LibreChat/api/models/User.js

const mongoose = require('mongoose');
const bcrypt = require('bcryptjs');
const jwt = require('jsonwebtoken');
const Joi = require('joi');
const DebugControl = require('../utils/debug.js');

function log({ title, parameters }) {
  DebugControl.log.functionName(title);
  DebugControl.log.parameters(parameters);
}

const Session = mongoose.Schema({
  refreshToken: {
    type: String,
    default: ''
  }
});

const userSchema = mongoose.Schema(
  {
    name: {
      type: String
    },
    username: {
      type: String,
      lowercase: true,
      required: [true, "can't be blank"],
      match: [/^[a-zA-Z0-9_]+$/, 'is invalid'],
      index: true
    },
    email: {
      type: String,
      required: [true, "can't be blank"],
      lowercase: true,
      unique: true,
      match: [/\S+@\S+\.\S+/, 'is invalid'],
      index: true
    },
    emailVerified: {
      type: Boolean,
      required: true,
      default: false
    },
    password: {
      type: String,
      trim: true,
      minlength: 8,
      maxlength: 60
    },
    avatar: {
      type: String,
      required: false
    },
    provider: {
      type: String,
      required: true,
      default: 'local'
    },
    role: {
      type: String,
      default: 'USER'
    },
    googleId: {
      type: String,
      unique: true,
      sparse: true
    },
    facebookId: {
      type: String,
      unique: true,
      sparse: true
    },
    refreshToken: {
      type: [Session]
    }
  },
  { timestamps: true }
);

//Remove refreshToken from the response
userSchema.set('toJSON', {
  transform: function (doc, ret, options) {
    delete ret.refreshToken;
    return ret;
  }
});

userSchema.methods.toJSON = function () {
  return {
    id: this._id,
    provider: this.provider,
    email: this.email,
    name: this.name,
    username: this.username,
    avatar: this.avatar,
    role: this.role,
    emailVerified: this.emailVerified,
    createdAt: this.createdAt,
    updatedAt: this.updatedAt
  };
};

const isProduction = process.env.NODE_ENV === 'production';
const secretOrKey = isProduction ? process.env.JWT_SECRET_PROD : process.env.JWT_SECRET_DEV;
const refreshSecret = isProduction
  ? process.env.REFRESH_TOKEN_SECRET_PROD
  : process.env.REFRESH_TOKEN_SECRET_DEV;

userSchema.methods.generateToken = function () {
  const token = jwt.sign(
    {
      id: this._id,
      username: this.username,
      provider: this.provider,
      email: this.email
    },
    secretOrKey,
    { expiresIn: eval(process.env.SESSION_EXPIRY) }
  );
  return token;
};

userSchema.methods.generateRefreshToken = function () {
  const refreshToken = jwt.sign(
    {
      id: this._id,
      username: this.username,
      provider: this.provider,
      email: this.email
    },
    refreshSecret,
    { expiresIn: eval(process.env.REFRESH_TOKEN_EXPIRY) }
  );
  return refreshToken;
};

userSchema.methods.comparePassword = function (candidatePassword, callback) {
  bcrypt.compare(candidatePassword, this.password, (err, isMatch) => {
    if (err) return callback(err);
    callback(null, isMatch);
  });
};

module.exports.hashPassword = async (password) => {

  const hashedPassword = await new Promise((resolve, reject) => {
    bcrypt.hash(password, 10, function (err, hash) {
      if (err) reject(err);
      else resolve(hash);
    });
  });

  return hashedPassword;
};

module.exports.validateUser = (user) => {
  log({
    title: 'Validate User',
    parameters: [{ name: 'Validate User', value: user }]
  });
  const schema = {
    avatar: Joi.any(),
    name: Joi.string().min(2).max(80).required(),
    username: Joi.string()
      .min(2)
      .max(80)
      .regex(/^[a-zA-Z0-9_]+$/)
      .required(),
    password: Joi.string().min(8).max(60).allow('').allow(null)
  };

  return Joi.validate(user, schema);
};

const User = mongoose.model('User', userSchema);

