refactor: Encrypt & Expire User Provided Keys, feat: Rate Limiting (#874)

* docs: make_your_own.md formatting fix for mkdocs * feat: add express-mongo-sanitize feat: add login/registration rate limiting * chore: remove unnecessary console log * wip: remove token handling from localStorage to encrypted DB solution * refactor: minor change to UserService * fix mongo query and add keys route to server * fix backend controllers and simplify schema/crud * refactor: rename token to key to separate from access/refresh tokens, setTokenDialog -> setKeyDialog * refactor(schemas): TEndpointOption token -> key * refactor(api): use new encrypted key retrieval system * fix(SetKeyDialog): fix key prop error * fix(abortMiddleware): pass random UUID if messageId is not generated yet for proper error display on frontend * fix(getUserKey): wrong prop passed in arg, adds error handling * fix: prevent message without conversationId from saving to DB, prevents branching on the frontend to a new top-level branch * refactor: change wording of multiple display messages * refactor(checkExpiry -> checkUserKeyExpiry): move to UserService file * fix: type imports from common * refactor(SubmitButton): convert to TS * refactor(key.ts): change localStorage map key name * refactor: add new custom tailwind classes to better match openAI colors * chore: remove unnecessary warning and catch ScreenShot error * refactor: move userKey frontend logic to hooks and remove use of localStorage and instead query the DB * refactor: invalidate correct query key, memoize userKey hook, conditionally render SetKeyDialog to avoid unnecessary calls, refactor SubmitButton props and useEffect for showing 'provide key first' * fix(SetKeyDialog): use enum-like object for expiry values feat(Dropdown): add optionsClassName to dynamically change dropdown options container classes * fix: handle edge case where user had provided a key but the server changes to env variable for keys * refactor(OpenAI/titleConvo): move titling to client to retain authorized credentials in message lifecycle for titling * fix(azure): handle user_provided keys correctly for azure * feat: send user Id to OpenAI to differentiate users in completion requests * refactor(OpenAI/titleConvo): adding tokens helps minimize LLM from using the language in title response * feat: add delete endpoint for keys * chore: remove throttling of title * feat: add 'Data controls' to Settings, add 'Revoke' keys feature in Key Dialog and Data controls * refactor: reorganize PluginsClient files in langchain format * feat: use langchain for titling convos * chore: cleanup titling convo, with fallback to original method, escape braces, use only snippet for language detection * refactor: move helper functions to appropriate langchain folders for reusability * fix: userProvidesKey handling for gptPlugins * fix: frontend handling of plugins key * chore: cleanup logging and ts-ignore SSE * fix: forwardRef misuse in DangerButton * fix(GoogleConfig/FileUpload): localize errors and simplify validation with zod * fix: cleanup google logging and fix user provided key handling * chore: remove titling from google * chore: removing logging from browser endpoint * wip: fix menu flicker * feat: useLocalStorage hook * feat: add Tooltip for UI * refactor(EndpointMenu): utilize Tooltip and useLocalStorage, remove old 'New Chat' slide-over * fix(e2e): use testId for endpoint menu trigger * chore: final touches to EndpointMenu before future refactor to declutter component * refactor(localization): change select endpoint to open menu and add translations * chore: add final prop to error message response * ci: minor edits to facilitate testing * ci: new e2e test which tests for new key setting/revoking features
2025-12-17 17:00:15 +01:00 · 2023-09-06 10:46:27 -04:00 · 2023-09-06 10:46:27 -04:00 · 4ca43fb53d
commit 4ca43fb53d
parent 64f1557852
122 changed files with 1933 additions and 966 deletions
--- a/api/server/routes/ask/anthropic.js
+++ b/api/server/routes/ask/anthropic.js
@ -87,7 +87,7 @@ router.post(
        getAbortData,
      );

-      const { client } = initializeClient(req, endpointOption);
+      const { client } = await initializeClient(req, endpointOption);

      let response = await client.sendMessage(text, {
        getIds,
@ -135,7 +135,7 @@ router.post(
        conversationId,
        sender: getResponseSender(endpointOption),
        messageId: responseMessageId,
-        parentMessageId: userMessageId,
+        parentMessageId: userMessageId ?? parentMessageId,
      });
    }
  },
--- a/api/server/routes/ask/askChatGPTBrowser.js
+++ b/api/server/routes/ask/askChatGPTBrowser.js
@ -38,7 +38,7 @@ router.post('/', requireJwtAuth, setHeaders, async (req, res) => {
  // build endpoint option
  const endpointOption = {
    model: req.body?.model ?? 'text-davinci-002-render-sha',
-    token: req.body?.token ?? null,
+    key: req.body?.key ?? null,
  };

