🔄 fix: Ensure lastRefill Date for Existing Users & Refactor Balance Middleware (#9086)

- Deleted setBalanceConfig middleware and its associated file. - Introduced createSetBalanceConfig factory function to create middleware for synchronizing user balance settings. - Updated auth and oauth routes to use the new balance configuration middleware. - Added comprehensive tests for the new balance middleware functionality. - Updated package versions and dependencies in package.json and package-lock.json. - Added balance types and updated middleware index to export new balance middleware.
2025-12-17 08:50:15 +01:00 · 2025-08-15 17:02:49 -04:00 · 2025-08-15 17:02:49 -04:00 · 50b7bd6643
commit 50b7bd6643
parent 81186312ef
11 changed files with 835 additions and 280 deletions
--- a/api/server/routes/auth.js
+++ b/api/server/routes/auth.js
@ -1,75 +1,75 @@
 const express = require('express');
+const { createSetBalanceConfig } = require('@librechat/api');
 const {
-  refreshController,
-  registrationController,
-  resetPasswordController,
  resetPasswordRequestController,
+  resetPasswordController,
+  registrationController,
  graphTokenController,
+  refreshController,
 } = require('~/server/controllers/AuthController');
-const { loginController } = require('~/server/controllers/auth/LoginController');
-const { logoutController } = require('~/server/controllers/auth/LogoutController');
-const { verify2FAWithTempToken } = require('~/server/controllers/auth/TwoFactorAuthController');
 const {
+  regenerateBackupCodes,
+  disable2FA,
+  confirm2FA,
  enable2FA,
  verify2FA,
-  disable2FA,
-  regenerateBackupCodes,
-  confirm2FA,
 } = require('~/server/controllers/TwoFactorController');
-const {
-  checkBan,
-  logHeaders,
-  loginLimiter,
-  requireJwtAuth,
-  checkInviteUser,
-  registerLimiter,
-  requireLdapAuth,
-  setBalanceConfig,
-  requireLocalAuth,
-  resetPasswordLimiter,
-  validateRegistration,
-  validatePasswordReset,
-} = require('~/server/middleware');
+const { verify2FAWithTempToken } = require('~/server/controllers/auth/TwoFactorAuthController');
+const { logoutController } = require('~/server/controllers/auth/LogoutController');
+const { loginController } = require('~/server/controllers/auth/LoginController');
+const { getBalanceConfig } = require('~/server/services/Config');
+const middleware = require('~/server/middleware');
+const { Balance } = require('~/db/models');
+
+const setBalanceConfig = createSetBalanceConfig({
+  getBalanceConfig,
+  Balance,
+});

 const router = express.Router();

 const ldapAuth = !!process.env.LDAP_URL && !!process.env.LDAP_USER_SEARCH_BASE;
 //Local
-router.post('/logout', requireJwtAuth, logoutController);
+router.post('/logout', middleware.requireJwtAuth, logoutController);
 router.post(
  '/login',
-  logHeaders,
-  loginLimiter,
-  checkBan,
-  ldapAuth ? requireLdapAuth : requireLocalAuth,
+  middleware.logHeaders,
+  middleware.loginLimiter,
+  middleware.checkBan,
+  ldapAuth ? middleware.requireLdapAuth : middleware.requireLocalAuth,
  setBalanceConfig,
  loginController,
 );
 router.post('/refresh', refreshController);
 router.post(
  '/register',
-  registerLimiter,
-  checkBan,
-  checkInviteUser,
-  validateRegistration,
+  middleware.registerLimiter,
+  middleware.checkBan,
+  middleware.checkInviteUser,
+  middleware.validateRegistration,
  registrationController,
 );
 router.post(
  '/requestPasswordReset',
-  resetPasswordLimiter,
-  checkBan,
-  validatePasswordReset,
+  middleware.resetPasswordLimiter,
+  middleware.checkBan,
+  middleware.validatePasswordReset,
  resetPasswordRequestController,
 );
-router.post('/resetPassword', checkBan, validatePasswordReset, resetPasswordController);
+router.post(
+  '/resetPassword',
+  middleware.checkBan,
+  middleware.validatePasswordReset,
+  resetPasswordController,
+);

-router.get('/2fa/enable', requireJwtAuth, enable2FA);
-router.post('/2fa/verify', requireJwtAuth, verify2FA);
-router.post('/2fa/verify-temp', checkBan, verify2FAWithTempToken);
-router.post('/2fa/confirm', requireJwtAuth, confirm2FA);
-router.post('/2fa/disable', requireJwtAuth, disable2FA);
-router.post('/2fa/backup/regenerate', requireJwtAuth, regenerateBackupCodes);
+router.get('/2fa/enable', middleware.requireJwtAuth, enable2FA);
+router.post('/2fa/verify', middleware.requireJwtAuth, verify2FA);
+router.post('/2fa/verify-temp', middleware.checkBan, verify2FAWithTempToken);
+router.post('/2fa/confirm', middleware.requireJwtAuth, confirm2FA);
+router.post('/2fa/disable', middleware.requireJwtAuth, disable2FA);
+router.post('/2fa/backup/regenerate', middleware.requireJwtAuth, regenerateBackupCodes);

-router.get('/graph-token', requireJwtAuth, graphTokenController);
+router.get('/graph-token', middleware.requireJwtAuth, graphTokenController);

 module.exports = router;
--- a/api/server/routes/oauth.js
+++ b/api/server/routes/oauth.js
@ -1,19 +1,20 @@
 // file deepcode ignore NoRateLimitingForLogin: Rate limiting is handled by the `loginLimiter` middleware
 const express = require('express');
 const passport = require('passport');
-const { isEnabled } = require('@librechat/api');
 const { randomState } = require('openid-client');
 const { logger } = require('@librechat/data-schemas');
 const { ErrorTypes } = require('librechat-data-provider');
-const {
-  checkBan,
-  logHeaders,
-  loginLimiter,
-  setBalanceConfig,
-  checkDomainAllowed,
-} = require('~/server/middleware');
+const { isEnabled, createSetBalanceConfig } = require('@librechat/api');
+const { checkDomainAllowed, loginLimiter, logHeaders, checkBan } = require('~/server/middleware');
 const { syncUserEntraGroupMemberships } = require('~/server/services/PermissionService');
 const { setAuthTokens, setOpenIDAuthTokens } = require('~/server/services/AuthService');
+const { getBalanceConfig } = require('~/server/services/Config');
+const { Balance } = require('~/db/models');
+
+const setBalanceConfig = createSetBalanceConfig({
+  getBalanceConfig,
+  Balance,
+});

 const router = express.Router();