LibreChat/api/server/routes/admin/auth.js

const express = require('express');
const passport = require('passport');
const { randomState } = require('openid-client');
const { createSetBalanceConfig } = require('@librechat/api');
const { loginController } = require('~/server/controllers/auth/LoginController');
const { createOAuthHandler } = require('~/server/controllers/auth/oauth');
const { getAppConfig } = require('~/server/services/Config');
const { getOpenIdConfig } = require('~/strategies');
const middleware = require('~/server/middleware');
const { Balance } = require('~/db/models');

const setBalanceConfig = createSetBalanceConfig({
  getAppConfig,
  Balance,
});

const router = express.Router();

router.post(
  '/login/local',
  middleware.logHeaders,
  middleware.loginLimiter,
  middleware.checkBan,
  middleware.requireLocalAuth,
  middleware.requireAdmin,
  setBalanceConfig,
  loginController,
);

router.get('/verify', middleware.requireJwtAuth, middleware.requireAdmin, (req, res) => {
  const { password: _p, totpSecret: _t, __v, ...user } = req.user;
  user.id = user._id.toString();
  res.status(200).json({ user });
});

router.get('/oauth/openid/check', (req, res) => {
  const openidConfig = getOpenIdConfig();
  if (!openidConfig) {
    return res.status(404).json({ message: 'OpenID configuration not found' });
  }
  res.status(200).json({ message: 'OpenID check successful' });
});

router.get('/oauth/openid', (req, res, next) => {
  return passport.authenticate('openidAdmin', {
    session: false,
    state: randomState(),
  })(req, res, next);
});

router.get(
  '/oauth/openid/callback',
  passport.authenticate('openidAdmin', {
    failureRedirect: `${process.env.DOMAIN_CLIENT}/oauth/error`,
    failureMessage: true,
    session: false,
  }),
  middleware.requireAdmin,
  setBalanceConfig,
  middleware.checkDomainAllowed,
  createOAuthHandler(
    (process.env.ADMIN_PANEL_URL || 'http://localhost:3000') + '/auth/openid/callback',
  ),
);

module.exports = router;
WIP: admin auth 2025-08-30 04:41:51 -04:00			`const express = require('express');`
WIP: first pass, OpenID Proxy Auth 2025-09-13 13:53:06 -04:00			`const passport = require('passport');`
			`const { randomState } = require('openid-client');`
			`const { createSetBalanceConfig } = require('@librechat/api');`
refactor: re-use logic for admin routes 2025-08-30 11:32:04 -04:00			`const { loginController } = require('~/server/controllers/auth/LoginController');`
WIP: first pass, OpenID Proxy Auth 2025-09-13 13:53:06 -04:00			`const { createOAuthHandler } = require('~/server/controllers/auth/oauth');`
refactor: re-use logic for admin routes 2025-08-30 11:32:04 -04:00			`const { getAppConfig } = require('~/server/services/Config');`
WIP: first pass, OpenID Proxy Auth 2025-09-13 13:53:06 -04:00			`const { getOpenIdConfig } = require('~/strategies');`
WIP: admin auth 2025-08-30 04:41:51 -04:00			`const middleware = require('~/server/middleware');`
refactor: re-use logic for admin routes 2025-08-30 11:32:04 -04:00			`const { Balance } = require('~/db/models');`

			`const setBalanceConfig = createSetBalanceConfig({`
			`getAppConfig,`
			`Balance,`
			`});`
WIP: admin auth 2025-08-30 04:41:51 -04:00
			`const router = express.Router();`

			`router.post(`
			`'/login/local',`
			`middleware.logHeaders,`
			`middleware.loginLimiter,`
			`middleware.checkBan,`
WIP: first pass, OpenID Proxy Auth 2025-09-13 13:53:06 -04:00			`middleware.requireLocalAuth,`
			`middleware.requireAdmin,`
refactor: re-use logic for admin routes 2025-08-30 11:32:04 -04:00			`setBalanceConfig,`
WIP: first pass, OpenID Proxy Auth 2025-09-13 13:53:06 -04:00			`loginController,`
WIP: admin auth 2025-08-30 04:41:51 -04:00			`);`

WIP: first pass, OpenID Proxy Auth 2025-09-13 13:53:06 -04:00			`router.get('/verify', middleware.requireJwtAuth, middleware.requireAdmin, (req, res) => {`
			`const { password: _p, totpSecret: _t, __v, ...user } = req.user;`
			`user.id = user._id.toString();`
			`res.status(200).json({ user });`
			`});`

			`router.get('/oauth/openid/check', (req, res) => {`
			`const openidConfig = getOpenIdConfig();`
			`if (!openidConfig) {`
			`return res.status(404).json({ message: 'OpenID configuration not found' });`
			`}`
			`res.status(200).json({ message: 'OpenID check successful' });`
			`});`

			`router.get('/oauth/openid', (req, res, next) => {`
			`return passport.authenticate('openidAdmin', {`
			`session: false,`
			`state: randomState(),`
			`})(req, res, next);`
			`});`

WIP: admin auth 2025-08-30 04:41:51 -04:00			`router.get(`
WIP: first pass, OpenID Proxy Auth 2025-09-13 13:53:06 -04:00			`'/oauth/openid/callback',`
			`passport.authenticate('openidAdmin', {`
			failureRedirect: `${process.env.DOMAIN_CLIENT}/oauth/error`,
			`failureMessage: true,`
			`session: false,`
			`}),`
			`middleware.requireAdmin,`
			`setBalanceConfig,`
			`middleware.checkDomainAllowed,`
			`createOAuthHandler(`
			`(process.env.ADMIN_PANEL_URL \|\| 'http://localhost:3000') + '/auth/openid/callback',`
			`),`
WIP: admin auth 2025-08-30 04:41:51 -04:00			`);`

			`module.exports = router;`