🧑‍💻 refactor: Secure Field Selection for 2FA & API Build Sourcemap (#9087)

* refactor: `packages/api` build scripts for better inline debugging * refactor: Explicitly select secure fields as no longer returned by default, exclude backupCodes from user data retrieval in authentication and 2FA processes * refactor: Backup Codes UI to not expect backup codes, only regeneration * refactor: Ensure secure fields are deleted from user data in getUserController
2026-01-10 12:38:52 +01:00 · 2025-08-15 18:55:49 -04:00 · 2025-08-15 18:55:49 -04:00 · 3547873bc4
commit 3547873bc4
parent 50b7bd6643
15 changed files with 82 additions and 31 deletions
--- a/client/src/components/Nav/SettingsTabs/Account/BackupCodesItem.tsx
+++ b/client/src/components/Nav/SettingsTabs/Account/BackupCodesItem.tsx
@ -1,5 +1,5 @@
 import React, { useState } from 'react';
-import { RefreshCcw, ShieldX } from 'lucide-react';
+import { RefreshCcw } from 'lucide-react';
 import { motion, AnimatePresence } from 'framer-motion';
 import { TBackupCode, TRegenerateBackupCodesResponse, type TUser } from 'librechat-data-provider';
 import {
@ -73,8 +73,8 @@ const BackupCodesItem: React.FC = () => {
          <Label className="font-light">{localize('com_ui_backup_codes')}</Label>
        </div>
        <OGDialogTrigger asChild>
-          <Button aria-label="Show Backup Codes" variant="outline">
-            {localize('com_ui_show')}
+          <Button aria-label="Manage Backup Codes" variant="outline">
+            {localize('com_ui_manage')}
          </Button>
        </OGDialogTrigger>
      </div>
@ -93,6 +93,16 @@ const BackupCodesItem: React.FC = () => {
          >
            {Array.isArray(user?.backupCodes) && user?.backupCodes.length > 0 ? (
              <>
+                <div className="border-warning-300 bg-warning-50 dark:border-warning-700 dark:bg-warning-900/20 mb-6 rounded-lg border p-4">
+                  <p className="text-sm text-text-secondary">
+                    {localize('com_ui_backup_codes_security_info')}
+                  </p>
+                </div>
+
+                <h3 className="mb-4 text-lg font-medium">
+                  {localize('com_ui_backup_codes_status')}
+                </h3>
+
                <div className="grid grid-cols-2 gap-4">
                  {user?.backupCodes.map((code, index) => {
                    const isUsed = code.used;
@ -125,7 +135,7 @@ const BackupCodesItem: React.FC = () => {
                      >
                        <div className="flex items-center justify-between" aria-hidden="true">
                          <span className="text-sm font-medium text-text-secondary">
-                            #{index + 1}
+                            {localize('com_ui_backup_code_number', { number: index + 1 })}
                          </span>
                          <TooltipAnchor
                            description={
@ -171,8 +181,6 @@ const BackupCodesItem: React.FC = () => {
              </>
            ) : (
              <div className="flex flex-col items-center gap-4 p-6 text-center">
-                <ShieldX className="h-12 w-12 text-text-primary" />
-                <p className="text-lg text-text-secondary">{localize('com_ui_no_backup_codes')}</p>
                <Button
                  onClick={handleRegenerate}
                  disabled={isLoading}
@ -180,7 +188,7 @@ const BackupCodesItem: React.FC = () => {
                  className="px-8 py-3 transition-all disabled:opacity-50"
                >
                  {isLoading && <Spinner className="mr-2" />}
-                  {localize('com_ui_generate_backup')}
+                  {localize('com_ui_regenerate_backup')}
                </Button>
              </div>
            )}
--- a/client/src/data-provider/Auth/mutations.ts
+++ b/client/src/data-provider/Auth/mutations.ts
@ -87,8 +87,6 @@ export const useDeleteUserMutation = (
  });
 };

-// Array.isArray(user?.backupCodes) && user?.backupCodes.length > 0
-
 export const useEnableTwoFactorMutation = (): UseMutationResult<
  t.TEnable2FAResponse,
  unknown,
--- a/client/src/locales/en/translation.json
+++ b/client/src/locales/en/translation.json
@ -633,8 +633,11 @@
  "com_ui_back_to_chat": "Back to Chat",
  "com_ui_back_to_prompts": "Back to Prompts",
  "com_ui_backup_codes": "Backup Codes",
+  "com_ui_backup_code_number": "Code #{{number}}",
  "com_ui_backup_codes_regenerate_error": "There was an error regenerating backup codes",
  "com_ui_backup_codes_regenerated": "Backup codes have been regenerated successfully",
+  "com_ui_backup_codes_security_info": "For security reasons, backup codes are only displayed once when generated. Please save them in a secure location.",
+  "com_ui_backup_codes_status": "Backup Codes Status",
  "com_ui_basic": "Basic",
  "com_ui_basic_auth_header": "Basic authorization header",
  "com_ui_bearer": "Bearer",
@ -848,7 +851,6 @@
  "com_ui_fork_split_target_setting": "Start fork from target message by default",
  "com_ui_fork_success": "Successfully forked conversation",
  "com_ui_fork_visible": "Visible messages only",
-  "com_ui_generate_backup": "Generate Backup Codes",
  "com_ui_generate_qrcode": "Generate QR Code",
  "com_ui_generating": "Generating...",
  "com_ui_generation_settings": "Generation Settings",
@ -938,7 +940,6 @@
  "com_ui_new_conversation_title": "New Conversation Title",
  "com_ui_next": "Next",
  "com_ui_no": "No",
-  "com_ui_no_backup_codes": "No backup codes available. Please generate new ones",
  "com_ui_no_bookmarks": "it seems like you have no bookmarks yet. Click on a chat and add a new one",
  "com_ui_no_categories": "No categories available",
  "com_ui_no_category": "No category",
@ -1049,7 +1050,6 @@
  "com_ui_shared_link_not_found": "Shared link not found",
  "com_ui_shared_prompts": "Shared Prompts",
  "com_ui_shop": "Shopping",
-  "com_ui_show": "Show",
  "com_ui_show_all": "Show All",
  "com_ui_show_image_details": "Show Image Details",
  "com_ui_show_password": "Show password",