LibreChat/api/server/middleware/validate/convoAccess.js

const { isEnabled } = require('@librechat/api');
const { Constants, ViolationTypes, Time } = require('librechat-data-provider');
const { searchConversation } = require('~/models/Conversation');
const denyRequest = require('~/server/middleware/denyRequest');
const { logViolation, getLogStores } = require('~/cache');

const { USE_REDIS, CONVO_ACCESS_VIOLATION_SCORE: score = 0 } = process.env ?? {};

/**
 * Middleware to validate user's authorization for a conversation.
 *
 * This middleware checks if a user has the right to access a specific conversation.
 * If the user doesn't have access, an error is returned. If the conversation doesn't exist,
 * a not found error is returned. If the access is valid, the middleware allows the request to proceed.
 * If the `cache` store is not available, the middleware will skip its logic.
 *
 * @function
 * @param {ServerRequest} req - Express request object containing user information.
 * @param {Express.Response} res - Express response object.
 * @param {function} next - Express next middleware function.
 * @throws {Error} Throws an error if the user doesn't have access to the conversation.
 */
const validateConvoAccess = async (req, res, next) => {
  const namespace = ViolationTypes.CONVO_ACCESS;
  const cache = getLogStores(namespace);

  const conversationId = req.body.conversationId;

  if (!conversationId || conversationId === Constants.NEW_CONVO) {
    return next();
  }

  const userId = req.user?.id ?? req.user?._id ?? '';
  const type = ViolationTypes.CONVO_ACCESS;
  const key = `${isEnabled(USE_REDIS) ? namespace : ''}:${userId}:${conversationId}`;

  try {
    if (cache) {
      const cachedAccess = await cache.get(key);
      if (cachedAccess === 'authorized') {
        return next();
      }
    }

    const conversation = await searchConversation(conversationId);

    if (!conversation) {
      return next();
    }

    if (conversation.user !== userId) {
      const errorMessage = {
        type,
        error: 'User not authorized for this conversation',
      };

      if (cache) {
        await logViolation(req, res, type, errorMessage, score);
      }
      return await denyRequest(req, res, errorMessage);
    }

    if (cache) {
      await cache.set(key, 'authorized', Time.TEN_MINUTES);
    }
    next();
  } catch (error) {
    console.error('Error validating conversation access:', error);
    res.status(500).json({ error: 'Internal server error' });
  }
};

module.exports = validateConvoAccess;
🪐 refactor: Migrate Share Functionality to Type-Safe Methods (#7903) * chore: Update import for isEnabled utility in convoAccess middleware * refactor: Migrate Share functionality to new methods structure in `@librechat/data-schemas` - Deleted the old Share.js model and moved its functionality to a new share.ts file within the data-schemas package. - Updated imports across the codebase to reflect the new structure. - Enhanced error handling and logging in shared link operations. - Introduced TypeScript types for shared links and related operations to improve type safety and maintainability. * chore: Update promptGroupSchema validation with typing * fix: error handling and logging in createSharedLink * fix: don't allow empty shared link or shared link without messages * ci: add tests for shared link methods * chore: Bump version of @librechat/data-schemas to 0.0.9 in package.json and package-lock.json * chore: Add nanoid as peer dependency - Introduced `nanoid` as a dependency in `package.json` and `package-lock.json`. - Replaced UUID generation with `nanoid` for creating unique conversation and message IDs in share methods tests. 2025-06-14 11:24:30 -04:00			`const { isEnabled } = require('@librechat/api');`
🛂 feat: Added Security for Conversation Access (#3588) * 🛂 feat: Added Security for Conversation Access * refactor: Update concurrentLimiter and convoAccess middleware to use isEnabled function for Redis check * refactor: handle access check even if cache is not available (edge case) 2024-08-08 12:14:00 -04:00			`const { Constants, ViolationTypes, Time } = require('librechat-data-provider');`
🧹 chore: pre-release cleanup 2 (#3600) * refactor: scrollToEnd * fix(validateConvoAccess): search conversation by ID for proper validation * feat: Add unique index for conversationId and user in convoSchema * refactor: Update font sizes 1 rem -> font-size-base in style.css * fix: Assistants map type issues * refactor: Remove obsolete scripts * fix: Update DropdownNoState component to handle both string and OptionType values * refactor: Remove config/loader.js file * fix: remove crypto.randomBytes(); refactor: Create reusable function for generating token and hash 2024-08-09 15:17:13 -04:00			`const { searchConversation } = require('~/models/Conversation');`
🛂 feat: Added Security for Conversation Access (#3588) * 🛂 feat: Added Security for Conversation Access * refactor: Update concurrentLimiter and convoAccess middleware to use isEnabled function for Redis check * refactor: handle access check even if cache is not available (edge case) 2024-08-08 12:14:00 -04:00			`const denyRequest = require('~/server/middleware/denyRequest');`
			`const { logViolation, getLogStores } = require('~/cache');`

