Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2026-04-04 06:47:19 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

🧮 refactor: Replace Eval with Safe Math Expression Parser (#11098)

Browse source 
* chore: Add mathjs dependency

* refactor: Replace eval with mathjs for safer expression evaluation and improve session expiry handling to not environment variables from data-schemas package

* test: Add integration tests for math function with environment variable expressions

* refactor: Update test description for clarity on expiresIn behavior

* refactor: Update test cases to clarify default expiration behavior for token generation

* refactor: Improve error handling in math function for clearer evaluation errors
This commit is contained in:
Danny Avila 2025-12-25 12:25:41 -05:00 committed by GitHub
parent d0863de8d4
commit 6ffb176056
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
14 changed files with 602 additions and 85 deletions
Download patch file Download diff file Expand all files Collapse all files

20
packages/data-schemas/src/methods/user.ts
View file

@ -2,6 +2,9 @@ import mongoose, { FilterQuery } from 'mongoose';
import type { IUser, BalanceConfig, CreateUserRequest, UserDeleteResult } from '~/types';
import { signPayload } from '~/crypto';
/** Default JWT session expiry: 15 minutes in milliseconds */
export const DEFAULT_SESSION_EXPIRY = 1000 * 60 * 15;
/** Factory function that takes mongoose instance and returns the methods */
export function createUserMethods(mongoose: typeof import('mongoose')) {
/**
@ -161,24 +164,15 @@ export function createUserMethods(mongoose: typeof import('mongoose')) {
/**
* Generates a JWT token for a given user.
* @param user - The user object
* @param expiresIn - Optional expiry time in milliseconds. Default: 15 minutes
*/
async function generateToken(user: IUser): Promise<string> {
async function generateToken(user: IUser, expiresIn?: number): Promise<string> {
if (!user) {
throw new Error('No user provided');
}
let expires = 1000 * 60 * 15;
if (process.env.SESSION_EXPIRY !== undefined && process.env.SESSION_EXPIRY !== '') {
try {
const evaluated = eval(process.env.SESSION_EXPIRY);
if (evaluated) {
expires = evaluated;
}
} catch (error) {
console.warn('Invalid SESSION_EXPIRY expression, using default:', error);
}
}
const expires = expiresIn ?? DEFAULT_SESSION_EXPIRY;
return await signPayload({
payload: {