2023-03-14 01:24:43 +08:00
|
|
|
const express = require('express');
|
feat: Auth and User System (#205)
* server-side JWT auth implementation
* move oauth routes and strategies, fix bugs
* backend modifications for wiring up the frontend login and reg forms
* Add frontend data services for login and registration
* Add login and registration forms
* Implment auth context, functional client side auth
* protect routes with jwt auth
* finish local strategy (using local storage)
* Start setting up google auth
* disable token refresh, remove old auth middleware
* refactor client, add ApiErrorBoundary context
* disable google and facebook strategies
* fix: fix presets not displaying specific to user
* fix: fix issue with browser refresh
* fix: casing issue with User.js (#11)
* delete user.js to be renamed
* fix: fix casing issue with User.js
* comment out api error watcher temporarily
* fix: issue with api error watcher (#12)
* delete user.js to be renamed
* fix: fix casing issue with User.js
* comment out api error watcher temporarily
* feat: add google auth social login
* fix: make google login url dynamic based on dev/prod
* fix: bug where UI is briefly displayed before redirecting to login
* fix: fix cookie expires value for local auth
* Update README.md
* Update LOCAL_INSTALL structure
* Add local testing instructions
* Only load google strategy if client id and secret are provided
* Update .env.example files with new params
* fix issue with not redirecting to register form
* only show google login button if value is set in .env
* cleanup log messages
* Add label to button for google login on login form
* doc: fix client/server url values in .env.example
* feat: add error message details to registration failure
* Restore preventing paste on confirm password
* auto-login user after registering
* feat: forgot password (#24)
* make login/reg pages look like openai's
* add password reset data services
* new form designs similar to openai, add password reset pages
* add api's for password reset
* email utils for password reset
* remove bcrypt salt rounds from process.env
* refactor: restructure api auth code, consolidate routes (#25)
* add api's for password reset
* remove bcrypt salt rounds from process.env
* refactor: consolidate auth routes, use controller pattern
* refactor: code cleanup
* feat: migrate data to first user (#26)
* refactor: use /api for auth routes
* fix: use user id instead of username
* feat: migrate data to first user on register
* fix: fix social login routes after refactor (#27)
* refactor: use /api for auth routes
* fix: use user id instead of username
* feat: migrate data to first user on register
* fix: fix social login routes
* fix: issue with auto-login when logging out then logging in with new browser window (#28)
* refactor: use /api for auth routes
* fix: use user id instead of username
* feat: migrate data to first user on register
* fix: fix social login routes
* fix: fix issue with auto-login in new tab
* doc: Update README and .env.example files with user system information (#29)
* refactor: use /api for auth routes
* fix: use user id instead of username
* feat: migrate data to first user on register
* fix: fix social login routes
* fix: fix issue with auto-login in new tab
* doc: update README and .env.example files
* Fixup: LOCAL_INSTALL.md PS instructions (#200) (#30)
Co-authored-by: alfredo-f <alfredo.fomitchenko@mail.polimi.it>
* feat: send user with completion to protect against abuse (#31)
* Fixup: LOCAL_INSTALL.md PS instructions (#200)
* server-side JWT auth implementation
* move oauth routes and strategies, fix bugs
* backend modifications for wiring up the frontend login and reg forms
* Add frontend data services for login and registration
* Add login and registration forms
* Implment auth context, functional client side auth
* protect routes with jwt auth
* finish local strategy (using local storage)
* Start setting up google auth
* disable token refresh, remove old auth middleware
* refactor client, add ApiErrorBoundary context
* disable google and facebook strategies
* fix: fix presets not displaying specific to user
* fix: fix issue with browser refresh
* fix: casing issue with User.js (#11)
* delete user.js to be renamed
* fix: fix casing issue with User.js
* comment out api error watcher temporarily
* feat: add google auth social login
* fix: make google login url dynamic based on dev/prod
* fix: bug where UI is briefly displayed before redirecting to login
* fix: fix cookie expires value for local auth
* Only load google strategy if client id and secret are provided
* Update .env.example files with new params
* fix issue with not redirecting to register form
* only show google login button if value is set in .env
* cleanup log messages
* Add label to button for google login on login form
* doc: fix client/server url values in .env.example
* feat: add error message details to registration failure
* Restore preventing paste on confirm password
* auto-login user after registering
* feat: forgot password (#24)
* make login/reg pages look like openai's
* add password reset data services
* new form designs similar to openai, add password reset pages
* add api's for password reset
* email utils for password reset
* remove bcrypt salt rounds from process.env
* refactor: restructure api auth code, consolidate routes (#25)
* add api's for password reset
* remove bcrypt salt rounds from process.env
* refactor: consolidate auth routes, use controller pattern
* refactor: code cleanup
* feat: migrate data to first user (#26)
* refactor: use /api for auth routes
* fix: use user id instead of username
* feat: migrate data to first user on register
* fix: fix social login routes after refactor (#27)
* refactor: use /api for auth routes
* fix: use user id instead of username
* feat: migrate data to first user on register
* fix: fix social login routes
* fix: issue with auto-login when logging out then logging in with new browser window (#28)
* refactor: use /api for auth routes
* fix: use user id instead of username
* feat: migrate data to first user on register
* fix: fix social login routes
* fix: fix issue with auto-login in new tab
* doc: Update README and .env.example files with user system information (#29)
* refactor: use /api for auth routes
