Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2025-12-16 16:30:15 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

📧 fix: Case-Insensitive Domain Matching (#9868)
Some checks failed
Docker Dev Branch Images Build / build (Dockerfile, lc-dev, node) (push) Has been cancelled
Details
Docker Dev Branch Images Build / build (Dockerfile.multi, lc-dev-api, api-build) (push) Has been cancelled
Details
Docker Dev Images Build / build (Dockerfile, librechat-dev, node) (push) Has been cancelled
Details
Docker Dev Images Build / build (Dockerfile.multi, librechat-dev-api, api-build) (push) Has been cancelled
Details
Sync Locize Translations & Create Translation PR / Sync Translation Keys with Locize (push) Has been cancelled
Details
Sync Locize Translations & Create Translation PR / Create Translation PR on Version Published (push) Has been cancelled
Details

Browse source 
* chore: move domain related functions to `packages/api`

* fix: isEmailDomainAllowed for case-insensitive domain matching

- Added tests to validate case-insensitive matching for email domains in various scenarios.
- Updated isEmailDomainAllowed function to convert email domains to lowercase for consistent comparison.
- Improved handling of null/undefined entries in allowedDomains.

* ci: Mock isEmailDomainAllowed in samlStrategy tests

- Added a mock implementation for isEmailDomainAllowed to return true in samlStrategy tests, ensuring consistent behavior during test execution.

* ci: Update import of isEmailDomainAllowed in ldapStrategy tests

- Changed the import of isEmailDomainAllowed from the domains service to the api package for consistency and to reflect recent refactoring.
This commit is contained in:
Danny Avila 2025-09-27 21:20:19 -04:00 committed by GitHub
parent 712f0b3ca2
commit a1471c2f37
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
14 changed files with 84 additions and 88 deletions
Download patch file Download diff file Expand all files Collapse all files

2
api/server/middleware/checkDomainAllowed.js
View file

@ -1,5 +1,5 @@
const { logger } = require('@librechat/data-schemas'); const { logger } = require('@librechat/data-schemas');
const { isEmailDomainAllowed } = require('~/server/services/domains'); const { isEmailDomainAllowed } = require('@librechat/api');
const { getAppConfig } = require('~/server/services/Config'); const { getAppConfig } = require('~/server/services/Config');
/** /**

5
api/server/routes/agents/actions.js
View file

@ -1,20 +1,19 @@
const express = require('express'); const express = require('express');
const { nanoid } = require('nanoid'); const { nanoid } = require('nanoid');
const { logger } = require('@librechat/data-schemas'); const { logger } = require('@librechat/data-schemas');
const { generateCheckAccess } = require('@librechat/api'); const { generateCheckAccess, isActionDomainAllowed } = require('@librechat/api');
const { const {
Permissions, Permissions,
ResourceType, ResourceType,
PermissionBits,
PermissionTypes, PermissionTypes,
actionDelimiter, actionDelimiter,
PermissionBits,
removeNullishValues, removeNullishValues,
} = require('librechat-data-provider'); } = require('librechat-data-provider');
const { encryptMetadata, domainParser } = require('~/server/services/ActionService'); const { encryptMetadata, domainParser } = require('~/server/services/ActionService');
const { findAccessibleResources } = require('~/server/services/PermissionService'); const { findAccessibleResources } = require('~/server/services/PermissionService');
const { getAgent, updateAgent, getListAgentsByAccess } = require('~/models/Agent'); const { getAgent, updateAgent, getListAgentsByAccess } = require('~/models/Agent');
const { updateAction, getActions, deleteAction } = require('~/models/Action'); const { updateAction, getActions, deleteAction } = require('~/models/Action');
const { isActionDomainAllowed } = require('~/server/services/domains');
const { canAccessAgentResource } = require('~/server/middleware'); const { canAccessAgentResource } = require('~/server/middleware');
const { getRoleByName } = require('~/models/Role'); const { getRoleByName } = require('~/models/Role');

