LibreChat/api/server/middleware/optionalJwtAuth.js

const cookies = require('cookie');
const passport = require('passport');
const { isEnabled } = require('@librechat/api');

// This middleware does not require authentication,
// but if the user is authenticated, it will set the user object.
const optionalJwtAuth = (req, res, next) => {
  const cookieHeader = req.headers.cookie;
  const tokenProvider = cookieHeader ? cookies.parse(cookieHeader).token_provider : null;
  const callback = (err, user) => {
    if (err) {
      return next(err);
    }
    if (user) {
      req.user = user;
    }
    next();
  };
  if (tokenProvider === 'openid' && isEnabled(process.env.OPENID_REUSE_TOKENS)) {
    return passport.authenticate('openidJwt', { session: false }, callback)(req, res, next);
  }
  passport.authenticate('jwt', { session: false }, callback)(req, res, next);
};

module.exports = optionalJwtAuth;
️⃣ feat: Reuse OpenID Auth Tokens (#7397) feat: integrate OpenID Connect support with token reuse - Added `jwks-rsa` and `new-openid-client` dependencies for OpenID Connect functionality. - Implemented OpenID token refresh logic in `AuthController`. - Enhanced `LogoutController` to handle OpenID logout and session termination. - Updated JWT authentication middleware to support OpenID token provider. - Modified OAuth routes to accommodate OpenID authentication and token management. - Created `setOpenIDAuthTokens` function to manage OpenID tokens in cookies. - Upgraded OpenID strategy with user info fetching and token exchange protocol. - Introduced `openIdJwtLogin` strategy for handling OpenID JWT tokens. - Added caching mechanism for exchanged OpenID tokens. - Updated configuration to include OpenID exchanged tokens cache key. - updated .env.example to include the new env variables needed for the feature. * fix: update return type in downloadImage documentation for clarity and fixed openIdJwtLogin env variables * fix: update Jest configuration and tests for OpenID strategy integration * fix: update OpenID strategy to include callback URL in setup * fix: fix optionalJwtAuth middleware to support OpenID token reuse and improve currentUrl method in CustomOpenIDStrategy to override the dynamic host issue related to proxy (e.g. cloudfront) * fix: fixed code formatting * Fix: Add mocks for openid-client and passport strategy in Jest configuration to fix unit tests * fix eslint errors: Format mock file openid-client. * ✨ feat: Add PKCE support for OpenID and default handling in strategy setup --------- Co-authored-by: Atef Bellaaj <slalom.bellaaj@external.daimlertruck.com> Co-authored-by: Ruben Talstra <RubenTalstra1211@outlook.com> 2025-05-22 14:19:24 +02:00			`const cookies = require('cookie');`
🚀 feat: Banner (#3952) * feat: Add banner schema and model * feat: Add optional JwtAuth To handle the conditional logic with and without authentication within the model. * feat: Add an endpoint to retrieve a banner * feat: Add implementation for client to use banner and access API * feat: Display a banner on UI * feat: Script for updating and deleting banners * style: Update banner style * fix: Adjust the height when the banner is displayed * fix: failed specs 2024-09-11 06:34:25 -07:00			`const passport = require('passport');`
🧹 chore: Cleanup Logger and Utility Imports (#9935) * 🧹 chore: Update logger imports to use @librechat/data-schemas across multiple files and remove unused sleep function from queue.js (#9930) * chore: Replace local isEnabled utility with @librechat/api import across multiple files, update test files * chore: Replace local logger import with @librechat/data-schemas logger in countTokens.js and fork.js * chore: Update logs volume path in docker-compose.yml to correct directory * chore: import order of isEnabled in static.js 2025-10-01 23:30:47 -04:00			`const { isEnabled } = require('@librechat/api');`
🚀 feat: Banner (#3952) * feat: Add banner schema and model * feat: Add optional JwtAuth To handle the conditional logic with and without authentication within the model. * feat: Add an endpoint to retrieve a banner * feat: Add implementation for client to use banner and access API * feat: Display a banner on UI * feat: Script for updating and deleting banners * style: Update banner style * fix: Adjust the height when the banner is displayed * fix: failed specs 2024-09-11 06:34:25 -07:00
			`// This middleware does not require authentication,`
			`// but if the user is authenticated, it will set the user object.`
			`const optionalJwtAuth = (req, res, next) => {`
