LibreChat/packages/data-schemas/src/methods/key.ts

import { ErrorTypes } from 'librechat-data-provider';
// Note: checkUserKeyExpiry moved to @librechat/api (utils/key.ts) as it's a pure validation utility
import { encrypt, decrypt } from '~/crypto';
import logger from '~/config/winston';

/** Factory function that takes mongoose instance and returns the key methods */
export function createKeyMethods(mongoose: typeof import('mongoose')) {
  /**
   * Retrieves and decrypts the key value for a given user identified by userId and identifier name.
   * @param params - The parameters object
   * @param params.userId - The unique identifier for the user
   * @param params.name - The name associated with the key
   * @returns The decrypted key value
   * @throws Error if the key is not found or if there is a problem during key retrieval
   * @description This function searches for a user's key in the database using their userId and name.
   *              If found, it decrypts the value of the key and returns it. If no key is found, it throws
   *              an error indicating that there is no user key available.
   */
  async function getUserKey(params: { userId: string; name: string }): Promise<string> {
    const { userId, name } = params;
    const Key = mongoose.models.Key;
    const keyValue = (await Key.findOne({ userId, name }).lean()) as {
      value: string;
    } | null;
    if (!keyValue) {
      throw new Error(
        JSON.stringify({
          type: ErrorTypes.NO_USER_KEY,
        }),
      );
    }
    return await decrypt(keyValue.value);
  }

  /**
   * Retrieves, decrypts, and parses the key values for a given user identified by userId and name.
   * @param params - The parameters object
   * @param params.userId - The unique identifier for the user
   * @param params.name - The name associated with the key
   * @returns The decrypted and parsed key values
   * @throws Error if the key is invalid or if there is a problem during key value parsing
   * @description This function retrieves a user's encrypted key using their userId and name, decrypts it,
   *              and then attempts to parse the decrypted string into a JSON object. If the parsing fails,
   *              it throws an error indicating that the user key is invalid.
   */
  async function getUserKeyValues(params: {
    userId: string;
    name: string;
  }): Promise<Record<string, string>> {
    const { userId, name } = params;
    const userValues = await getUserKey({ userId, name });
    try {
      return JSON.parse(userValues) as Record<string, string>;
    } catch (e) {
      logger.error('[getUserKeyValues]', e);
      throw new Error(
        JSON.stringify({
          type: ErrorTypes.INVALID_USER_KEY,
        }),
      );
    }
  }

  /**
   * Retrieves the expiry information of a user's key identified by userId and name.
   * @param params - The parameters object
   * @param params.userId - The unique identifier for the user
   * @param params.name - The name associated with the key
   * @returns The expiry date of the key or null if the key doesn't exist
   * @description This function fetches a user's key from the database using their userId and name and
   *              returns its expiry date. If the key is not found, it returns null for the expiry date.
   */
  async function getUserKeyExpiry(params: {
    userId: string;
    name: string;
  }): Promise<{ expiresAt: Date | 'never' | null }> {
    const { userId, name } = params;
    const Key = mongoose.models.Key;
    const keyValue = (await Key.findOne({ userId, name }).lean()) as {
      expiresAt?: Date;
    } | null;
    if (!keyValue) {
      return { expiresAt: null };
    }
    return { expiresAt: keyValue.expiresAt || 'never' };
  }

