mirror of
https://github.com/danny-avila/LibreChat.git
synced 2025-12-20 10:20:15 +01:00
refactor(crypto): reorganize token hashing and signing functionality
This commit is contained in:
Danny Avila
parent
6f4c8ef114
commit
494c6d2596
10 changed files with 27 additions and 66 deletions
|
|
@ -1,6 +1,6 @@
|
|||
const mongoose = require('mongoose');
|
||||
const { logger } = require('@librechat/data-schemas');
|
||||
const { getRandomValues, hashToken } = require('~/server/utils/crypto');
|
||||
const { logger, hashToken } = require('@librechat/data-schemas');
|
||||
const { getRandomValues } = require('~/server/utils/crypto');
|
||||
const { createToken, findToken } = require('~/models');
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -1,26 +0,0 @@
|
|||
const jwt = require('jsonwebtoken');
|
||||
|
||||
/**
|
||||
* Signs a given payload using either the `jose` library (for Bun runtime) or `jsonwebtoken`.
|
||||
*
|
||||
* @async
|
||||
* @function
|
||||
* @param {Object} options - The options for signing the payload.
|
||||
* @param {Object} options.payload - The payload to be signed.
|
||||
* @param {string} options.secret - The secret key used for signing.
|
||||
* @param {number} options.expirationTime - The expiration time in seconds.
|
||||
* @returns {Promise<string>} Returns a promise that resolves to the signed JWT.
|
||||
* @throws {Error} Throws an error if there's an issue during signing.
|
||||
*
|
||||
* @example
|
||||
* const signedPayload = await signPayload({
|
||||
* payload: { userId: 123 },
|
||||
* secret: 'my-secret-key',
|
||||
* expirationTime: 3600
|
||||
* });
|
||||
*/
|
||||
async function signPayload({ payload, secret, expirationTime }) {
|
||||
return jwt.sign(payload, secret, { expiresIn: expirationTime });
|
||||
}
|
||||
|
||||
module.exports = signPayload;
|
||||
|
|
@ -106,12 +106,6 @@ function decryptV3(encryptedValue) {
|
|||
return decrypted.toString('utf8');
|
||||
}
|
||||
|
||||
async function hashToken(str) {
|
||||
const data = new TextEncoder().encode(str);
|
||||
const hashBuffer = await webcrypto.subtle.digest('SHA-256', data);
|
||||
return Buffer.from(hashBuffer).toString('hex');
|
||||
}
|
||||
|
||||
async function getRandomValues(length) {
|
||||
if (!Number.isInteger(length) || length <= 0) {
|
||||
throw new Error('Length must be a positive integer');
|
||||
|
|
@ -141,7 +135,6 @@ module.exports = {
|
|||
decryptV2,
|
||||
encryptV3,
|
||||
decryptV3,
|
||||
hashToken,
|
||||
hashBackupCode,
|
||||
getRandomValues,
|
||||
};
|
||||
|
|
|
|||
|
|
@ -2,12 +2,13 @@ const fetch = require('node-fetch');
|
|||
const passport = require('passport');
|
||||
const client = require('openid-client');
|
||||
const jwtDecode = require('jsonwebtoken/decode');
|
||||
const { logger } = require('@librechat/data-schemas');
|
||||
const { CacheKeys } = require('librechat-data-provider');
|
||||
const { HttpsProxyAgent } = require('https-proxy-agent');
|
||||
const { hashToken, logger } = require('@librechat/data-schemas');
|
||||
const { Strategy: OpenIDStrategy } = require('openid-client/passport');
|
||||
const { getStrategyFunctions } = require('~/server/services/Files/strategies');
|
||||
const { findUser, createUser, updateUser } = require('~/models');
|
||||
const { getBalanceConfig } = require('~/server/services/Config');
|
||||
const getLogStores = require('~/cache/getLogStores');
|
||||
const { isEnabled } = require('~/server/utils');
|
||||
|
||||
|
|
@ -36,8 +37,6 @@ class CustomOpenIDStrategy extends OpenIDStrategy {
|
|||
}
|
||||
}
|
||||
|
||||
const { getBalanceConfig } = require('~/server/services/Config');
|
||||
|
||||
let crypto;
|
||||
let webcrypto;
|
||||
try {
|
||||
|
|
@ -47,12 +46,6 @@ try {
|
|||
logger.error('[openidStrategy] crypto support is disabled!', err);
|
||||
}
|
||||
|
||||
async function hashToken(str) {
|
||||
const data = new TextEncoder().encode(str);
|
||||
const hashBuffer = await webcrypto.subtle.digest('SHA-256', data);
|
||||
return Buffer.from(hashBuffer).toString('hex');
|
||||
}
|
||||
|
||||
/**
|
||||
* Exchange the access token for a new access token using the on-behalf-of flow if required.
|
||||
* @param {Configuration} config
|
||||
|
|
|
|||
|
|
@ -5,8 +5,7 @@ const passport = require('passport');
|
|||
const { Strategy: SamlStrategy } = require('@node-saml/passport-saml');
|
||||
const { findUser, createUser, updateUser } = require('~/models/userMethods');
|
||||
const { getStrategyFunctions } = require('~/server/services/Files/strategies');
|
||||
const { hashToken } = require('~/server/utils/crypto');
|
||||
const { logger } = require('~/config');
|
||||
const { hashToken, logger } = require('@librechat/data-schemas');
|
||||
const paths = require('~/config/paths');
|
||||
|
||||
let crypto;
|
||||
|
|
|
|||
17
packages/data-schemas/src/crypto/index.ts
Normal file
17
packages/data-schemas/src/crypto/index.ts
Normal file
|
|
@ -0,0 +1,17 @@
|
|||
import jwt from 'jsonwebtoken';
|
||||
import { webcrypto } from 'node:crypto';
|
||||
import { SignPayloadParams } from '~/types';
|
||||
|
||||
export async function signPayload({
|
||||
payload,
|
||||
secret,
|
||||
expirationTime,
|
||||
}: SignPayloadParams): Promise<string> {
|
||||
return jwt.sign(payload, secret!, { expiresIn: expirationTime });
|
||||
}
|
||||
|
||||
export async function hashToken(str: string): Promise<string> {
|
||||
const data = new TextEncoder().encode(str);
|
||||
const hashBuffer = await webcrypto.subtle.digest('SHA-256', data);
|
||||
return Buffer.from(hashBuffer).toString('hex');
|
||||
}
|
||||
|
|
@ -1,3 +1,4 @@
|
|||
export * from './crypto';
|
||||
export { createModels } from './models';
|
||||
export { createMethods } from './methods';
|
||||
export type * from './types';
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
import type * as t from '~/types/session';
|
||||
import { signPayload, hashToken } from '~/schema/session';
|
||||
import { signPayload, hashToken } from '~/crypto';
|
||||
import logger from '~/config/winston';
|
||||
|
||||
export class SessionError extends Error {
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
import mongoose, { FilterQuery } from 'mongoose';
|
||||
import { IUser, BalanceConfig, UserCreateData, UserUpdateResult } from '~/types';
|
||||
import { signPayload } from '~/schema/session';
|
||||
import type { IUser, BalanceConfig, UserCreateData, UserUpdateResult } from '~/types';
|
||||
import { signPayload } from '~/crypto';
|
||||
|
||||
/** Factory function that takes mongoose instance and returns the methods */
|
||||
export function createUserMethods(mongoose: typeof import('mongoose')) {
|
||||
|
|
|
|||
|
|
@ -1,7 +1,5 @@
|
|||
import mongoose, { Schema } from 'mongoose';
|
||||
import jwt from 'jsonwebtoken';
|
||||
import { webcrypto } from 'node:crypto';
|
||||
import { ISession, SignPayloadParams } from '~/types';
|
||||
import { ISession } from '~/types';
|
||||
|
||||
const sessionSchema: Schema<ISession> = new Schema({
|
||||
refreshTokenHash: {
|
||||
|
|
@ -20,18 +18,4 @@ const sessionSchema: Schema<ISession> = new Schema({
|
|||
},
|
||||
});
|
||||
|
||||
export async function signPayload({
|
||||
payload,
|
||||
secret,
|
||||
expirationTime,
|
||||
}: SignPayloadParams): Promise<string> {
|
||||
return jwt.sign(payload, secret!, { expiresIn: expirationTime });
|
||||
}
|
||||
|
||||
export async function hashToken(str: string): Promise<string> {
|
||||
const data = new TextEncoder().encode(str);
|
||||
const hashBuffer = await webcrypto.subtle.digest('SHA-256', data);
|
||||
return Buffer.from(hashBuffer).toString('hex');
|
||||
}
|
||||
|
||||
export default sessionSchema;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue