: comment out token debugging * chore: add back streamResult assignment * chore: remove double condition/assignment from merging * refactor(routes/endpoints): -> controller/services logic * feat: add openrouter model fetching * chore: remove unused endpointsConfig in cleanupPreset function * refactor: separate models concern from endpointsConfig * refactor(data-provider): add TModels type and make TEndpointsConfig adaptible to new endpoint keys * refactor: complete models endpoint service in data-provider * refactor: onMutate for refreshToken and login, invalidate models query * feat: complete models endpoint logic for frontend * chore: remove requireJwtAuth from /api/endpoints and /api/models as not implemented yet * fix: endpoint will not be overwritten and instead use active value * feat: openrouter support for plugins * chore(EndpointOptionsDialog): remove unused recoil value * refactor(schemas/parseConvo): add handling of secondaryModels to use first of defined secondary models, which includes last selected one as first, or default to the convo's secondary model value * refactor: remove hooks from store and move to hooks refactor(switchToConversation): make switchToConversation use latest recoil state, which is necessary to get the most up-to-date models list, replace wrapper function refactor(getDefaultConversation): factor out logic into 3 pieces to reduce complexity. * fix: backend tests * feat: optimistic update by calling newConvo when models are fetched * feat: openrouter support for titling convos * feat: cache models fetch * chore: add missing dep to AuthContext useEffect * chore: fix useTimeout types * chore: delete old getDefaultConvo file * chore: remove newConvo logic from Root, remove console log from api models caching * chore: ensure bun is used for building in b:client script * fix: default endpoint will not default to null on a completely fresh login (no localStorage/cookies) * chore: add openrouter docs to free_ai_apis.md and .env.example * chore: remove openrouter console logs * feat: add debugging env variable for Plugins 2023-09-18 12:55:51 -04:00			`/* TODO: fix dependency cycle */`
feat: Refresh Token for improved Session Security (#927) * feat(api): refresh token logic * feat(client): refresh token logic * feat(data-provider): refresh token logic * fix: SSE uses esm * chore: add default refresh token expiry to AuthService, add message about env var not set when generating a token * chore: update scripts to more compatible bun methods, ran bun install again * chore: update env.example and playwright workflow with JWT_REFRESH_SECRET * chore: update breaking changes docs * chore: add timeout to url visit * chore: add default SESSION_EXPIRY in generateToken logic, add act script for testing github actions * fix(e2e): refresh automatically in development environment to pass e2e tests 2023-09-11 13:10:46 -04:00			`// eslint-disable-next-line import/no-cycle`
			`import { refreshToken } from './data-service';`
			`import { setTokenHeader } from './headers-helpers';`

			`let isRefreshing = false;`
			`let failedQueue: { resolve: (value?: any) => void; reject: (reason?: any) => void }[] = [];`

			`const processQueue = (error: AxiosError \| null, token: string \| null = null) => {`
			`failedQueue.forEach((prom) => {`
			`if (error) {`
			`prom.reject(error);`
			`} else {`
			`prom.resolve(token);`
			`}`
			`});`
			`failedQueue = [];`
			`};`

			`axios.interceptors.response.use(`
			`(response) => response,`
fix(auth/refresh): send 403 res for invalid token to properly invalidate session (#1068) 2023-10-17 08:34:14 -04:00			`async (error) => {`
feat: Refresh Token for improved Session Security (#927) * feat(api): refresh token logic * feat(client): refresh token logic * feat(data-provider): refresh token logic * fix: SSE uses esm * chore: add default refresh token expiry to AuthService, add message about env var not set when generating a token * chore: update scripts to more compatible bun methods, ran bun install again * chore: update env.example and playwright workflow with JWT_REFRESH_SECRET * chore: update breaking changes docs * chore: add timeout to url visit * chore: add default SESSION_EXPIRY in generateToken logic, add act script for testing github actions * fix(e2e): refresh automatically in development environment to pass e2e tests 2023-09-11 13:10:46 -04:00			`const originalRequest = error.config;`
fix: `getLogStores` Property and Handle 401 Error from Refresh Token Request (#1084) * fix(getLogStores): correct wrong prop passed to keyv opts: duration -> ttl * fix: edge case where we get a blank screen if the initially intercepted 401 error is from a refresh token request; in this case, make explicit to the server that we are retrying from a refreshToken request 2023-10-21 12:39:08 -04:00
feat: Refresh Token for improved Session Security (#927) * feat(api): refresh token logic * feat(client): refresh token logic * feat(data-provider): refresh token logic * fix: SSE uses esm * chore: add default refresh token expiry to AuthService, add message about env var not set when generating a token * chore: update scripts to more compatible bun methods, ran bun install again * chore: update env.example and playwright workflow with JWT_REFRESH_SECRET * chore: update breaking changes docs * chore: add timeout to url visit * chore: add default SESSION_EXPIRY in generateToken logic, add act script for testing github actions * fix(e2e): refresh automatically in development environment to pass e2e tests 2023-09-11 13:10:46 -04:00			`if (error.response.status === 401 && !originalRequest._retry) {`
fix: `getLogStores` Property and Handle 401 Error from Refresh Token Request (#1084) * fix(getLogStores): correct wrong prop passed to keyv opts: duration -> ttl * fix: edge case where we get a blank screen if the initially intercepted 401 error is from a refresh token request; in this case, make explicit to the server that we are retrying from a refreshToken request 2023-10-21 12:39:08 -04:00			`originalRequest._retry = true;`