  /**
   * Updates or inserts a new key for a given user identified by userId and name, with a specified value and expiry date.
   * @param params - The parameters object
   * @param params.userId - The unique identifier for the user
   * @param params.name - The name associated with the key
   * @param params.value - The value to be encrypted and stored as the key's value
   * @param params.expiresAt - The expiry date for the key [optional]
   * @returns The updated or newly inserted key document
   * @description This function either updates an existing user key or inserts a new one into the database,
   *              after encrypting the provided value. It sets the provided expiry date for the key (or unsets for no expiry).
   */
  async function updateUserKey(params: {
    userId: string;
    name: string;
    value: string;
    expiresAt?: Date | null;
  }): Promise<unknown> {
    const { userId, name, value, expiresAt = null } = params;
    const Key = mongoose.models.Key;
    const encryptedValue = await encrypt(value);
    const updateObject: { userId: string; name: string; value: string; expiresAt?: Date } = {
      userId,
      name,
      value: encryptedValue,
    };
    const updateQuery: { $set: typeof updateObject; $unset?: { expiresAt: string } } = {
      $set: updateObject,
    };
    if (expiresAt) {
      updateObject.expiresAt = new Date(expiresAt);
    } else {
      updateQuery.$unset = { expiresAt: '' };
    }
    return await Key.findOneAndUpdate({ userId, name }, updateQuery, {
      upsert: true,
      new: true,
    }).lean();
  }

  /**
   * Deletes a key or all keys for a given user identified by userId, optionally based on a specified name.
   * @param params - The parameters object
   * @param params.userId - The unique identifier for the user
   * @param params.name - The name associated with the key to delete. If not provided and all is true, deletes all keys
   * @param params.all - Whether to delete all keys for the user
   * @returns The result of the deletion operation
   * @description This function deletes a specific key or all keys for a user from the database.
   *              If a name is provided and all is false, it deletes only the key with that name.
   *              If all is true, it ignores the name and deletes all keys for the user.
   */
  async function deleteUserKey(params: {
    userId: string;
    name?: string;
    all?: boolean;
  }): Promise<unknown> {
    const { userId, name, all = false } = params;
    const Key = mongoose.models.Key;
    if (all) {
      return await Key.deleteMany({ userId });
    }
    return await Key.findOneAndDelete({ userId, name }).lean();
  }

  return {
    getUserKey,
    updateUserKey,
    deleteUserKey,
    getUserKeyValues,
    getUserKeyExpiry,
  };
}

export type KeyMethods = ReturnType<typeof createKeyMethods>;
🧵 refactor: Migrate Endpoint Initialization to TypeScript (#10794) * refactor: move endpoint initialization methods to typescript * refactor: move agent init to packages/api - Introduced `initialize.ts` for agent initialization, including file processing and tool loading. - Updated `resources.ts` to allow optional appConfig parameter. - Enhanced endpoint configuration handling in various initialization files to support model parameters. - Added new artifacts and prompts for React component generation. - Refactored existing code to improve type safety and maintainability. * refactor: streamline endpoint initialization and enhance type safety - Updated initialization functions across various endpoints to use a consistent request structure, replacing `unknown` types with `ServerResponse`. - Simplified request handling by directly extracting keys from the request body. - Improved type safety by ensuring user IDs are safely accessed with optional chaining. - Removed unnecessary parameters and streamlined model options handling for better clarity and maintainability. * refactor: moved ModelService and extractBaseURL to packages/api - Added comprehensive tests for the models fetching functionality, covering scenarios for OpenAI, Anthropic, Google, and Ollama models. - Updated existing endpoint index to include the new models module. - Enhanced utility functions for URL extraction and model data processing. - Improved type safety and error handling across the models fetching logic. * refactor: consolidate utility functions and remove unused files - Merged `deriveBaseURL` and `extractBaseURL` into the `@librechat/api` module for better organization. - Removed redundant utility files and their associated tests to streamline the codebase. - Updated imports across various client files to utilize the new consolidated functions. - Enhanced overall maintainability by reducing the number of utility modules. * refactor: replace ModelService references with direct imports from @librechat/api and remove ModelService file * refactor: move encrypt/decrypt methods and key db methods to data-schemas, use `getProviderConfig` from `@librechat/api` * chore: remove unused 'res' from options in AgentClient * refactor: file model imports and methods - Updated imports in various controllers and services to use the unified file model from '~/models' instead of '~/models/File'. - Consolidated file-related methods into a new file methods module in the data-schemas package. - Added comprehensive tests for file methods including creation, retrieval, updating, and deletion. - Enhanced the initializeAgent function to accept dependency injection for file-related methods. - Improved error handling and logging in file methods. * refactor: streamline database method references in agent initialization * refactor: enhance file method tests and update type references to IMongoFile * refactor: consolidate database method imports in agent client and initialization * chore: remove redundant import of initializeAgent from @librechat/api * refactor: move checkUserKeyExpiry utility to @librechat/api and update references across endpoints * refactor: move updateUserPlugins logic to user.ts and simplify UserController * refactor: update imports for user key management and remove UserService * refactor: remove unused Anthropics and Bedrock endpoint files and clean up imports * refactor: consolidate and update encryption imports across various files to use @librechat/data-schemas * chore: update file model mock to use unified import from '~/models' * chore: import order * refactor: remove migrated to TS agent.js file and its associated logic from the endpoints * chore: add reusable function to extract imports from source code in unused-packages workflow * chore: enhance unused-packages workflow to include @librechat/api dependencies and improve dependency extraction * chore: improve dependency extraction in unused-packages workflow with enhanced error handling and debugging output * chore: add detailed debugging output to unused-packages workflow for better visibility into unused dependencies and exclusion lists * chore: refine subpath handling in unused-packages workflow to correctly process scoped and non-scoped package imports * chore: clean up unused debug output in unused-packages workflow and reorganize type imports in initialize.ts 2025-12-03 17:21:41 -05:00			`import { ErrorTypes } from 'librechat-data-provider';`
			`// Note: checkUserKeyExpiry moved to @librechat/api (utils/key.ts) as it's a pure validation utility`
			`import { encrypt, decrypt } from '~/crypto';`
			`import logger from '~/config/winston';`

