Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2025-12-20 10:20:15 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

refactor(crypto): reorganize token hashing and signing functionality

Browse source
This commit is contained in:
Danny Avila 2025-05-30 14:38:01 -04:00
parent 6f4c8ef114
commit 494c6d2596
No known key found for this signature in database
GPG key ID: BF31EEB2C5CA0956
10 changed files with 27 additions and 66 deletions
Download patch file Download diff file Expand all files Collapse all files

4
api/models/inviteUser.js
View file

@ -1,6 +1,6 @@
const mongoose = require('mongoose'); const mongoose = require('mongoose');
const { logger } = require('@librechat/data-schemas'); const { logger, hashToken } = require('@librechat/data-schemas');
const { getRandomValues, hashToken } = require('~/server/utils/crypto'); const { getRandomValues } = require('~/server/utils/crypto');
const { createToken, findToken } = require('~/models'); const { createToken, findToken } = require('~/models');
/** /**

26
api/server/services/signPayload.js
View file

@ -1,26 +0,0 @@
const jwt = require('jsonwebtoken');
/**
* Signs a given payload using either the `jose` library (for Bun runtime) or `jsonwebtoken`.
*
* @async
* @function
* @param {Object} options - The options for signing the payload.
* @param {Object} options.payload - The payload to be signed.
* @param {string} options.secret - The secret key used for signing.
* @param {number} options.expirationTime - The expiration time in seconds.
* @returns {Promise<string>} Returns a promise that resolves to the signed JWT.
* @throws {Error} Throws an error if there's an issue during signing.
*
* @example
* const signedPayload = await signPayload({
* payload: { userId: 123 },
* secret: 'my-secret-key',
* expirationTime: 3600
* });
*/
async function signPayload({ payload, secret, expirationTime }) {
return jwt.sign(payload, secret, { expiresIn: expirationTime });
}
module.exports = signPayload;

7
api/server/utils/crypto.js
View file

@ -106,12 +106,6 @@ function decryptV3(encryptedValue) {
return decrypted.toString('utf8'); return decrypted.toString('utf8');
} }
async function hashToken(str) {
const data = new TextEncoder().encode(str);
const hashBuffer = await webcrypto.subtle.digest('SHA-256', data);
return Buffer.from(hashBuffer).toString('hex');
}
async function getRandomValues(length) { async function getRandomValues(length) {
if (!Number.isInteger(length) || length <= 0) { if (!Number.isInteger(length) || length <= 0) {
throw new Error('Length must be a positive integer'); throw new Error('Length must be a positive integer');
@ -141,7 +135,6 @@ module.exports = {
decryptV2, decryptV2,
encryptV3, encryptV3,
decryptV3, decryptV3,
hashToken,
hashBackupCode, hashBackupCode,
getRandomValues, getRandomValues,
}; };

11
api/strategies/openidStrategy.js
View file

@ -2,12 +2,13 @@ const fetch = require('node-fetch');
const passport = require('passport'); const passport = require('passport');
const client = require('openid-client'); const client = require('openid-client');
const jwtDecode = require('jsonwebtoken/decode'); const jwtDecode = require('jsonwebtoken/decode');
const { logger } = require('@librechat/data-schemas');
const { CacheKeys } = require('librechat-data-provider'); const { CacheKeys } = require('librechat-data-provider');
const { HttpsProxyAgent } = require('https-proxy-agent'); const { HttpsProxyAgent } = require('https-proxy-agent');
const { hashToken, logger } = require('@librechat/data-schemas');
const { Strategy: OpenIDStrategy } = require('openid-client/passport'); const { Strategy: OpenIDStrategy } = require('openid-client/passport');
const { getStrategyFunctions } = require('~/server/services/Files/strategies'); const { getStrategyFunctions } = require('~/server/services/Files/strategies');
const { findUser, createUser, updateUser } = require('~/models'); const { findUser, createUser, updateUser } = require('~/models');
const { getBalanceConfig } = require('~/server/services/Config');
const getLogStores = require('~/cache/getLogStores'); const getLogStores = require('~/cache/getLogStores');
const { isEnabled } = require('~/server/utils'); const { isEnabled } = require('~/server/utils');
@ -36,8 +37,6 @@ class CustomOpenIDStrategy extends OpenIDStrategy {
} }
} }
const { getBalanceConfig } = require('~/server/services/Config');
let crypto; let crypto;
let webcrypto; let webcrypto;
try { try {
@ -47,12 +46,6 @@ try {
logger.error('[openidStrategy] crypto support is disabled!', err); logger.error('[openidStrategy] crypto support is disabled!', err);
} }
async function hashToken(str) {
const data = new TextEncoder().encode(str);
const hashBuffer = await webcrypto.subtle.digest('SHA-256', data);
return Buffer.from(hashBuffer).toString('hex');
}
/** /**
* Exchange the access token for a new access token using the on-behalf-of flow if required. * Exchange the access token for a new access token using the on-behalf-of flow if required.
* @param {Configuration} config * @param {Configuration} config