feat: Refresh Token for improved Session Security (#927) * feat(api): refresh token logic * feat(client): refresh token logic * feat(data-provider): refresh token logic * fix: SSE uses esm * chore: add default refresh token expiry to AuthService, add message about env var not set when generating a token * chore: update scripts to more compatible bun methods, ran bun install again * chore: update env.example and playwright workflow with JWT_REFRESH_SECRET * chore: update breaking changes docs * chore: add timeout to url visit * chore: add default SESSION_EXPIRY in generateToken logic, add act script for testing github actions * fix(e2e): refresh automatically in development environment to pass e2e tests 2023-09-11 13:10:46 -04:00			`if (isRefreshing) {`
fix(auth/refresh): send 403 res for invalid token to properly invalidate session (#1068) 2023-10-17 08:34:14 -04:00			`try {`
fix: `getLogStores` Property and Handle 401 Error from Refresh Token Request (#1084) * fix(getLogStores): correct wrong prop passed to keyv opts: duration -> ttl * fix: edge case where we get a blank screen if the initially intercepted 401 error is from a refresh token request; in this case, make explicit to the server that we are retrying from a refreshToken request 2023-10-21 12:39:08 -04:00			`const token = await new Promise((resolve, reject) => {`
fix(auth/refresh): send 403 res for invalid token to properly invalidate session (#1068) 2023-10-17 08:34:14 -04:00			`failedQueue.push({ resolve, reject });`
feat: Refresh Token for improved Session Security (#927) * feat(api): refresh token logic * feat(client): refresh token logic * feat(data-provider): refresh token logic * fix: SSE uses esm * chore: add default refresh token expiry to AuthService, add message about env var not set when generating a token * chore: update scripts to more compatible bun methods, ran bun install again * chore: update env.example and playwright workflow with JWT_REFRESH_SECRET * chore: update breaking changes docs * chore: add timeout to url visit * chore: add default SESSION_EXPIRY in generateToken logic, add act script for testing github actions * fix(e2e): refresh automatically in development environment to pass e2e tests 2023-09-11 13:10:46 -04:00			`});`
fix(auth/refresh): send 403 res for invalid token to properly invalidate session (#1068) 2023-10-17 08:34:14 -04:00			`originalRequest.headers['Authorization'] = 'Bearer ' + token;`
			`return await axios(originalRequest);`
			`} catch (err) {`
fix: `getLogStores` Property and Handle 401 Error from Refresh Token Request (#1084) * fix(getLogStores): correct wrong prop passed to keyv opts: duration -> ttl * fix: edge case where we get a blank screen if the initially intercepted 401 error is from a refresh token request; in this case, make explicit to the server that we are retrying from a refreshToken request 2023-10-21 12:39:08 -04:00			`return Promise.reject(err);`
fix(auth/refresh): send 403 res for invalid token to properly invalidate session (#1068) 2023-10-17 08:34:14 -04:00			`}`
feat: Refresh Token for improved Session Security (#927) * feat(api): refresh token logic * feat(client): refresh token logic * feat(data-provider): refresh token logic * fix: SSE uses esm * chore: add default refresh token expiry to AuthService, add message about env var not set when generating a token * chore: update scripts to more compatible bun methods, ran bun install again * chore: update env.example and playwright workflow with JWT_REFRESH_SECRET * chore: update breaking changes docs * chore: add timeout to url visit * chore: add default SESSION_EXPIRY in generateToken logic, add act script for testing github actions * fix(e2e): refresh automatically in development environment to pass e2e tests 2023-09-11 13:10:46 -04:00			`}`

