Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2025-12-17 17:00:15 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

refactor: improve passport strategy handling in async/await manner to prevent race conditions upon importing modules (#682)

Browse source
This commit is contained in:
Danny Avila 2023-07-22 07:29:17 -07:00 committed by GitHub
parent e38483a8b9
commit 6943f1c2c7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
12 changed files with 273 additions and 246 deletions
Download patch file Download diff file Expand all files Collapse all files

2
api/package.json
View file

@ -51,7 +51,9 @@
"openai": "^3.2.1", "openai": "^3.2.1",
"openid-client": "^5.4.2", "openid-client": "^5.4.2",
"passport": "^0.6.0", "passport": "^0.6.0",
"passport-discord": "^0.1.4",
"passport-facebook": "^3.0.0", "passport-facebook": "^3.0.0",
"passport-github2": "^0.1.12",
"passport-google-oauth20": "^2.0.0", "passport-google-oauth20": "^2.0.0",
"passport-jwt": "^4.0.1", "passport-jwt": "^4.0.1",
"passport-local": "^1.0.0", "passport-local": "^1.0.0",

23
api/server/index.js
View file

@ -11,6 +11,15 @@ const passport = require('passport');
const port = process.env.PORT || 3080; const port = process.env.PORT || 3080;
const host = process.env.HOST || 'localhost'; const host = process.env.HOST || 'localhost';
const projectPath = path.join(__dirname, '..', '..', 'client'); const projectPath = path.join(__dirname, '..', '..', 'client');
const {
jwtLogin,
passportLogin,
googleLogin,
githubLogin,
discordLogin,
facebookLogin,
setupOpenId,
} = require('../strategies');
// Init the config and validate it // Init the config and validate it
const config = require('../../config/loader'); const config = require('../../config/loader');
@ -40,19 +49,19 @@ config.validate(); // Validate the config
// OAUTH // OAUTH
app.use(passport.initialize()); app.use(passport.initialize());
require('../strategies/jwtStrategy'); passport.use(await jwtLogin());
require('../strategies/localStrategy'); passport.use(await passportLogin());
if (process.env.GOOGLE_CLIENT_ID && process.env.GOOGLE_CLIENT_SECRET) { if (process.env.GOOGLE_CLIENT_ID && process.env.GOOGLE_CLIENT_SECRET) {
require('../strategies/googleStrategy'); passport.use(await googleLogin());
} }
if (process.env.FACEBOOK_CLIENT_ID && process.env.FACEBOOK_CLIENT_SECRET) { if (process.env.FACEBOOK_CLIENT_ID && process.env.FACEBOOK_CLIENT_SECRET) {
require('../strategies/facebookStrategy'); passport.use(await facebookLogin());
} }
if (process.env.GITHUB_CLIENT_ID && process.env.GITHUB_CLIENT_SECRET) { if (process.env.GITHUB_CLIENT_ID && process.env.GITHUB_CLIENT_SECRET) {
require('../strategies/githubStrategy'); passport.use(await githubLogin());
} }
if (process.env.DISCORD_CLIENT_ID && process.env.DISCORD_CLIENT_SECRET) { if (process.env.DISCORD_CLIENT_ID && process.env.DISCORD_CLIENT_SECRET) {
require('../strategies/discordStrategy'); passport.use(await discordLogin());
} }
if ( if (
process.env.OPENID_CLIENT_ID && process.env.OPENID_CLIENT_ID &&
@ -69,7 +78,7 @@ config.validate(); // Validate the config
}), }),
); );
app.use(passport.session()); app.use(passport.session());
require('../strategies/openidStrategy'); await setupOpenId();
} }
app.use('/oauth', routes.oauth); app.use('/oauth', routes.oauth);
// api endpoint // api endpoint