* fix: use user id instead of username
* feat: migrate data to first user on register
* fix: fix social login routes
* fix: fix issue with auto-login in new tab
* doc: update README and .env.example files
* Send user id to openai to protect against abuse
* add meilisearch to gitignore
* Remove webpack
---------
Co-authored-by: alfredo-f <alfredo.fomitchenko@mail.polimi.it>
---------
Co-authored-by: Danny Avila <110412045+danny-avila@users.noreply.github.com>
Co-authored-by: Alfredo Fomitchenko <alfredo.fomitchenko@mail.polimi.it>
2023-05-07 10:04:51 -07:00
|
|
|
const {
|
2023-09-11 13:10:46 -04:00
|
|
|
refreshController,
|
2023-07-14 09:36:49 -04:00
|
|
|
registrationController,
|
2024-06-07 21:06:47 +02:00
|
|
|
resetPasswordController,
|
|
|
|
|
resetPasswordRequestController,
|
|
|
|
|
} = require('~/server/controllers/AuthController');
|
|
|
|
|
const { loginController } = require('~/server/controllers/auth/LoginController');
|
|
|
|
|
const { logoutController } = require('~/server/controllers/auth/LogoutController');
|
2025-02-18 01:09:36 +01:00
|
|
|
const { verify2FA } = require('~/server/controllers/auth/TwoFactorAuthController');
|
|
|
|
|
const {
|
|
|
|
|
enable2FAController,
|
|
|
|
|
verify2FAController,
|
|
|
|
|
disable2FAController,
|
|
|
|
|
regenerateBackupCodesController, confirm2FAController,
|
|
|
|
|
} = require('~/server/controllers/TwoFactorController');
|
refactor: Encrypt & Expire User Provided Keys, feat: Rate Limiting (#874)
* docs: make_your_own.md formatting fix for mkdocs
* feat: add express-mongo-sanitize
feat: add login/registration rate limiting
* chore: remove unnecessary console log
* wip: remove token handling from localStorage to encrypted DB solution
* refactor: minor change to UserService
* fix mongo query and add keys route to server
* fix backend controllers and simplify schema/crud
* refactor: rename token to key to separate from access/refresh tokens, setTokenDialog -> setKeyDialog
* refactor(schemas): TEndpointOption token -> key
* refactor(api): use new encrypted key retrieval system
* fix(SetKeyDialog): fix key prop error
* fix(abortMiddleware): pass random UUID if messageId is not generated yet for proper error display on frontend
* fix(getUserKey): wrong prop passed in arg, adds error handling
* fix: prevent message without conversationId from saving to DB, prevents branching on the frontend to a new top-level branch
* refactor: change wording of multiple display messages
* refactor(checkExpiry -> checkUserKeyExpiry): move to UserService file
* fix: type imports from common
* refactor(SubmitButton): convert to TS
* refactor(key.ts): change localStorage map key name
* refactor: add new custom tailwind classes to better match openAI colors
* chore: remove unnecessary warning and catch ScreenShot error
* refactor: move userKey frontend logic to hooks and remove use of localStorage and instead query the DB
* refactor: invalidate correct query key, memoize userKey hook, conditionally render SetKeyDialog to avoid unnecessary calls, refactor SubmitButton props and useEffect for showing 'provide key first'
* fix(SetKeyDialog): use enum-like object for expiry values
feat(Dropdown): add optionsClassName to dynamically change dropdown options container classes
* fix: handle edge case where user had provided a key but the server changes to env variable for keys
* refactor(OpenAI/titleConvo): move titling to client to retain authorized credentials in message lifecycle for titling
* fix(azure): handle user_provided keys correctly for azure
* feat: send user Id to OpenAI to differentiate users in completion requests
* refactor(OpenAI/titleConvo): adding tokens helps minimize LLM from using the language in title response
* feat: add delete endpoint for keys
* chore: remove throttling of title
* feat: add 'Data controls' to Settings, add 'Revoke' keys feature in Key Dialog and Data controls
* refactor: reorganize PluginsClient files in langchain format
* feat: use langchain for titling convos
* chore: cleanup titling convo, with fallback to original method, escape braces, use only snippet for language detection
* refactor: move helper functions to appropriate langchain folders for reusability
* fix: userProvidesKey handling for gptPlugins
* fix: frontend handling of plugins key
* chore: cleanup logging and ts-ignore SSE
* fix: forwardRef misuse in DangerButton
* fix(GoogleConfig/FileUpload): localize errors and simplify validation with zod
* fix: cleanup google logging and fix user provided key handling
* chore: remove titling from google
* chore: removing logging from browser endpoint
* wip: fix menu flicker
* feat: useLocalStorage hook
* feat: add Tooltip for UI
* refactor(EndpointMenu): utilize Tooltip and useLocalStorage, remove old 'New Chat' slide-over
* fix(e2e): use testId for endpoint menu trigger
* chore: final touches to EndpointMenu before future refactor to declutter component
* refactor(localization): change select endpoint to open menu and add translations
* chore: add final prop to error message response
* ci: minor edits to facilitate testing
* ci: new e2e test which tests for new key setting/revoking features
2023-09-06 10:46:27 -04:00
|
|
|
const {
|
feat: Message Rate Limiters, Violation Logging, & Ban System 🔨 (#903)
* refactor: require Auth middleware in route index files
* feat: concurrent message limiter
* feat: complete concurrent message limiter with caching
* refactor: SSE response methods separated from handleText
* fix(abortMiddleware): fix req and res order to standard, use endpointOption in req.body
* chore: minor name changes
* refactor: add isUUID condition to saveMessage
* fix(concurrentLimiter): logic correctly handles the max number of concurrent messages and res closing/finalization
* chore: bump keyv and remove console.log from Message
* fix(concurrentLimiter): ensure messages are only saved in later message children
* refactor(concurrentLimiter): use KeyvFile instead, could make other stores configurable in the future
* feat: add denyRequest function for error responses
* feat(utils): add isStringTruthy function
Introduce the isStringTruthy function to the utilities module to check if a string value is a case-insensitive match for 'true'
* feat: add optional message rate limiters by IP and userId
* feat: add optional message rate limiters by IP and userId to edit route
