Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2026-04-03 22:37:20 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

fix: address external review findings for admin roles

Browse source 
- Block renaming system roles (ADMIN/USER) and add user migration on rename
- Add input validation: name max-length, trim on update, duplicate name check
- Replace fragile String.includes error matching with prefix-based classification
- Catch MongoDB 11000 duplicate key in createRoleByName
- Add pagination (limit/offset/total) to getRoleMembersHandler
- Reverse delete order in deleteRoleByName — reassign users before deletion
- Add role existence check in removeRoleMember; drop unused createdAt select
- Add Array.isArray guard for permissions input; use consistent ?? coalescing
- Fix import ordering per AGENTS.md conventions
- Type-cast mongoose.models.User as Model<IUser> for proper TS inference
- Add comprehensive tests: rename guards, pagination, validation, 500 paths
This commit is contained in:
Dustin Healy 2026-03-26 15:30:33 -07:00
parent 88abca5d6d
commit 7d776de71a
4 changed files with 403 additions and 50 deletions
Download patch file Download diff file Expand all files Collapse all files

2
api/server/routes/admin/roles.js
View file

@ -20,7 +20,9 @@ const handlers = createAdminRolesHandlers({
deleteRoleByName: db.deleteRoleByName,
findUser: db.findUser,
updateUser: db.updateUser,
updateUsersByRole: db.updateUsersByRole,
listUsersByRole: db.listUsersByRole,
countUsersByRole: db.countUsersByRole,
});
router.use(requireJwtAuth, requireAdminAccess);