Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2025-09-22 08:12:00 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

🧑‍💻 refactor: Secure Field Selection for 2FA & API Build Sourcemap (#9087)

Browse source 
* refactor: `packages/api` build scripts for better inline debugging

* refactor: Explicitly select secure fields as no longer returned by default, exclude backupCodes from user data retrieval in authentication and 2FA processes

* refactor: Backup Codes UI to not expect backup codes, only regeneration

* refactor: Ensure secure fields are deleted from user data in getUserController
This commit is contained in:
Danny Avila 2025-08-15 18:55:49 -04:00 committed by GitHub
parent 50b7bd6643
commit 3547873bc4
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
15 changed files with 82 additions and 31 deletions
Download patch file Download diff file Expand all files Collapse all files

2
api/server/controllers/AuthController.js
View file

@ -84,7 +84,7 @@ const refreshController = async (req, res) => {
}
try {
const payload = jwt.verify(refreshToken, process.env.JWT_REFRESH_SECRET);
const user = await getUserById(payload.id, '-password -__v -totpSecret');
const user = await getUserById(payload.id, '-password -__v -totpSecret -backupCodes');
if (!user) {
return res.status(401).redirect('/login');
}