Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2025-12-22 19:30:15 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

refactor: update domain validation to use appConfig for allowed domains

Browse source
This commit is contained in:
Danny Avila 2025-08-18 00:23:45 -04:00
parent 677481dde6
commit 50bd6d3a02
No known key found for this signature in database
GPG key ID: BF31EEB2C5CA0956
8 changed files with 43 additions and 61 deletions
Download patch file Download diff file Expand all files Collapse all files

7
api/server/routes/agents/actions.js
View file

@ -16,6 +16,7 @@ const { getAgent, updateAgent, getListAgentsByAccess } = require('~/models/Agent
const { updateAction, getActions, deleteAction } = require('~/models/Action');
const { isActionDomainAllowed } = require('~/server/services/domains');
const { canAccessAgentResource } = require('~/server/middleware');
const { getAppConfig } = require('~/server/services/Config/app');
const { getRoleByName } = require('~/models/Role');
const router = express.Router();
@ -83,7 +84,11 @@ router.post(
}
let metadata = await encryptMetadata(removeNullishValues(_metadata, true));
const isDomainAllowed = await isActionDomainAllowed(metadata.domain);
const appConfig = await getAppConfig({ role: req.user.role });
const isDomainAllowed = await isActionDomainAllowed(
metadata.domain,
appConfig?.registration?.allowedDomains,
);
if (!isDomainAllowed) {
return res.status(400).json({ message: 'Domain not allowed' });
}