2
api/server/routes/assistants/actions.js
View file

@ -1,12 +1,12 @@
const express = require('express'); const express = require('express');
const { nanoid } = require('nanoid'); const { nanoid } = require('nanoid');
const { logger } = require('@librechat/data-schemas'); const { logger } = require('@librechat/data-schemas');
const { isActionDomainAllowed } = require('@librechat/api');
const { actionDelimiter, EModelEndpoint, removeNullishValues } = require('librechat-data-provider'); const { actionDelimiter, EModelEndpoint, removeNullishValues } = require('librechat-data-provider');
const { encryptMetadata, domainParser } = require('~/server/services/ActionService'); const { encryptMetadata, domainParser } = require('~/server/services/ActionService');
const { getOpenAIClient } = require('~/server/controllers/assistants/helpers'); const { getOpenAIClient } = require('~/server/controllers/assistants/helpers');
const { updateAction, getActions, deleteAction } = require('~/models/Action'); const { updateAction, getActions, deleteAction } = require('~/models/Action');
const { updateAssistantDoc, getAssistant } = require('~/models/Assistant'); const { updateAssistantDoc, getAssistant } = require('~/models/Assistant');
const { isActionDomainAllowed } = require('~/server/services/domains');
const router = express.Router(); const router = express.Router();

3
api/server/services/AuthService.js
View file

@ -2,7 +2,7 @@ const bcrypt = require('bcryptjs');
const jwt = require('jsonwebtoken'); const jwt = require('jsonwebtoken');
const { webcrypto } = require('node:crypto'); const { webcrypto } = require('node:crypto');
const { logger } = require('@librechat/data-schemas'); const { logger } = require('@librechat/data-schemas');
const { isEnabled, checkEmailConfig } = require('@librechat/api'); const { isEnabled, checkEmailConfig, isEmailDomainAllowed } = require('@librechat/api');
const { ErrorTypes, SystemRoles, errorsToString } = require('librechat-data-provider'); const { ErrorTypes, SystemRoles, errorsToString } = require('librechat-data-provider');
const { const {
findUser, findUser,
@ -20,7 +20,6 @@ const {
deleteUserById, deleteUserById,
generateRefreshToken, generateRefreshToken,
} = require('~/models'); } = require('~/models');
const { isEmailDomainAllowed } = require('~/server/services/domains');
const { registerSchema } = require('~/strategies/validators'); const { registerSchema } = require('~/strategies/validators');
const { getAppConfig } = require('~/server/services/Config'); const { getAppConfig } = require('~/server/services/Config');
const { sendEmail } = require('~/server/utils'); const { sendEmail } = require('~/server/utils');

8
api/server/services/ToolService.js
View file

@ -1,7 +1,12 @@
const { sleep } = require('@librechat/agents'); const { sleep } = require('@librechat/agents');
const { logger } = require('@librechat/data-schemas'); const { logger } = require('@librechat/data-schemas');
const { tool: toolFn, DynamicStructuredTool } = require('@langchain/core/tools'); const { tool: toolFn, DynamicStructuredTool } = require('@langchain/core/tools');
const { getToolkitKey, hasCustomUserVars, getUserMCPAuthMap } = require('@librechat/api'); const {
getToolkitKey,
hasCustomUserVars,
getUserMCPAuthMap,
isActionDomainAllowed,
} = require('@librechat/api');
const { const {
Tools, Tools,
Constants, Constants,
@ -26,7 +31,6 @@ const { processFileURL, uploadImageBuffer } = require('~/server/services/Files/p
const { getEndpointsConfig, getCachedTools } = require('~/server/services/Config'); const { getEndpointsConfig, getCachedTools } = require('~/server/services/Config');
const { manifestToolMap, toolkits } = require('~/app/clients/tools/manifest'); const { manifestToolMap, toolkits } = require('~/app/clients/tools/manifest');
const { createOnSearchResults } = require('~/server/services/Tools/search'); const { createOnSearchResults } = require('~/server/services/Tools/search');
const { isActionDomainAllowed } = require('~/server/services/domains');
const { recordUsage } = require('~/server/services/Threads'); const { recordUsage } = require('~/server/services/Threads');
const { loadTools } = require('~/app/clients/tools/util'); const { loadTools } = require('~/app/clients/tools/util');
const { redactMessage } = require('~/config/parsers'); const { redactMessage } = require('~/config/parsers');

3
api/strategies/ldapStrategy.js
View file

@ -1,10 +1,9 @@
const fs = require('fs'); const fs = require('fs');
const LdapStrategy = require('passport-ldapauth'); const LdapStrategy = require('passport-ldapauth');
const { logger } = require('@librechat/data-schemas'); const { logger } = require('@librechat/data-schemas');
const { isEnabled, getBalanceConfig } = require('@librechat/api');
const { SystemRoles, ErrorTypes } = require('librechat-data-provider'); const { SystemRoles, ErrorTypes } = require('librechat-data-provider');
const { isEnabled, getBalanceConfig, isEmailDomainAllowed } = require('@librechat/api');
const { createUser, findUser, updateUser, countUsers } = require('~/models'); const { createUser, findUser, updateUser, countUsers } = require('~/models');
const { isEmailDomainAllowed } = require('~/server/services/domains');
const { getAppConfig } = require('~/server/services/Config'); const { getAppConfig } = require('~/server/services/Config');
const { const {

