🧮 refactor: Replace Eval with Safe Math Expression Parser (#11098)

* chore: Add mathjs dependency

* refactor: Replace eval with mathjs for safer expression evaluation and improve session expiry handling to not environment variables from data-schemas package

* test: Add integration tests for math function with environment variable expressions

* refactor: Update test description for clarity on expiresIn behavior

* refactor: Update test cases to clarify default expiration behavior for token generation

* refactor: Improve error handling in math function for clearer evaluation errors

api/strategies/openIdJwtStrategy.js

@@ -3,8 +3,8 @@ const jwksRsa = require('jwks-rsa');
 const { logger } = require('@librechat/data-schemas');
 const { HttpsProxyAgent } = require('https-proxy-agent');
 const { SystemRoles } = require('librechat-data-provider');
+const { isEnabled, findOpenIDUser, math } = require('@librechat/api');
 const { Strategy: JwtStrategy, ExtractJwt } = require('passport-jwt');
-const { isEnabled, findOpenIDUser } = require('@librechat/api');
 const { updateUser, findUser } = require('~/models');
 
 /**
@@ -27,9 +27,7 @@ const { updateUser, findUser } = require('~/models');
 const openIdJwtLogin = (openIdConfig) => {
   let jwksRsaOptions = {
     cache: isEnabled(process.env.OPENID_JWKS_URL_CACHE_ENABLED) || true,
-    cacheMaxAge: process.env.OPENID_JWKS_URL_CACHE_TIME
-      ? eval(process.env.OPENID_JWKS_URL_CACHE_TIME)
-      : 60000,
+    cacheMaxAge: math(process.env.OPENID_JWKS_URL_CACHE_TIME, 60000),
     jwksUri: openIdConfig.serverMetadata().jwks_uri,
   };