🛡️ : Security Enhancements (#1681)

* fix: sanitize HTTP params and do not send whole error objects backs

* fix: prevent path traversal

* fix: send custom error message for tokenizer route

* chore: handle info exposure vector

* chore(oauth): skip check due to false positive as oauth routes are rate-limited

* chore(app): disable `x-powered-by`

* chore: disable false positives or flagging of hardcoded secrets when they are fake values

* chore: add path traversal safety check

client/src/components/Messages/Content/Error.tsx

@@ -1,3 +1,5 @@
+// file deepcode ignore HardcodedNonCryptoSecret: No hardcoded secrets
+
 import React from 'react';
 import type { TOpenAIMessage } from 'librechat-data-provider';
 import { formatJSON, extractJson, isJson } from '~/utils/json';

client/src/components/Plugins/Store/__tests__/PluginAuthForm.spec.tsx

@@ -39,6 +39,7 @@ describe('PluginAuthForm', () => {
       action: 'install',
       auth: {
         key: '1234567890',
+        // file deepcode ignore HardcodedNonCryptoSecret/test: test
         secret: '1234567890',
       },
     });

client/src/localization/languages/Br.tsx

@@ -1,4 +1,6 @@
 // Portuguese phrases
+// file deepcode ignore NoHardcodedPasswords: No hardcoded values present in this file
+// file deepcode ignore HardcodedNonCryptoSecret: No hardcoded secrets present in this file
 
 export default {
   com_ui_examples: 'Exemplos',

client/src/localization/languages/Eng.tsx

@@ -1,4 +1,6 @@
 // English phrases
+// file deepcode ignore NoHardcodedPasswords: No hardcoded values present in this file
+// file deepcode ignore HardcodedNonCryptoSecret: No hardcoded secrets present in this file
 
 export default {
   com_ui_examples: 'Examples',

client/src/localization/languages/Es.tsx

@@ -1,4 +1,6 @@
 // Spanish phrases
+// file deepcode ignore NoHardcodedPasswords: No hardcoded values present in this file
+// file deepcode ignore HardcodedNonCryptoSecret: No hardcoded secrets present in this file
 
 export default {
   com_ui_examples: 'Ejemplos',

client/src/localization/languages/Fr.tsx

@@ -1,4 +1,6 @@
 // French phrases
+// file deepcode ignore NoHardcodedPasswords: No hardcoded values present in this file
+// file deepcode ignore HardcodedNonCryptoSecret: No hardcoded secrets present in this file
 
 export default {
   com_ui_examples: 'Exemples',

client/src/localization/languages/Id.tsx

@@ -1,4 +1,6 @@
 // Indonesia phrases
+// file deepcode ignore NoHardcodedPasswords: No hardcoded values present in this file
+// file deepcode ignore HardcodedNonCryptoSecret: No hardcoded secrets present in this file
 
 export default {
   com_ui_examples: 'Contoh',

client/src/localization/languages/It.tsx

@@ -1,4 +1,6 @@
 // Italian phrases
+// file deepcode ignore NoHardcodedPasswords: No hardcoded values present in this file
+// file deepcode ignore HardcodedNonCryptoSecret: No hardcoded secrets present in this file
 
 export default {
   com_ui_examples: 'Esempi',

client/src/localization/languages/Jp.tsx

@@ -1,4 +1,6 @@
-// English phrases
+// Japanese phrases
+// file deepcode ignore NoHardcodedPasswords: No hardcoded values present in this file
+// file deepcode ignore HardcodedNonCryptoSecret: No hardcoded secrets present in this file
 
 export default {
   com_ui_examples: '例',
@@ -266,7 +268,8 @@ export default {
   com_nav_welcome_message: 'How can I help you today?',
   com_nav_auto_scroll: 'チャットを開いたときに最新まで自動でスクロール',
   com_nav_modular_chat: '会話の途中でのエンドポイント切替を有効化',
-  com_nav_latex_parsing: 'メッセージ内の LaTeX の構文解析 (パフォーマンスに影響する可能性があります。)',
+  com_nav_latex_parsing:
+    'メッセージ内の LaTeX の構文解析 (パフォーマンスに影響する可能性があります。)',
   com_nav_profile_picture: 'プロフィール画像',
   com_nav_change_picture: '画像を変更',
   com_nav_plugin_store: 'プラグインストア',

client/src/localization/languages/Zh.tsx

@@ -1,4 +1,6 @@
 // Chinese phrases
+// file deepcode ignore NoHardcodedPasswords: No hardcoded values present in this file
+// file deepcode ignore HardcodedNonCryptoSecret: No hardcoded secrets present in this file
 
 export default {
   com_ui_examples: '示例',