module.exports = User;
feat: Auth and User System (#205) * server-side JWT auth implementation * move oauth routes and strategies, fix bugs * backend modifications for wiring up the frontend login and reg forms * Add frontend data services for login and registration * Add login and registration forms * Implment auth context, functional client side auth * protect routes with jwt auth * finish local strategy (using local storage) * Start setting up google auth * disable token refresh, remove old auth middleware * refactor client, add ApiErrorBoundary context * disable google and facebook strategies * fix: fix presets not displaying specific to user * fix: fix issue with browser refresh * fix: casing issue with User.js (#11) * delete user.js to be renamed * fix: fix casing issue with User.js * comment out api error watcher temporarily * fix: issue with api error watcher (#12) * delete user.js to be renamed * fix: fix casing issue with User.js * comment out api error watcher temporarily * feat: add google auth social login * fix: make google login url dynamic based on dev/prod * fix: bug where UI is briefly displayed before redirecting to login * fix: fix cookie expires value for local auth * Update README.md * Update LOCAL_INSTALL structure * Add local testing instructions * Only load google strategy if client id and secret are provided * Update .env.example files with new params * fix issue with not redirecting to register form * only show google login button if value is set in .env * cleanup log messages * Add label to button for google login on login form * doc: fix client/server url values in .env.example * feat: add error message details to registration failure * Restore preventing paste on confirm password * auto-login user after registering * feat: forgot password (#24) * make login/reg pages look like openai's * add password reset data services * new form designs similar to openai, add password reset pages * add api's for password reset * email utils for password reset * remove bcrypt salt rounds from process.env * refactor: restructure api auth code, consolidate routes (#25) * add api's for password reset * remove bcrypt salt rounds from process.env * refactor: consolidate auth routes, use controller pattern * refactor: code cleanup * feat: migrate data to first user (#26) * refactor: use /api for auth routes * fix: use user id instead of username * feat: migrate data to first user on register * fix: fix social login routes after refactor (#27) * refactor: use /api for auth routes * fix: use user id instead of username * feat: migrate data to first user on register * fix: fix social login routes * fix: issue with auto-login when logging out then logging in with new browser window (#28) * refactor: use /api for auth routes * fix: use user id instead of username * feat: migrate data to first user on register * fix: fix social login routes * fix: fix issue with auto-login in new tab * doc: Update README and .env.example files with user system information (#29) * refactor: use /api for auth routes * fix: use user id instead of username * feat: migrate data to first user on register * fix: fix social login routes * fix: fix issue with auto-login in new tab * doc: update README and .env.example files * Fixup: LOCAL_INSTALL.md PS instructions (#200) (#30) Co-authored-by: alfredo-f <alfredo.fomitchenko@mail.polimi.it> * feat: send user with completion to protect against abuse (#31) * Fixup: LOCAL_INSTALL.md PS instructions (#200) * server-side JWT auth implementation * move oauth routes and strategies, fix bugs * backend modifications for wiring up the frontend login and reg forms * Add frontend data services for login and registration * Add login and registration forms * Implment auth context, functional client side auth * protect routes with jwt auth * finish local strategy (using local storage) * Start setting up google auth * disable token refresh, remove old auth middleware * refactor client, add ApiErrorBoundary context * disable google and facebook strategies * fix: fix presets not displaying specific to user * fix: fix issue with browser refresh * fix: casing issue with User.js (#11) * delete user.js to be renamed * fix: fix casing issue with User.js * comment out api error watcher temporarily * feat: add google auth social login * fix: make google login url dynamic based on dev/prod * fix: bug where UI is briefly displayed before redirecting to login * fix: fix cookie expires value for local auth * Only load google strategy if client id and secret are provided * Update .env.example files with new params * fix issue with not redirecting to register form * only show google login button if value is set in .env * cleanup log messages * Add label to button for google login on login form * doc: fix client/server url values in .env.example * feat: add error message details to registration failure * Restore preventing paste on confirm password * auto-login user after registering * feat: forgot password (#24) * make login/reg pages look like openai's * add password reset data services * new form designs similar to openai, add password reset pages * add api's for password reset * email utils for password reset * remove bcrypt salt rounds from process.env * refactor: restructure api auth code, consolidate routes (#25) * add api's for password reset * remove bcrypt salt rounds from process.env * refactor: consolidate auth routes, use controller pattern * refactor: code cleanup * feat: migrate data to first user (#26) * refactor: use /api for auth routes * fix: use user id instead of username * feat: migrate data to first user on register * fix: fix social login routes after refactor (#27) * refactor: use /api for auth routes * fix: use user id instead of username * feat: migrate data to first user on register * fix: fix social login routes * fix: issue with auto-login when logging out then logging in with new browser window (#28) * refactor: use /api for auth routes * fix: use user id instead of username * feat: migrate data to first user on register * fix: fix social login routes * fix: fix issue with auto-login in new tab * doc: Update README and .env.example files with user system information (#29) * refactor: use /api for auth routes * fix: use user id instead of username * feat: migrate data to first user on register * fix: fix social login routes * fix: fix issue with auto-login in new tab * doc: update README and .env.example files * Send user id to openai to protect against abuse * add meilisearch to gitignore * Remove webpack --------- Co-authored-by: alfredo-f <alfredo.fomitchenko@mail.polimi.it> --------- Co-authored-by: Danny Avila <110412045+danny-avila@users.noreply.github.com> Co-authored-by: Alfredo Fomitchenko <alfredo.fomitchenko@mail.polimi.it> 2023-05-07 10:04:51 -07:00			`const mongoose = require('mongoose');`
			`const bcrypt = require('bcryptjs');`
			`const jwt = require('jsonwebtoken');`
			`const Joi = require('joi');`
			`const DebugControl = require('../utils/debug.js');`

