Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2025-12-17 08:50:15 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

🔒 feat: Authenticated Image Requests (#2389)

Browse source 
* 🔒 feat: Authenticated Image Requests

* fix: reserved keyword `static`
This commit is contained in:
Danny Avila 2024-04-11 02:50:57 -04:00 committed by GitHub
parent c19dfddd0f
commit 9277e2a0c5
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
7 changed files with 59 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

37
api/server/middleware/validateImageRequest.js Normal file
View file

@ -0,0 +1,37 @@
const cookies = require('cookie');
const jwt = require('jsonwebtoken');
const { logger } = require('~/config');
/**
* Middleware to validate image request
*/
function validateImageRequest(req, res, next) {
const refreshToken = req.headers.cookie ? cookies.parse(req.headers.cookie).refreshToken : null;
if (!refreshToken) {
logger.warn('[validateImageRequest] Refresh token not provided');
return res.status(401).send('Unauthorized');
}
let payload;
try {
payload = jwt.verify(refreshToken, process.env.JWT_REFRESH_SECRET);
} catch (err) {
logger.warn('[validateImageRequest]', err);
return res.status(403).send('Access Denied');
}
const currentTimeInSeconds = Math.floor(Date.now() / 1000);
if (payload.exp < currentTimeInSeconds) {
logger.warn('[validateImageRequest] Refresh token expired');
return res.status(403).send('Access Denied');
}
if (req.path.includes(payload.id)) {
logger.debug('[validateImageRequest] Image request validated');
next();
} else {
res.status(403).send('Access Denied');
}
}
module.exports = validateImageRequest;