🛜 refactor: Streamline App Config Usage (#9234)

* WIP: app.locals refactoring

WIP: appConfig

fix: update memory configuration retrieval to use getAppConfig based on user role

fix: update comment for AppConfig interface to clarify purpose

🏷️ refactor: Update tests to use getAppConfig for endpoint configurations

ci: Update AppService tests to initialize app config instead of app.locals

ci: Integrate getAppConfig into remaining tests

refactor: Update multer storage destination to use promise-based getAppConfig and improve error handling in tests

refactor: Rename initializeAppConfig to setAppConfig and update related tests

ci: Mock getAppConfig in various tests to provide default configurations

refactor: Update convertMCPToolsToPlugins to use mcpManager for server configuration and adjust related tests

chore: rename `Config/getAppConfig` -> `Config/app`

fix: streamline OpenAI image tools configuration by removing direct appConfig dependency and using function parameters

chore: correct parameter documentation for imageOutputType in ToolService.js

refactor: remove `getCustomConfig` dependency in config route

refactor: update domain validation to use appConfig for allowed domains

refactor: use appConfig registration property

chore: remove app parameter from AppService invocation

refactor: update AppConfig interface to correct registration and turnstile configurations

refactor: remove getCustomConfig dependency and use getAppConfig in PluginController, multer, and MCP services

refactor: replace getCustomConfig with getAppConfig in STTService, TTSService, and related files

refactor: replace getCustomConfig with getAppConfig in Conversation and Message models, update tempChatRetention functions to use AppConfig type

refactor: update getAppConfig calls in Conversation and Message models to include user role for temporary chat expiration

ci: update related tests

refactor: update getAppConfig call in getCustomConfigSpeech to include user role

fix: update appConfig usage to access allowedDomains from actions instead of registration

refactor: enhance AppConfig to include fileStrategies and update related file strategy logic

refactor: update imports to use normalizeEndpointName from @librechat/api and remove redundant definitions

chore: remove deprecated unused RunManager

refactor: get balance config primarily from appConfig

refactor: remove customConfig dependency for appConfig and streamline loadConfigModels logic

refactor: remove getCustomConfig usage and use app config in file citations

refactor: consolidate endpoint loading logic into loadEndpoints function

refactor: update appConfig access to use endpoints structure across various services

refactor: implement custom endpoints configuration and streamline endpoint loading logic

refactor: update getAppConfig call to include user role parameter

refactor: streamline endpoint configuration and enhance appConfig usage across services

refactor: replace getMCPAuthMap with getUserMCPAuthMap and remove unused getCustomConfig file

refactor: add type annotation for loadedEndpoints in loadEndpoints function

refactor: move /services/Files/images/parse to TS API

chore: add missing FILE_CITATIONS permission to IRole interface

refactor: restructure toolkits to TS API

refactor: separate manifest logic into its own module

refactor: consolidate tool loading logic into a new tools module for startup logic

refactor: move interface config logic to TS API

refactor: migrate checkEmailConfig to TypeScript and update imports

refactor: add FunctionTool interface and availableTools to AppConfig

refactor: decouple caching and DB operations from AppService, make part of consolidated `getAppConfig`

WIP: fix tests

* fix: rebase conflicts

* refactor: remove app.locals references

* refactor: replace getBalanceConfig with getAppConfig in various strategies and middleware

* refactor: replace appConfig?.balance with getBalanceConfig in various controllers and clients

* test: add balance configuration to titleConvo method in AgentClient tests

* chore: remove unused `openai-chat-tokens` package

* chore: remove unused imports in initializeMCPs.js

* refactor: update balance configuration to use getAppConfig instead of getBalanceConfig

* refactor: integrate configMiddleware for centralized configuration handling

* refactor: optimize email domain validation by removing unnecessary async calls

* refactor: simplify multer storage configuration by removing async calls

* refactor: reorder imports for better readability in user.js

* refactor: replace getAppConfig calls with req.config for improved performance

* chore: replace getAppConfig calls with req.config in tests for centralized configuration handling

* chore: remove unused override config

* refactor: add configMiddleware to endpoint route and replace getAppConfig with req.config

* chore: remove customConfig parameter from TTSService constructor

* refactor: pass appConfig from request to processFileCitations for improved configuration handling

* refactor: remove configMiddleware from endpoint route and retrieve appConfig directly in getEndpointsConfig if not in `req.config`

* test: add mockAppConfig to processFileCitations tests for improved configuration handling

