Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2025-12-23 20:00:15 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

🧹 chore: pre-release cleanup 2 (#3600)

Browse source 
* refactor: scrollToEnd

* fix(validateConvoAccess): search conversation by ID for proper validation

* feat: Add unique index for conversationId and user in convoSchema

* refactor: Update font sizes 1 rem -> font-size-base in style.css

* fix: Assistants map type issues

* refactor: Remove obsolete scripts

* fix: Update DropdownNoState component to handle both string and OptionType values

* refactor: Remove config/loader.js file

* fix: remove crypto.randomBytes(); refactor: Create reusable function for generating token and hash
This commit is contained in:
Danny Avila 2024-08-09 15:17:13 -04:00 committed by GitHub
parent 6fead1005b
commit 1ff4841603
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
20 changed files with 172 additions and 637 deletions
Download patch file Download diff file Expand all files Collapse all files

4
api/server/middleware/validate/convoAccess.js
View file

@ -1,8 +1,8 @@
const { Constants, ViolationTypes, Time } = require('librechat-data-provider');
const { searchConversation } = require('~/models/Conversation');
const denyRequest = require('~/server/middleware/denyRequest');
const { logViolation, getLogStores } = require('~/cache');
const { isEnabled } = require('~/server/utils');
const { getConvo } = require('~/models');
const { USE_REDIS, CONVO_ACCESS_VIOLATION_SCORE: score = 0 } = process.env ?? {};
@ -42,7 +42,7 @@ const validateConvoAccess = async (req, res, next) => {
}
}
const conversation = await getConvo(userId, conversationId);
const conversation = await searchConversation(conversationId);
if (!conversation) {
return next();

20
api/server/services/AuthService.js
View file

@ -1,4 +1,5 @@
const bcrypt = require('bcryptjs');
const { webcrypto } = require('node:crypto');
const { SystemRoles, errorsToString } = require('librechat-data-provider');
const {
findUser,
@ -53,14 +54,23 @@ const logoutUser = async (userId, refreshToken) => {
}
};
/**
* Creates Token and corresponding Hash for verification
* @returns {[string, string]}
*/
const createTokenHash = () => {
const token = Buffer.from(webcrypto.getRandomValues(new Uint8Array(32))).toString('hex');
const hash = bcrypt.hashSync(token, 10);
return [token, hash];
};
/**
* Send Verification Email
* @param {Partial<MongoUser> & { _id: ObjectId, email: string, name: string}} user
* @returns {Promise<void>}
*/
const sendVerificationEmail = async (user) => {
let verifyToken = crypto.randomBytes(32).toString('hex');
const hash = bcrypt.hashSync(verifyToken, 10);
const [verifyToken, hash] = createTokenHash();
const verificationLink = `${
domains.client
@ -226,8 +236,7 @@ const requestPasswordReset = async (req) => {
await token.deleteOne();
}
let resetToken = crypto.randomBytes(32).toString('hex');
const hash = bcrypt.hashSync(resetToken, 10);
const [resetToken, hash] = createTokenHash();
await new Token({
userId: user._id,
@ -365,8 +374,7 @@ const resendVerificationEmail = async (req) => {
return { status: 200, message: genericVerificationMessage };
}
let verifyToken = crypto.randomBytes(32).toString('hex');
const hash = bcrypt.hashSync(verifyToken, 10);
const [verifyToken, hash] = createTokenHash();
const verificationLink = `${
domains.client