LibreChat/api/server/middleware/checkSharePublicAccess.spec.js

const { ResourceType, PermissionTypes, Permissions } = require('librechat-data-provider');
const { checkSharePublicAccess } = require('./checkSharePublicAccess');
const { getRoleByName } = require('~/models/Role');

jest.mock('~/models/Role');

describe('checkSharePublicAccess middleware', () => {
  let mockReq;
  let mockRes;
  let mockNext;

  beforeEach(() => {
    jest.clearAllMocks();
    mockReq = {
      user: { id: 'user123', role: 'USER' },
      params: { resourceType: ResourceType.AGENT },
      body: {},
    };
    mockRes = {
      status: jest.fn().mockReturnThis(),
      json: jest.fn(),
    };
    mockNext = jest.fn();
  });

  it('should call next() when public is not true', async () => {
    mockReq.body = { public: false };

    await checkSharePublicAccess(mockReq, mockRes, mockNext);

    expect(mockNext).toHaveBeenCalled();
    expect(mockRes.status).not.toHaveBeenCalled();
  });

  it('should call next() when public is undefined', async () => {
    mockReq.body = { updated: [] };

    await checkSharePublicAccess(mockReq, mockRes, mockNext);

    expect(mockNext).toHaveBeenCalled();
    expect(mockRes.status).not.toHaveBeenCalled();
  });

  it('should return 401 when user is not authenticated', async () => {
    mockReq.body = { public: true };
    mockReq.user = null;

    await checkSharePublicAccess(mockReq, mockRes, mockNext);

    expect(mockRes.status).toHaveBeenCalledWith(401);
    expect(mockRes.json).toHaveBeenCalledWith({
      error: 'Unauthorized',
      message: 'Authentication required',
    });
    expect(mockNext).not.toHaveBeenCalled();
  });

  it('should return 403 when user role has no SHARE_PUBLIC permission for agents', async () => {
    mockReq.body = { public: true };
    mockReq.params = { resourceType: ResourceType.AGENT };
    getRoleByName.mockResolvedValue({
      permissions: {
        [PermissionTypes.AGENTS]: {
          [Permissions.SHARE]: true,
          [Permissions.SHARE_PUBLIC]: false,
        },
      },
    });

    await checkSharePublicAccess(mockReq, mockRes, mockNext);

    expect(mockRes.status).toHaveBeenCalledWith(403);
    expect(mockRes.json).toHaveBeenCalledWith({
      error: 'Forbidden',
      message: `You do not have permission to share ${ResourceType.AGENT} resources publicly`,
    });
    expect(mockNext).not.toHaveBeenCalled();
  });

  it('should call next() when user has SHARE_PUBLIC permission for agents', async () => {
    mockReq.body = { public: true };
    mockReq.params = { resourceType: ResourceType.AGENT };
    getRoleByName.mockResolvedValue({
      permissions: {
        [PermissionTypes.AGENTS]: {
          [Permissions.SHARE]: true,
          [Permissions.SHARE_PUBLIC]: true,
        },
      },
    });

    await checkSharePublicAccess(mockReq, mockRes, mockNext);

    expect(mockNext).toHaveBeenCalled();
    expect(mockRes.status).not.toHaveBeenCalled();
  });

  it('should check prompts permission for promptgroup resource type', async () => {
    mockReq.body = { public: true };
    mockReq.params = { resourceType: ResourceType.PROMPTGROUP };
    getRoleByName.mockResolvedValue({
      permissions: {
        [PermissionTypes.PROMPTS]: {
          [Permissions.SHARE_PUBLIC]: true,
        },
      },
    });

    await checkSharePublicAccess(mockReq, mockRes, mockNext);

    expect(mockNext).toHaveBeenCalled();
  });

  it('should check mcp_servers permission for mcpserver resource type', async () => {
    mockReq.body = { public: true };
    mockReq.params = { resourceType: ResourceType.MCPSERVER };
    getRoleByName.mockResolvedValue({
      permissions: {
        [PermissionTypes.MCP_SERVERS]: {
          [Permissions.SHARE_PUBLIC]: true,
        },
      },
    });

    await checkSharePublicAccess(mockReq, mockRes, mockNext);

    expect(mockNext).toHaveBeenCalled();
  });

  it('should return 400 for unsupported resource type', async () => {
    mockReq.body = { public: true };
    mockReq.params = { resourceType: 'unsupported' };

    await checkSharePublicAccess(mockReq, mockRes, mockNext);