7
api/strategies/ldapStrategy.spec.js
View file

@ -11,6 +11,7 @@ jest.mock('@librechat/data-schemas', () => ({
jest.mock('@librechat/api', () => ({ jest.mock('@librechat/api', () => ({
// isEnabled used for TLS flags // isEnabled used for TLS flags
isEnabled: jest.fn(() => false), isEnabled: jest.fn(() => false),
isEmailDomainAllowed: jest.fn(() => true),
getBalanceConfig: jest.fn(() => ({ enabled: false })), getBalanceConfig: jest.fn(() => ({ enabled: false })),
})); }));
@ -25,10 +26,6 @@ jest.mock('~/server/services/Config', () => ({
getAppConfig: jest.fn().mockResolvedValue({}), getAppConfig: jest.fn().mockResolvedValue({}),
})); }));
jest.mock('~/server/services/domains', () => ({
isEmailDomainAllowed: jest.fn(() => true),
}));
// Mock passport-ldapauth to capture verify callback // Mock passport-ldapauth to capture verify callback
let verifyCallback; let verifyCallback;
jest.mock('passport-ldapauth', () => { jest.mock('passport-ldapauth', () => {
@ -39,8 +36,8 @@ jest.mock('passport-ldapauth', () => {
}); });
const { ErrorTypes } = require('librechat-data-provider'); const { ErrorTypes } = require('librechat-data-provider');
const { isEmailDomainAllowed } = require('@librechat/api');
const { findUser, createUser, updateUser, countUsers } = require('~/models'); const { findUser, createUser, updateUser, countUsers } = require('~/models');
const { isEmailDomainAllowed } = require('~/server/services/domains');
// Helper to call the verify callback and wrap in a Promise for convenience // Helper to call the verify callback and wrap in a Promise for convenience
const callVerify = (userinfo) => const callVerify = (userinfo) =>

2
api/strategies/openidStrategy.js
View file

@ -13,9 +13,9 @@ const {
safeStringify, safeStringify,
findOpenIDUser, findOpenIDUser,
getBalanceConfig, getBalanceConfig,
isEmailDomainAllowed,
} = require('@librechat/api'); } = require('@librechat/api');
const { getStrategyFunctions } = require('~/server/services/Files/strategies'); const { getStrategyFunctions } = require('~/server/services/Files/strategies');
const { isEmailDomainAllowed } = require('~/server/services/domains');
const { findUser, createUser, updateUser } = require('~/models'); const { findUser, createUser, updateUser } = require('~/models');
const { getAppConfig } = require('~/server/services/Config'); const { getAppConfig } = require('~/server/services/Config');
const getLogStores = require('~/cache/getLogStores'); const getLogStores = require('~/cache/getLogStores');

3
api/strategies/samlStrategy.js
View file

@ -2,12 +2,11 @@ const fs = require('fs');
const path = require('path'); const path = require('path');
const fetch = require('node-fetch'); const fetch = require('node-fetch');
const passport = require('passport'); const passport = require('passport');
const { getBalanceConfig } = require('@librechat/api');
const { ErrorTypes } = require('librechat-data-provider'); const { ErrorTypes } = require('librechat-data-provider');
const { hashToken, logger } = require('@librechat/data-schemas'); const { hashToken, logger } = require('@librechat/data-schemas');
const { Strategy: SamlStrategy } = require('@node-saml/passport-saml'); const { Strategy: SamlStrategy } = require('@node-saml/passport-saml');
const { getBalanceConfig, isEmailDomainAllowed } = require('@librechat/api');
const { getStrategyFunctions } = require('~/server/services/Files/strategies'); const { getStrategyFunctions } = require('~/server/services/Files/strategies');
const { isEmailDomainAllowed } = require('~/server/services/domains');
const { findUser, createUser, updateUser } = require('~/models'); const { findUser, createUser, updateUser } = require('~/models');
const { getAppConfig } = require('~/server/services/Config'); const { getAppConfig } = require('~/server/services/Config');
const paths = require('~/config/paths'); const paths = require('~/config/paths');