			`function log({ title, parameters }) {`
			`DebugControl.log.functionName(title);`
			`DebugControl.log.parameters(parameters);`
			`}`

			`const Session = mongoose.Schema({`
			`refreshToken: {`
			`type: String,`
			`default: ''`
			`}`
			`});`

			`const userSchema = mongoose.Schema(`
			`{`
			`name: {`
			`type: String`
			`},`
			`username: {`
			`type: String,`
			`lowercase: true,`
			`required: [true, "can't be blank"],`
			`match: [/^[a-zA-Z0-9_]+$/, 'is invalid'],`
			`index: true`
			`},`
			`email: {`
			`type: String,`
			`required: [true, "can't be blank"],`
			`lowercase: true,`
			`unique: true,`
			`match: [/\S+@\S+\.\S+/, 'is invalid'],`
			`index: true`
			`},`
			`emailVerified: {`
			`type: Boolean,`
			`required: true,`
			`default: false`
			`},`
			`password: {`
			`type: String,`
			`trim: true,`
			`minlength: 8,`
			`maxlength: 60`
			`},`
			`avatar: {`
			`type: String,`
			`required: false`
			`},`
			`provider: {`
			`type: String,`
			`required: true,`
			`default: 'local'`
			`},`
			`role: {`
			`type: String,`
			`default: 'USER'`
			`},`
			`googleId: {`
			`type: String,`
			`unique: true,`
			`sparse: true`
			`},`
			`facebookId: {`
			`type: String,`
			`unique: true,`
			`sparse: true`
			`},`
			`refreshToken: {`
			`type: [Session]`
			`}`
			`},`
			`{ timestamps: true }`
			`);`

			`//Remove refreshToken from the response`
			`userSchema.set('toJSON', {`
			`transform: function (doc, ret, options) {`
			`delete ret.refreshToken;`
			`return ret;`
			`}`
			`});`

			`userSchema.methods.toJSON = function () {`
			`return {`
			`id: this._id,`
			`provider: this.provider,`
			`email: this.email,`
			`name: this.name,`
			`username: this.username,`
			`avatar: this.avatar,`
			`role: this.role,`
			`emailVerified: this.emailVerified,`
			`createdAt: this.createdAt,`
			`updatedAt: this.updatedAt`
			`};`
			`};`

			`const isProduction = process.env.NODE_ENV === 'production';`
			`const secretOrKey = isProduction ? process.env.JWT_SECRET_PROD : process.env.JWT_SECRET_DEV;`
			`const refreshSecret = isProduction`
			`? process.env.REFRESH_TOKEN_SECRET_PROD`
			`: process.env.REFRESH_TOKEN_SECRET_DEV;`

			`userSchema.methods.generateToken = function () {`
			`const token = jwt.sign(`
			`{`
			`id: this._id,`
			`username: this.username,`
			`provider: this.provider,`
			`email: this.email`
			`},`
			`secretOrKey,`
			`{ expiresIn: eval(process.env.SESSION_EXPIRY) }`
			`);`
			`return token;`
			`};`

			`userSchema.methods.generateRefreshToken = function () {`
			`const refreshToken = jwt.sign(`
			`{`
			`id: this._id,`
			`username: this.username,`
			`provider: this.provider,`
			`email: this.email`
			`},`
			`refreshSecret,`
			`{ expiresIn: eval(process.env.REFRESH_TOKEN_EXPIRY) }`
			`);`
			`return refreshToken;`
			`};`

			`userSchema.methods.comparePassword = function (candidatePassword, callback) {`
			`bcrypt.compare(candidatePassword, this.password, (err, isMatch) => {`
			`if (err) return callback(err);`
			`callback(null, isMatch);`
			`});`
			`};`

			`module.exports.hashPassword = async (password) => {`

			`const hashedPassword = await new Promise((resolve, reject) => {`
			`bcrypt.hash(password, 10, function (err, hash) {`
			`if (err) reject(err);`
			`else resolve(hash);`
			`});`
			`});`

			`return hashedPassword;`
			`};`

			`module.exports.validateUser = (user) => {`
			`log({`
			`title: 'Validate User',`
			`parameters: [{ name: 'Validate User', value: user }]`
			`});`
			`const schema = {`
			`avatar: Joi.any(),`
			`name: Joi.string().min(2).max(80).required(),`
			`username: Joi.string()`
			`.min(2)`
			`.max(80)`
			`.regex(/^[a-zA-Z0-9_]+$/)`
			`.required(),`
			`password: Joi.string().min(8).max(60).allow('').allow(null)`
			`};`

			`return Joi.validate(user, schema);`
			`};`

			`const User = mongoose.model('User', userSchema);`

			`module.exports = User;`