* fix: pass req.config to hasCustomUserVars and call without await after synchronous refactor

* fix: type safety in useExportConversation

* refactor: retrieve appConfig using getAppConfig in PluginController and remove configMiddleware from plugins route, to avoid always retrieving when plugins are cached

* chore: change `MongoUser` typedef to `IUser`

* fix: Add `user` and `config` fields to ServerRequest and update JSDoc type annotations from Express.Request to ServerRequest

* fix: remove unused setAppConfig mock from Server configuration tests

api/server/middleware/assistants/validate.js

@@ -12,8 +12,9 @@ const { handleAbortError } = require('~/server/middleware/abortMiddleware');
 const validateAssistant = async (req, res, next) => {
   const { endpoint, conversationId, assistant_id, messageId } = req.body;
 
+  const appConfig = req.config;
   /** @type {Partial<TAssistantEndpoint>} */
-  const assistantsConfig = req.app.locals?.[endpoint];
+  const assistantsConfig = appConfig.endpoints?.[endpoint];
   if (!assistantsConfig) {
     return next();
   }

api/server/middleware/assistants/validateAuthor.js

@@ -20,8 +20,9 @@ const validateAuthor = async ({ req, openai, overrideEndpoint, overrideAssistant
   const assistant_id =
     overrideAssistantId ?? req.params.id ?? req.body.assistant_id ?? req.query.assistant_id;
 
+  const appConfig = req.config;
   /** @type {Partial<TAssistantEndpoint>} */
-  const assistantsConfig = req.app.locals?.[endpoint];
+  const assistantsConfig = appConfig.endpoints?.[endpoint];
   if (!assistantsConfig) {
     return;
   }

api/server/middleware/buildEndpointOption.js

@@ -40,9 +40,10 @@ async function buildEndpointOption(req, res, next) {
     return handleError(res, { text: 'Error parsing conversation' });
   }
 
-  if (req.app.locals.modelSpecs?.list && req.app.locals.modelSpecs?.enforce) {
+  const appConfig = req.config;
+  if (appConfig.modelSpecs?.list && appConfig.modelSpecs?.enforce) {
     /** @type {{ list: TModelSpec[] }}*/
-    const { list } = req.app.locals.modelSpecs;
+    const { list } = appConfig.modelSpecs;
     const { spec } = parsedBody;
 
     if (!spec) {

api/server/middleware/checkDomainAllowed.js

@@ -1,5 +1,6 @@
+const { logger } = require('@librechat/data-schemas');
 const { isEmailDomainAllowed } = require('~/server/services/domains');
-const { logger } = require('~/config');
+const { getAppConfig } = require('~/server/services/Config');
 
 /**
  * Checks the domain's social login is allowed
@@ -14,7 +15,10 @@ const { logger } = require('~/config');
  */
 const checkDomainAllowed = async (req, res, next = () => {}) => {
   const email = req?.user?.email;
-  if (email && !(await isEmailDomainAllowed(email))) {
+  const appConfig = await getAppConfig({
+    role: req?.user?.role,
+  });
+  if (email && !isEmailDomainAllowed(email, appConfig?.registration?.allowedDomains)) {
     logger.error(`[Social Login] [Social Login not allowed] [Email: ${email}]`);
     return res.redirect('/login');
   } else {

api/server/middleware/config/app.js

@@ -0,0 +1,27 @@
+const { logger } = require('@librechat/data-schemas');
+const { getAppConfig } = require('~/server/services/Config');
+
+const configMiddleware = async (req, res, next) => {
+  try {
+    const userRole = req.user?.role;
+    req.config = await getAppConfig({ role: userRole });
+
+    next();
+  } catch (error) {
+    logger.error('Config middleware error:', {
+      error: error.message,
+      userRole: req.user?.role,
+      path: req.path,
+    });
+
+    try {
+      req.config = await getAppConfig();
+      next();
+    } catch (fallbackError) {
+      logger.error('Fallback config middleware error:', fallbackError);
+      next(fallbackError);
+    }
+  }
+};
+
+module.exports = configMiddleware;

api/server/middleware/error.js

@@ -82,7 +82,7 @@ const sendError = async (req, res, options, callback) => {
 
 /**
  * Sends the response based on whether headers have been sent or not.
- * @param {Express.Request} req - The server response.
+ * @param {ServerRequest} req - The server response.
  * @param {Express.Response} res - The server response.
  * @param {Object} data - The data to be sent.
  * @param {string} [errorMessage] - The error message, if any.

