feat: add admin roles handler factory and Express routes

api/server/index.js

@@ -145,6 +145,7 @@ const startServer = async () => {
   app.use('/api/admin', routes.adminAuth);
   app.use('/api/admin/config', routes.adminConfig);
   app.use('/api/admin/groups', routes.adminGroups);
+  app.use('/api/admin/roles', routes.adminRoles);
   app.use('/api/actions', routes.actions);
   app.use('/api/keys', routes.keys);
   app.use('/api/api-keys', routes.apiKeys);

api/server/routes/admin/roles.js

@@ -0,0 +1,54 @@
+const express = require('express');
+const { createAdminRolesHandlers } = require('@librechat/api');
+const { SystemCapabilities } = require('@librechat/data-schemas');
+const { requireCapability } = require('~/server/middleware/roles/capabilities');
+const { requireJwtAuth } = require('~/server/middleware');
+const db = require('~/models');
+
+const router = express.Router();
+
+const requireAdminAccess = requireCapability(SystemCapabilities.ACCESS_ADMIN);
+const requireReadRoles = requireCapability(SystemCapabilities.READ_ROLES);
+const requireManageRoles = requireCapability(SystemCapabilities.MANAGE_ROLES);
+
+async function listUsersByRole(roleName) {
+  const mongoose = require('mongoose');
+  const User = mongoose.models.User;
+  const users = await User.find({ role: roleName })
+    .select('_id name email avatar createdAt')
+    .lean();
+  return users.map((u) => ({
+    userId: String(u._id),
+    name: u.name ?? String(u._id),
+    email: u.email ?? '',
+    avatarUrl: u.avatar,
+    joinedAt: u.createdAt ? u.createdAt.toISOString() : new Date().toISOString(),
+  }));
+}
+
+const handlers = createAdminRolesHandlers({
+  listRoles: db.listRoles,
+  getRoleByName: db.getRoleByName,
+  createRole: db.createRole,
+  updateRoleByName: db.updateRoleByName,
+  updateAccessPermissions: db.updateAccessPermissions,
+  deleteRole: db.deleteRole,
+  findUser: db.findUser,
+  updateUser: db.updateUser,
+  countUsers: db.countUsers,
+  listUsersByRole,
+});
+
+router.use(requireJwtAuth, requireAdminAccess);
+
+router.get('/', requireReadRoles, handlers.listRoles);
+router.post('/', requireManageRoles, handlers.createRole);
+router.get('/:name', requireReadRoles, handlers.getRole);
+router.patch('/:name', requireManageRoles, handlers.updateRole);
+router.delete('/:name', requireManageRoles, handlers.deleteRole);
+router.patch('/:name/permissions', requireManageRoles, handlers.updateRolePermissions);
+router.get('/:name/members', requireReadRoles, handlers.getRoleMembers);
+router.post('/:name/members', requireManageRoles, handlers.addRoleMember);
+router.delete('/:name/members/:userId', requireManageRoles, handlers.removeRoleMember);
+
+module.exports = router;

api/server/routes/index.js

@@ -4,6 +4,7 @@ const categories = require('./categories');
 const adminAuth = require('./admin/auth');
 const adminConfig = require('./admin/config');
 const adminGroups = require('./admin/groups');
+const adminRoles = require('./admin/roles');
 const endpoints = require('./endpoints');
 const staticRoute = require('./static');
 const messages = require('./messages');
@@ -35,6 +36,7 @@ module.exports = {
   adminAuth,
   adminConfig,
   adminGroups,
+  adminRoles,
   keys,
   apiKeys,
   user,