🔃 refactor: Decouple Effects from AppService, move to data-schemas (#9974)

* chore: linting for `loadCustomConfig` * refactor: decouple CDN init and variable/health checks from AppService * refactor: move AppService to packages/data-schemas * chore: update AppConfig import path to use data-schemas * chore: update JsonSchemaType import path to use data-schemas * refactor: update UserController to import webSearchKeys and redefine FunctionTool typedef * chore: remove AppService.js * refactor: update AppConfig interface to use Partial<TCustomConfig> and make paths and fileStrategies optional * refactor: update checkConfig function to accept Partial<TCustomConfig> * chore: fix types * refactor: move handleRateLimits to startup checks as is an effect * test: remove outdated rate limit tests from AppService.spec and add new handleRateLimits tests in checks.spec
2026-03-03 06:40:20 +01:00 · 2025-10-05 06:37:57 -04:00 · 2025-10-05 06:37:57 -04:00 · 838fb53208
commit 838fb53208
parent 9ff608e6af
73 changed files with 1383 additions and 1326 deletions
--- a/packages/api/src/cdn/s3.ts
+++ b/packages/api/src/cdn/s3.ts
@ -0,0 +1,51 @@
+import { S3Client } from '@aws-sdk/client-s3';
+import { logger } from '@librechat/data-schemas';
+
+let s3: S3Client | null = null;
+
+/**
+ * Initializes and returns an instance of the AWS S3 client.
+ *
+ * If AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY are provided, they will be used.
+ * Otherwise, the AWS SDK's default credentials chain (including IRSA) is used.
+ *
+ * If AWS_ENDPOINT_URL is provided, it will be used as the endpoint.
+ *
+ * @returns An instance of S3Client if the region is provided; otherwise, null.
+ */
+export const initializeS3 = (): S3Client | null => {
+  if (s3) {
+    return s3;
+  }
+
+  const region = process.env.AWS_REGION;
+  if (!region) {
+    logger.error('[initializeS3] AWS_REGION is not set. Cannot initialize S3.');
+    return null;
+  }
+
+  // Read the custom endpoint if provided.
+  const endpoint = process.env.AWS_ENDPOINT_URL;
+  const accessKeyId = process.env.AWS_ACCESS_KEY_ID;
+  const secretAccessKey = process.env.AWS_SECRET_ACCESS_KEY;
+
+  const config = {
+    region,
+    // Conditionally add the endpoint if it is provided
+    ...(endpoint ? { endpoint } : {}),
+  };
+
+  if (accessKeyId && secretAccessKey) {
+    s3 = new S3Client({
+      ...config,
+      credentials: { accessKeyId, secretAccessKey },
+    });
+    logger.info('[initializeS3] S3 initialized with provided credentials.');
+  } else {
+    // When using IRSA, credentials are automatically provided via the IAM Role attached to the ServiceAccount.
+    s3 = new S3Client(config);
+    logger.info('[initializeS3] S3 initialized using default credentials (IRSA).');
+  }
+
+  return s3;
+};