api/server/middleware/index.js

@@ -13,6 +13,7 @@ const requireLdapAuth = require('./requireLdapAuth');
 const abortMiddleware = require('./abortMiddleware');
 const checkInviteUser = require('./checkInviteUser');
 const requireJwtAuth = require('./requireJwtAuth');
+const configMiddleware = require('./config/app');
 const validateModel = require('./validateModel');
 const moderateText = require('./moderateText');
 const logHeaders = require('./logHeaders');
@@ -43,6 +44,7 @@ module.exports = {
   requireLocalAuth,
   canDeleteAccount,
   validateEndpoint,
+  configMiddleware,
   concurrentLimiter,
   checkDomainAllowed,
   validateMessageReq,

api/server/middleware/spec/validateImages.spec.js

@@ -1,13 +1,18 @@
 const jwt = require('jsonwebtoken');
 const validateImageRequest = require('~/server/middleware/validateImageRequest');
 
+jest.mock('~/server/services/Config/app', () => ({
+  getAppConfig: jest.fn(),
+}));
+
 describe('validateImageRequest middleware', () => {
   let req, res, next;
   const validObjectId = '65cfb246f7ecadb8b1e8036b';
+  const { getAppConfig } = require('~/server/services/Config/app');
 
   beforeEach(() => {
+    jest.clearAllMocks();
     req = {
-      app: { locals: { secureImageLinks: true } },
       headers: {},
       originalUrl: '',
     };
@@ -17,79 +22,86 @@ describe('validateImageRequest middleware', () => {
     };
     next = jest.fn();
     process.env.JWT_REFRESH_SECRET = 'test-secret';
+
+    // Mock getAppConfig to return secureImageLinks: true by default
+    getAppConfig.mockResolvedValue({
+      secureImageLinks: true,
+    });
   });
 
   afterEach(() => {
     jest.clearAllMocks();
   });
 
-  test('should call next() if secureImageLinks is false', () => {
-    req.app.locals.secureImageLinks = false;
-    validateImageRequest(req, res, next);
+  test('should call next() if secureImageLinks is false', async () => {
+    getAppConfig.mockResolvedValue({
+      secureImageLinks: false,
+    });
+    await validateImageRequest(req, res, next);
     expect(next).toHaveBeenCalled();
   });
 
-  test('should return 401 if refresh token is not provided', () => {
-    validateImageRequest(req, res, next);
+  test('should return 401 if refresh token is not provided', async () => {
+    await validateImageRequest(req, res, next);
     expect(res.status).toHaveBeenCalledWith(401);
     expect(res.send).toHaveBeenCalledWith('Unauthorized');
   });
 
-  test('should return 403 if refresh token is invalid', () => {
+  test('should return 403 if refresh token is invalid', async () => {
     req.headers.cookie = 'refreshToken=invalid-token';
-    validateImageRequest(req, res, next);
+    await validateImageRequest(req, res, next);
     expect(res.status).toHaveBeenCalledWith(403);
     expect(res.send).toHaveBeenCalledWith('Access Denied');
   });
 
-  test('should return 403 if refresh token is expired', () => {
+  test('should return 403 if refresh token is expired', async () => {
     const expiredToken = jwt.sign(
       { id: validObjectId, exp: Math.floor(Date.now() / 1000) - 3600 },
       process.env.JWT_REFRESH_SECRET,
     );
     req.headers.cookie = `refreshToken=${expiredToken}`;
-    validateImageRequest(req, res, next);
+    await validateImageRequest(req, res, next);
     expect(res.status).toHaveBeenCalledWith(403);
     expect(res.send).toHaveBeenCalledWith('Access Denied');
   });
 
-  test('should call next() for valid image path', () => {
+  test('should call next() for valid image path', async () => {
     const validToken = jwt.sign(
       { id: validObjectId, exp: Math.floor(Date.now() / 1000) + 3600 },
       process.env.JWT_REFRESH_SECRET,
     );
     req.headers.cookie = `refreshToken=${validToken}`;
     req.originalUrl = `/images/${validObjectId}/example.jpg`;
-    validateImageRequest(req, res, next);
+    await validateImageRequest(req, res, next);
     expect(next).toHaveBeenCalled();
   });
 