1
api/strategies/samlStrategy.spec.js
View file

@ -26,6 +26,7 @@ jest.mock('~/server/services/Config', () => ({
getAppConfig: jest.fn().mockResolvedValue({}), getAppConfig: jest.fn().mockResolvedValue({}),
})); }));
jest.mock('@librechat/api', () => ({ jest.mock('@librechat/api', () => ({
isEmailDomainAllowed: jest.fn(() => true),
getBalanceConfig: jest.fn(() => ({ getBalanceConfig: jest.fn(() => ({
tokenCredits: 1000, tokenCredits: 1000,
startBalance: 1000, startBalance: 1000,

3
api/strategies/socialLogin.js
View file

@ -1,8 +1,7 @@
const { isEnabled } = require('@librechat/api');
const { logger } = require('@librechat/data-schemas'); const { logger } = require('@librechat/data-schemas');
const { ErrorTypes } = require('librechat-data-provider'); const { ErrorTypes } = require('librechat-data-provider');
const { isEnabled, isEmailDomainAllowed } = require('@librechat/api');
const { createSocialUser, handleExistingUser } = require('./process'); const { createSocialUser, handleExistingUser } = require('./process');
const { isEmailDomainAllowed } = require('~/server/services/domains');
const { getAppConfig } = require('~/server/services/Config'); const { getAppConfig } = require('~/server/services/Config');
const { findUser } = require('~/models'); const { findUser } = require('~/models');

99
api/server/services/domains.spec.js → packages/api/src/auth/domain.spec.ts
View file