86
api/strategies/discordStrategy.js
View file

@ -1,51 +1,51 @@
const passport = require('passport');
const { Strategy: DiscordStrategy } = require('passport-discord'); const { Strategy: DiscordStrategy } = require('passport-discord');
const User = require('../models/User'); const User = require('../models/User');
const config = require('../../config/loader'); const config = require('../../config/loader');
const domains = config.domains; const domains = config.domains;
const discordLogin = new DiscordStrategy( const discordLogin = async () =>
{ new DiscordStrategy(
clientID: process.env.DISCORD_CLIENT_ID, {
clientSecret: process.env.DISCORD_CLIENT_SECRET, clientID: process.env.DISCORD_CLIENT_ID,
callbackURL: `${domains.server}${process.env.DISCORD_CALLBACK_URL}`, clientSecret: process.env.DISCORD_CLIENT_SECRET,
scope: ['identify', 'email'], // Request scopes callbackURL: `${domains.server}${process.env.DISCORD_CALLBACK_URL}`,
authorizationURL: 'https://discord.com/api/oauth2/authorize?prompt=none', // Add the prompt query parameter scope: ['identify', 'email'], // Request scopes
}, authorizationURL: 'https://discord.com/api/oauth2/authorize?prompt=none', // Add the prompt query parameter
async (accessToken, refreshToken, profile, cb) => { },
try { async (accessToken, refreshToken, profile, cb) => {
const email = profile.email; try {
const discordId = profile.id; const email = profile.email;
const discordId = profile.id;
const oldUser = await User.findOne({ email }); const oldUser = await User.findOne({ email });
if (oldUser) { if (oldUser) {
return cb(null, oldUser); return cb(null, oldUser);
}
let avatarURL;
if (profile.avatar) {
const format = profile.avatar.startsWith('a_') ? 'gif' : 'png';
avatarURL = `https://cdn.discordapp.com/avatars/${profile.id}/${profile.avatar}.${format}`;
} else {
const defaultAvatarNum = Number(profile.discriminator) % 5;
avatarURL = `https://cdn.discordapp.com/embed/avatars/${defaultAvatarNum}.png`;
}
const newUser = await User.create({
provider: 'discord',
discordId,
username: profile.username,
email,
name: profile.global_name,
avatar: avatarURL,
});
cb(null, newUser);
} catch (err) {
console.error(err);
cb(err);
} }
},
);
let avatarURL; module.exports = discordLogin;
if (profile.avatar) {
const format = profile.avatar.startsWith('a_') ? 'gif' : 'png';
avatarURL = `https://cdn.discordapp.com/avatars/${profile.id}/${profile.avatar}.${format}`;
} else {
const defaultAvatarNum = Number(profile.discriminator) % 5;
avatarURL = `https://cdn.discordapp.com/embed/avatars/${defaultAvatarNum}.png`;
}
const newUser = await User.create({
provider: 'discord',
discordId,
username: profile.username,
email,
name: profile.global_name,
avatar: avatarURL,
});
cb(null, newUser);
} catch (err) {
console.error(err);
cb(err);
}
},
);
passport.use(discordLogin);

96
api/strategies/facebookStrategy.js
View file

@ -1,59 +1,59 @@
const passport = require('passport');
const FacebookStrategy = require('passport-facebook').Strategy; const FacebookStrategy = require('passport-facebook').Strategy;
const User = require('../models/User'); const User = require('../models/User');
const config = require('../../config/loader'); const config = require('../../config/loader');
const domains = config.domains; const domains = config.domains;
// facebook strategy // facebook strategy
const facebookLogin = new FacebookStrategy( const facebookLogin = async () =>
{ new FacebookStrategy(
clientID: process.env.FACEBOOK_APP_ID, {
clientSecret: process.env.FACEBOOK_SECRET, clientID: process.env.FACEBOOK_APP_ID,
callbackURL: `${domains.server}${process.env.FACEBOOK_CALLBACK_URL}`, clientSecret: process.env.FACEBOOK_SECRET,
proxy: true, callbackURL: `${domains.server}${process.env.FACEBOOK_CALLBACK_URL}`,
// profileFields: [ proxy: true,
// 'id', // profileFields: [
// 'email', // 'id',
// 'gender', // 'email',
// 'profileUrl', // 'gender',
// 'displayName', // 'profileUrl',
// 'locale', // 'displayName',
// 'name', // 'locale',
// 'timezone', // 'name',
// 'updated_time', // 'timezone',
// 'verified', // 'updated_time',
// 'picture.type(large)' // 'verified',
// ] // 'picture.type(large)'
}, // ]
async (accessToken, refreshToken, profile, done) => { },
console.log('facebookLogin => profile', profile); async (accessToken, refreshToken, profile, done) => {
try { console.log('facebookLogin => profile', profile);
const oldUser = await User.findOne({ email: profile.emails[0].value }); try {
const oldUser = await User.findOne({ email: profile.emails[0].value });
if (oldUser) { if (oldUser) {
console.log('FACEBOOK LOGIN => found user', oldUser); console.log('FACEBOOK LOGIN => found user', oldUser);
return done(null, oldUser); return done(null, oldUser);
}
} catch (err) {
console.log(err);
} }
} catch (err) {
console.log(err);
}
// register user // register user
try { try {
const newUser = await new User({ const newUser = await new User({
provider: 'facebook', provider: 'facebook',
facebookId: profile.id, facebookId: profile.id,
username: profile.name.givenName + profile.name.familyName, username: profile.name.givenName + profile.name.familyName,
email: profile.emails[0].value, email: profile.emails[0].value,
name: profile.displayName, name: profile.displayName,
avatar: profile.photos[0].value, avatar: profile.photos[0].value,
}).save(); }).save();
done(null, newUser); done(null, newUser);
} catch (err) { } catch (err) {
console.log(err); console.log(err);
} }
}, },
); );
passport.use(facebookLogin); module.exports = facebookLogin;

