Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2025-12-17 17:00:15 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

🛂 feat(oauth): add domain restriction on social login (#2512)

Browse source
This commit is contained in:
Mathieu Breton 2024-04-24 18:14:27 +02:00 committed by GitHub
parent cdab1e9cda
commit 75da75be08
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 29 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

25
api/server/middleware/checkDomainAllowed.js Normal file
View file

@ -0,0 +1,25 @@
const { isDomainAllowed } = require('~/server/services/AuthService');
const { logger } = require('~/config');
/**
* Checks the domain's social login is allowed
*
* @async
* @function
* @param {Object} req - Express request object.
* @param {Object} res - Express response object.
* @param {Function} next - Next middleware function.
*
* @returns {Promise<function|Object>} - Returns a Promise which when resolved calls next middleware if the domain's email is allowed
*/
const checkDomainAllowed = async (req, res, next = () => {}) => {
const email = req?.user?.email;
if (email && !(await isDomainAllowed(email))) {
logger.error(`[Social Login] [Social Login not allowed] [Email: ${email}]`);
return res.redirect('/login');
} else {
return next();
}
};
module.exports = checkDomainAllowed;

2
api/server/middleware/index.js
View file

@ -1,5 +1,6 @@
const abortMiddleware = require('./abortMiddleware'); const abortMiddleware = require('./abortMiddleware');
const checkBan = require('./checkBan'); const checkBan = require('./checkBan');
const checkDomainAllowed = require('./checkDomainAllowed');
const uaParser = require('./uaParser'); const uaParser = require('./uaParser');
const setHeaders = require('./setHeaders'); const setHeaders = require('./setHeaders');
const loginLimiter = require('./loginLimiter'); const loginLimiter = require('./loginLimiter');
@ -38,4 +39,5 @@ module.exports = {
validateModel, validateModel,
moderateText, moderateText,
noIndex, noIndex,
checkDomainAllowed,
}; };

3
api/server/routes/oauth.js
View file

@ -4,7 +4,7 @@ const passport = require('passport');
const express = require('express'); const express = require('express');
const router = express.Router(); const router = express.Router();
const { setAuthTokens } = require('~/server/services/AuthService'); const { setAuthTokens } = require('~/server/services/AuthService');
const { loginLimiter, checkBan } = require('~/server/middleware'); const { loginLimiter, checkBan, checkDomainAllowed } = require('~/server/middleware');
const { logger } = require('~/config'); const { logger } = require('~/config');
const domains = { const domains = {
@ -16,6 +16,7 @@ router.use(loginLimiter);
const oauthHandler = async (req, res) => { const oauthHandler = async (req, res) => {
try { try {
await checkDomainAllowed(req, res);
await checkBan(req, res); await checkBan(req, res);
if (req.banned) { if (req.banned) {
return; return;