* refactor: rename isStringTruthy to isTrue for brevity
* refactor(getError): use map to make code cleaner
* refactor: use memory for concurrent rate limiter to prevent clearing on startup/exit, add multiple log files, fix error message for concurrent violation
* feat: check if errorMessage is object, stringify if so
* chore: send object to denyRequest which will stringify it
* feat: log excessive requests
* fix(getError): correctly pluralize messages
* refactor(limiters): make type consistent between logs and errorMessage
* refactor(cache): move files out of lib/db into separate cache dir
>> feat: add getLogStores function so Keyv instance is not redundantly created on every violation
feat: separate violation logging to own function with logViolation
* fix: cache/index.js export, properly record userViolations
* refactor(messageLimiters): use new logging method, add logging to registrations
* refactor(logViolation): make userLogs an array of logs per user
* feat: add logging to login limiter
* refactor: pass req as first param to logViolation and record offending IP
* refactor: rename isTrue helper fn to isEnabled
* feat: add simple non_browser check and log violation
* fix: open handles in unit tests, remove KeyvMongo as not used and properly mock global fetch
* chore: adjust nodemon ignore paths to properly ignore logs
* feat: add math helper function for safe use of eval
* refactor(api/convos): use middleware at top of file to avoid redundancy
* feat: add delete all static method for Sessions
* fix: redirect to login on refresh if user is not found, or the session is not found but hasn't expired (ban case)
* refactor(getLogStores): adjust return type
* feat: add ban violation and check ban logic
refactor(logViolation): pass both req and res objects
* feat: add removePorts helper function
* refactor: rename getError to getMessageError and add getLoginError for displaying different login errors
* fix(AuthContext): fix type issue and remove unused code
* refactor(bans): ban by ip and user id, send response based on origin
* chore: add frontend ban messages
* refactor(routes/oauth): add ban check to handler, also consolidate logic to avoid redundancy
* feat: add ban check to AI messaging routes
* feat: add ban check to login/registration
* fix(ci/api): mock KeyvMongo to avoid tests hanging
* docs: update .env.example
> refactor(banViolation): calculate interval rate crossover, early return if duration is invalid
ci(banViolation): add tests to ensure users are only banned when expected
* docs: improve wording for mod system
* feat: add configurable env variables for violation scores
* chore: add jsdoc for uaParser.js
* chore: improve ban text log
* chore: update bun test scripts
* refactor(math.js): add fallback values
* fix(KeyvMongo/banLogs): refactor keyv instances to top of files to avoid memory leaks, refactor ban logic to use getLogStores instead
refactor(getLogStores): get a single log store by type
* fix(ci): refactor tests due to banLogs changes, also make sure to clear and revoke sessions even if ban duration is 0
* fix(banViolation.js): getLogStores import
* feat: handle 500 code error at login
* fix(middleware): handle case where user.id is _id and not just id
* ci: add ban secrets for backend unit tests
* refactor: logout user upon ban
* chore: log session delete message only if deletedCount > 0
* refactor: change default ban duration (2h) and make logic more clear in JSDOC
* fix: login and registration limiters will now return rate limiting error
* fix: userId not parsable as non ObjectId string
* feat: add useTimeout hook to properly clear timeouts when invoking functions within them
refactor(AuthContext): cleanup code by using new hook and defining types in ~/common
* fix: login error message for rate limits
* docs: add info for automated mod system and rate limiters, update other docs accordingly
* chore: bump data-provider version
2023-09-13 10:57:07 -04:00
|
|
|
checkBan,
|
refactor: Encrypt & Expire User Provided Keys, feat: Rate Limiting (#874)
* docs: make_your_own.md formatting fix for mkdocs
* feat: add express-mongo-sanitize
feat: add login/registration rate limiting
* chore: remove unnecessary console log
* wip: remove token handling from localStorage to encrypted DB solution
* refactor: minor change to UserService
* fix mongo query and add keys route to server
* fix backend controllers and simplify schema/crud
* refactor: rename token to key to separate from access/refresh tokens, setTokenDialog -> setKeyDialog
* refactor(schemas): TEndpointOption token -> key
* refactor(api): use new encrypted key retrieval system
* fix(SetKeyDialog): fix key prop error
* fix(abortMiddleware): pass random UUID if messageId is not generated yet for proper error display on frontend
* fix(getUserKey): wrong prop passed in arg, adds error handling
* fix: prevent message without conversationId from saving to DB, prevents branching on the frontend to a new top-level branch
* refactor: change wording of multiple display messages
* refactor(checkExpiry -> checkUserKeyExpiry): move to UserService file
* fix: type imports from common
* refactor(SubmitButton): convert to TS
* refactor(key.ts): change localStorage map key name
* refactor: add new custom tailwind classes to better match openAI colors
* chore: remove unnecessary warning and catch ScreenShot error
* refactor: move userKey frontend logic to hooks and remove use of localStorage and instead query the DB
* refactor: invalidate correct query key, memoize userKey hook, conditionally render SetKeyDialog to avoid unnecessary calls, refactor SubmitButton props and useEffect for showing 'provide key first'
* fix(SetKeyDialog): use enum-like object for expiry values
feat(Dropdown): add optionsClassName to dynamically change dropdown options container classes
* fix: handle edge case where user had provided a key but the server changes to env variable for keys
* refactor(OpenAI/titleConvo): move titling to client to retain authorized credentials in message lifecycle for titling
* fix(azure): handle user_provided keys correctly for azure
* feat: send user Id to OpenAI to differentiate users in completion requests
* refactor(OpenAI/titleConvo): adding tokens helps minimize LLM from using the language in title response