			`const { USE_REDIS, CONVO_ACCESS_VIOLATION_SCORE: score = 0 } = process.env ?? {};`

			`/**`
			`* Middleware to validate user's authorization for a conversation.`
			`*`
			`* This middleware checks if a user has the right to access a specific conversation.`
			`* If the user doesn't have access, an error is returned. If the conversation doesn't exist,`
			`* a not found error is returned. If the access is valid, the middleware allows the request to proceed.`
			* If the `cache` store is not available, the middleware will skip its logic.
			`*`
			`* @function`
🛜 refactor: Streamline App Config Usage (#9234) * WIP: app.locals refactoring WIP: appConfig fix: update memory configuration retrieval to use getAppConfig based on user role fix: update comment for AppConfig interface to clarify purpose 🏷️ refactor: Update tests to use getAppConfig for endpoint configurations ci: Update AppService tests to initialize app config instead of app.locals ci: Integrate getAppConfig into remaining tests refactor: Update multer storage destination to use promise-based getAppConfig and improve error handling in tests refactor: Rename initializeAppConfig to setAppConfig and update related tests ci: Mock getAppConfig in various tests to provide default configurations refactor: Update convertMCPToolsToPlugins to use mcpManager for server configuration and adjust related tests chore: rename `Config/getAppConfig` -> `Config/app` fix: streamline OpenAI image tools configuration by removing direct appConfig dependency and using function parameters chore: correct parameter documentation for imageOutputType in ToolService.js refactor: remove `getCustomConfig` dependency in config route refactor: update domain validation to use appConfig for allowed domains refactor: use appConfig registration property chore: remove app parameter from AppService invocation refactor: update AppConfig interface to correct registration and turnstile configurations refactor: remove getCustomConfig dependency and use getAppConfig in PluginController, multer, and MCP services refactor: replace getCustomConfig with getAppConfig in STTService, TTSService, and related files refactor: replace getCustomConfig with getAppConfig in Conversation and Message models, update tempChatRetention functions to use AppConfig type refactor: update getAppConfig calls in Conversation and Message models to include user role for temporary chat expiration ci: update related tests refactor: update getAppConfig call in getCustomConfigSpeech to include user role fix: update appConfig usage to access allowedDomains from actions instead of registration refactor: enhance AppConfig to include fileStrategies and update related file strategy logic refactor: update imports to use normalizeEndpointName from @librechat/api and remove redundant definitions chore: remove deprecated unused RunManager refactor: get balance config primarily from appConfig refactor: remove customConfig dependency for appConfig and streamline loadConfigModels logic refactor: remove getCustomConfig usage and use app config in file citations refactor: consolidate endpoint loading logic into loadEndpoints function refactor: update appConfig access to use endpoints structure across various services refactor: implement custom endpoints configuration and streamline endpoint loading logic refactor: update getAppConfig call to include user role parameter refactor: streamline endpoint configuration and enhance appConfig usage across services refactor: replace getMCPAuthMap with getUserMCPAuthMap and remove unused getCustomConfig file refactor: add type annotation for loadedEndpoints in loadEndpoints function refactor: move /services/Files/images/parse to TS API chore: add missing FILE_CITATIONS permission to IRole interface refactor: restructure toolkits to TS API refactor: separate manifest logic into its own module refactor: consolidate tool loading logic into a new tools module for startup logic refactor: move interface config logic to TS API refactor: migrate checkEmailConfig to TypeScript and update imports refactor: add FunctionTool interface and availableTools to AppConfig refactor: decouple caching and DB operations from AppService, make part of consolidated `getAppConfig` WIP: fix tests * fix: rebase conflicts * refactor: remove app.locals references * refactor: replace getBalanceConfig with getAppConfig in various strategies and middleware * refactor: replace appConfig?.balance with getBalanceConfig in various controllers and clients * test: add balance configuration to titleConvo method in AgentClient tests * chore: remove unused `openai-chat-tokens` package * chore: remove unused imports in initializeMCPs.js * refactor: update balance configuration to use getAppConfig instead of getBalanceConfig * refactor: integrate configMiddleware for centralized configuration handling * refactor: optimize email domain validation by removing unnecessary async calls * refactor: simplify multer storage configuration by removing async calls * refactor: reorder imports for better readability in user.js * refactor: replace getAppConfig calls with req.config for improved performance * chore: replace getAppConfig calls with req.config in tests for centralized configuration handling * chore: remove unused override config * refactor: add configMiddleware to endpoint route and replace getAppConfig with req.config * chore: remove customConfig parameter from TTSService constructor * refactor: pass appConfig from request to processFileCitations for improved configuration handling * refactor: remove configMiddleware from endpoint route and retrieve appConfig directly in getEndpointsConfig if not in `req.config` * test: add mockAppConfig to processFileCitations tests for improved configuration handling * fix: pass req.config to hasCustomUserVars and call without await after synchronous refactor * fix: type safety in useExportConversation * refactor: retrieve appConfig using getAppConfig in PluginController and remove configMiddleware from plugins route, to avoid always retrieving when plugins are cached * chore: change `MongoUser` typedef to `IUser` * fix: Add `user` and `config` fields to ServerRequest and update JSDoc type annotations from Express.Request to ServerRequest * fix: remove unused setAppConfig mock from Server configuration tests 2025-08-26 12:10:18 -04:00			`* @param {ServerRequest} req - Express request object containing user information.`
🛂 feat: Added Security for Conversation Access (#3588) * 🛂 feat: Added Security for Conversation Access * refactor: Update concurrentLimiter and convoAccess middleware to use isEnabled function for Redis check * refactor: handle access check even if cache is not available (edge case) 2024-08-08 12:14:00 -04:00			`* @param {Express.Response} res - Express response object.`
			`* @param {function} next - Express next middleware function.`
			`* @throws {Error} Throws an error if the user doesn't have access to the conversation.`
			`*/`
			`const validateConvoAccess = async (req, res, next) => {`
			`const namespace = ViolationTypes.CONVO_ACCESS;`
			`const cache = getLogStores(namespace);`