-  test('should return 403 for invalid image path', () => {
+  test('should return 403 for invalid image path', async () => {
     const validToken = jwt.sign(
       { id: validObjectId, exp: Math.floor(Date.now() / 1000) + 3600 },
       process.env.JWT_REFRESH_SECRET,
     );
     req.headers.cookie = `refreshToken=${validToken}`;
     req.originalUrl = '/images/65cfb246f7ecadb8b1e8036c/example.jpg'; // Different ObjectId
-    validateImageRequest(req, res, next);
+    await validateImageRequest(req, res, next);
     expect(res.status).toHaveBeenCalledWith(403);
     expect(res.send).toHaveBeenCalledWith('Access Denied');
   });
 
-  test('should return 403 for invalid ObjectId format', () => {
+  test('should return 403 for invalid ObjectId format', async () => {
     const validToken = jwt.sign(
       { id: validObjectId, exp: Math.floor(Date.now() / 1000) + 3600 },
       process.env.JWT_REFRESH_SECRET,
     );
     req.headers.cookie = `refreshToken=${validToken}`;
     req.originalUrl = '/images/123/example.jpg'; // Invalid ObjectId
-    validateImageRequest(req, res, next);
+    await validateImageRequest(req, res, next);
     expect(res.status).toHaveBeenCalledWith(403);
     expect(res.send).toHaveBeenCalledWith('Access Denied');
   });
 
   // File traversal tests
-  test('should prevent file traversal attempts', () => {
+  test('should prevent file traversal attempts', async () => {
     const validToken = jwt.sign(
       { id: validObjectId, exp: Math.floor(Date.now() / 1000) + 3600 },
       process.env.JWT_REFRESH_SECRET,
@@ -103,23 +115,23 @@ describe('validateImageRequest middleware', () => {
       `/images/${validObjectId}/%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswd`,
     ];
 
-    traversalAttempts.forEach((attempt) => {
+    for (const attempt of traversalAttempts) {
       req.originalUrl = attempt;
-      validateImageRequest(req, res, next);
+      await validateImageRequest(req, res, next);
       expect(res.status).toHaveBeenCalledWith(403);
       expect(res.send).toHaveBeenCalledWith('Access Denied');
       jest.clearAllMocks();
-    });
+    }
   });
 
-  test('should handle URL encoded characters in valid paths', () => {
+  test('should handle URL encoded characters in valid paths', async () => {
     const validToken = jwt.sign(
       { id: validObjectId, exp: Math.floor(Date.now() / 1000) + 3600 },
       process.env.JWT_REFRESH_SECRET,
     );
     req.headers.cookie = `refreshToken=${validToken}`;
     req.originalUrl = `/images/${validObjectId}/image%20with%20spaces.jpg`;
-    validateImageRequest(req, res, next);
+    await validateImageRequest(req, res, next);
     expect(next).toHaveBeenCalled();
   });
 });

api/server/middleware/validate/convoAccess.js

@@ -15,7 +15,7 @@ const { USE_REDIS, CONVO_ACCESS_VIOLATION_SCORE: score = 0 } = process.env ?? {}
  * If the `cache` store is not available, the middleware will skip its logic.
  *
  * @function
- * @param {Express.Request} req - Express request object containing user information.
+ * @param {ServerRequest} req - Express request object containing user information.
  * @param {Express.Response} res - Express response object.
  * @param {function} next - Express next middleware function.
  * @throws {Error} Throws an error if the user doesn't have access to the conversation.

api/server/middleware/validateImageRequest.js

@@ -1,6 +1,7 @@
 const cookies = require('cookie');
 const jwt = require('jsonwebtoken');
-const { logger } = require('~/config');
+const { logger } = require('@librechat/data-schemas');
+const { getAppConfig } = require('~/server/services/Config/app');
 
 const OBJECT_ID_LENGTH = 24;
 const OBJECT_ID_PATTERN = /^[0-9a-f]{24}$/i;
@@ -24,8 +25,9 @@ function isValidObjectId(id) {
  * Middleware to validate image request.
  * Must be set by `secureImageLinks` via custom config file.
  */
-function validateImageRequest(req, res, next) {
-  if (!req.app.locals.secureImageLinks) {
+async function validateImageRequest(req, res, next) {
+  const appConfig = await getAppConfig({ role: req.user?.role });
+  if (!appConfig.secureImageLinks) {
     return next();
   }
 

api/server/middleware/validateModel.js

@@ -6,7 +6,7 @@ const { logViolation } = require('~/cache');
  * Validates the model of the request.
  *
  * @async
- * @param {Express.Request} req - The Express request object.
+ * @param {ServerRequest} req - The Express request object.
  * @param {Express.Response} res - The Express response object.
  * @param {Function} next - The Express next function.
  */