* feat: add delete endpoint for keys
* chore: remove throttling of title
* feat: add 'Data controls' to Settings, add 'Revoke' keys feature in Key Dialog and Data controls
* refactor: reorganize PluginsClient files in langchain format
* feat: use langchain for titling convos
* chore: cleanup titling convo, with fallback to original method, escape braces, use only snippet for language detection
* refactor: move helper functions to appropriate langchain folders for reusability
* fix: userProvidesKey handling for gptPlugins
* fix: frontend handling of plugins key
* chore: cleanup logging and ts-ignore SSE
* fix: forwardRef misuse in DangerButton
* fix(GoogleConfig/FileUpload): localize errors and simplify validation with zod
* fix: cleanup google logging and fix user provided key handling
* chore: remove titling from google
* chore: removing logging from browser endpoint
* wip: fix menu flicker
* feat: useLocalStorage hook
* feat: add Tooltip for UI
* refactor(EndpointMenu): utilize Tooltip and useLocalStorage, remove old 'New Chat' slide-over
* fix(e2e): use testId for endpoint menu trigger
* chore: final touches to EndpointMenu before future refactor to declutter component
* refactor(localization): change select endpoint to open menu and add translations
* chore: add final prop to error message response
* ci: minor edits to facilitate testing
* ci: new e2e test which tests for new key setting/revoking features
2023-09-06 10:46:27 -04:00
|
|
|
loginLimiter,
|
|
|
|
|
requireJwtAuth,
|
2024-08-18 06:23:38 +02:00
|
|
|
checkInviteUser,
|
2024-06-07 21:06:47 +02:00
|
|
|
registerLimiter,
|
2024-05-29 14:46:20 -07:00
|
|
|
requireLdapAuth,
|
refactor: Encrypt & Expire User Provided Keys, feat: Rate Limiting (#874)
* docs: make_your_own.md formatting fix for mkdocs
* feat: add express-mongo-sanitize
feat: add login/registration rate limiting
* chore: remove unnecessary console log
* wip: remove token handling from localStorage to encrypted DB solution
* refactor: minor change to UserService
* fix mongo query and add keys route to server
* fix backend controllers and simplify schema/crud
* refactor: rename token to key to separate from access/refresh tokens, setTokenDialog -> setKeyDialog
* refactor(schemas): TEndpointOption token -> key
* refactor(api): use new encrypted key retrieval system
* fix(SetKeyDialog): fix key prop error
* fix(abortMiddleware): pass random UUID if messageId is not generated yet for proper error display on frontend
* fix(getUserKey): wrong prop passed in arg, adds error handling
* fix: prevent message without conversationId from saving to DB, prevents branching on the frontend to a new top-level branch
* refactor: change wording of multiple display messages
* refactor(checkExpiry -> checkUserKeyExpiry): move to UserService file
* fix: type imports from common
* refactor(SubmitButton): convert to TS
* refactor(key.ts): change localStorage map key name
* refactor: add new custom tailwind classes to better match openAI colors
* chore: remove unnecessary warning and catch ScreenShot error
* refactor: move userKey frontend logic to hooks and remove use of localStorage and instead query the DB
* refactor: invalidate correct query key, memoize userKey hook, conditionally render SetKeyDialog to avoid unnecessary calls, refactor SubmitButton props and useEffect for showing 'provide key first'
* fix(SetKeyDialog): use enum-like object for expiry values
feat(Dropdown): add optionsClassName to dynamically change dropdown options container classes
* fix: handle edge case where user had provided a key but the server changes to env variable for keys
* refactor(OpenAI/titleConvo): move titling to client to retain authorized credentials in message lifecycle for titling
* fix(azure): handle user_provided keys correctly for azure
* feat: send user Id to OpenAI to differentiate users in completion requests
* refactor(OpenAI/titleConvo): adding tokens helps minimize LLM from using the language in title response
* feat: add delete endpoint for keys
* chore: remove throttling of title
* feat: add 'Data controls' to Settings, add 'Revoke' keys feature in Key Dialog and Data controls
* refactor: reorganize PluginsClient files in langchain format
* feat: use langchain for titling convos
* chore: cleanup titling convo, with fallback to original method, escape braces, use only snippet for language detection
* refactor: move helper functions to appropriate langchain folders for reusability
* fix: userProvidesKey handling for gptPlugins
* fix: frontend handling of plugins key
* chore: cleanup logging and ts-ignore SSE
* fix: forwardRef misuse in DangerButton
* fix(GoogleConfig/FileUpload): localize errors and simplify validation with zod
* fix: cleanup google logging and fix user provided key handling
* chore: remove titling from google
* chore: removing logging from browser endpoint
* wip: fix menu flicker
* feat: useLocalStorage hook
* feat: add Tooltip for UI
* refactor(EndpointMenu): utilize Tooltip and useLocalStorage, remove old 'New Chat' slide-over
* fix(e2e): use testId for endpoint menu trigger
* chore: final touches to EndpointMenu before future refactor to declutter component
* refactor(localization): change select endpoint to open menu and add translations
* chore: add final prop to error message response
* ci: minor edits to facilitate testing
* ci: new e2e test which tests for new key setting/revoking features
2023-09-06 10:46:27 -04:00
|
|
|
requireLocalAuth,
|
2024-06-07 21:06:47 +02:00
|
|
|
resetPasswordLimiter,
|
refactor: Encrypt & Expire User Provided Keys, feat: Rate Limiting (#874)
* docs: make_your_own.md formatting fix for mkdocs
* feat: add express-mongo-sanitize
feat: add login/registration rate limiting
* chore: remove unnecessary console log
* wip: remove token handling from localStorage to encrypted DB solution
* refactor: minor change to UserService
* fix mongo query and add keys route to server
* fix backend controllers and simplify schema/crud
* refactor: rename token to key to separate from access/refresh tokens, setTokenDialog -> setKeyDialog
* refactor(schemas): TEndpointOption token -> key
* refactor(api): use new encrypted key retrieval system
* fix(SetKeyDialog): fix key prop error
* fix(abortMiddleware): pass random UUID if messageId is not generated yet for proper error display on frontend
