From 26a58fcabcd353d6838acf6e95733b42e5594a3d Mon Sep 17 00:00:00 2001 From: Real Null Date: Fri, 19 Sep 2025 03:33:40 +0300 Subject: [PATCH] =?UTF-8?q?=F0=9F=9A=A8=20fix:=20Redis=20CA=20file=20handl?= =?UTF-8?q?ing=20(#9692)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * ๐Ÿšจ fix: Critical Redis CA file handling bug that could crash app ๐Ÿ”ง Added safe error handling for Redis CA certificate file reading in cacheConfig.js ## ๐Ÿ› Problem - fs.readFileSync() was called directly without error handling - Missing or inaccessible REDIS_CA files would throw unhandled exceptions - ๐Ÿ’ฅ Application would crash during startup with cryptic filesystem errors - โŒ No validation of file existence before attempting to read ## โœ… Solution - โž• Added getRedisCA() helper function with comprehensive error handling - ๐Ÿ” Implemented fs.existsSync() check before file reading attempts - ๐Ÿ›ก๏ธ Added try-catch block to handle filesystem errors gracefully - ๐Ÿ“ Added informative warning/error logging for troubleshooting - ๐Ÿ”„ Function returns null safely on any error condition ## ๐ŸŽฏ Benefits - ๐Ÿšซ Prevents application crashes from misconfigured CA certificate paths - ๐Ÿ” Provides clear error messages for debugging certificate issues - โœ… Maintains backward compatibility for valid certificate configurations - ๐Ÿš€ Improves production stability and deployment reliability ## ๐Ÿงช Testing Results - โœ… Verified handling of missing REDIS_CA environment variable - โœ… Tested with non-existent file paths (returns null with warning) - โœ… Confirmed valid certificate files are read correctly - โœ… Validated error handling for permission/access issues ๐ŸŽ‰ This fix ensures LibreChat continues running regardless of Redis CA certificate configuration problems, improving overall system reliability. ๐Ÿท๏ธ Type: ๐Ÿ› Bug Fix ๐Ÿ“Š Impact: ๐Ÿ”ด High (prevents application crashes) ๐ŸŽฏ Area: Cache Configuration, Redis Integration * chore: Redis CA certificate handling with proper logging + JSDocs * chore: Improve error logging for Redis CA certificate file read failure --------- Co-authored-by: Danny Avila --- api/cache/cacheConfig.js | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/api/cache/cacheConfig.js b/api/cache/cacheConfig.js index 613cfec74..4a5fea113 100644 --- a/api/cache/cacheConfig.js +++ b/api/cache/cacheConfig.js @@ -1,4 +1,5 @@ const fs = require('fs'); +const { logger } = require('@librechat/data-schemas'); const { math, isEnabled } = require('@librechat/api'); const { CacheKeys } = require('librechat-data-provider'); @@ -34,13 +35,35 @@ if (FORCED_IN_MEMORY_CACHE_NAMESPACES.length > 0) { } } +/** Helper function to safely read Redis CA certificate from file + * @returns {string|null} The contents of the CA certificate file, or null if not set or on error + */ +const getRedisCA = () => { + const caPath = process.env.REDIS_CA; + if (!caPath) { + return null; + } + + try { + if (fs.existsSync(caPath)) { + return fs.readFileSync(caPath, 'utf8'); + } else { + logger.warn(`Redis CA certificate file not found: ${caPath}`); + return null; + } + } catch (error) { + logger.error(`Failed to read Redis CA certificate file '${caPath}':`, error); + return null; + } +}; + const cacheConfig = { FORCED_IN_MEMORY_CACHE_NAMESPACES, USE_REDIS, REDIS_URI: process.env.REDIS_URI, REDIS_USERNAME: process.env.REDIS_USERNAME, REDIS_PASSWORD: process.env.REDIS_PASSWORD, - REDIS_CA: process.env.REDIS_CA ? fs.readFileSync(process.env.REDIS_CA, 'utf8') : null, + REDIS_CA: getRedisCA(), REDIS_KEY_PREFIX: process.env[REDIS_KEY_PREFIX_VAR] || REDIS_KEY_PREFIX || '', REDIS_MAX_LISTENERS: math(process.env.REDIS_MAX_LISTENERS, 40), REDIS_PING_INTERVAL: math(process.env.REDIS_PING_INTERVAL, 0),