			`isRefreshing = true;`

fix: `getLogStores` Property and Handle 401 Error from Refresh Token Request (#1084) * fix(getLogStores): correct wrong prop passed to keyv opts: duration -> ttl * fix: edge case where we get a blank screen if the initially intercepted 401 error is from a refresh token request; in this case, make explicit to the server that we are retrying from a refreshToken request 2023-10-21 12:39:08 -04:00			`try {`
			`const { token } = await refreshToken(`
			`// Handle edge case where we get a blank screen if the initial 401 error is from a refresh token request`
			`originalRequest.url?.includes('api/auth/refresh') ? true : false,`
			`);`

			`if (token) {`
			`originalRequest.headers['Authorization'] = 'Bearer ' + token;`
			`setTokenHeader(token);`
			`window.dispatchEvent(new CustomEvent('tokenUpdated', { detail: token }));`
			`processQueue(null, token);`
			`return await axios(originalRequest);`
			`} else {`
			`window.location.href = '/login';`
			`}`
			`} catch (err) {`
			`processQueue(err as AxiosError, null);`
			`return Promise.reject(err);`
			`} finally {`
			`isRefreshing = false;`
			`}`
feat: Refresh Token for improved Session Security (#927) * feat(api): refresh token logic * feat(client): refresh token logic * feat(data-provider): refresh token logic * fix: SSE uses esm * chore: add default refresh token expiry to AuthService, add message about env var not set when generating a token * chore: update scripts to more compatible bun methods, ran bun install again * chore: update env.example and playwright workflow with JWT_REFRESH_SECRET * chore: update breaking changes docs * chore: add timeout to url visit * chore: add default SESSION_EXPIRY in generateToken logic, add act script for testing github actions * fix(e2e): refresh automatically in development environment to pass e2e tests 2023-09-11 13:10:46 -04:00			`}`
fix: `getLogStores` Property and Handle 401 Error from Refresh Token Request (#1084) * fix(getLogStores): correct wrong prop passed to keyv opts: duration -> ttl * fix: edge case where we get a blank screen if the initially intercepted 401 error is from a refresh token request; in this case, make explicit to the server that we are retrying from a refreshToken request 2023-10-21 12:39:08 -04:00
feat: Refresh Token for improved Session Security (#927) * feat(api): refresh token logic * feat(client): refresh token logic * feat(data-provider): refresh token logic * fix: SSE uses esm * chore: add default refresh token expiry to AuthService, add message about env var not set when generating a token * chore: update scripts to more compatible bun methods, ran bun install again * chore: update env.example and playwright workflow with JWT_REFRESH_SECRET * chore: update breaking changes docs * chore: add timeout to url visit * chore: add default SESSION_EXPIRY in generateToken logic, add act script for testing github actions * fix(e2e): refresh automatically in development environment to pass e2e tests 2023-09-11 13:10:46 -04:00			`return Promise.reject(error);`
			`},`
			`);`
chore: add back data-provider 2023-07-30 10:37:25 -04:00
			`async function _get<T>(url: string, options?: AxiosRequestConfig): Promise<T> {`
			`const response = await axios.get(url, { ...options });`
			`return response.data;`
			`}`

			`async function _post(url: string, data?: any) {`
			`const response = await axios.post(url, JSON.stringify(data), {`
			`headers: { 'Content-Type': 'application/json' },`
			`});`
			`return response.data;`
			`}`

			`async function _postMultiPart(url: string, formData: FormData, options?: AxiosRequestConfig) {`
			`const response = await axios.post(url, formData, {`
			`...options,`
			`headers: { 'Content-Type': 'multipart/form-data' },`
			`});`
			`return response.data;`
			`}`

			`async function _put(url: string, data?: any) {`
			`const response = await axios.put(url, JSON.stringify(data), {`
			`headers: { 'Content-Type': 'application/json' },`
			`});`
			`return response.data;`
			`}`

			`async function _delete<T>(url: string): Promise<T> {`
			`const response = await axios.delete(url);`
			`return response.data;`
			`}`

			`async function _deleteWithOptions<T>(url: string, options?: AxiosRequestConfig): Promise<T> {`
			`const response = await axios.delete(url, { ...options });`
			`return response.data;`
			`}`

			`async function _patch(url: string, data?: any) {`
			`const response = await axios.patch(url, JSON.stringify(data), {`
			`headers: { 'Content-Type': 'application/json' },`
			`});`
			`return response.data;`
			`}`

			`export default {`
			`get: _get,`
			`post: _post,`
			`postMultiPart: _postMultiPart,`
			`put: _put,`
			`delete: _delete,`
			`deleteWithOptions: _deleteWithOptions,`
			`patch: _patch,`
			`};`