Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2025-12-17 08:50:15 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

🛂 fix: Reuse OpenID Auth Tokens with Proxy Setup (#8151)

Browse source 
* Fixes https://github.com/danny-avila/LibreChat/issues/8099 in correctly setting up proxy support

- fixes the openid Strategy
- fixes the openid jwt strategy (jwksRsa fetching in a proxy environment)

Signed-off-by: Regli Daniel <daniel.regli1@sanitas.com>

* Fixes https://github.com/danny-avila/LibreChat/issues/8099 in correctly setting up proxy support

- properly formatted

Signed-off-by: Regli Daniel <1daniregli@gmail.com>

---------

Signed-off-by: Regli Daniel <daniel.regli1@sanitas.com>
Signed-off-by: Regli Daniel <1daniregli@gmail.com>
Co-authored-by: schnaker85 <1daniregligmail.com>
This commit is contained in:
Dani Regli 2025-07-01 22:30:06 +02:00 committed by GitHub
parent 434289fe92
commit 8a5dbac0f9
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 18 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

20
api/strategies/openIdJwtStrategy.js
View file

@ -1,4 +1,5 @@
const { SystemRoles } = require('librechat-data-provider'); const { SystemRoles } = require('librechat-data-provider');
const { HttpsProxyAgent } = require('https-proxy-agent');
const { Strategy: JwtStrategy, ExtractJwt } = require('passport-jwt'); const { Strategy: JwtStrategy, ExtractJwt } = require('passport-jwt');
const { updateUser, findUser } = require('~/models'); const { updateUser, findUser } = require('~/models');
const { logger } = require('~/config'); const { logger } = require('~/config');
@ -13,17 +14,23 @@ const { isEnabled } = require('~/server/utils');
* The strategy extracts the JWT from the Authorization header as a Bearer token. * The strategy extracts the JWT from the Authorization header as a Bearer token.
* The JWT is then verified using the signing key, and the user is retrieved from the database. * The JWT is then verified using the signing key, and the user is retrieved from the database.
*/ */
const openIdJwtLogin = (openIdConfig) => const openIdJwtLogin = (openIdConfig) => {
new JwtStrategy( let jwksRsaOptions = {
{
jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
secretOrKeyProvider: jwksRsa.passportJwtSecret({
cache: isEnabled(process.env.OPENID_JWKS_URL_CACHE_ENABLED) || true, cache: isEnabled(process.env.OPENID_JWKS_URL_CACHE_ENABLED) || true,
cacheMaxAge: process.env.OPENID_JWKS_URL_CACHE_TIME cacheMaxAge: process.env.OPENID_JWKS_URL_CACHE_TIME
? eval(process.env.OPENID_JWKS_URL_CACHE_TIME) ? eval(process.env.OPENID_JWKS_URL_CACHE_TIME)
: 60000, : 60000,
jwksUri: openIdConfig.serverMetadata().jwks_uri, jwksUri: openIdConfig.serverMetadata().jwks_uri,
}), };
if (process.env.PROXY) {
jwksRsaOptions.requestAgent = new HttpsProxyAgent(process.env.PROXY);
}
return new JwtStrategy(
{
jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
secretOrKeyProvider: jwksRsa.passportJwtSecret(jwksRsaOptions),
}, },
async (payload, done) => { async (payload, done) => {
try { try {
@ -48,5 +55,6 @@ const openIdJwtLogin = (openIdConfig) =>
} }
}, },
); );
};
module.exports = openIdJwtLogin; module.exports = openIdJwtLogin;

2
api/strategies/openidStrategy.js
View file

@ -49,7 +49,7 @@ async function customFetch(url, options) {
logger.info(`[openidStrategy] proxy agent configured: ${process.env.PROXY}`); logger.info(`[openidStrategy] proxy agent configured: ${process.env.PROXY}`);
fetchOptions = { fetchOptions = {
...options, ...options,
dispatcher: new HttpsProxyAgent(process.env.PROXY), dispatcher: new undici.ProxyAgent(process.env.PROXY),
}; };
} }