3
api/strategies/samlStrategy.js
View file

@ -5,8 +5,7 @@ const passport = require('passport');
const { Strategy: SamlStrategy } = require('@node-saml/passport-saml'); const { Strategy: SamlStrategy } = require('@node-saml/passport-saml');
const { findUser, createUser, updateUser } = require('~/models/userMethods'); const { findUser, createUser, updateUser } = require('~/models/userMethods');
const { getStrategyFunctions } = require('~/server/services/Files/strategies'); const { getStrategyFunctions } = require('~/server/services/Files/strategies');
const { hashToken } = require('~/server/utils/crypto'); const { hashToken, logger } = require('@librechat/data-schemas');
const { logger } = require('~/config');
const paths = require('~/config/paths'); const paths = require('~/config/paths');
let crypto; let crypto;

17
packages/data-schemas/src/crypto/index.ts Normal file
View file

@ -0,0 +1,17 @@
import jwt from 'jsonwebtoken';
import { webcrypto } from 'node:crypto';
import { SignPayloadParams } from '~/types';
export async function signPayload({
payload,
secret,
expirationTime,
}: SignPayloadParams): Promise<string> {
return jwt.sign(payload, secret!, { expiresIn: expirationTime });
}
export async function hashToken(str: string): Promise<string> {
const data = new TextEncoder().encode(str);
const hashBuffer = await webcrypto.subtle.digest('SHA-256', data);
return Buffer.from(hashBuffer).toString('hex');
}

1
packages/data-schemas/src/index.ts
View file

@ -1,3 +1,4 @@
export * from './crypto';
export { createModels } from './models'; export { createModels } from './models';
export { createMethods } from './methods'; export { createMethods } from './methods';
export type * from './types'; export type * from './types';

2
packages/data-schemas/src/methods/session.ts
View file

@ -1,5 +1,5 @@
import type * as t from '~/types/session'; import type * as t from '~/types/session';
import { signPayload, hashToken } from '~/schema/session'; import { signPayload, hashToken } from '~/crypto';
import logger from '~/config/winston'; import logger from '~/config/winston';
export class SessionError extends Error { export class SessionError extends Error {

4
packages/data-schemas/src/methods/user.ts
View file

@ -1,6 +1,6 @@
import mongoose, { FilterQuery } from 'mongoose'; import mongoose, { FilterQuery } from 'mongoose';
import { IUser, BalanceConfig, UserCreateData, UserUpdateResult } from '~/types'; import type { IUser, BalanceConfig, UserCreateData, UserUpdateResult } from '~/types';
import { signPayload } from '~/schema/session'; import { signPayload } from '~/crypto';
/** Factory function that takes mongoose instance and returns the methods */ /** Factory function that takes mongoose instance and returns the methods */
export function createUserMethods(mongoose: typeof import('mongoose')) { export function createUserMethods(mongoose: typeof import('mongoose')) {

18
packages/data-schemas/src/schema/session.ts
View file

@ -1,7 +1,5 @@
import mongoose, { Schema } from 'mongoose'; import mongoose, { Schema } from 'mongoose';
import jwt from 'jsonwebtoken'; import { ISession } from '~/types';
import { webcrypto } from 'node:crypto';
import { ISession, SignPayloadParams } from '~/types';
const sessionSchema: Schema<ISession> = new Schema({ const sessionSchema: Schema<ISession> = new Schema({
refreshTokenHash: { refreshTokenHash: {
@ -20,18 +18,4 @@ const sessionSchema: Schema<ISession> = new Schema({
}, },
}); });
export async function signPayload({
payload,
secret,
expirationTime,
}: SignPayloadParams): Promise<string> {
return jwt.sign(payload, secret!, { expiresIn: expirationTime });
}
export async function hashToken(str: string): Promise<string> {
const data = new TextEncoder().encode(str);
const hashBuffer = await webcrypto.subtle.digest('SHA-256', data);
return Buffer.from(hashBuffer).toString('hex');
}
export default sessionSchema; export default sessionSchema;