* fix(getUserKey): wrong prop passed in arg, adds error handling
* fix: prevent message without conversationId from saving to DB, prevents branching on the frontend to a new top-level branch
* refactor: change wording of multiple display messages
* refactor(checkExpiry -> checkUserKeyExpiry): move to UserService file
* fix: type imports from common
* refactor(SubmitButton): convert to TS
* refactor(key.ts): change localStorage map key name
* refactor: add new custom tailwind classes to better match openAI colors
* chore: remove unnecessary warning and catch ScreenShot error
* refactor: move userKey frontend logic to hooks and remove use of localStorage and instead query the DB
* refactor: invalidate correct query key, memoize userKey hook, conditionally render SetKeyDialog to avoid unnecessary calls, refactor SubmitButton props and useEffect for showing 'provide key first'
* fix(SetKeyDialog): use enum-like object for expiry values
feat(Dropdown): add optionsClassName to dynamically change dropdown options container classes
* fix: handle edge case where user had provided a key but the server changes to env variable for keys
* refactor(OpenAI/titleConvo): move titling to client to retain authorized credentials in message lifecycle for titling
* fix(azure): handle user_provided keys correctly for azure
* feat: send user Id to OpenAI to differentiate users in completion requests
* refactor(OpenAI/titleConvo): adding tokens helps minimize LLM from using the language in title response
* feat: add delete endpoint for keys
* chore: remove throttling of title
* feat: add 'Data controls' to Settings, add 'Revoke' keys feature in Key Dialog and Data controls
* refactor: reorganize PluginsClient files in langchain format
* feat: use langchain for titling convos
* chore: cleanup titling convo, with fallback to original method, escape braces, use only snippet for language detection
* refactor: move helper functions to appropriate langchain folders for reusability
* fix: userProvidesKey handling for gptPlugins
* fix: frontend handling of plugins key
* chore: cleanup logging and ts-ignore SSE
* fix: forwardRef misuse in DangerButton
* fix(GoogleConfig/FileUpload): localize errors and simplify validation with zod
* fix: cleanup google logging and fix user provided key handling
* chore: remove titling from google
* chore: removing logging from browser endpoint
* wip: fix menu flicker
* feat: useLocalStorage hook
* feat: add Tooltip for UI
* refactor(EndpointMenu): utilize Tooltip and useLocalStorage, remove old 'New Chat' slide-over
* fix(e2e): use testId for endpoint menu trigger
* chore: final touches to EndpointMenu before future refactor to declutter component
* refactor(localization): change select endpoint to open menu and add translations
* chore: add final prop to error message response
* ci: minor edits to facilitate testing
* ci: new e2e test which tests for new key setting/revoking features
2023-09-06 10:46:27 -04:00
|
|
|
validateRegistration,
|
2024-06-06 17:39:36 +02:00
|
|
|
validatePasswordReset,
|
2024-06-07 21:06:47 +02:00
|
|
|
} = require('~/server/middleware');
|
2023-03-14 01:24:43 +08:00
|
|
|
|
feat: Auth and User System (#205)
* server-side JWT auth implementation
* move oauth routes and strategies, fix bugs
* backend modifications for wiring up the frontend login and reg forms
* Add frontend data services for login and registration
* Add login and registration forms
* Implment auth context, functional client side auth
* protect routes with jwt auth
* finish local strategy (using local storage)
* Start setting up google auth
* disable token refresh, remove old auth middleware
* refactor client, add ApiErrorBoundary context
* disable google and facebook strategies
* fix: fix presets not displaying specific to user
* fix: fix issue with browser refresh
* fix: casing issue with User.js (#11)
* delete user.js to be renamed
* fix: fix casing issue with User.js
* comment out api error watcher temporarily
* fix: issue with api error watcher (#12)
* delete user.js to be renamed
* fix: fix casing issue with User.js
* comment out api error watcher temporarily
* feat: add google auth social login
* fix: make google login url dynamic based on dev/prod
* fix: bug where UI is briefly displayed before redirecting to login
* fix: fix cookie expires value for local auth
* Update README.md
* Update LOCAL_INSTALL structure
* Add local testing instructions
* Only load google strategy if client id and secret are provided
* Update .env.example files with new params
* fix issue with not redirecting to register form
* only show google login button if value is set in .env
* cleanup log messages
* Add label to button for google login on login form
* doc: fix client/server url values in .env.example
* feat: add error message details to registration failure
* Restore preventing paste on confirm password
* auto-login user after registering
* feat: forgot password (#24)
* make login/reg pages look like openai's
* add password reset data services
* new form designs similar to openai, add password reset pages
* add api's for password reset
* email utils for password reset
* remove bcrypt salt rounds from process.env
* refactor: restructure api auth code, consolidate routes (#25)
* add api's for password reset
* remove bcrypt salt rounds from process.env
* refactor: consolidate auth routes, use controller pattern
* refactor: code cleanup
* feat: migrate data to first user (#26)
* refactor: use /api for auth routes
* fix: use user id instead of username
* feat: migrate data to first user on register
* fix: fix social login routes after refactor (#27)
* refactor: use /api for auth routes
* fix: use user id instead of username
* feat: migrate data to first user on register
* fix: fix social login routes
* fix: issue with auto-login when logging out then logging in with new browser window (#28)
* refactor: use /api for auth routes
* fix: use user id instead of username
* feat: migrate data to first user on register
* fix: fix social login routes
* fix: fix issue with auto-login in new tab
* doc: Update README and .env.example files with user system information (#29)
* refactor: use /api for auth routes
* fix: use user id instead of username
* feat: migrate data to first user on register
* fix: fix social login routes
