2025-06-14 11:24:30 -04:00
|
|
|
const { isEnabled } = require('@librechat/api');
|
2024-08-08 12:14:00 -04:00
|
|
|
const { Constants, ViolationTypes, Time } = require('librechat-data-provider');
|
|
|
|
|
const denyRequest = require('~/server/middleware/denyRequest');
|
|
|
|
|
const { logViolation, getLogStores } = require('~/cache');
|
📦 refactor: Consolidate DB models, encapsulating Mongoose usage in `data-schemas` (#11830)
* chore: move database model methods to /packages/data-schemas
* chore: add TypeScript ESLint rule to warn on unused variables
* refactor: model imports to streamline access
- Consolidated model imports across various files to improve code organization and reduce redundancy.
- Updated imports for models such as Assistant, Message, Conversation, and others to a unified import path.
- Adjusted middleware and service files to reflect the new import structure, ensuring functionality remains intact.
- Enhanced test files to align with the new import paths, maintaining test coverage and integrity.
* chore: migrate database models to packages/data-schemas and refactor all direct Mongoose Model usage outside of data-schemas
* test: update agent model mocks in unit tests
- Added `getAgent` mock to `client.test.js` to enhance test coverage for agent-related functionality.
- Removed redundant `getAgent` and `getAgents` mocks from `openai.spec.js` and `responses.unit.spec.js` to streamline test setup and reduce duplication.
- Ensured consistency in agent mock implementations across test files.
* fix: update types in data-schemas
* refactor: enhance type definitions in transaction and spending methods
- Updated type definitions in `checkBalance.ts` to use specific request and response types.
- Refined `spendTokens.ts` to utilize a new `SpendTxData` interface for better clarity and type safety.
- Improved transaction handling in `transaction.ts` by introducing `TransactionResult` and `TxData` interfaces, ensuring consistent data structures across methods.
- Adjusted unit tests in `transaction.spec.ts` to accommodate new type definitions and enhance robustness.
* refactor: streamline model imports and enhance code organization
- Consolidated model imports across various controllers and services to a unified import path, improving code clarity and reducing redundancy.
- Updated multiple files to reflect the new import structure, ensuring all functionalities remain intact.
- Enhanced overall code organization by removing duplicate import statements and optimizing the usage of model methods.
* feat: implement loadAddedAgent and refactor agent loading logic
- Introduced `loadAddedAgent` function to handle loading agents from added conversations, supporting multi-convo parallel execution.
- Created a new `load.ts` file to encapsulate agent loading functionalities, including `loadEphemeralAgent` and `loadAgent`.
- Updated the `index.ts` file to export the new `load` module instead of the deprecated `loadAgent`.
- Enhanced type definitions and improved error handling in the agent loading process.
- Adjusted unit tests to reflect changes in the agent loading structure and ensure comprehensive coverage.
* refactor: enhance balance handling with new update interface
- Introduced `IBalanceUpdate` interface to streamline balance update operations across the codebase.
- Updated `upsertBalanceFields` method signatures in `balance.ts`, `transaction.ts`, and related tests to utilize the new interface for improved type safety.
- Adjusted type imports in `balance.spec.ts` to include `IBalanceUpdate`, ensuring consistency in balance management functionalities.
- Enhanced overall code clarity and maintainability by refining type definitions related to balance operations.
* feat: add unit tests for loadAgent functionality and enhance agent loading logic
- Introduced comprehensive unit tests for the `loadAgent` function, covering various scenarios including null and empty agent IDs, loading of ephemeral agents, and permission checks.
- Enhanced the `initializeClient` function by moving `getConvoFiles` to the correct position in the database method exports, ensuring proper functionality.
- Improved test coverage for agent loading, including handling of non-existent agents and user permissions.
* chore: reorder memory method exports for consistency
- Moved `deleteAllUserMemories` to the correct position in the exported memory methods, ensuring a consistent and logical order of method exports in `memory.ts`.