  // const availableModels = getChatGPTBrowserModels();
--- a/api/server/routes/ask/bingAI.js
+++ b/api/server/routes/ask/bingAI.js
@ -45,7 +45,7 @@ router.post('/', requireJwtAuth, setHeaders, async (req, res) => {
      systemMessage: req.body?.systemMessage ?? null,
      context: req.body?.context ?? null,
      toneStyle: req.body?.toneStyle ?? 'creative',
-      token: req.body?.token ?? null,
+      key: req.body?.key ?? null,
    };
  } else {
    endpointOption = {
@ -56,7 +56,7 @@ router.post('/', requireJwtAuth, setHeaders, async (req, res) => {
      clientId: req.body?.clientId ?? null,
      invocationId: req.body?.invocationId ?? null,
      toneStyle: req.body?.toneStyle ?? 'creative',
-      token: req.body?.token ?? null,
+      key: req.body?.key ?? null,
    };
  }

@ -139,6 +139,7 @@ const ask = async ({
  try {
    let response = await askBing({
      text,
+      userId: req.user.id,
      parentMessageId: userParentMessageId,
      conversationId: bingConversationId ?? conversationId,
      ...endpointOption,
--- a/api/server/routes/ask/google.js
+++ b/api/server/routes/ask/google.js
@ -1,9 +1,10 @@
 const express = require('express');
 const router = express.Router();
 const crypto = require('crypto');
-const { titleConvo, GoogleClient } = require('../../../app');
+const { GoogleClient } = require('../../../app');
 const { saveMessage, getConvoTitle, saveConvo, getConvo } = require('../../../models');
 const { handleError, sendMessage, createOnProgress } = require('../../utils');
+const { getUserKey, checkUserKeyExpiry } = require('../../services/UserService');
 const { requireJwtAuth, setHeaders } = require('../../middleware');

 router.post('/', requireJwtAuth, setHeaders, async (req, res) => {
@ -19,7 +20,7 @@ router.post('/', requireJwtAuth, setHeaders, async (req, res) => {
  const endpointOption = {
    examples: req.body?.examples ?? [{ input: { content: '' }, output: { content: '' } }],
    promptPrefix: req.body?.promptPrefix ?? null,
-    token: req.body?.token ?? null,
+    key: req.body?.key ?? null,
    modelOptions: {
      model: req.body?.model ?? 'chat-bison',
      modelLabel: req.body?.modelLabel ?? null,
@ -88,17 +89,22 @@ const ask = async ({ text, endpointOption, parentMessageId = null, conversationI

    const abortController = new AbortController();

+    const isUserProvided = process.env.PALM_KEY === 'user_provided';
+
    let key;
-    if (endpointOption.token) {
-      key = JSON.parse(endpointOption.token);
-      delete endpointOption.token;
+    if (endpointOption.key && isUserProvided) {
+      checkUserKeyExpiry(
+        endpointOption.key,
+        'Your GOOGLE_TOKEN has expired. Please provide your token again.',
+      );
+      key = await getUserKey({ userId: req.user.id, name: 'google' });
+      key = JSON.parse(key);
+      delete endpointOption.key;
      console.log('Using service account key provided by User for PaLM models');
    }

    try {
-      if (!key) {
-        key = require('../../../data/auth.json');
-      }
+      key = require('../../../data/auth.json');
    } catch (e) {
      console.log('No \'auth.json\' file (service account key) found in /api/data/ for PaLM models');
    }
@ -146,14 +152,6 @@ const ask = async ({ text, endpointOption, parentMessageId = null, conversationI
      responseMessage: response,
    });
    res.end();
-
-    if (parentMessageId == '00000000-0000-0000-0000-000000000000') {
-      const title = await titleConvo({ text, response });
-      await saveConvo(req.user.id, {
-        conversationId,
-        title,
-      });
-    }
  } catch (error) {
    console.error(error);
    const errorMessage = {
--- a/api/server/routes/ask/gptPlugins.js
+++ b/api/server/routes/ask/gptPlugins.js
@ -158,7 +158,7 @@ router.post(

