✔️ fix: Resource field TypeError & Missing Role Permission Type (#8606)

* fix: resource parameter undefined TypeError in log * chore: Add missing FILE_SEARCH permission type to IRole interface * chore: Bump version of @librechat/data-schemas to 0.0.11 * fix: Ensure resource is defined and handle potential null values in OAuth flow
2025-12-17 00:40:14 +01:00 · 2025-07-22 18:22:58 -04:00 · 2025-07-22 18:22:58 -04:00 · 62c3f135e7
commit 62c3f135e7
parent baf3b4ad08
4 changed files with 14 additions and 12 deletions
--- a/package-lock.json
+++ b/package-lock.json
@ -48815,7 +48815,7 @@
    },
    "packages/data-schemas": {
      "name": "@librechat/data-schemas",
-      "version": "0.0.10",
+      "version": "0.0.11",
      "license": "MIT",
      "devDependencies": {
        "@rollup/plugin-alias": "^5.1.0",
--- a/packages/api/src/mcp/oauth/handler.ts
+++ b/packages/api/src/mcp/oauth/handler.ts
@ -269,18 +269,17 @@ export class MCPOAuthHandler {
        authorizationUrl.searchParams.set('state', flowId);
        logger.debug(`[MCPOAuth] Added state parameter to authorization URL`);

-        if (resourceMetadata?.resource) {
+        if (resourceMetadata?.resource != null && resourceMetadata.resource) {
          authorizationUrl.searchParams.set('resource', resourceMetadata.resource);
+          logger.debug(
+            `[MCPOAuth] Added resource parameter to authorization URL: ${resourceMetadata.resource}`,
+          );
        } else {
          logger.warn(
            `[MCPOAuth] Resource metadata missing 'resource' property for ${serverName}. ` +
              'This can cause issues with some Authorization Servers who expect a "resource" parameter.',
          );
        }
-
-        logger.debug(
-          `[MCPOAuth] Added resource parameter to authorization URL: ${resourceMetadata.resource}`,
-        );
      } catch (error) {
        logger.error(`[MCPOAuth] startAuthorization failed:`, error);
        throw error;
@ -343,9 +342,9 @@ export class MCPOAuthHandler {
        throw new Error('Invalid flow metadata');
      }

-      let resource;
+      let resource: URL | undefined;
      try {
-        if (metadata.resourceMetadata?.resource) {
+        if (metadata.resourceMetadata?.resource != null && metadata.resourceMetadata.resource) {
          resource = new URL(metadata.resourceMetadata.resource);
          logger.debug(`[MCPOAuth] Resource URL for flow ${flowId}: ${resource.toString()}`);
        }
@ -358,12 +357,12 @@ export class MCPOAuthHandler {
      }

      const tokens = await exchangeAuthorization(metadata.serverUrl, {
+        redirectUri: metadata.clientInfo.redirect_uris?.[0] || this.getDefaultRedirectUri(),
        metadata: metadata.metadata as unknown as SDKOAuthMetadata,
        clientInformation: metadata.clientInfo,
-        authorizationCode,
        codeVerifier: metadata.codeVerifier,
-        redirectUri: metadata.clientInfo.redirect_uris?.[0] || this.getDefaultRedirectUri(),
-        resource: resource,
+        authorizationCode,
+        resource,
      });

      logger.debug('[MCPOAuth] Raw tokens from exchange:', {
--- a/packages/data-schemas/package.json
+++ b/packages/data-schemas/package.json
@ -1,6 +1,6 @@
 {
  "name": "@librechat/data-schemas",
-  "version": "0.0.10",
+  "version": "0.0.11",
  "description": "Mongoose schemas and models for LibreChat",
  "type": "module",
  "main": "dist/index.cjs",
--- a/packages/data-schemas/src/types/role.ts
+++ b/packages/data-schemas/src/types/role.ts
@ -35,5 +35,8 @@ export interface IRole extends Document {
    [PermissionTypes.WEB_SEARCH]?: {
      [Permissions.USE]?: boolean;
    };
+    [PermissionTypes.FILE_SEARCH]?: {
+      [Permissions.USE]?: boolean;
+    };
  };
 }