* fix: fix issue with auto-login in new tab
* doc: update README and .env.example files
* Fixup: LOCAL_INSTALL.md PS instructions (#200) (#30)
Co-authored-by: alfredo-f <alfredo.fomitchenko@mail.polimi.it>
* feat: send user with completion to protect against abuse (#31)
* Fixup: LOCAL_INSTALL.md PS instructions (#200)
* server-side JWT auth implementation
* move oauth routes and strategies, fix bugs
* backend modifications for wiring up the frontend login and reg forms
* Add frontend data services for login and registration
* Add login and registration forms
* Implment auth context, functional client side auth
* protect routes with jwt auth
* finish local strategy (using local storage)
* Start setting up google auth
* disable token refresh, remove old auth middleware
* refactor client, add ApiErrorBoundary context
* disable google and facebook strategies
* fix: fix presets not displaying specific to user
* fix: fix issue with browser refresh
* fix: casing issue with User.js (#11)
* delete user.js to be renamed
* fix: fix casing issue with User.js
* comment out api error watcher temporarily
* feat: add google auth social login
* fix: make google login url dynamic based on dev/prod
* fix: bug where UI is briefly displayed before redirecting to login
* fix: fix cookie expires value for local auth
* Only load google strategy if client id and secret are provided
* Update .env.example files with new params
* fix issue with not redirecting to register form
* only show google login button if value is set in .env
* cleanup log messages
* Add label to button for google login on login form
* doc: fix client/server url values in .env.example
* feat: add error message details to registration failure
* Restore preventing paste on confirm password
* auto-login user after registering
* feat: forgot password (#24)
* make login/reg pages look like openai's
* add password reset data services
* new form designs similar to openai, add password reset pages
* add api's for password reset
* email utils for password reset
* remove bcrypt salt rounds from process.env
* refactor: restructure api auth code, consolidate routes (#25)
* add api's for password reset
* remove bcrypt salt rounds from process.env
* refactor: consolidate auth routes, use controller pattern
* refactor: code cleanup
* feat: migrate data to first user (#26)
* refactor: use /api for auth routes
* fix: use user id instead of username
* feat: migrate data to first user on register
* fix: fix social login routes after refactor (#27)
* refactor: use /api for auth routes
* fix: use user id instead of username
* feat: migrate data to first user on register
* fix: fix social login routes
* fix: issue with auto-login when logging out then logging in with new browser window (#28)
* refactor: use /api for auth routes
* fix: use user id instead of username
* feat: migrate data to first user on register
* fix: fix social login routes
* fix: fix issue with auto-login in new tab
* doc: Update README and .env.example files with user system information (#29)
* refactor: use /api for auth routes
* fix: use user id instead of username
* feat: migrate data to first user on register
* fix: fix social login routes
* fix: fix issue with auto-login in new tab
* doc: update README and .env.example files
* Send user id to openai to protect against abuse
* add meilisearch to gitignore
* Remove webpack
---------
Co-authored-by: alfredo-f <alfredo.fomitchenko@mail.polimi.it>
---------
Co-authored-by: Danny Avila <110412045+danny-avila@users.noreply.github.com>
Co-authored-by: Alfredo Fomitchenko <alfredo.fomitchenko@mail.polimi.it>
2023-05-07 10:04:51 -07:00
|
|
|
const router = express.Router();
|
2023-03-14 01:24:43 +08:00
|
|
|
|
2024-06-21 07:14:53 -07:00
|
|
|
const ldapAuth = !!process.env.LDAP_URL && !!process.env.LDAP_USER_SEARCH_BASE;
|
feat: Auth and User System (#205)
* server-side JWT auth implementation
* move oauth routes and strategies, fix bugs
* backend modifications for wiring up the frontend login and reg forms
* Add frontend data services for login and registration
* Add login and registration forms
* Implment auth context, functional client side auth
* protect routes with jwt auth
* finish local strategy (using local storage)
* Start setting up google auth
* disable token refresh, remove old auth middleware
* refactor client, add ApiErrorBoundary context
* disable google and facebook strategies
* fix: fix presets not displaying specific to user
* fix: fix issue with browser refresh
* fix: casing issue with User.js (#11)
* delete user.js to be renamed
* fix: fix casing issue with User.js
* comment out api error watcher temporarily
* fix: issue with api error watcher (#12)
* delete user.js to be renamed
* fix: fix casing issue with User.js
* comment out api error watcher temporarily
* feat: add google auth social login
* fix: make google login url dynamic based on dev/prod
* fix: bug where UI is briefly displayed before redirecting to login
* fix: fix cookie expires value for local auth
* Update README.md
* Update LOCAL_INSTALL structure
* Add local testing instructions
* Only load google strategy if client id and secret are provided
* Update .env.example files with new params
* fix issue with not redirecting to register form
* only show google login button if value is set in .env
* cleanup log messages
* Add label to button for google login on login form
* doc: fix client/server url values in .env.example
* feat: add error message details to registration failure
* Restore preventing paste on confirm password
* auto-login user after registering
* feat: forgot password (#24)
* make login/reg pages look like openai's
* add password reset data services
* new form designs similar to openai, add password reset pages
* add api's for password reset
* email utils for password reset
* remove bcrypt salt rounds from process.env
* refactor: restructure api auth code, consolidate routes (#25)
* add api's for password reset
* remove bcrypt salt rounds from process.env
* refactor: consolidate auth routes, use controller pattern
* refactor: code cleanup
* feat: migrate data to first user (#26)
* refactor: use /api for auth routes
* fix: use user id instead of username
* feat: migrate data to first user on register
* fix: fix social login routes after refactor (#27)
