mirror of
https://github.com/danny-avila/LibreChat.git
synced 2025-12-17 17:00:15 +01:00
🔑 feat: Base64 Google Service Keys and Reliable Private Key Formats (#8385)
This commit is contained in:
Danny Avila
GitHub
parent
8523074e87
commit
19320f2296
2 changed files with 126 additions and 4 deletions
|
|
@ -94,4 +94,89 @@ describe('loadServiceKey', () => {
|
|||
const result = await loadServiceKey(JSON.stringify(invalidServiceKey));
|
||||
expect(result).toEqual(invalidServiceKey); // It returns the object as-is, validation is minimal
|
||||
});
|
||||
|
||||
it('should handle escaped newlines in private key from AWS Secrets Manager', async () => {
|
||||
const serviceKeyWithEscapedNewlines = {
|
||||
...mockServiceKey,
|
||||
private_key: '-----BEGIN PRIVATE KEY-----\\ntest-key\\n-----END PRIVATE KEY-----',
|
||||
};
|
||||
const jsonString = JSON.stringify(serviceKeyWithEscapedNewlines);
|
||||
|
||||
const result = await loadServiceKey(jsonString);
|
||||
expect(result).not.toBeNull();
|
||||
expect(result?.private_key).toBe(
|
||||
'-----BEGIN PRIVATE KEY-----\ntest-key\n-----END PRIVATE KEY-----',
|
||||
);
|
||||
});
|
||||
|
||||
it('should handle double-escaped newlines in private key', async () => {
|
||||
// When you have \\n in JavaScript, JSON.stringify converts it to \\\\n
|
||||
// But we want to test the case where the JSON string contains \\n (single backslash + n)
|
||||
const serviceKeyWithEscapedNewlines = {
|
||||
...mockServiceKey,
|
||||
private_key: '-----BEGIN PRIVATE KEY-----\\ntest-key\\n-----END PRIVATE KEY-----',
|
||||
};
|
||||
// This will create a JSON string where the private_key contains literal \n (backslash-n)
|
||||
const jsonString = JSON.stringify(serviceKeyWithEscapedNewlines);
|
||||
|
||||
const result = await loadServiceKey(jsonString);
|
||||
expect(result).not.toBeNull();
|
||||
expect(result?.private_key).toBe(
|
||||
'-----BEGIN PRIVATE KEY-----\ntest-key\n-----END PRIVATE KEY-----',
|
||||
);
|
||||
});
|
||||
|
||||
it('should handle private key without any newlines', async () => {
|
||||
const serviceKeyWithoutNewlines = {
|
||||
...mockServiceKey,
|
||||
private_key: '-----BEGIN PRIVATE KEY-----test-key-----END PRIVATE KEY-----',
|
||||
};
|
||||
const jsonString = JSON.stringify(serviceKeyWithoutNewlines);
|
||||
|
||||
const result = await loadServiceKey(jsonString);
|
||||
expect(result).not.toBeNull();
|
||||
expect(result?.private_key).toBe(
|
||||
'-----BEGIN PRIVATE KEY-----\ntest-key\n-----END PRIVATE KEY-----',
|
||||
);
|
||||
});
|
||||
|
||||
it('should not modify private key that already has proper formatting', async () => {
|
||||
const jsonString = JSON.stringify(mockServiceKey);
|
||||
|
||||
const result = await loadServiceKey(jsonString);
|
||||
expect(result).not.toBeNull();
|
||||
expect(result?.private_key).toBe(mockServiceKey.private_key);
|
||||
});
|
||||
|
||||
it('should handle base64 encoded service key', async () => {
|
||||
const jsonString = JSON.stringify(mockServiceKey);
|
||||
const base64Encoded = Buffer.from(jsonString).toString('base64');
|
||||
|
||||
const result = await loadServiceKey(base64Encoded);
|
||||
expect(result).not.toBeNull();
|
||||
expect(result).toEqual(mockServiceKey);
|
||||
});
|
||||
|
||||
it('should handle base64 encoded service key with escaped newlines', async () => {
|
||||
const serviceKeyWithEscapedNewlines = {
|
||||
...mockServiceKey,
|
||||
private_key: '-----BEGIN PRIVATE KEY-----\\ntest-key\\n-----END PRIVATE KEY-----',
|
||||
};
|
||||
const jsonString = JSON.stringify(serviceKeyWithEscapedNewlines);
|
||||
const base64Encoded = Buffer.from(jsonString).toString('base64');