    try {
      endpointOption.tools = await validateTools(user, endpointOption.tools);
-      const { client, azure, openAIApiKey } = initializeClient(req, endpointOption);
+      const { client } = await initializeClient(req, endpointOption);

      let response = await client.sendMessage(text, {
        user,
@ -204,14 +204,14 @@ router.post(
        responseMessage: response,
      });
      res.end();
-      addTitle(req, {
-        text,
-        newConvo,
-        response,
-        openAIApiKey,
-        parentMessageId,
-        azure: !!azure,
-      });
+
+      if (parentMessageId == '00000000-0000-0000-0000-000000000000' && newConvo) {
+        addTitle(req, {
+          text,
+          response,
+          client,
+        });
+      }
    } catch (error) {
      const partialText = getPartialText();
      handleAbortError(res, req, error, {
@ -219,7 +219,7 @@ router.post(
        conversationId,
        sender: getResponseSender(endpointOption),
        messageId: responseMessageId,
-        parentMessageId: userMessageId,
+        parentMessageId: userMessageId ?? parentMessageId,
      });
    }
  },
--- a/api/server/routes/ask/openAI.js
+++ b/api/server/routes/ask/openAI.js
@ -94,7 +94,7 @@ router.post(
    );

    try {
-      const { client, openAIApiKey } = initializeClient(req, endpointOption);
+      const { client } = await initializeClient(req, endpointOption);

      let response = await client.sendMessage(text, {
        user,
@ -136,14 +136,13 @@ router.post(
      });
      res.end();

-      addTitle(req, {
-        text,
-        newConvo,
-        response,
-        openAIApiKey,
-        parentMessageId,
-        azure: endpointOption.endpoint === 'azureOpenAI',
-      });
+      if (parentMessageId == '00000000-0000-0000-0000-000000000000' && newConvo) {
+        addTitle(req, {
+          text,
+          response,
+          client,
+        });
+      }
    } catch (error) {
      const partialText = getPartialText();
      handleAbortError(res, req, error, {
@ -151,7 +150,7 @@ router.post(
        conversationId,
        sender: getResponseSender(endpointOption),
        messageId: responseMessageId,
-        parentMessageId: userMessageId,
+        parentMessageId: userMessageId ?? parentMessageId,
      });
    }
  },
--- a/api/server/routes/auth.js
+++ b/api/server/routes/auth.js
@ -7,15 +7,21 @@ const {
 } = require('../controllers/AuthController');
 const { loginController } = require('../controllers/auth/LoginController');
 const { logoutController } = require('../controllers/auth/LogoutController');
-const { requireJwtAuth, requireLocalAuth, validateRegistration } = require('../middleware');
+const {
+  loginLimiter,
+  registerLimiter,
+  requireJwtAuth,
+  requireLocalAuth,
+  validateRegistration,
+} = require('../middleware');

 const router = express.Router();

 //Local
 router.post('/logout', requireJwtAuth, logoutController);
-router.post('/login', requireLocalAuth, loginController);
+router.post('/login', loginLimiter, requireLocalAuth, loginController);
 // router.post('/refresh', requireJwtAuth, refreshController);
-router.post('/register', validateRegistration, registrationController);
+router.post('/register', registerLimiter, validateRegistration, registrationController);
 router.post('/requestPasswordReset', resetPasswordRequestController);
 router.post('/resetPassword', resetPasswordController);

--- a/api/server/routes/edit/anthropic.js
+++ b/api/server/routes/edit/anthropic.js
@ -87,7 +87,7 @@ router.post(
        getAbortData,
      );

-      const { client } = initializeClient(req, endpointOption);
+      const { client } = await initializeClient(req, endpointOption);

      let response = await client.sendMessage(text, {
        user: req.user.id,
@ -136,7 +136,7 @@ router.post(
        conversationId,
        sender: getResponseSender(endpointOption),
        messageId: responseMessageId,
-        parentMessageId: userMessageId,
+        parentMessageId: userMessageId ?? parentMessageId,
      });
    }
  },
--- a/api/server/routes/edit/gptPlugins.js
+++ b/api/server/routes/edit/gptPlugins.js
@ -128,7 +128,7 @@ router.post(

    try {
      endpointOption.tools = await validateTools(user, endpointOption.tools);
-      const { client } = initializeClient(req, endpointOption);
+      const { client } = await initializeClient(req, endpointOption);

      let response = await client.sendMessage(text, {
        user,
@ -182,7 +182,7 @@ router.post(
        conversationId,
        sender: getResponseSender(endpointOption),
        messageId: responseMessageId,
-        parentMessageId: userMessageId,
+        parentMessageId: userMessageId ?? parentMessageId,
      });
    }
  },
--- a/api/server/routes/edit/openAI.js
+++ b/api/server/routes/edit/openAI.js
@ -90,7 +90,7 @@ router.post(
    );

    try {
-      const { client } = initializeClient(req, endpointOption);
+      const { client } = await initializeClient(req, endpointOption);

      let response = await client.sendMessage(text, {
        user: req.user.id,
@ -138,7 +138,7 @@ router.post(
        conversationId,
        sender: getResponseSender(endpointOption),
        messageId: responseMessageId,
-        parentMessageId: userMessageId,
+        parentMessageId: userMessageId ?? parentMessageId,
      });
    }
  },
--- a/api/server/routes/endpoints.js
+++ b/api/server/routes/endpoints.js
@ -8,9 +8,9 @@ const { addOpenAPISpecs } = require('../../app/clients/tools/util/addOpenAPISpec
 const openAIApiKey = process.env.OPENAI_API_KEY;
 const azureOpenAIApiKey = process.env.AZURE_API_KEY;
 const useAzurePlugins = !!process.env.PLUGINS_USE_AZURE;
-const userProvidedOpenAI = openAIApiKey
-  ? openAIApiKey === 'user_provided'
-  : azureOpenAIApiKey === 'user_provided';
+const userProvidedOpenAI = useAzurePlugins
+  ? azureOpenAIApiKey === 'user_provided'
+  : openAIApiKey === 'user_provided';

 const fetchOpenAIModels = async (opts = { azure: false, plugins: false }, _models = []) => {
  let models = _models.slice() ?? [];
@ -81,9 +81,6 @@ const getOpenAIModels = async (opts = { azure: false, plugins: false }) => {
  }

  if (userProvidedOpenAI) {
-    console.warn(
-      `When setting OPENAI_API_KEY to 'user_provided', ${key} must be set manually or default values will be used`,
-    );
    return models;
  }

@ -161,6 +158,7 @@ router.get('/', async function (req, res) {
        plugins,
        availableAgents: ['classic', 'functions'],
        userProvide: userProvidedOpenAI,
+        azure: useAzurePlugins,
      }
      : false;
  const bingAI = process.env.BINGAI_TOKEN
--- a/api/server/routes/endpoints/anthropic/initializeClient.js
+++ b/api/server/routes/endpoints/anthropic/initializeClient.js
@ -1,7 +1,21 @@
 const { AnthropicClient } = require('../../../../app');
+const { getUserKey, checkUserKeyExpiry } = require('../../../services/UserService');

-const initializeClient = (req) => {
-  let anthropicApiKey = req.body?.token ?? process.env.ANTHROPIC_API_KEY;
+const initializeClient = async (req) => {
+  const { ANTHROPIC_API_KEY } = process.env;
+  const { key: expiresAt } = req.body;
+
+  const isUserProvided = ANTHROPIC_API_KEY === 'user_provided';
+
+  let key = null;
+  if (expiresAt && isUserProvided) {
+    checkUserKeyExpiry(
+      expiresAt,
+      'Your ANTHROPIC_API_KEY has expired. Please provide your API key again.',
+    );
+    key = await getUserKey({ userId: req.user.id, name: 'anthropic' });
+  }
+  let anthropicApiKey = isUserProvided ? key : ANTHROPIC_API_KEY;
  const client = new AnthropicClient(anthropicApiKey);
  return {
    client,
--- a/api/server/routes/endpoints/gptPlugins/initializeClient.js
+++ b/api/server/routes/endpoints/gptPlugins/initializeClient.js
@ -1,22 +1,43 @@
 const { PluginsClient } = require('../../../../app');
 const { getAzureCredentials } = require('../../../../utils');
+const { getUserKey, checkUserKeyExpiry } = require('../../../services/UserService');