    expect(mockRes.status).toHaveBeenCalledWith(400);
    expect(mockRes.json).toHaveBeenCalledWith({
      error: 'Bad Request',
      message: 'Unsupported resource type for public sharing: unsupported',
    });
  });

  it('should return 403 when role has no permissions object', async () => {
    mockReq.body = { public: true };
    getRoleByName.mockResolvedValue({ permissions: null });

    await checkSharePublicAccess(mockReq, mockRes, mockNext);

    expect(mockRes.status).toHaveBeenCalledWith(403);
  });

  it('should return 500 on error', async () => {
    mockReq.body = { public: true };
    getRoleByName.mockRejectedValue(new Error('Database error'));

    await checkSharePublicAccess(mockReq, mockRes, mockNext);

    expect(mockRes.status).toHaveBeenCalledWith(500);
    expect(mockRes.json).toHaveBeenCalledWith({
      error: 'Internal Server Error',
      message: 'Failed to check public sharing permissions',
    });
  });
});
🔧 refactor: Permission handling for Resource Sharing (#11283) * 🔧 refactor: permission handling for public sharing - Updated permission keys from SHARED_GLOBAL to SHARE across various files for consistency. - Added public access configuration in librechat.example.yaml. - Adjusted related tests and components to reflect the new permission structure. * chore: Update default SHARE permission to false * fix: Update SHARE permissions in tests and implementation - Added SHARE permission handling for user and admin roles in permissions.spec.ts and permissions.ts. - Updated expected permissions in tests to reflect new SHARE permission values for various permission types. * fix: Handle undefined values in PeoplePickerAdminSettings component - Updated the checked and value props of the Switch component to handle undefined values gracefully by defaulting to false. This ensures consistent behavior when the field value is not set. * feat: Add CREATE permission handling for prompts and agents - Introduced CREATE permission for user and admin roles in permissions.spec.ts and permissions.ts. - Updated expected permissions in tests to include CREATE permission for various permission types. * 🔧 refactor: Enhance permission handling for sharing dialog usability * refactor: public sharing permissions for resources - Added middleware to check SHARE_PUBLIC permissions for agents, prompts, and MCP servers. - Updated interface configuration in librechat.example.yaml to include public sharing options. - Enhanced components and hooks to support public sharing functionality. - Adjusted tests to validate new permission handling for public sharing across various resource types. * refactor: update Share2Icon styling in GenericGrantAccessDialog * refactor: update Share2Icon size in GenericGrantAccessDialog for consistency * refactor: improve layout and styling of Share2Icon in GenericGrantAccessDialog * refactor: update Share2Icon size in GenericGrantAccessDialog for improved consistency * chore: remove redundant public sharing option from People Picker * refactor: add SHARE_PUBLIC permission handling in updateInterfacePermissions tests 2026-01-10 14:02:56 -05:00			`const { ResourceType, PermissionTypes, Permissions } = require('librechat-data-provider');`
			`const { checkSharePublicAccess } = require('./checkSharePublicAccess');`
			`const { getRoleByName } = require('~/models/Role');`

			`jest.mock('~/models/Role');`

			`describe('checkSharePublicAccess middleware', () => {`
			`let mockReq;`
			`let mockRes;`
			`let mockNext;`

			`beforeEach(() => {`
			`jest.clearAllMocks();`
			`mockReq = {`
			`user: { id: 'user123', role: 'USER' },`
			`params: { resourceType: ResourceType.AGENT },`
			`body: {},`
			`};`
			`mockRes = {`
			`status: jest.fn().mockReturnThis(),`
			`json: jest.fn(),`
			`};`
			`mockNext = jest.fn();`
			`});`

			`it('should call next() when public is not true', async () => {`
			`mockReq.body = { public: false };`

			`await checkSharePublicAccess(mockReq, mockRes, mockNext);`

			`expect(mockNext).toHaveBeenCalled();`
			`expect(mockRes.status).not.toHaveBeenCalled();`
			`});`

			`it('should call next() when public is undefined', async () => {`
			`mockReq.body = { updated: [] };`

			`await checkSharePublicAccess(mockReq, mockRes, mockNext);`

			`expect(mockNext).toHaveBeenCalled();`
			`expect(mockRes.status).not.toHaveBeenCalled();`
			`});`

			`it('should return 401 when user is not authenticated', async () => {`
			`mockReq.body = { public: true };`
			`mockReq.user = null;`

