fix(auth): replace mongoose model references with new function imports

- Updated AuthController, checkBan middleware, localStrategy, and openidStrategy to use new function imports for user operations. - Removed unused mongoose imports to streamline the codebase. - Enhanced consistency across user-related operations by utilizing the centralized methods for user management.
2025-12-20 02:10:15 +01:00 · 2025-05-30 13:46:31 -04:00 · 2025-05-30 13:46:31 -04:00 · 6e278f6932
commit 6e278f6932
parent 90ac2b51cd
5 changed files with 12 additions and 241 deletions
--- a/api/server/controllers/AuthController.js
+++ b/api/server/controllers/AuthController.js
@ -1,6 +1,5 @@
 const cookies = require('cookie');
 const jwt = require('jsonwebtoken');
 const mongoose = require('mongoose');
 const openIdClient = require('openid-client');
 const { logger } = require('@librechat/data-schemas');
 const {
@ -10,11 +9,11 @@ const {
  requestPasswordReset,
  setOpenIDAuthTokens,
 } = require('~/server/services/AuthService');
 const { findUser, getUserById } = require('~/models');
 const { getOpenIdConfig } = require('~/strategies');
 const { isEnabled } = require('~/server/utils');
 const Session = require('~/db/models').Session;
 const User = require('~/db/models').User;
 const registrationController = async (req, res) => {
  try {
@ -73,7 +72,7 @@ const refreshController = async (req, res) => {
      const openIdConfig = getOpenIdConfig();
      const tokenset = await openIdClient.refreshTokenGrant(openIdConfig, refreshToken);
      const claims = tokenset.claims();
-      const user = await User.findUser({ email: claims.email });
+      const user = await findUser({ email: claims.email });
      if (!user) {
        return res.status(401).redirect('/login');
      }
@ -86,7 +85,7 @@ const refreshController = async (req, res) => {
  }
  try {
    const payload = jwt.verify(refreshToken, process.env.JWT_REFRESH_SECRET);
-    const user = await User.getUserById(payload.id, '-password -__v -totpSecret');
+    const user = await getUserById(payload.id, '-password -__v -totpSecret');
    if (!user) {
      return res.status(401).redirect('/login');
    }
--- a/api/server/middleware/checkBan.js
+++ b/api/server/middleware/checkBan.js
@ -1,14 +1,12 @@
 const { Keyv } = require('keyv');
 const uap = require('ua-parser-js');
 const mongoose = require('mongoose');
 const { logger } = require('@librechat/data-schemas');
 const { ViolationTypes } = require('librechat-data-provider');
 const { isEnabled, removePorts } = require('~/server/utils');
 const keyvMongo = require('~/cache/keyvMongo');
 const denyRequest = require('./denyRequest');
 const { getLogStores } = require('~/cache');
-
+const { findUser } = require('~/models');
 const User = require('~/db/models').User;
 const banCache = new Keyv({ store: keyvMongo, namespace: ViolationTypes.BAN, ttl: 0 });
 const message = 'Your account has been temporarily banned due to violations of our service.';
@ -59,7 +57,7 @@ const checkBan = async (req, res, next = () => {}) => {
    let userId = req.user?.id ?? req.user?._id ?? null;
    if (!userId && req?.body?.email) {
-      const user = await User.findUser({ email: req.body.email }, '_id');
+      const user = await findUser({ email: req.body.email }, '_id');
      userId = user?._id ? user._id.toString() : userId;
    }
--- a/api/strategies/localStrategy.js
+++ b/api/strategies/localStrategy.js
@ -1,9 +1,8 @@
 const mongoose = require('mongoose');