|
||||
|
||||
const result = await loadServiceKey(base64Encoded);
|
||||
expect(result).not.toBeNull();
|
||||
expect(result?.private_key).toBe(
|
||||
'-----BEGIN PRIVATE KEY-----\ntest-key\n-----END PRIVATE KEY-----',
|
||||
);
|
||||
});
|
||||
|
||||
it('should handle invalid base64 strings gracefully', async () => {
|
||||
// This looks like base64 but isn't valid
|
||||
const invalidBase64 = 'SGVsbG8gV29ybGQ='; // "Hello World" in base64, not valid JSON
|
||||
|
||||
const result = await loadServiceKey(invalidBase64);
|
||||
expect(result).toBeNull();
|
||||
});
|
||||
});
|
||||
|
|
|
|||
|
|
@ -29,8 +29,20 @@ export async function loadServiceKey(keyPath: string): Promise<GoogleServiceKey
|
|||
|
||||
let serviceKey: unknown;
|
||||
|
||||
// Check if it's base64 encoded (common pattern for storing in env vars)
|
||||
if (keyPath.trim().match(/^[A-Za-z0-9+/]+=*$/)) {
|
||||
try {
|
||||
const decoded = Buffer.from(keyPath.trim(), 'base64').toString('utf-8');
|
||||
// Try to parse the decoded string as JSON
|
||||
serviceKey = JSON.parse(decoded);
|
||||
} catch {
|
||||
// Not base64 or not valid JSON after decoding, continue with other methods
|
||||
// Silent failure - not critical
|
||||
}
|
||||
}
|
||||
|
||||
// Check if it's a stringified JSON (starts with '{')
|
||||
if (keyPath.trim().startsWith('{')) {
|
||||
if (!serviceKey && keyPath.trim().startsWith('{')) {
|
||||
try {
|
||||
serviceKey = JSON.parse(keyPath);
|
||||
} catch (error) {
|
||||
|
|
@ -39,7 +51,7 @@ export async function loadServiceKey(keyPath: string): Promise<GoogleServiceKey
|
|||
}
|
||||
}
|
||||
// Check if it's a URL
|
||||
else if (/^https?:\/\//.test(keyPath)) {
|
||||
else if (!serviceKey && /^https?:\/\//.test(keyPath)) {
|
||||
try {
|
||||
const response = await axios.get(keyPath);
|
||||
serviceKey = response.data;
|
||||
|
|
@ -47,7 +59,7 @@ export async function loadServiceKey(keyPath: string): Promise<GoogleServiceKey
|
|||
logger.error(`Failed to fetch the service key from URL: ${keyPath}`, error);
|
||||
return null;
|
||||
}
|
||||
} else {
|
||||
} else if (!serviceKey) {
|
||||
// It's a file path
|
||||
try {
|
||||
const absolutePath = path.isAbsolute(keyPath) ? keyPath : path.resolve(keyPath);
|
||||
|
|
@ -75,5 +87,30 @@ export async function loadServiceKey(keyPath: string): Promise<GoogleServiceKey
|
|||
return null;
|
||||
}
|
||||
|
||||
return serviceKey as GoogleServiceKey;
|
||||
// Fix private key formatting if needed
|
||||
const key = serviceKey as GoogleServiceKey;
|
||||
if (key.private_key && typeof key.private_key === 'string') {
|
||||
// Replace escaped newlines with actual newlines
|
||||
// When JSON.parse processes "\\n", it becomes "\n" (single backslash + n)
|
||||
// When JSON.parse processes "\n", it becomes an actual newline character
|
||||
key.private_key = key.private_key.replace(/\\n/g, '\n');
|
||||
|
||||
// Also handle the String.raw`\n` case mentioned in Stack Overflow
|
||||
key.private_key = key.private_key.split(String.raw`\n`).join('\n');
|
||||
|
||||
// Ensure proper PEM format
|
||||
if (!key.private_key.includes('\n')) {
|
||||
// If no newlines are present, try to format it properly
|
||||
const privateKeyMatch = key.private_key.match(
|
||||
/^(-----BEGIN [A-Z ]+-----)(.*)(-----END [A-Z ]+-----)$/,
|
||||
);
|
||||
if (privateKeyMatch) {
|
||||
const [, header, body, footer] = privateKeyMatch;
|
||||
// Add newlines after header and before footer
|
||||
key.private_key = `${header}\n${body}\n${footer}`;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return key;
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue