Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2026-01-30 06:15:18 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

refactor(crypto): reorganize token hashing and signing functionality

Browse source
This commit is contained in:
Danny Avila 2025-05-30 14:38:01 -04:00
parent 6f4c8ef114
commit 494c6d2596
No known key found for this signature in database
GPG key ID: BF31EEB2C5CA0956
10 changed files with 27 additions and 66 deletions
Download patch file Download diff file Expand all files Collapse all files

4
api/models/inviteUser.js
View file

@ -1,6 +1,6 @@
const mongoose = require('mongoose');
const { logger } = require('@librechat/data-schemas');
const { getRandomValues, hashToken } = require('~/server/utils/crypto');
const { logger, hashToken } = require('@librechat/data-schemas');
const { getRandomValues } = require('~/server/utils/crypto');
const { createToken, findToken } = require('~/models');
/**

26
api/server/services/signPayload.js
View file

@ -1,26 +0,0 @@
const jwt = require('jsonwebtoken');
/**
* Signs a given payload using either the `jose` library (for Bun runtime) or `jsonwebtoken`.
*
* @async
* @function
* @param {Object} options - The options for signing the payload.
* @param {Object} options.payload - The payload to be signed.
* @param {string} options.secret - The secret key used for signing.
* @param {number} options.expirationTime - The expiration time in seconds.
* @returns {Promise<string>} Returns a promise that resolves to the signed JWT.
* @throws {Error} Throws an error if there's an issue during signing.
*
* @example
* const signedPayload = await signPayload({
* payload: { userId: 123 },
* secret: 'my-secret-key',
* expirationTime: 3600
* });
*/
async function signPayload({ payload, secret, expirationTime }) {
return jwt.sign(payload, secret, { expiresIn: expirationTime });
}
module.exports = signPayload;

7
api/server/utils/crypto.js
View file

@ -106,12 +106,6 @@ function decryptV3(encryptedValue) {
return decrypted.toString('utf8');
}
async function hashToken(str) {
const data = new TextEncoder().encode(str);
const hashBuffer = await webcrypto.subtle.digest('SHA-256', data);
return Buffer.from(hashBuffer).toString('hex');
}
async function getRandomValues(length) {
if (!Number.isInteger(length) || length <= 0) {
throw new Error('Length must be a positive integer');
@ -141,7 +135,6 @@ module.exports = {
decryptV2,
encryptV3,
decryptV3,
hashToken,
hashBackupCode,
getRandomValues,
};

11
api/strategies/openidStrategy.js
View file

@ -2,12 +2,13 @@ const fetch = require('node-fetch');
const passport = require('passport');
const client = require('openid-client');
const jwtDecode = require('jsonwebtoken/decode');
const { logger } = require('@librechat/data-schemas');
const { CacheKeys } = require('librechat-data-provider');
const { HttpsProxyAgent } = require('https-proxy-agent');
const { hashToken, logger } = require('@librechat/data-schemas');
const { Strategy: OpenIDStrategy } = require('openid-client/passport');
const { getStrategyFunctions } = require('~/server/services/Files/strategies');
const { findUser, createUser, updateUser } = require('~/models');
const { getBalanceConfig } = require('~/server/services/Config');
const getLogStores = require('~/cache/getLogStores');
const { isEnabled } = require('~/server/utils');
@ -36,8 +37,6 @@ class CustomOpenIDStrategy extends OpenIDStrategy {
}
}
const { getBalanceConfig } = require('~/server/services/Config');
let crypto;
let webcrypto;
try {
@ -47,12 +46,6 @@ try {
logger.error('[openidStrategy] crypto support is disabled!', err);
}
async function hashToken(str) {
const data = new TextEncoder().encode(str);
const hashBuffer = await webcrypto.subtle.digest('SHA-256', data);
return Buffer.from(hashBuffer).toString('hex');
}
/**
* Exchange the access token for a new access token using the on-behalf-of flow if required.
* @param {Configuration} config

3
api/strategies/samlStrategy.js
View file

@ -5,8 +5,7 @@ const passport = require('passport');
const { Strategy: SamlStrategy } = require('@node-saml/passport-saml');
const { findUser, createUser, updateUser } = require('~/models/userMethods');
const { getStrategyFunctions } = require('~/server/services/Files/strategies');
const { hashToken } = require('~/server/utils/crypto');
const { logger } = require('~/config');
const { hashToken, logger } = require('@librechat/data-schemas');
const paths = require('~/config/paths');
let crypto;