 const { logger } = require('@librechat/data-schemas');
 const { errorsToString } = require('librechat-data-provider');
 const { Strategy: PassportLocalStrategy } = require('passport-local');
 const { isEnabled, checkEmailConfig } = require('~/server/utils');
-const { comparePassword } = require('~/models');
+const { findUser, comparePassword } = require('~/models');
 const { loginSchema } = require('./validators');
 const User = require('~/db/models').User;
@ -25,7 +24,7 @@ async function passportLogin(req, email, password, done) {
      return done(null, false, { message: validationError });
    }
-    const user = await User.findUser({ email: email.trim() });
+    const user = await findUser({ email: email.trim() });
    if (!user) {
      logError('Passport Local Strategy - User Not Found', { email });
      logger.error(`[Login] [Login failed] [Username: ${email}] [Request-IP: ${req.ip}]`);
--- a/api/strategies/openidStrategy.js
+++ b/api/strategies/openidStrategy.js
@ -1,5 +1,4 @@
 const fetch = require('node-fetch');
 const mongoose = require('mongoose');
 const passport = require('passport');
 const client = require('openid-client');
 const jwtDecode = require('jsonwebtoken/decode');
@ -8,11 +7,10 @@ const { CacheKeys } = require('librechat-data-provider');
 const { HttpsProxyAgent } = require('https-proxy-agent');
 const { Strategy: OpenIDStrategy } = require('openid-client/passport');
 const { getStrategyFunctions } = require('~/server/services/Files/strategies');
 const { findUser, createUser, updateUser } = require('~/models');
 const getLogStores = require('~/cache/getLogStores');
 const { isEnabled } = require('~/server/utils');
 const User = require('~/db/models').User;
 /**
 * @typedef {import('openid-client').ClientMetadata} ClientMetadata
 * @typedef {import('openid-client').Configuration} Configuration
@ -248,13 +246,13 @@ async function setupOpenId() {
      async (tokenset, done) => {
        try {
          const claims = tokenset.claims();
-          let user = await User.findUser({ openidId: claims.sub });
+          let user = await findUser({ openidId: claims.sub });
          logger.info(
            `[openidStrategy] user ${user ? 'found' : 'not found'} with openidId: ${claims.sub}`,
          );
          if (!user) {
-            user = await User.findUser({ email: claims.email });
+            user = await findUser({ email: claims.email });
            logger.info(
              `[openidStrategy] user ${user ? 'found' : 'not found'} with email: ${
                claims.email
@ -318,7 +316,7 @@ async function setupOpenId() {
            const balanceConfig = await getBalanceConfig();
-            user = await User.createUser(user, balanceConfig, true, true);
+            user = await createUser(user, balanceConfig, true, true);
          } else {
            user.provider = 'openid';
            user.openidId = userinfo.sub;
@ -354,7 +352,7 @@ async function setupOpenId() {
            }
          }
-          user = await User.updateUser(user._id, user);
+          user = await updateUser(user._id, user);
          logger.info(
            `[openidStrategy] login success openidId: ${user.openidId} | email: ${user.email} | username: ${user.username} `,
--- a/packages/data-schemas/src/types/README.md
+++ b/packages/data-schemas/src/types/README.md
@ -1,223 +0,0 @@
 # Data Schemas - Refactored Architecture
 This package has been refactored to follow a clean, modular architecture with clear separation of concerns.
 ## 📁 Directory Structure
 ```
 packages/data-schemas/src/
 ├── index.ts              # Main exports
 ├── schema/               # 🗄️  Mongoose schema definitions
 │   ├── user.ts
 │   ├── session.ts
 │   └── token.ts
 ├── models/               # 🏗️  Mongoose model instances  
 │   └── index.ts
 ├── methods/              # ⚙️  Business logic functions
 │   ├── index.ts
 │   ├── user.ts
 │   ├── session.ts
 │   └── token.ts
 └── types/                # 📋 TypeScript interfaces & types
    ├── index.ts
    ├── user.ts
    ├── session.ts
    └── token.ts
 ```
 ## 🎯 Key Benefits
 ### 1. **Separation of Concerns**
 - **Schema**: Pure Mongoose schema definitions
 - **Models**: Model instances created once 
 - **Methods**: Business logic as pure functions
 - **Types**: Shared TypeScript interfaces
 ### 2. **No Dynamic Imports**
 - Models are created once in the models directory
 - Methods import model instances directly
 - No more dynamic `import()` calls
 ### 3. **Better Type Safety**
 - Shared types across all layers
 - Proper TypeScript typing throughout
 - Clear interfaces for all operations
 ### 4. **Pure Functions**
 - Methods are now side-effect free
 - Easy to test and reason about
 - No magic or hidden dependencies
 ## 🚀 Migration Guide
 ### Before (Static Methods)
 ```typescript
 import { User } from 'some-model-registry';
 // Old way with static methods
 const user = await User.findUser({ email: 'test@example.com' });
 const result = await User.deleteUserById(userId);
 ```
 ### After (Pure Functions)
 ```typescript
 import { findUser, deleteUserById } from '~/methods';
 // New way with pure functions
 const user = await findUser({ email: 'test@example.com' });
 const result = await deleteUserById(userId);
 ```
 ## 📚 Usage Examples
 ### User Operations
 ```typescript
 import { 
  findUser, 
  createUser, 
  updateUser, 
  deleteUserById,
  generateToken 
 } from '~/methods';
 // Find a user
 const user = await findUser(
  { email: 'user@example.com' }, 
  'name email role'
 );
 // Create a user with balance config
 const newUser = await createUser(
  { email: 'new@example.com', name: 'John' },
  { enabled: true, startBalance: 100 },
  true, // disable TTL
  true  // return user object
 );
 // Update user
 const updated = await updateUser(userId, { name: 'Jane' });
 // Delete user
 const result = await deleteUserById(userId);
 // Generate JWT token
 const token = await generateToken(user);
 ```
 ### Session Operations
 ```typescript
 import { 
  createSession, 
  findSession, 
  deleteSession,
  deleteAllUserSessions 
 } from '~/methods';
 // Create session
 const { session, refreshToken } = await createSession(userId);
 // Find session by refresh token
 const foundSession = await findSession({ refreshToken });
 // Delete specific session
 await deleteSession({ sessionId });
 // Delete all user sessions
 await deleteAllUserSessions(userId, { 
  excludeCurrentSession: true, 
  currentSessionId 
 });
 ```
 ### Token Operations
 ```typescript
 import { 
  createToken, 
  findToken, 
  updateToken,
  deleteTokens 
 } from '~/methods';
 // Create token
 const token = await createToken({
  userId,
  token: 'abc123',
  type: 'verification',
  expiresIn: 3600 // 1 hour
 });
 // Find token
 const foundToken = await findToken({ 
  token: 'abc123',
  type: 'verification' 
 });
 // Update token
 const updated = await updateToken(
  { token: 'abc123' },
  { type: 'password-reset' }
 );
 // Delete tokens
 await deleteTokens({ userId });
 ```
 ## 🔧 Path Aliases
 The project uses `~/` as an alias for `./src/`:
 ```typescript
 import { IUser } from '~/types';
 import { User } from '~/models';
 import { findUser } from '~/methods';
 import userSchema from '~/schema/user';
 ```
 ## ⚠️ Breaking Changes
 1. **Static Methods Removed**: All static methods have been removed from schema files
 2. **Function Signatures**: Methods no longer take model as first parameter
 3. **Import Paths**: Import from `~/methods` instead of calling static methods
 4. **Type Definitions**: Types moved to dedicated `~/types` directory
 ## 🧪 Testing
 The new pure function approach makes testing much easier:
 ```typescript
 import { findUser } from '~/methods';
 // Easy to mock and test
 jest.mock('~/models', () => ({
  User: {
    findOne: jest.fn().mockReturnValue({
      select: jest.fn().mockReturnValue({
        lean: jest.fn().mockResolvedValue(mockUser)
      })
    })
  }
 }));
 test('findUser should return user', async () => {
  const result = await findUser({ email: 'test@example.com' });
  expect(result).toEqual(mockUser);
 });
 ```
 ## 🔄 Error Handling
 All methods include proper error handling with typed errors:
 ```typescript
 import { SessionError } from '~/types';
 try {
  const session = await createSession(userId);
 } catch (error) {
  if (error instanceof SessionError) {
    console.log('Session error:', error.code, error.message);
  }
 }
 ```
 This refactoring provides a much cleaner, more maintainable, and type-safe architecture for data operations.