LibreChat/api/server/middleware/assistants/validateAuthor.js

const { getAssistant } = require('~/models/Assistant');

/**
 * Checks if the assistant is supported or excluded
 * @param {object} params
 * @param {object} params.req - Express Request
 * @param {object} params.req.body - The request payload.
 * @param {string} params.overrideEndpoint - The override endpoint
 * @param {string} params.overrideAssistantId - The override assistant ID
 * @param {OpenAIClient} params.openai - OpenAI API Client
 * @returns {Promise<void>}
 */
const validateAuthor = async ({ req, openai, overrideEndpoint, overrideAssistantId }) => {
  if (req.user.role === 'ADMIN') {
    return;
  }

  const endpoint = overrideEndpoint ?? req.body.endpoint ?? req.query.endpoint;
  const assistant_id =
    overrideAssistantId ?? req.params.id ?? req.body.assistant_id ?? req.query.assistant_id;

  /** @type {Partial<TAssistantEndpoint>} */
  const assistantsConfig = req.app.locals?.[endpoint];
  if (!assistantsConfig) {
    return;
  }

  if (!assistantsConfig.privateAssistants) {
    return;
  }

  const assistantDoc = await getAssistant({ assistant_id, user: req.user.id });
  if (assistantDoc) {
    return;
  }
  const assistant = await openai.beta.assistants.retrieve(assistant_id);
  if (req.user.id !== assistant?.metadata?.author) {
    throw new Error(`Assistant ${assistant_id} is not authored by the user.`);
  }
};

module.exports = validateAuthor;
🤖 feat: Private Assistants (#2881) * feat: add configuration for user private assistants * filter private assistant message requests * add test for privateAssistants * add privateAssistants configuration to tests * fix: destructuring error when assistants config is not added * chore: revert chat controller changes * chore: add payload type, add metadata types * feat: validateAssistant * refactor(fetchAssistants): allow for flexibility * feat: validateAuthor * refactor: return all assistants to ADMIN role * feat: add assistant doc on assistant creation * refactor(listAssistants): use `listAllAssistants` to exhaustively fetch all assistants * chore: add suggestion to tts error * refactor(validateAuthor): attempt database check first * refactor: author validation when patching/deleting assistant --------- Co-authored-by: Leon Juenemann <leon.juenemann@maibornwolff.de> 2024-05-28 08:27:45 -04:00			`const { getAssistant } = require('~/models/Assistant');`

			`/**`
			`* Checks if the assistant is supported or excluded`
			`* @param {object} params`
			`* @param {object} params.req - Express Request`
			`* @param {object} params.req.body - The request payload.`
			`* @param {string} params.overrideEndpoint - The override endpoint`
			`* @param {string} params.overrideAssistantId - The override assistant ID`
			`* @param {OpenAIClient} params.openai - OpenAI API Client`
			`* @returns {Promise<void>}`
			`*/`
			`const validateAuthor = async ({ req, openai, overrideEndpoint, overrideAssistantId }) => {`
			`if (req.user.role === 'ADMIN') {`
			`return;`
			`}`

			`const endpoint = overrideEndpoint ?? req.body.endpoint ?? req.query.endpoint;`
			`const assistant_id =`
			`overrideAssistantId ?? req.params.id ?? req.body.assistant_id ?? req.query.assistant_id;`

			`/** @type {Partial<TAssistantEndpoint>} */`
			`const assistantsConfig = req.app.locals?.[endpoint];`
			`if (!assistantsConfig) {`
			`return;`
			`}`

			`if (!assistantsConfig.privateAssistants) {`
			`return;`
			`}`

			`const assistantDoc = await getAssistant({ assistant_id, user: req.user.id });`
			`if (assistantDoc) {`
			`return;`
			`}`
			`const assistant = await openai.beta.assistants.retrieve(assistant_id);`
			`if (req.user.id !== assistant?.metadata?.author) {`
			throw new Error(`Assistant ${assistant_id} is not authored by the user.`);
			`}`
			`};`

			`module.exports = validateAuthor;`