-const initializeClient = (req, endpointOption) => {
+const initializeClient = async (req, endpointOption) => {
+  const { PROXY, OPENAI_API_KEY, AZURE_API_KEY, PLUGINS_USE_AZURE, OPENAI_REVERSE_PROXY } =
+    process.env;
+  const { key: expiresAt } = req.body;
  const clientOptions = {
-    debug: true,
-    reverseProxyUrl: process.env.OPENAI_REVERSE_PROXY || null,
-    proxy: process.env.PROXY || null,
+    // debug: true,
+    reverseProxyUrl: OPENAI_REVERSE_PROXY ?? null,
+    proxy: PROXY ?? null,
    ...endpointOption,
  };

-  let openAIApiKey = req.body?.token ?? process.env.OPENAI_API_KEY;
-  if (process.env.PLUGINS_USE_AZURE) {
-    clientOptions.azure = getAzureCredentials();
+  const isUserProvided = PLUGINS_USE_AZURE
+    ? AZURE_API_KEY === 'user_provided'
+    : OPENAI_API_KEY === 'user_provided';
+
+  let key = null;
+  if (expiresAt && isUserProvided) {
+    checkUserKeyExpiry(
+      expiresAt,
+      'Your OpenAI API key has expired. Please provide your API key again.',
+    );
+    key = await getUserKey({
+      userId: req.user.id,
+      name: PLUGINS_USE_AZURE ? 'azureOpenAI' : 'openAI',
+    });
+  }
+
+  let openAIApiKey = isUserProvided ? key : OPENAI_API_KEY;
+
+  if (PLUGINS_USE_AZURE) {
+    clientOptions.azure = isUserProvided ? JSON.parse(key) : getAzureCredentials();
    openAIApiKey = clientOptions.azure.azureOpenAIApiKey;
  }

  if (openAIApiKey && openAIApiKey.includes('azure') && !clientOptions.azure) {
-    clientOptions.azure = JSON.parse(req.body?.token) ?? getAzureCredentials();
+    clientOptions.azure = isUserProvided ? JSON.parse(key) : getAzureCredentials();
    openAIApiKey = clientOptions.azure.azureOpenAIApiKey;
  }
  const client = new PluginsClient(openAIApiKey, clientOptions);
--- a/api/server/routes/endpoints/openAI/addTitle.js
+++ b/api/server/routes/endpoints/openAI/addTitle.js
@ -1,22 +1,11 @@
-const { titleConvo } = require('../../../../app');
 const { saveConvo } = require('../../../../models');

-const addTitle = async (
-  req,
-  { text, azure, response, newConvo, parentMessageId, openAIApiKey },
-) => {
-  if (parentMessageId == '00000000-0000-0000-0000-000000000000' && newConvo) {
-    const title = await titleConvo({
-      text,
-      azure,
-      response,
-      openAIApiKey,
-    });
-    await saveConvo(req.user.id, {
-      conversationId: response.conversationId,
-      title,
-    });
-  }
+const addTitle = async (req, { text, response, client }) => {
+  const title = await client.titleConvo({ text, responseText: response?.text });
+  await saveConvo(req.user.id, {
+    conversationId: response.conversationId,
+    title,
+  });
 };

 module.exports = addTitle;
--- a/api/server/routes/endpoints/openAI/initializeClient.js
+++ b/api/server/routes/endpoints/openAI/initializeClient.js
@ -1,19 +1,34 @@
 const { OpenAIClient } = require('../../../../app');
 const { getAzureCredentials } = require('../../../../utils');
+const { getUserKey, checkUserKeyExpiry } = require('../../../services/UserService');

-const initializeClient = (req, endpointOption) => {
+const initializeClient = async (req, endpointOption) => {
+  const { PROXY, OPENAI_API_KEY, AZURE_API_KEY, OPENAI_REVERSE_PROXY } = process.env;
+  const { key: expiresAt, endpoint } = req.body;
  const clientOptions = {
    // debug: true,
    // contextStrategy: 'refine',
-    reverseProxyUrl: process.env.OPENAI_REVERSE_PROXY || null,
-    proxy: process.env.PROXY || null,
+    reverseProxyUrl: OPENAI_REVERSE_PROXY ?? null,
+    proxy: PROXY ?? null,
    ...endpointOption,
  };