			`const conversationId = req.body.conversationId;`

			`if (!conversationId \|\| conversationId === Constants.NEW_CONVO) {`
			`return next();`
			`}`

			`const userId = req.user?.id ?? req.user?._id ?? '';`
			`const type = ViolationTypes.CONVO_ACCESS;`
			const key = `${isEnabled(USE_REDIS) ? namespace : ''}:${userId}:${conversationId}`;

			`try {`
			`if (cache) {`
			`const cachedAccess = await cache.get(key);`
			`if (cachedAccess === 'authorized') {`
			`return next();`
			`}`
			`}`

🧹 chore: pre-release cleanup 2 (#3600) * refactor: scrollToEnd * fix(validateConvoAccess): search conversation by ID for proper validation * feat: Add unique index for conversationId and user in convoSchema * refactor: Update font sizes 1 rem -> font-size-base in style.css * fix: Assistants map type issues * refactor: Remove obsolete scripts * fix: Update DropdownNoState component to handle both string and OptionType values * refactor: Remove config/loader.js file * fix: remove crypto.randomBytes(); refactor: Create reusable function for generating token and hash 2024-08-09 15:17:13 -04:00			`const conversation = await searchConversation(conversationId);`
🛂 feat: Added Security for Conversation Access (#3588) * 🛂 feat: Added Security for Conversation Access * refactor: Update concurrentLimiter and convoAccess middleware to use isEnabled function for Redis check * refactor: handle access check even if cache is not available (edge case) 2024-08-08 12:14:00 -04:00
			`if (!conversation) {`
			`return next();`
			`}`

			`if (conversation.user !== userId) {`
			`const errorMessage = {`
			`type,`
			`error: 'User not authorized for this conversation',`
			`};`

			`if (cache) {`
			`await logViolation(req, res, type, errorMessage, score);`
			`}`
			`return await denyRequest(req, res, errorMessage);`
			`}`

			`if (cache) {`
			`await cache.set(key, 'authorized', Time.TEN_MINUTES);`
			`}`
			`next();`
			`} catch (error) {`
			`console.error('Error validating conversation access:', error);`
			`res.status(500).json({ error: 'Internal server error' });`
			`}`
			`};`

			`module.exports = validateConvoAccess;`