Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2025-12-17 08:50:15 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

🧑‍💻 refactor: Secure Field Selection for 2FA & API Build Sourcemap (#9087)

Browse source 
* refactor: `packages/api` build scripts for better inline debugging

* refactor: Explicitly select secure fields as no longer returned by default, exclude backupCodes from user data retrieval in authentication and 2FA processes

* refactor: Backup Codes UI to not expect backup codes, only regeneration

* refactor: Ensure secure fields are deleted from user data in getUserController
This commit is contained in:
Danny Avila 2025-08-15 18:55:49 -04:00 committed by GitHub
parent 50b7bd6643
commit 3547873bc4
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
15 changed files with 82 additions and 31 deletions
Download patch file Download diff file Expand all files Collapse all files

6
api/server/controllers/UserController.js
View file

@ -24,7 +24,13 @@ const { getMCPManager } = require('~/config');
const getUserController = async (req, res) => {
/** @type {MongoUser} */
const userData = req.user.toObject != null ? req.user.toObject() : { ...req.user };
/**
* These fields should not exist due to secure field selection, but deletion
* is done in case of alternate database incompatibility with Mongo API
* */
delete userData.password;
delete userData.totpSecret;
delete userData.backupCodes;
if (req.app.locals.fileStrategy === FileSources.s3 && userData.avatar) {
const avatarNeedsRefresh = needsRefresh(userData.avatar, 3600);
if (!avatarNeedsRefresh) {