@ -1,9 +1,5 @@
const { isEmailDomainAllowed, isActionDomainAllowed } = require('~/server/services/domains'); /* eslint-disable @typescript-eslint/ban-ts-comment */
const { getAppConfig } = require('~/server/services/Config'); import { isEmailDomainAllowed, isActionDomainAllowed } from './domain';
jest.mock('~/server/services/Config', () => ({
getAppConfig: jest.fn(),
}));
describe('isEmailDomainAllowed', () => { describe('isEmailDomainAllowed', () => {
afterEach(() => { afterEach(() => {
@ -24,39 +20,72 @@ describe('isEmailDomainAllowed', () => {
it('should return true if customConfig is not available', async () => { it('should return true if customConfig is not available', async () => {
const email = 'test@domain1.com'; const email = 'test@domain1.com';
getAppConfig.mockResolvedValue(null);
const result = isEmailDomainAllowed(email, null); const result = isEmailDomainAllowed(email, null);
expect(result).toBe(true); expect(result).toBe(true);
}); });
it('should return true if allowedDomains is not defined in customConfig', async () => { it('should return true if allowedDomains is not defined in customConfig', async () => {
const email = 'test@domain1.com'; const email = 'test@domain1.com';
getAppConfig.mockResolvedValue({});
const result = isEmailDomainAllowed(email, undefined); const result = isEmailDomainAllowed(email, undefined);
expect(result).toBe(true); expect(result).toBe(true);
}); });
it('should return true if domain is included in the allowedDomains', async () => { it('should return true if domain is included in the allowedDomains', async () => {
const email = 'user@domain1.com'; const email = 'user@domain1.com';
getAppConfig.mockResolvedValue({
registration: {
allowedDomains: ['domain1.com', 'domain2.com'],
},
});
const result = isEmailDomainAllowed(email, ['domain1.com', 'domain2.com']); const result = isEmailDomainAllowed(email, ['domain1.com', 'domain2.com']);
expect(result).toBe(true); expect(result).toBe(true);
}); });
it('should return false if domain is not included in the allowedDomains', async () => { it('should return false if domain is not included in the allowedDomains', async () => {
const email = 'user@domain3.com'; const email = 'user@domain3.com';
getAppConfig.mockResolvedValue({
registration: {
allowedDomains: ['domain1.com', 'domain2.com'],
},
});
const result = isEmailDomainAllowed(email, ['domain1.com', 'domain2.com']); const result = isEmailDomainAllowed(email, ['domain1.com', 'domain2.com']);
expect(result).toBe(false); expect(result).toBe(false);
}); });
describe('case-insensitive domain matching', () => {
it('should match domains case-insensitively when email has uppercase domain', () => {
const email = 'user@DOMAIN1.COM';
const result = isEmailDomainAllowed(email, ['domain1.com', 'domain2.com']);
expect(result).toBe(true);
});
it('should match domains case-insensitively when allowedDomains has uppercase', () => {
const email = 'user@domain1.com';
const result = isEmailDomainAllowed(email, ['DOMAIN1.COM', 'DOMAIN2.COM']);
expect(result).toBe(true);
});
it('should match domains with mixed case in email', () => {
const email = 'user@Example.Com';
const result = isEmailDomainAllowed(email, ['example.com', 'domain2.com']);
expect(result).toBe(true);
});
it('should match domains with mixed case in allowedDomains', () => {
const email = 'user@example.com';
const result = isEmailDomainAllowed(email, ['Example.Com', 'Domain2.Com']);
expect(result).toBe(true);
});
it('should match when both email and allowedDomains have different mixed cases', () => {
const email = 'user@ExAmPlE.cOm';
const result = isEmailDomainAllowed(email, ['eXaMpLe.CoM', 'domain2.com']);
expect(result).toBe(true);
});
it('should still return false for non-matching domains regardless of case', () => {
const email = 'user@DOMAIN3.COM';
const result = isEmailDomainAllowed(email, ['domain1.com', 'DOMAIN2.COM']);
expect(result).toBe(false);
});
it('should handle null/undefined entries in allowedDomains gracefully', () => {
const email = 'user@domain1.com';
// @ts-expect-error Testing invalid input
const result = isEmailDomainAllowed(email, [null, 'DOMAIN1.COM', undefined]);
expect(result).toBe(true);
});
});
}); });
describe('isActionDomainAllowed', () => { describe('isActionDomainAllowed', () => {
@ -74,15 +103,15 @@ describe('isActionDomainAllowed', () => {
}); });
it('should return false for non-string inputs', async () => { it('should return false for non-string inputs', async () => {
/** @ts-expect-error */
expect(await isActionDomainAllowed(123)).toBe(false); expect(await isActionDomainAllowed(123)).toBe(false);
/** @ts-expect-error */
expect(await isActionDomainAllowed({})).toBe(false); expect(await isActionDomainAllowed({})).toBe(false);
/** @ts-expect-error */
expect(await isActionDomainAllowed([])).toBe(false); expect(await isActionDomainAllowed([])).toBe(false);
}); });
it('should return false for invalid domain formats', async () => { it('should return false for invalid domain formats', async () => {
getAppConfig.mockResolvedValue({
actions: { allowedDomains: ['http://', 'https://'] },
});
expect(await isActionDomainAllowed('http://', ['http://', 'https://'])).toBe(false); expect(await isActionDomainAllowed('http://', ['http://', 'https://'])).toBe(false);
expect(await isActionDomainAllowed('https://', ['http://', 'https://'])).toBe(false); expect(await isActionDomainAllowed('https://', ['http://', 'https://'])).toBe(false);
}); });
@ -91,19 +120,14 @@ describe('isActionDomainAllowed', () => {
// Configuration Tests // Configuration Tests
describe('configuration handling', () => { describe('configuration handling', () => {
it('should return true if customConfig is null', async () => { it('should return true if customConfig is null', async () => {
getAppConfig.mockResolvedValue(null);
expect(await isActionDomainAllowed('example.com', null)).toBe(true); expect(await isActionDomainAllowed('example.com', null)).toBe(true);
}); });
it('should return true if actions.allowedDomains is not defined', async () => { it('should return true if actions.allowedDomains is not defined', async () => {
getAppConfig.mockResolvedValue({});
expect(await isActionDomainAllowed('example.com', undefined)).toBe(true); expect(await isActionDomainAllowed('example.com', undefined)).toBe(true);
}); });
it('should return true if allowedDomains is empty array', async () => { it('should return true if allowedDomains is empty array', async () => {
getAppConfig.mockResolvedValue({
actions: { allowedDomains: [] },
});
expect(await isActionDomainAllowed('example.com', [])).toBe(true); expect(await isActionDomainAllowed('example.com', [])).toBe(true);
}); });
}); });
@ -118,14 +142,6 @@ describe('isActionDomainAllowed', () => {
'swapi.dev', 'swapi.dev',
]; ];
beforeEach(() => {
getAppConfig.mockResolvedValue({
actions: {
allowedDomains,
},
});
});
it('should match exact domains', async () => { it('should match exact domains', async () => {
expect(await isActionDomainAllowed('example.com', allowedDomains)).toBe(true); expect(await isActionDomainAllowed('example.com', allowedDomains)).toBe(true);
expect(await isActionDomainAllowed('other.com', allowedDomains)).toBe(false); expect(await isActionDomainAllowed('other.com', allowedDomains)).toBe(false);
@ -159,14 +175,6 @@ describe('isActionDomainAllowed', () => {
describe('edge cases', () => { describe('edge cases', () => {
const edgeAllowedDomains = ['example.com', '*.test.com']; const edgeAllowedDomains = ['example.com', '*.test.com'];
beforeEach(() => {
getAppConfig.mockResolvedValue({
actions: {
allowedDomains: edgeAllowedDomains,
},
});
});
it('should handle domains with query parameters', async () => { it('should handle domains with query parameters', async () => {
expect(await isActionDomainAllowed('example.com?param=value', edgeAllowedDomains)).toBe(true); expect(await isActionDomainAllowed('example.com?param=value', edgeAllowedDomains)).toBe(true);
}); });
@ -186,12 +194,9 @@ describe('isActionDomainAllowed', () => {
it('should handle invalid entries in allowedDomains', async () => { it('should handle invalid entries in allowedDomains', async () => {
const invalidAllowedDomains = ['example.com', null, undefined, '', 'test.com']; const invalidAllowedDomains = ['example.com', null, undefined, '', 'test.com'];
getAppConfig.mockResolvedValue({ /** @ts-expect-error */
actions: {
allowedDomains: invalidAllowedDomains,
},
});
expect(await isActionDomainAllowed('example.com', invalidAllowedDomains)).toBe(true); expect(await isActionDomainAllowed('example.com', invalidAllowedDomains)).toBe(true);
/** @ts-expect-error */
expect(await isActionDomainAllowed('test.com', invalidAllowedDomains)).toBe(true); expect(await isActionDomainAllowed('test.com', invalidAllowedDomains)).toBe(true);
}); });
}); });

