🛂 feat: Added Security for Conversation Access (#3588)

* 🛂 feat: Added Security for Conversation Access

* refactor: Update concurrentLimiter and convoAccess middleware to use isEnabled function for Redis check

* refactor: handle access check even if cache is not available (edge case)

api/server/middleware/concurrentLimiter.js

@@ -1,5 +1,7 @@
-const clearPendingReq = require('../../cache/clearPendingReq');
-const { logViolation, getLogStores } = require('../../cache');
+const { Time } = require('librechat-data-provider');
+const clearPendingReq = require('~/cache/clearPendingReq');
+const { logViolation, getLogStores } = require('~/cache');
+const { isEnabled } = require('~/server/utils');
 const denyRequest = require('./denyRequest');
 
 const {
@@ -7,7 +9,6 @@ const {
   CONCURRENT_MESSAGE_MAX = 1,
   CONCURRENT_VIOLATION_SCORE: score,
 } = process.env ?? {};
-const ttl = 1000 * 60 * 1;
 
 /**
  * Middleware to limit concurrent requests for a user.
@@ -38,7 +39,7 @@ const concurrentLimiter = async (req, res, next) => {
   const limit = Math.max(CONCURRENT_MESSAGE_MAX, 1);
   const type = 'concurrent';
 
-  const key = `${USE_REDIS ? namespace : ''}:${userId}`;
+  const key = `${isEnabled(USE_REDIS) ? namespace : ''}:${userId}`;
   const pendingRequests = +((await cache.get(key)) ?? 0);
 
   if (pendingRequests >= limit) {
@@ -51,7 +52,7 @@ const concurrentLimiter = async (req, res, next) => {
     await logViolation(req, res, type, errorMessage, score);
     return await denyRequest(req, res, errorMessage);
   } else {
-    await cache.set(key, pendingRequests + 1, ttl);
+    await cache.set(key, pendingRequests + 1, Time.ONE_MINUTE);
   }
 
   // Ensure the requests are removed from the store once the request is done