2026-02-17 18:23:44 -05:00
|
|
|
const { searchConversation } = require('~/models');
|
2024-08-08 12:14:00 -04:00
|
|
|
|
|
|
|
|
const { USE_REDIS, CONVO_ACCESS_VIOLATION_SCORE: score = 0 } = process.env ?? {};
|
|
|
|
|
|
2025-12-25 12:59:48 -05:00
|
|
|
/**
|
|
|
|
|
* Helper function to get conversationId from different request body structures.
|
|
|
|
|
* @param {Object} body - The request body.
|
|
|
|
|
* @returns {string|undefined} The conversationId.
|
|
|
|
|
*/
|
|
|
|
|
const getConversationId = (body) => {
|
|
|
|
|
return body.conversationId ?? body.arg?.conversationId;
|
|
|
|
|
};
|
|
|
|
|
|
2024-08-08 12:14:00 -04:00
|
|
|
/**
|
|
|
|
|
* Middleware to validate user's authorization for a conversation.
|
|
|
|
|
*
|
|
|
|
|
* This middleware checks if a user has the right to access a specific conversation.
|
|
|
|
|
* If the user doesn't have access, an error is returned. If the conversation doesn't exist,
|
|
|
|
|
* a not found error is returned. If the access is valid, the middleware allows the request to proceed.
|
|
|
|
|
* If the `cache` store is not available, the middleware will skip its logic.
|
|
|
|
|
*
|
|
|
|
|
* @function
|
2025-08-26 12:10:18 -04:00
|
|
|
* @param {ServerRequest} req - Express request object containing user information.
|
2024-08-08 12:14:00 -04:00
|
|
|
* @param {Express.Response} res - Express response object.
|
|
|
|
|
* @param {function} next - Express next middleware function.
|
|
|
|
|
* @throws {Error} Throws an error if the user doesn't have access to the conversation.
|
|
|
|
|
*/
|
|
|
|
|
const validateConvoAccess = async (req, res, next) => {
|
|
|
|
|
const namespace = ViolationTypes.CONVO_ACCESS;
|
|
|
|
|
const cache = getLogStores(namespace);
|
|
|
|
|
|
2025-12-25 12:59:48 -05:00
|
|
|
const conversationId = getConversationId(req.body);
|
2024-08-08 12:14:00 -04:00
|
|
|
|
|
|
|
|
if (!conversationId || conversationId === Constants.NEW_CONVO) {
|
|
|
|
|
return next();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const userId = req.user?.id ?? req.user?._id ?? '';
|
|
|
|
|
const type = ViolationTypes.CONVO_ACCESS;
|
|
|
|
|
const key = `${isEnabled(USE_REDIS) ? namespace : ''}:${userId}:${conversationId}`;
|
|
|
|
|
|
|
|
|
|
try {
|
|
|
|
|
if (cache) {
|
|
|
|
|
const cachedAccess = await cache.get(key);
|
|
|
|
|
if (cachedAccess === 'authorized') {
|
|
|
|
|
return next();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2024-08-09 15:17:13 -04:00
|
|
|
const conversation = await searchConversation(conversationId);
|
2024-08-08 12:14:00 -04:00
|
|
|
|
|
|
|
|
if (!conversation) {
|
|
|
|
|
return next();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (conversation.user !== userId) {
|
|
|
|
|
const errorMessage = {
|
|
|
|
|
type,
|
|
|
|
|
error: 'User not authorized for this conversation',
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
if (cache) {
|
|
|
|
|
await logViolation(req, res, type, errorMessage, score);
|
|
|
|
|
}
|
|
|
|
|
return await denyRequest(req, res, errorMessage);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (cache) {
|
|
|
|
|
await cache.set(key, 'authorized', Time.TEN_MINUTES);
|
|
|
|
|
}
|
|
|
|
|
next();
|
|
|
|
|
} catch (error) {
|
|
|
|
|
console.error('Error validating conversation access:', error);
|
|
|
|
|
res.status(500).json({ error: 'Internal server error' });
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
module.exports = validateConvoAccess;
|