🛂 feat: Added Security for Conversation Access (#3588)

* 🛂 feat: Added Security for Conversation Access * refactor: Update concurrentLimiter and convoAccess middleware to use isEnabled function for Redis check * refactor: handle access check even if cache is not available (edge case)
2025-12-16 16:30:15 +01:00 · 2024-08-08 12:14:00 -04:00 · 2024-08-08 12:14:00 -04:00 · 5c99d93744
commit 5c99d93744
parent b3821c1404
11 changed files with 121 additions and 18 deletions
--- a/api/cache/getLogStores.js
+++ b/api/cache/getLogStores.js
@ -35,11 +35,11 @@ const messages = isEnabled(USE_REDIS)
  ? new Keyv({ store: keyvRedis, ttl: Time.FIVE_MINUTES })
  : new Keyv({ namespace: CacheKeys.MESSAGES, ttl: Time.FIVE_MINUTES });

-const tokenConfig = isEnabled(USE_REDIS) // ttl: 30 minutes
+const tokenConfig = isEnabled(USE_REDIS)
  ? new Keyv({ store: keyvRedis, ttl: Time.THIRTY_MINUTES })
  : new Keyv({ namespace: CacheKeys.TOKEN_CONFIG, ttl: Time.THIRTY_MINUTES });

-const genTitle = isEnabled(USE_REDIS) // ttl: 2 minutes
+const genTitle = isEnabled(USE_REDIS)
  ? new Keyv({ store: keyvRedis, ttl: Time.TWO_MINUTES })
  : new Keyv({ namespace: CacheKeys.GEN_TITLE, ttl: Time.TWO_MINUTES });

@ -69,6 +69,7 @@ const namespaces = {
  registrations: createViolationInstance('registrations'),
  [ViolationTypes.TTS_LIMIT]: createViolationInstance(ViolationTypes.TTS_LIMIT),
  [ViolationTypes.STT_LIMIT]: createViolationInstance(ViolationTypes.STT_LIMIT),
+  [ViolationTypes.CONVO_ACCESS]: createViolationInstance(ViolationTypes.CONVO_ACCESS),
  [ViolationTypes.FILE_UPLOAD_LIMIT]: createViolationInstance(ViolationTypes.FILE_UPLOAD_LIMIT),
  [ViolationTypes.VERIFY_EMAIL_LIMIT]: createViolationInstance(ViolationTypes.VERIFY_EMAIL_LIMIT),
  [ViolationTypes.RESET_PASSWORD_LIMIT]: createViolationInstance(