* refactor: use /api for auth routes
* fix: use user id instead of username
* feat: migrate data to first user on register
* fix: fix social login routes
* fix: issue with auto-login when logging out then logging in with new browser window (#28)
* refactor: use /api for auth routes
* fix: use user id instead of username
* feat: migrate data to first user on register
* fix: fix social login routes
* fix: fix issue with auto-login in new tab
* doc: Update README and .env.example files with user system information (#29)
* refactor: use /api for auth routes
* fix: use user id instead of username
* feat: migrate data to first user on register
* fix: fix social login routes
* fix: fix issue with auto-login in new tab
* doc: update README and .env.example files
* Fixup: LOCAL_INSTALL.md PS instructions (#200) (#30)
Co-authored-by: alfredo-f <alfredo.fomitchenko@mail.polimi.it>
* feat: send user with completion to protect against abuse (#31)
* Fixup: LOCAL_INSTALL.md PS instructions (#200)
* server-side JWT auth implementation
* move oauth routes and strategies, fix bugs
* backend modifications for wiring up the frontend login and reg forms
* Add frontend data services for login and registration
* Add login and registration forms
* Implment auth context, functional client side auth
* protect routes with jwt auth
* finish local strategy (using local storage)
* Start setting up google auth
* disable token refresh, remove old auth middleware
* refactor client, add ApiErrorBoundary context
* disable google and facebook strategies
* fix: fix presets not displaying specific to user
* fix: fix issue with browser refresh
* fix: casing issue with User.js (#11)
* delete user.js to be renamed
* fix: fix casing issue with User.js
* comment out api error watcher temporarily
* feat: add google auth social login
* fix: make google login url dynamic based on dev/prod
* fix: bug where UI is briefly displayed before redirecting to login
* fix: fix cookie expires value for local auth
* Only load google strategy if client id and secret are provided
* Update .env.example files with new params
* fix issue with not redirecting to register form
* only show google login button if value is set in .env
* cleanup log messages
* Add label to button for google login on login form
* doc: fix client/server url values in .env.example
* feat: add error message details to registration failure
* Restore preventing paste on confirm password
* auto-login user after registering
* feat: forgot password (#24)
* make login/reg pages look like openai's
* add password reset data services
* new form designs similar to openai, add password reset pages
* add api's for password reset
* email utils for password reset
* remove bcrypt salt rounds from process.env
* refactor: restructure api auth code, consolidate routes (#25)
* add api's for password reset
* remove bcrypt salt rounds from process.env
* refactor: consolidate auth routes, use controller pattern
* refactor: code cleanup
* feat: migrate data to first user (#26)
* refactor: use /api for auth routes
* fix: use user id instead of username
* feat: migrate data to first user on register
* fix: fix social login routes after refactor (#27)
* refactor: use /api for auth routes
* fix: use user id instead of username
* feat: migrate data to first user on register
* fix: fix social login routes
* fix: issue with auto-login when logging out then logging in with new browser window (#28)
* refactor: use /api for auth routes
* fix: use user id instead of username
* feat: migrate data to first user on register
* fix: fix social login routes
* fix: fix issue with auto-login in new tab
* doc: Update README and .env.example files with user system information (#29)
* refactor: use /api for auth routes
* fix: use user id instead of username
* feat: migrate data to first user on register
* fix: fix social login routes
* fix: fix issue with auto-login in new tab
* doc: update README and .env.example files
* Send user id to openai to protect against abuse
* add meilisearch to gitignore
* Remove webpack
---------
Co-authored-by: alfredo-f <alfredo.fomitchenko@mail.polimi.it>
---------
Co-authored-by: Danny Avila <110412045+danny-avila@users.noreply.github.com>
Co-authored-by: Alfredo Fomitchenko <alfredo.fomitchenko@mail.polimi.it>
2023-05-07 10:04:51 -07:00
|
|
|
//Local
|
|
|
|
|
router.post('/logout', requireJwtAuth, logoutController);
|
2024-05-29 14:46:20 -07:00
|
|
|
router.post(
|
|
|
|
|
'/login',
|
|
|
|
|
loginLimiter,
|
|
|
|
|
checkBan,
|
|
|
|
|
ldapAuth ? requireLdapAuth : requireLocalAuth,
|
|
|
|
|
loginController,
|
|
|
|
|
);
|
2023-09-11 13:10:46 -04:00
|
|
|
router.post('/refresh', refreshController);
|
2024-08-18 06:23:38 +02:00
|
|
|
router.post(
|
|
|
|
|
'/register',
|
|
|
|
|
registerLimiter,
|
|
|
|
|
checkBan,
|
|
|
|
|
checkInviteUser,
|
|
|
|
|
validateRegistration,
|
|
|
|
|
registrationController,
|
|
|
|
|
);
|
2024-06-06 17:39:36 +02:00
|
|
|
router.post(
|
|
|
|
|
'/requestPasswordReset',
|
2024-06-07 21:06:47 +02:00
|
|
|
resetPasswordLimiter,
|
2024-06-06 17:39:36 +02:00
|
|
|
checkBan,
|
|
|
|
|
validatePasswordReset,
|
|
|
|
|
resetPasswordRequestController,
|
|
|
|
|
);
|
|
|
|
|
router.post('/resetPassword', checkBan, validatePasswordReset, resetPasswordController);
|
2023-03-14 01:24:43 +08:00
|
|
|
|
2025-02-18 01:09:36 +01:00
|
|
|
router.get('/2fa/enable', requireJwtAuth, enable2FAController);
|
|
|
|
|
router.post('/2fa/verify', requireJwtAuth, verify2FAController);
|
|
|
|
|
router.post('/2fa/verify-temp', checkBan, verify2FA);
|
|
|
|
|
router.post('/2fa/confirm', requireJwtAuth, confirm2FAController);
|
|
|
|
|
router.post('/2fa/disable', requireJwtAuth, disable2FAController);
|
|
|
|
|
router.post('/2fa/backup/regenerate', requireJwtAuth, regenerateBackupCodesController);
|
|
|
|
|
|
feat: Auth and User System (#205)
* server-side JWT auth implementation
* move oauth routes and strategies, fix bugs
* backend modifications for wiring up the frontend login and reg forms
* Add frontend data services for login and registration
* Add login and registration forms
* Implment auth context, functional client side auth
* protect routes with jwt auth
* finish local strategy (using local storage)
* Start setting up google auth
* disable token refresh, remove old auth middleware
