Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2025-12-17 08:50:15 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

fix: auth env var must have no value, as well as assigned username incase a falsy value is set

Browse source
This commit is contained in:
Danny Avila 2023-03-23 15:37:25 -04:00
parent c6fb3018e7
commit b73be0dcfa
3 changed files with 54 additions and 39 deletions
Download patch file Download diff file Expand all files Collapse all files

4
api/.env.example
View file

@ -53,7 +53,7 @@ MEILI_HTTP_ADDR='meilisearch:7700' # <-- docker-compose
# Meilisearch will throw an error and refuse to launch if no master key is provided or if it is under 16 bytes, # Meilisearch will throw an error and refuse to launch if no master key is provided or if it is under 16 bytes,
# Meilisearch will suggest a secure autogenerated master key. # Meilisearch will suggest a secure autogenerated master key.
# Using docker, it seems recognized as production so use a secure key. # Using docker, it seems recognized as production so use a secure key.
# MEILI_MASTER_KEY= # <-- no/insecure key for local/remote # MEILI_MASTER_KEY= # <-- empty/insecure key works for local/remote
MEILI_MASTER_KEY=JKMW-hGc7v_D1FkJVdbRSDNFLZcUv3S75yrxXP0SmcU # <-- ready made secure key for docker-compose MEILI_MASTER_KEY=JKMW-hGc7v_D1FkJVdbRSDNFLZcUv3S75yrxXP0SmcU # <-- ready made secure key for docker-compose
@ -61,4 +61,4 @@ MEILI_MASTER_KEY=JKMW-hGc7v_D1FkJVdbRSDNFLZcUv3S75yrxXP0SmcU # <-- ready made se
# global enable/disable the sample user system. # global enable/disable the sample user system.
# this is not a ready to use user system. # this is not a ready to use user system.
# dont't use it, unless you can write your own code. # dont't use it, unless you can write your own code.
ENABLE_USER_SYSTEM=FALSE # ENABLE_USER_SYSTEM= # <-- make sure you don't comment this back in if you're using your own user system

59
api/server/routes/auth.js
View file

@ -1,46 +1,57 @@
const express = require('express'); const express = require('express');
const router = express.Router(); const router = express.Router();
const authYourLogin = require('./authYourLogin'); const authYourLogin = require('./authYourLogin');
const userSystemEnabled = process.env.ENABLE_USER_SYSTEM || false const userSystemEnabled = !!process.env.ENABLE_USER_SYSTEM || false;
router.get('/login', function (req, res) { router.get('/login', function (req, res) {
if (userSystemEnabled) if (userSystemEnabled) {
res.redirect('/auth/your_login_page') res.redirect('/auth/your_login_page');
else } else {
res.redirect('/') res.redirect('/');
}) }
});
router.get('/logout', function (req, res) { router.get('/logout', function (req, res) {
// clear the session // clear the session
req.session.user = null req.session.user = null;
req.session.save(function (error) { req.session.save(function () {
if (userSystemEnabled) if (userSystemEnabled) {
res.redirect('/auth/your_login_page/logout') res.redirect('/auth/your_login_page/logout');
else } else {
res.redirect('/') res.redirect('/');
}) }
}) });
});
const authenticatedOr401 = (req, res, next) => { const authenticatedOr401 = (req, res, next) => {
if (userSystemEnabled) { if (userSystemEnabled) {
const user = req?.session?.user; const user = req?.session?.user;
if (user) next(); if (user) {
else res.status(401).end(); next();
} else next(); } else {
} res.status(401).end();
}
} else {
next();
}
};
const authenticatedOrRedirect = (req, res, next) => { const authenticatedOrRedirect = (req, res, next) => {
if (userSystemEnabled) { if (userSystemEnabled) {
const user = req?.session?.user; const user = req?.session?.user;
if (user) next(); if (user) {
else res.redirect('/auth/login').end(); next();
} else {
res.redirect('/auth/login').end();
}
} else next(); } else next();
};
if (userSystemEnabled) {
router.use('/your_login_page', authYourLogin);
} }
if (userSystemEnabled)
router.use('/your_login_page', authYourLogin);
module.exports = { router, authenticatedOr401, authenticatedOrRedirect }; module.exports = { router, authenticatedOr401, authenticatedOrRedirect };

30
api/server/routes/authYourLogin.js
View file

@ -5,36 +5,40 @@ const router = express.Router();
// THIS IS NOT A READY TO USE USER SYSTEM // THIS IS NOT A READY TO USE USER SYSTEM
// PLEASE IMPLEMENT YOUR OWN USER SYSTEM // PLEASE IMPLEMENT YOUR OWN USER SYSTEM
const userSystemEnabled = process.env.ENABLE_USER_SYSTEM || false const userSystemEnabled = process.env.ENABLE_USER_SYSTEM || false;
// Logout // Logout
router.get('/logout', (req, res) => { router.get('/logout', (req, res) => {
// Do anything you want // Do anything you want
console.warn('logout not implemented!') console.warn('logout not implemented!');
// finish // finish
res.redirect('/') res.redirect('/');
}); });
// Login // Login
router.get('/', async (req, res) => { router.get('/', async (req, res) => {
// Do anything you want // Do anything you want
console.warn('login not implemented! Automatic passed as sample user') console.warn('login not implemented! Automatic passed as sample user');
// save the user info into session // save the user info into session
// username will be used in db // username will be used in db
// display will be used in UI // display will be used in UI
req.session.user = { if (userSystemEnabled) {
username: 'sample_user', req.session.user = {
display: 'Sample User', username: null, // was 'sample_user', but would break previous relationship with previous conversations before v0.1.0
display: 'Sample User'
};
} }
req.session.save(function (error) { req.session.save(function (error) {
if (error) { if (error) {
console.log(error); console.log(error);
res.send(`<h1>Login Failed. An error occurred. Please see the server logs for details.</h1>`); res.send(`<h1>Login Failed. An error occurred. Please see the server logs for details.</h1>`);
} else res.redirect('/') } else {
}) res.redirect('/');
}
});
}); });
module.exports = router; module.exports = router;