-  let openAIApiKey = req.body?.token ?? process.env.OPENAI_API_KEY;
+  const isUserProvided =
+    endpoint === 'openAI' ? OPENAI_API_KEY === 'user_provided' : AZURE_API_KEY === 'user_provided';

-  if (process.env.AZURE_API_KEY && endpointOption.endpoint === 'azureOpenAI') {
-    clientOptions.azure = JSON.parse(req.body?.token) ?? getAzureCredentials();
+  let key = null;
+  if (expiresAt && isUserProvided) {
+    checkUserKeyExpiry(
+      expiresAt,
+      'Your OpenAI API key has expired. Please provide your API key again.',
+    );
+    key = await getUserKey({ userId: req.user.id, name: endpoint });
+  }
+
+  let openAIApiKey = isUserProvided ? key : OPENAI_API_KEY;
+
+  if (process.env.AZURE_API_KEY && endpoint === 'azureOpenAI') {
+    clientOptions.azure = isUserProvided ? JSON.parse(key) : getAzureCredentials();
    openAIApiKey = clientOptions.azure.azureOpenAIApiKey;
  }

--- a/api/server/routes/index.js
+++ b/api/server/routes/index.js
@ -7,6 +7,7 @@ const prompts = require('./prompts');
 const search = require('./search');
 const tokenizer = require('./tokenizer');
 const auth = require('./auth');
+const keys = require('./keys');
 const oauth = require('./oauth');
 const { router: endpoints } = require('./endpoints');
 const plugins = require('./plugins');
@ -22,6 +23,7 @@ module.exports = {
  presets,
  prompts,
  auth,
+  keys,
  oauth,
  user,
  tokenizer,
--- a/api/server/routes/keys.js
+++ b/api/server/routes/keys.js
@ -0,0 +1,35 @@
+const express = require('express');
+const router = express.Router();
+const { updateUserKey, deleteUserKey, getUserKeyExpiry } = require('../services/UserService');
+const { requireJwtAuth } = require('../middleware/');
+
+router.put('/', requireJwtAuth, async (req, res) => {
+  await updateUserKey({ userId: req.user.id, ...req.body });
+  res.status(201).send();
+});
+
+router.delete('/:name', requireJwtAuth, async (req, res) => {
+  const { name } = req.params;
+  await deleteUserKey({ userId: req.user.id, name });
+  res.status(204).send();
+});
+
+router.delete('/', requireJwtAuth, async (req, res) => {
+  const { all } = req.query;
+
+  if (all !== 'true') {
+    return res.status(400).send({ error: 'Specify either all=true to delete.' });
+  }
+
+  await deleteUserKey({ userId: req.user.id, all: true });
+
+  res.status(204).send();
+});
+
+router.get('/', requireJwtAuth, async (req, res) => {
+  const { name } = req.query;
+  const response = await getUserKeyExpiry({ userId: req.user.id, name });
+  res.status(200).send(response);
+});
+
+module.exports = router;
--- a/api/server/routes/oauth.js
+++ b/api/server/routes/oauth.js
@ -1,6 +1,7 @@
 const passport = require('passport');
 const express = require('express');
 const router = express.Router();
+const { loginLimiter } = require('../middleware');
 const config = require('../../../config/loader');
 const domains = config.domains;
 const isProduction = config.isProduction;
@ -10,6 +11,7 @@ const isProduction = config.isProduction;
 */
 router.get(
  '/google',
+  loginLimiter,
  passport.authenticate('google', {
    scope: ['openid', 'profile', 'email'],
    session: false,
@ -37,6 +39,7 @@ router.get(

 router.get(
  '/facebook',
+  loginLimiter,
  passport.authenticate('facebook', {
    scope: ['public_profile'],
    profileFields: ['id', 'email', 'name'],
@ -66,6 +69,7 @@ router.get(

 router.get(
  '/openid',
+  loginLimiter,
  passport.authenticate('openid', {
    session: false,
  }),
@ -91,6 +95,7 @@ router.get(

 router.get(
  '/github',
+  loginLimiter,
  passport.authenticate('github', {
    scope: ['user:email', 'read:user'],
    session: false,
@ -118,6 +123,7 @@ router.get(

 router.get(
  '/discord',
+  loginLimiter,
  passport.authenticate('discord', {
    scope: ['identify', 'email'],
    session: false,