33
api/server/services/domains.js → packages/api/src/auth/domain.ts
View file

@ -1,14 +1,13 @@
/** /**
* @param {string} email * @param email
* @param {string[]} [allowedDomains] * @param allowedDomains
* @returns {boolean}
*/ */
function isEmailDomainAllowed(email, allowedDomains) { export function isEmailDomainAllowed(email: string, allowedDomains?: string[] | null): boolean {
if (!email) { if (!email) {
return false; return false;
} }
const domain = email.split('@')[1]; const domain = email.split('@')[1]?.toLowerCase();
if (!domain) { if (!domain) {
return false; return false;
@ -20,21 +19,15 @@ function isEmailDomainAllowed(email, allowedDomains) {
return true; return true;
} }
return allowedDomains.includes(domain); return allowedDomains.some((allowedDomain) => allowedDomain?.toLowerCase() === domain);
} }
/**
* Normalizes a domain string
* @param {string} domain
* @returns {string|null}
*/
/** /**
* Normalizes a domain string. If the domain is invalid, returns null. * Normalizes a domain string. If the domain is invalid, returns null.
* Normalized === lowercase, trimmed, and protocol added if missing. * Normalized === lowercase, trimmed, and protocol added if missing.
* @param {string} domain * @param domain
* @returns {string|null}
*/ */
function normalizeDomain(domain) { function normalizeDomain(domain: string): string | null {
try { try {
let normalizedDomain = domain.toLowerCase().trim(); let normalizedDomain = domain.toLowerCase().trim();
@ -62,11 +55,13 @@ function normalizeDomain(domain) {
/** /**
* Checks if the given domain is allowed. If no restrictions are set, allows all domains. * Checks if the given domain is allowed. If no restrictions are set, allows all domains.
* @param {string} [domain] * @param domain
* @param {string[]} [allowedDomains] * @param allowedDomains
* @returns {Promise<boolean>}
*/ */
async function isActionDomainAllowed(domain, allowedDomains) { export async function isActionDomainAllowed(
domain?: string | null,
allowedDomains?: string[] | null,
): Promise<boolean> {
if (!domain || typeof domain !== 'string') { if (!domain || typeof domain !== 'string') {
return false; return false;
} }
@ -101,5 +96,3 @@ async function isActionDomainAllowed(domain, allowedDomains) {
return false; return false;
} }
module.exports = { isEmailDomainAllowed, isActionDomainAllowed };

1
packages/api/src/auth/index.ts
View file

@ -1 +1,2 @@
export * from './domain';
export * from './openid'; export * from './openid';