			`/** Factory function that takes mongoose instance and returns the key methods */`
			`export function createKeyMethods(mongoose: typeof import('mongoose')) {`
			`/**`
			`* Retrieves and decrypts the key value for a given user identified by userId and identifier name.`
			`* @param params - The parameters object`
			`* @param params.userId - The unique identifier for the user`
			`* @param params.name - The name associated with the key`
			`* @returns The decrypted key value`
			`* @throws Error if the key is not found or if there is a problem during key retrieval`
			`* @description This function searches for a user's key in the database using their userId and name.`
			`* If found, it decrypts the value of the key and returns it. If no key is found, it throws`
			`* an error indicating that there is no user key available.`
			`*/`
			`async function getUserKey(params: { userId: string; name: string }): Promise<string> {`
			`const { userId, name } = params;`
			`const Key = mongoose.models.Key;`
			`const keyValue = (await Key.findOne({ userId, name }).lean()) as {`
			`value: string;`
			`} \| null;`
			`if (!keyValue) {`
			`throw new Error(`
			`JSON.stringify({`
			`type: ErrorTypes.NO_USER_KEY,`
			`}),`
			`);`
			`}`
			`return await decrypt(keyValue.value);`
			`}`

			`/**`
			`* Retrieves, decrypts, and parses the key values for a given user identified by userId and name.`
			`* @param params - The parameters object`
			`* @param params.userId - The unique identifier for the user`
			`* @param params.name - The name associated with the key`
			`* @returns The decrypted and parsed key values`
			`* @throws Error if the key is invalid or if there is a problem during key value parsing`
			`* @description This function retrieves a user's encrypted key using their userId and name, decrypts it,`
			`* and then attempts to parse the decrypted string into a JSON object. If the parsing fails,`
			`* it throws an error indicating that the user key is invalid.`
			`*/`
			`async function getUserKeyValues(params: {`
			`userId: string;`
			`name: string;`
			`}): Promise<Record<string, string>> {`
			`const { userId, name } = params;`
			`const userValues = await getUserKey({ userId, name });`
			`try {`
			`return JSON.parse(userValues) as Record<string, string>;`
			`} catch (e) {`
			`logger.error('[getUserKeyValues]', e);`
			`throw new Error(`
			`JSON.stringify({`
			`type: ErrorTypes.INVALID_USER_KEY,`
			`}),`
			`);`
			`}`
			`}`