* refactor client, add ApiErrorBoundary context
* disable google and facebook strategies
* fix: fix presets not displaying specific to user
* fix: fix issue with browser refresh
* fix: casing issue with User.js (#11)
* delete user.js to be renamed
* fix: fix casing issue with User.js
* comment out api error watcher temporarily
* fix: issue with api error watcher (#12)
* delete user.js to be renamed
* fix: fix casing issue with User.js
* comment out api error watcher temporarily
* feat: add google auth social login
* fix: make google login url dynamic based on dev/prod
* fix: bug where UI is briefly displayed before redirecting to login
* fix: fix cookie expires value for local auth
* Update README.md
* Update LOCAL_INSTALL structure
* Add local testing instructions
* Only load google strategy if client id and secret are provided
* Update .env.example files with new params
* fix issue with not redirecting to register form
* only show google login button if value is set in .env
* cleanup log messages
* Add label to button for google login on login form
* doc: fix client/server url values in .env.example
* feat: add error message details to registration failure
* Restore preventing paste on confirm password
* auto-login user after registering
* feat: forgot password (#24)
* make login/reg pages look like openai's
* add password reset data services
* new form designs similar to openai, add password reset pages
* add api's for password reset
* email utils for password reset
* remove bcrypt salt rounds from process.env
* refactor: restructure api auth code, consolidate routes (#25)
* add api's for password reset
* remove bcrypt salt rounds from process.env
* refactor: consolidate auth routes, use controller pattern
* refactor: code cleanup
* feat: migrate data to first user (#26)
* refactor: use /api for auth routes
* fix: use user id instead of username
* feat: migrate data to first user on register
* fix: fix social login routes after refactor (#27)
* refactor: use /api for auth routes
* fix: use user id instead of username
* feat: migrate data to first user on register
* fix: fix social login routes
* fix: issue with auto-login when logging out then logging in with new browser window (#28)
* refactor: use /api for auth routes
* fix: use user id instead of username
* feat: migrate data to first user on register
* fix: fix social login routes
* fix: fix issue with auto-login in new tab
* doc: Update README and .env.example files with user system information (#29)
* refactor: use /api for auth routes
* fix: use user id instead of username
* feat: migrate data to first user on register
* fix: fix social login routes
* fix: fix issue with auto-login in new tab
* doc: update README and .env.example files
* Fixup: LOCAL_INSTALL.md PS instructions (#200) (#30)
Co-authored-by: alfredo-f <alfredo.fomitchenko@mail.polimi.it>
* feat: send user with completion to protect against abuse (#31)
* Fixup: LOCAL_INSTALL.md PS instructions (#200)
* server-side JWT auth implementation
* move oauth routes and strategies, fix bugs
* backend modifications for wiring up the frontend login and reg forms
* Add frontend data services for login and registration
* Add login and registration forms
* Implment auth context, functional client side auth
* protect routes with jwt auth
* finish local strategy (using local storage)
* Start setting up google auth
* disable token refresh, remove old auth middleware
* refactor client, add ApiErrorBoundary context
* disable google and facebook strategies
* fix: fix presets not displaying specific to user
* fix: fix issue with browser refresh
* fix: casing issue with User.js (#11)
* delete user.js to be renamed
* fix: fix casing issue with User.js
* comment out api error watcher temporarily
* feat: add google auth social login
* fix: make google login url dynamic based on dev/prod
* fix: bug where UI is briefly displayed before redirecting to login
* fix: fix cookie expires value for local auth
* Only load google strategy if client id and secret are provided
* Update .env.example files with new params
* fix issue with not redirecting to register form
* only show google login button if value is set in .env
* cleanup log messages
* Add label to button for google login on login form
* doc: fix client/server url values in .env.example
* feat: add error message details to registration failure
* Restore preventing paste on confirm password
* auto-login user after registering
* feat: forgot password (#24)
* make login/reg pages look like openai's
* add password reset data services
* new form designs similar to openai, add password reset pages
* add api's for password reset
* email utils for password reset
* remove bcrypt salt rounds from process.env
* refactor: restructure api auth code, consolidate routes (#25)
* add api's for password reset
* remove bcrypt salt rounds from process.env
* refactor: consolidate auth routes, use controller pattern
* refactor: code cleanup
* feat: migrate data to first user (#26)
* refactor: use /api for auth routes
* fix: use user id instead of username
* feat: migrate data to first user on register
* fix: fix social login routes after refactor (#27)
* refactor: use /api for auth routes
* fix: use user id instead of username
* feat: migrate data to first user on register
* fix: fix social login routes
* fix: issue with auto-login when logging out then logging in with new browser window (#28)
* refactor: use /api for auth routes
* fix: use user id instead of username
* feat: migrate data to first user on register
* fix: fix social login routes
* fix: fix issue with auto-login in new tab
* doc: Update README and .env.example files with user system information (#29)
* refactor: use /api for auth routes
* fix: use user id instead of username
* feat: migrate data to first user on register
* fix: fix social login routes
* fix: fix issue with auto-login in new tab
* doc: update README and .env.example files
* Send user id to openai to protect against abuse
* add meilisearch to gitignore
* Remove webpack
---------
Co-authored-by: alfredo-f <alfredo.fomitchenko@mail.polimi.it>
---------
Co-authored-by: Danny Avila <110412045+danny-avila@users.noreply.github.com>
Co-authored-by: Alfredo Fomitchenko <alfredo.fomitchenko@mail.polimi.it>
2023-05-07 10:04:51 -07:00
|
|
|
module.exports = router;
|