🔧 refactor: Change Permissions Check from some to every for Stricter Access Validation (#8270)

* 🔧 refactor: Change Permissions Check from `some` to `every` for Stricter Access Validation * 🧪 ci: Add comprehensive tests for access middleware functions * fix: custom provider check logic in `getProviderConfig` function
2026-01-05 18:18:51 +01:00 · 2025-07-05 15:53:08 -04:00 · 2025-07-05 15:53:08 -04:00 · 91a2df4759
commit 91a2df4759
parent 97a99985fa
3 changed files with 558 additions and 4 deletions
--- a/api/server/services/Endpoints/index.js
+++ b/api/server/services/Endpoints/index.js
@ -13,7 +13,7 @@ const { getCustomEndpointConfig } = require('~/server/services/Config');
 */
 function isKnownCustomProvider(provider) {
  return [Providers.XAI, Providers.OLLAMA, Providers.DEEPSEEK, Providers.OPENROUTER].includes(
-    provider || '',
+    provider?.toLowerCase() || '',
  );
 }

@ -56,7 +56,7 @@ async function getProviderConfig(provider) {
    overrideProvider = Providers.OPENAI;
  }

-  if (isKnownCustomProvider(overrideProvider)) {
+  if (isKnownCustomProvider(overrideProvider || provider) && !customEndpointConfig) {
    customEndpointConfig = await getCustomEndpointConfig(provider);
    if (!customEndpointConfig) {
      throw new Error(`Provider ${provider} not supported`);