feat: started with proper E2EE ;)

api/models/schema/userSchema.js

@@ -27,6 +27,10 @@ const { SystemRoles } = require('librechat-data-provider');
  * @property {Array} [plugins=[]] - List of plugins used by the user
  * @property {Array.<MongoSession>} [refreshToken] - List of sessions with refresh tokens
  * @property {Date} [expiresAt] - Optional expiration date of the file
+ * @property {string} [encryptionPublicKey] - The user's public key for E2EE (client-generated)
+ * @property {string} [encryptedPrivateKey] - The user's private key encrypted with a user-defined passphrase
+ * @property {string} [encryptionSalt] - The salt used for PBKDF2 during encryption
+ * @property {string} [encryptionIV] - The initialization vector used for encryption (AES-GCM)
  * @property {Date} [createdAt] - Date when the user was created (added by timestamps)
  * @property {Date} [updatedAt] - Date when the user was last updated (added by timestamps)
  */
@@ -132,6 +136,27 @@ const userSchema = mongoose.Schema(
       type: Boolean,
       default: false,
     },
+    // --- New Fields for E2EE ---
+    encryptionPublicKey: {
+      type: String,
+      required: false,
+      // Provided by the client after key generation.
+    },
+    encryptedPrivateKey: {
+      type: String,
+      required: false,
+      // The private key encrypted on the client with the user’s encryption passphrase.
+    },
+    encryptionSalt: {
+      type: String,
+      required: false,
+      // Salt used for PBKDF2 when encrypting the private key.
+    },
+    encryptionIV: {
+      type: String,
+      required: false,
+      // IV used for AES-GCM encryption of the private key.
+    },
   },
 
   { timestamps: true },