			`await checkSharePublicAccess(mockReq, mockRes, mockNext);`

			`expect(mockRes.status).toHaveBeenCalledWith(401);`
			`expect(mockRes.json).toHaveBeenCalledWith({`
			`error: 'Unauthorized',`
			`message: 'Authentication required',`
			`});`
			`expect(mockNext).not.toHaveBeenCalled();`
			`});`

			`it('should return 403 when user role has no SHARE_PUBLIC permission for agents', async () => {`
			`mockReq.body = { public: true };`
			`mockReq.params = { resourceType: ResourceType.AGENT };`
			`getRoleByName.mockResolvedValue({`
			`permissions: {`
			`[PermissionTypes.AGENTS]: {`
			`[Permissions.SHARE]: true,`
			`[Permissions.SHARE_PUBLIC]: false,`
			`},`
			`},`
			`});`

			`await checkSharePublicAccess(mockReq, mockRes, mockNext);`

			`expect(mockRes.status).toHaveBeenCalledWith(403);`
			`expect(mockRes.json).toHaveBeenCalledWith({`
			`error: 'Forbidden',`
			message: `You do not have permission to share ${ResourceType.AGENT} resources publicly`,
			`});`
			`expect(mockNext).not.toHaveBeenCalled();`
			`});`

			`it('should call next() when user has SHARE_PUBLIC permission for agents', async () => {`
			`mockReq.body = { public: true };`
			`mockReq.params = { resourceType: ResourceType.AGENT };`
			`getRoleByName.mockResolvedValue({`
			`permissions: {`
			`[PermissionTypes.AGENTS]: {`
			`[Permissions.SHARE]: true,`
			`[Permissions.SHARE_PUBLIC]: true,`
			`},`
			`},`
			`});`

			`await checkSharePublicAccess(mockReq, mockRes, mockNext);`

			`expect(mockNext).toHaveBeenCalled();`
			`expect(mockRes.status).not.toHaveBeenCalled();`
			`});`

			`it('should check prompts permission for promptgroup resource type', async () => {`
			`mockReq.body = { public: true };`
			`mockReq.params = { resourceType: ResourceType.PROMPTGROUP };`
			`getRoleByName.mockResolvedValue({`
			`permissions: {`
			`[PermissionTypes.PROMPTS]: {`
			`[Permissions.SHARE_PUBLIC]: true,`
			`},`
			`},`
			`});`

			`await checkSharePublicAccess(mockReq, mockRes, mockNext);`

			`expect(mockNext).toHaveBeenCalled();`
			`});`

			`it('should check mcp_servers permission for mcpserver resource type', async () => {`
			`mockReq.body = { public: true };`
			`mockReq.params = { resourceType: ResourceType.MCPSERVER };`
			`getRoleByName.mockResolvedValue({`
			`permissions: {`
			`[PermissionTypes.MCP_SERVERS]: {`
			`[Permissions.SHARE_PUBLIC]: true,`
			`},`
			`},`
			`});`

			`await checkSharePublicAccess(mockReq, mockRes, mockNext);`

			`expect(mockNext).toHaveBeenCalled();`
			`});`

			`it('should return 400 for unsupported resource type', async () => {`
			`mockReq.body = { public: true };`
			`mockReq.params = { resourceType: 'unsupported' };`

			`await checkSharePublicAccess(mockReq, mockRes, mockNext);`

			`expect(mockRes.status).toHaveBeenCalledWith(400);`
			`expect(mockRes.json).toHaveBeenCalledWith({`
			`error: 'Bad Request',`
			`message: 'Unsupported resource type for public sharing: unsupported',`
			`});`
			`});`

			`it('should return 403 when role has no permissions object', async () => {`
			`mockReq.body = { public: true };`
			`getRoleByName.mockResolvedValue({ permissions: null });`

			`await checkSharePublicAccess(mockReq, mockRes, mockNext);`

			`expect(mockRes.status).toHaveBeenCalledWith(403);`
			`});`

			`it('should return 500 on error', async () => {`
			`mockReq.body = { public: true };`
			`getRoleByName.mockRejectedValue(new Error('Database error'));`

			`await checkSharePublicAccess(mockReq, mockRes, mockNext);`

			`expect(mockRes.status).toHaveBeenCalledWith(500);`
			`expect(mockRes.json).toHaveBeenCalledWith({`
			`error: 'Internal Server Error',`
			`message: 'Failed to check public sharing permissions',`
			`});`
			`});`
			`});`