76
api/strategies/githubStrategy.js
View file

@ -1,4 +1,3 @@
const passport = require('passport');
const { Strategy: GitHubStrategy } = require('passport-github2'); const { Strategy: GitHubStrategy } = require('passport-github2');
const config = require('../../config/loader'); const config = require('../../config/loader');
const domains = config.domains; const domains = config.domains;
@ -6,42 +5,43 @@ const domains = config.domains;
const User = require('../models/User'); const User = require('../models/User');
// GitHub strategy // GitHub strategy
const githubLogin = new GitHubStrategy( const githubLogin = async () =>
{ new GitHubStrategy(
clientID: process.env.GITHUB_CLIENT_ID, {
clientSecret: process.env.GITHUB_CLIENT_SECRET, clientID: process.env.GITHUB_CLIENT_ID,
callbackURL: `${domains.server}${process.env.GITHUB_CALLBACK_URL}`, clientSecret: process.env.GITHUB_CLIENT_SECRET,
proxy: false, callbackURL: `${domains.server}${process.env.GITHUB_CALLBACK_URL}`,
scope: ['user:email'], // Request email scope proxy: false,
}, scope: ['user:email'], // Request email scope
async (accessToken, refreshToken, profile, cb) => { },
try { async (accessToken, refreshToken, profile, cb) => {
let email; try {
if (profile.emails && profile.emails.length > 0) { let email;
email = profile.emails[0].value; if (profile.emails && profile.emails.length > 0) {
email = profile.emails[0].value;
}
const oldUser = await User.findOne({ email });
if (oldUser) {
return cb(null, oldUser);
}
const newUser = await new User({
provider: 'github',
githubId: profile.id,
username: profile.username,
email,
emailVerified: profile.emails[0].verified,
name: profile.displayName,
avatar: profile.photos[0].value,
}).save();
cb(null, newUser);
} catch (err) {
console.error(err);
cb(err);
} }
},
);
const oldUser = await User.findOne({ email }); module.exports = githubLogin;
if (oldUser) {
return cb(null, oldUser);
}
const newUser = await new User({
provider: 'github',
githubId: profile.id,
username: profile.username,
email,
emailVerified: profile.emails[0].verified,
name: profile.displayName,
avatar: profile.photos[0].value,
}).save();
cb(null, newUser);
} catch (err) {
console.error(err);
cb(err);
}
},
);
passport.use(githubLogin);

