Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2025-09-22 08:12:00 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

🔐 feat: Implement Allowed Action Domains (#4964)

Browse source 
* chore: RequestExecutor typing

* feat: allowed action domains

* fix: rename TAgentsEndpoint to TAssistantEndpoint in typedefs

* chore: update librechat-data-provider version to 0.7.62
This commit is contained in:
Danny Avila 2024-12-12 12:52:42 -05:00 committed by GitHub
parent e82af236bc
commit 69bd8e3644
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
18 changed files with 364 additions and 97 deletions
Download patch file Download diff file Expand all files Collapse all files

5
api/server/routes/agents/actions.js
View file

@ -3,6 +3,7 @@ const { nanoid } = require('nanoid');
const { actionDelimiter } = require('librechat-data-provider');
const { encryptMetadata, domainParser } = require('~/server/services/ActionService');
const { updateAction, getActions, deleteAction } = require('~/models/Action');
const { isActionDomainAllowed } = require('~/server/services/domains');
const { getAgent, updateAgent } = require('~/models/Agent');
const { logger } = require('~/config');
@ -42,6 +43,10 @@ router.post('/:agent_id', async (req, res) => {
}
let metadata = await encryptMetadata(_metadata);
const isDomainAllowed = await isActionDomainAllowed(metadata.domain);
if (!isDomainAllowed) {
return res.status(400).json({ message: 'Domain not allowed' });
}
let { domain } = metadata;
domain = await domainParser(req, domain, true);