️⃣ feat: Reuse OpenID Auth Tokens (#7397) feat: integrate OpenID Connect support with token reuse - Added `jwks-rsa` and `new-openid-client` dependencies for OpenID Connect functionality. - Implemented OpenID token refresh logic in `AuthController`. - Enhanced `LogoutController` to handle OpenID logout and session termination. - Updated JWT authentication middleware to support OpenID token provider. - Modified OAuth routes to accommodate OpenID authentication and token management. - Created `setOpenIDAuthTokens` function to manage OpenID tokens in cookies. - Upgraded OpenID strategy with user info fetching and token exchange protocol. - Introduced `openIdJwtLogin` strategy for handling OpenID JWT tokens. - Added caching mechanism for exchanged OpenID tokens. - Updated configuration to include OpenID exchanged tokens cache key. - updated .env.example to include the new env variables needed for the feature. * fix: update return type in downloadImage documentation for clarity and fixed openIdJwtLogin env variables * fix: update Jest configuration and tests for OpenID strategy integration * fix: update OpenID strategy to include callback URL in setup * fix: fix optionalJwtAuth middleware to support OpenID token reuse and improve currentUrl method in CustomOpenIDStrategy to override the dynamic host issue related to proxy (e.g. cloudfront) * fix: fixed code formatting * Fix: Add mocks for openid-client and passport strategy in Jest configuration to fix unit tests * fix eslint errors: Format mock file openid-client. * ✨ feat: Add PKCE support for OpenID and default handling in strategy setup --------- Co-authored-by: Atef Bellaaj <slalom.bellaaj@external.daimlertruck.com> Co-authored-by: Ruben Talstra <RubenTalstra1211@outlook.com> 2025-05-22 14:19:24 +02:00			`const cookieHeader = req.headers.cookie;`
			`const tokenProvider = cookieHeader ? cookies.parse(cookieHeader).token_provider : null;`
			`const callback = (err, user) => {`
🚀 feat: Banner (#3952) * feat: Add banner schema and model * feat: Add optional JwtAuth To handle the conditional logic with and without authentication within the model. * feat: Add an endpoint to retrieve a banner * feat: Add implementation for client to use banner and access API * feat: Display a banner on UI * feat: Script for updating and deleting banners * style: Update banner style * fix: Adjust the height when the banner is displayed * fix: failed specs 2024-09-11 06:34:25 -07:00			`if (err) {`
			`return next(err);`
			`}`
			`if (user) {`
			`req.user = user;`
			`}`
			`next();`
️⃣ feat: Reuse OpenID Auth Tokens (#7397) feat: integrate OpenID Connect support with token reuse - Added `jwks-rsa` and `new-openid-client` dependencies for OpenID Connect functionality. - Implemented OpenID token refresh logic in `AuthController`. - Enhanced `LogoutController` to handle OpenID logout and session termination. - Updated JWT authentication middleware to support OpenID token provider. - Modified OAuth routes to accommodate OpenID authentication and token management. - Created `setOpenIDAuthTokens` function to manage OpenID tokens in cookies. - Upgraded OpenID strategy with user info fetching and token exchange protocol. - Introduced `openIdJwtLogin` strategy for handling OpenID JWT tokens. - Added caching mechanism for exchanged OpenID tokens. - Updated configuration to include OpenID exchanged tokens cache key. - updated .env.example to include the new env variables needed for the feature. * fix: update return type in downloadImage documentation for clarity and fixed openIdJwtLogin env variables * fix: update Jest configuration and tests for OpenID strategy integration * fix: update OpenID strategy to include callback URL in setup * fix: fix optionalJwtAuth middleware to support OpenID token reuse and improve currentUrl method in CustomOpenIDStrategy to override the dynamic host issue related to proxy (e.g. cloudfront) * fix: fixed code formatting * Fix: Add mocks for openid-client and passport strategy in Jest configuration to fix unit tests * fix eslint errors: Format mock file openid-client. * ✨ feat: Add PKCE support for OpenID and default handling in strategy setup --------- Co-authored-by: Atef Bellaaj <slalom.bellaaj@external.daimlertruck.com> Co-authored-by: Ruben Talstra <RubenTalstra1211@outlook.com> 2025-05-22 14:19:24 +02:00			`};`
			`if (tokenProvider === 'openid' && isEnabled(process.env.OPENID_REUSE_TOKENS)) {`
			`return passport.authenticate('openidJwt', { session: false }, callback)(req, res, next);`
			`}`
			`passport.authenticate('jwt', { session: false }, callback)(req, res, next);`
🚀 feat: Banner (#3952) * feat: Add banner schema and model * feat: Add optional JwtAuth To handle the conditional logic with and without authentication within the model. * feat: Add an endpoint to retrieve a banner * feat: Add implementation for client to use banner and access API * feat: Display a banner on UI * feat: Script for updating and deleting banners * style: Update banner style * fix: Adjust the height when the banner is displayed * fix: failed specs 2024-09-11 06:34:25 -07:00			`};`

			`module.exports = optionalJwtAuth;`