66
api/strategies/googleStrategy.js
View file

@ -1,4 +1,3 @@
const passport = require('passport');
const { Strategy: GoogleStrategy } = require('passport-google-oauth20'); const { Strategy: GoogleStrategy } = require('passport-google-oauth20');
const config = require('../../config/loader'); const config = require('../../config/loader');
const domains = config.domains; const domains = config.domains;
@ -6,38 +5,39 @@ const domains = config.domains;
const User = require('../models/User'); const User = require('../models/User');
// google strategy // google strategy
const googleLogin = new GoogleStrategy( const googleLogin = async () =>
{ new GoogleStrategy(
clientID: process.env.GOOGLE_CLIENT_ID, {
clientSecret: process.env.GOOGLE_CLIENT_SECRET, clientID: process.env.GOOGLE_CLIENT_ID,
callbackURL: `${domains.server}${process.env.GOOGLE_CALLBACK_URL}`, clientSecret: process.env.GOOGLE_CLIENT_SECRET,
proxy: true, callbackURL: `${domains.server}${process.env.GOOGLE_CALLBACK_URL}`,
}, proxy: true,
async (accessToken, refreshToken, profile, cb) => { },
try { async (accessToken, refreshToken, profile, cb) => {
const oldUser = await User.findOne({ email: profile.emails[0].value }); try {
if (oldUser) { const oldUser = await User.findOne({ email: profile.emails[0].value });
return cb(null, oldUser); if (oldUser) {
return cb(null, oldUser);
}
} catch (err) {
console.log(err);
} }
} catch (err) {
console.log(err);
}
try { try {
const newUser = await new User({ const newUser = await new User({
provider: 'google', provider: 'google',
googleId: profile.id, googleId: profile.id,
username: profile.name.givenName, username: profile.name.givenName,
email: profile.emails[0].value, email: profile.emails[0].value,
emailVerified: profile.emails[0].verified, emailVerified: profile.emails[0].verified,
name: `${profile.name.givenName} ${profile.name.familyName}`, name: `${profile.name.givenName} ${profile.name.familyName}`,
avatar: profile.photos[0].value, avatar: profile.photos[0].value,
}).save(); }).save();
cb(null, newUser); cb(null, newUser);
} catch (err) { } catch (err) {
console.log(err); console.log(err);
} }
}, },
); );
passport.use(googleLogin); module.exports = googleLogin;

17
api/strategies/index.js Normal file
View file

@ -0,0 +1,17 @@
const passportLogin = require('./localStrategy');
const googleLogin = require('./googleStrategy');
const githubLogin = require('./githubStrategy');
const discordLogin = require('./discordStrategy');
const jwtLogin = require('./jwtStrategy');
const facebookLogin = require('./facebookStrategy');
const setupOpenId = require('./openidStrategy');
module.exports = {
passportLogin,
googleLogin,
githubLogin,
discordLogin,
jwtLogin,
facebookLogin,
setupOpenId,
};

40
api/strategies/jwtStrategy.js
View file

@ -1,26 +1,26 @@
const passport = require('passport');
const { Strategy: JwtStrategy, ExtractJwt } = require('passport-jwt'); const { Strategy: JwtStrategy, ExtractJwt } = require('passport-jwt');
const User = require('../models/User'); const User = require('../models/User');
// JWT strategy // JWT strategy
const jwtLogin = new JwtStrategy( const jwtLogin = async () =>
{ new JwtStrategy(
jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(), {
secretOrKey: process.env.JWT_SECRET, jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
}, secretOrKey: process.env.JWT_SECRET,
async (payload, done) => { },
try { async (payload, done) => {
const user = await User.findById(payload.id); try {
if (user) { const user = await User.findById(payload.id);
done(null, user); if (user) {
} else { done(null, user);
console.log('JwtStrategy => no user found'); } else {
done(null, false); console.log('JwtStrategy => no user found');
done(null, false);
}
} catch (err) {
done(err, false);
} }
} catch (err) { },
done(err, false); );
}
},
);
passport.use(jwtLogin); module.exports = jwtLogin;