			`/**`
			`* Retrieves the expiry information of a user's key identified by userId and name.`
			`* @param params - The parameters object`
			`* @param params.userId - The unique identifier for the user`
			`* @param params.name - The name associated with the key`
			`* @returns The expiry date of the key or null if the key doesn't exist`
			`* @description This function fetches a user's key from the database using their userId and name and`
			`* returns its expiry date. If the key is not found, it returns null for the expiry date.`
			`*/`
			`async function getUserKeyExpiry(params: {`
			`userId: string;`
			`name: string;`
			`}): Promise<{ expiresAt: Date \| 'never' \| null }> {`
			`const { userId, name } = params;`
			`const Key = mongoose.models.Key;`
			`const keyValue = (await Key.findOne({ userId, name }).lean()) as {`
			`expiresAt?: Date;`
			`} \| null;`
			`if (!keyValue) {`
			`return { expiresAt: null };`
			`}`
			`return { expiresAt: keyValue.expiresAt \|\| 'never' };`
			`}`

			`/**`
			`* Updates or inserts a new key for a given user identified by userId and name, with a specified value and expiry date.`
			`* @param params - The parameters object`
			`* @param params.userId - The unique identifier for the user`
			`* @param params.name - The name associated with the key`
			`* @param params.value - The value to be encrypted and stored as the key's value`
			`* @param params.expiresAt - The expiry date for the key [optional]`
			`* @returns The updated or newly inserted key document`
			`* @description This function either updates an existing user key or inserts a new one into the database,`
			`* after encrypting the provided value. It sets the provided expiry date for the key (or unsets for no expiry).`
			`*/`
			`async function updateUserKey(params: {`
			`userId: string;`
			`name: string;`
			`value: string;`
			`expiresAt?: Date \| null;`
			`}): Promise<unknown> {`
			`const { userId, name, value, expiresAt = null } = params;`
			`const Key = mongoose.models.Key;`
			`const encryptedValue = await encrypt(value);`
			`const updateObject: { userId: string; name: string; value: string; expiresAt?: Date } = {`
			`userId,`
			`name,`
			`value: encryptedValue,`
			`};`
			`const updateQuery: { $set: typeof updateObject; $unset?: { expiresAt: string } } = {`
			`$set: updateObject,`
			`};`
			`if (expiresAt) {`
			`updateObject.expiresAt = new Date(expiresAt);`
			`} else {`
			`updateQuery.$unset = { expiresAt: '' };`
			`}`
			`return await Key.findOneAndUpdate({ userId, name }, updateQuery, {`
			`upsert: true,`
			`new: true,`
			`}).lean();`
			`}`

			`/**`
			`* Deletes a key or all keys for a given user identified by userId, optionally based on a specified name.`
			`* @param params - The parameters object`
			`* @param params.userId - The unique identifier for the user`
			`* @param params.name - The name associated with the key to delete. If not provided and all is true, deletes all keys`
			`* @param params.all - Whether to delete all keys for the user`
			`* @returns The result of the deletion operation`
			`* @description This function deletes a specific key or all keys for a user from the database.`
			`* If a name is provided and all is false, it deletes only the key with that name.`
			`* If all is true, it ignores the name and deletes all keys for the user.`
			`*/`
			`async function deleteUserKey(params: {`
			`userId: string;`
			`name?: string;`
			`all?: boolean;`
			`}): Promise<unknown> {`
			`const { userId, name, all = false } = params;`
			`const Key = mongoose.models.Key;`
			`if (all) {`
			`return await Key.deleteMany({ userId });`
			`}`
			`return await Key.findOneAndDelete({ userId, name }).lean();`
			`}`

			`return {`
			`getUserKey,`
			`updateUserKey,`
			`deleteUserKey,`
			`getUserKeyValues,`
			`getUserKeyExpiry,`
			`};`
			`}`

			`export type KeyMethods = ReturnType<typeof createKeyMethods>;`