Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2026-03-06 00:00:18 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

refactor: update domain validation to use appConfig for allowed domains

Browse source
This commit is contained in:
Danny Avila 2025-08-18 00:23:45 -04:00
parent 677481dde6
commit 50bd6d3a02
No known key found for this signature in database
GPG key ID: BF31EEB2C5CA0956
8 changed files with 43 additions and 61 deletions
Download patch file Download diff file Expand all files Collapse all files

7
api/server/routes/agents/actions.js
View file

@ -16,6 +16,7 @@ const { getAgent, updateAgent, getListAgentsByAccess } = require('~/models/Agent
const { updateAction, getActions, deleteAction } = require('~/models/Action');
const { isActionDomainAllowed } = require('~/server/services/domains');
const { canAccessAgentResource } = require('~/server/middleware');
const { getAppConfig } = require('~/server/services/Config/app');
const { getRoleByName } = require('~/models/Role');
const router = express.Router();
@ -83,7 +84,11 @@ router.post(
}
let metadata = await encryptMetadata(removeNullishValues(_metadata, true));
const isDomainAllowed = await isActionDomainAllowed(metadata.domain);
const appConfig = await getAppConfig({ role: req.user.role });
const isDomainAllowed = await isActionDomainAllowed(
metadata.domain,
appConfig?.registration?.allowedDomains,
);
if (!isDomainAllowed) {
return res.status(400).json({ message: 'Domain not allowed' });
}

7
api/server/routes/assistants/actions.js
View file

@ -21,8 +21,8 @@ const router = express.Router();
* @returns {Object} 200 - success response - application/json
*/
router.post('/:assistant_id', async (req, res) => {
const appConfig = await getAppConfig({ role: req.user?.role });
try {
const appConfig = await getAppConfig({ role: req.user?.role });
const { assistant_id } = req.params;
/** @type {{ functions: FunctionTool[], action_id: string, metadata: ActionMetadata }} */
@ -32,7 +32,10 @@ router.post('/:assistant_id', async (req, res) => {
}
let metadata = await encryptMetadata(removeNullishValues(_metadata, true));
const isDomainAllowed = await isActionDomainAllowed(metadata.domain);
const isDomainAllowed = await isActionDomainAllowed(
metadata.domain,
appConfig?.registration?.allowedDomains,
);
if (!isDomainAllowed) {
return res.status(400).json({ message: 'Domain not allowed' });
}