88
api/strategies/localStrategy.js
View file

@ -1,62 +1,60 @@
const passport = require('passport');
const PassportLocalStrategy = require('passport-local').Strategy; const PassportLocalStrategy = require('passport-local').Strategy;
const User = require('../models/User'); const User = require('../models/User');
const { loginSchema } = require('./validators'); const { loginSchema } = require('./validators');
const DebugControl = require('../utils/debug.js'); const DebugControl = require('../utils/debug.js');
const passportLogin = new PassportLocalStrategy( const passportLogin = async () =>
{ new PassportLocalStrategy(
usernameField: 'email', {
passwordField: 'password', usernameField: 'email',
session: false, passwordField: 'password',
passReqToCallback: true, session: false,
}, passReqToCallback: true,
async (req, email, password, done) => { },
const { error } = loginSchema.validate(req.body); async (req, email, password, done) => {
if (error) { const { error } = loginSchema.validate(req.body);
log({ if (error) {
title: 'Passport Local Strategy - Validation Error',
parameters: [{ name: 'req.body', value: req.body }],
});
return done(null, false, { message: error.details[0].message });
}
try {
const user = await User.findOne({ email: email.trim() });
if (!user) {
log({ log({
title: 'Passport Local Strategy - User Not Found', title: 'Passport Local Strategy - Validation Error',
parameters: [{ name: 'email', value: email }], parameters: [{ name: 'req.body', value: req.body }],
}); });
return done(null, false, { message: 'Email does not exists.' }); return done(null, false, { message: error.details[0].message });
} }
user.comparePassword(password, function (err, isMatch) { try {
if (err) { const user = await User.findOne({ email: email.trim() });
if (!user) {
log({ log({
title: 'Passport Local Strategy - Compare password error', title: 'Passport Local Strategy - User Not Found',
parameters: [{ name: 'error', value: err }], parameters: [{ name: 'email', value: email }],
}); });
return done(err); return done(null, false, { message: 'Email does not exists.' });
}
if (!isMatch) {
log({
title: 'Passport Local Strategy - Password does not match',
parameters: [{ name: 'isMatch', value: isMatch }],
});
return done(null, false, { message: 'Incorrect password.' });
} }
return done(null, user); user.comparePassword(password, function (err, isMatch) {
}); if (err) {
} catch (err) { log({
return done(err); title: 'Passport Local Strategy - Compare password error',
} parameters: [{ name: 'error', value: err }],
}, });
); return done(err);
}
if (!isMatch) {
log({
title: 'Passport Local Strategy - Password does not match',
parameters: [{ name: 'isMatch', value: isMatch }],
});
return done(null, false, { message: 'Incorrect password.' });
}
passport.use(passportLogin); return done(null, user);
});
} catch (err) {
return done(err);
}
},
);
function log({ title, parameters }) { function log({ title, parameters }) {
DebugControl.log.functionName(title); DebugControl.log.functionName(title);
@ -64,3 +62,5 @@ function log({ title, parameters }) {
DebugControl.log.parameters(parameters); DebugControl.log.parameters(parameters);
} }
} }
module.exports = passportLogin;

13
api/strategies/openidStrategy.js
View file

@ -36,8 +36,9 @@ const downloadImage = async (url, imagePath, accessToken) => {
} }
}; };
Issuer.discover(process.env.OPENID_ISSUER) async function setupOpenId() {
.then((issuer) => { try {
const issuer = await Issuer.discover(process.env.OPENID_ISSUER);
const client = new issuer.Client({ const client = new issuer.Client({
client_id: process.env.OPENID_CLIENT_ID, client_id: process.env.OPENID_CLIENT_ID,
client_secret: process.env.OPENID_CLIENT_SECRET, client_secret: process.env.OPENID_CLIENT_SECRET,
@ -128,7 +129,9 @@ Issuer.discover(process.env.OPENID_ISSUER)
); );
passport.use('openid', openidLogin); passport.use('openid', openidLogin);
}) } catch (err) {
.catch((err) => {
console.error(err); console.error(err);
}); }
}
module.exports = setupOpenId;

7
package-lock.json generated
View file

@ -15,10 +15,7 @@
"packages/*" "packages/*"
], ],
"dependencies": { "dependencies": {
"axios": "^1.4.0", "axios": "^1.4.0"
"passport": "^0.6.0",
"passport-discord": "^0.1.4",
"passport-github2": "^0.1.12"
}, },
"devDependencies": { "devDependencies": {
"@playwright/test": "^1.32.1", "@playwright/test": "^1.32.1",
@ -78,7 +75,9 @@
"openai": "^3.2.1", "openai": "^3.2.1",
"openid-client": "^5.4.2", "openid-client": "^5.4.2",
"passport": "^0.6.0", "passport": "^0.6.0",
"passport-discord": "^0.1.4",
"passport-facebook": "^3.0.0", "passport-facebook": "^3.0.0",
"passport-github2": "^0.1.12",
"passport-google-oauth20": "^2.0.0", "passport-google-oauth20": "^2.0.0",
"passport-jwt": "^4.0.1", "passport-jwt": "^4.0.1",
"passport-local": "^1.0.0", "passport-local": "^1.0.0",

5
package.json
View file

@ -45,10 +45,7 @@
}, },
"homepage": "https://github.com/danny-avila/LibreChat#readme", "homepage": "https://github.com/danny-avila/LibreChat#readme",
"dependencies": { "dependencies": {
"axios": "^1.4.0", "axios": "^1.4.0"
"passport": "^0.6.0",
"passport-discord": "^0.1.4",
"passport-github2": "^0.1.12"
}, },
"devDependencies": { "devDependencies": {
"@playwright/test": "^1.32.1", "@playwright/test": "^1.32.1",