📩 feat: invite user (#3012)

* feat: basic invite-user script * feat: add invite user functionality and registration validation middleware * fix: invite user fixes * refactor: consolidate direct model access to a central place of functions * style(Registration): add spinner to continue button * refactor: import ordrer * feat: improve invite user script and error handling * fix: merge conflict * refactor: remove `console.log` and use `logger` * fix: token operation and checkinvite issues * bring back comment and remove console log * fix: return invalid token when token is not found * fix: getInvite fix * refactor: Update Token.js to use async/await syntax for update and delete operations * feat: Refactor Token.js to use async/await syntax for createToken and findToken functions * refactor(inviteUser): define functions outside of module.exports * Update AuthService.js --------- Co-authored-by: Danny Avila <danny@librechat.ai>
2026-01-21 01:36:13 +01:00 · 2024-08-18 06:23:38 +02:00 · 2024-08-18 06:23:38 +02:00 · bbb9324447
commit bbb9324447
parent a45b384bbc
16 changed files with 695 additions and 61 deletions
--- a/api/models/Token.js
+++ b/api/models/Token.js
@ -0,0 +1,117 @@
+const tokenSchema = require('./schema/tokenSchema');
+const mongoose = require('mongoose');
+const { logger } = require('~/config');
+
+/**
+ * Token model.
+ * @type {mongoose.Model}
+ */
+const Token = mongoose.model('Token', tokenSchema);
+
+/**
+ * Creates a new Token instance.
+ * @param {Object} tokenData - The data for the new Token.
+ * @param {mongoose.Types.ObjectId} tokenData.userId - The user's ID. It is required.
+ * @param {String} tokenData.email - The user's email.
+ * @param {String} tokenData.token - The token. It is required.
+ * @param {Number} tokenData.expiresIn - The number of seconds until the token expires.
+ * @returns {Promise<mongoose.Document>} The new Token instance.
+ * @throws Will throw an error if token creation fails.
+ */
+async function createToken(tokenData) {
+  try {
+    const currentTime = new Date();
+    const expiresAt = new Date(currentTime.getTime() + tokenData.expiresIn * 1000);
+
+    const newTokenData = {
+      ...tokenData,
+      createdAt: currentTime,
+      expiresAt,
+    };
+
+    const newToken = new Token(newTokenData);
+    return await newToken.save();
+  } catch (error) {
+    logger.debug('An error occurred while creating token:', error);
+    throw error;
+  }
+}
+
+/**
+ * Finds a Token document that matches the provided query.
+ * @param {Object} query - The query to match against.
+ * @param {mongoose.Types.ObjectId|String} query.userId - The ID of the user.
+ * @param {String} query.token - The token value.
+ * @param {String} query.email - The email of the user.
+ * @returns {Promise<Object|null>} The matched Token document, or null if not found.
+ * @throws Will throw an error if the find operation fails.
+ */
+async function findToken(query) {
+  try {
+    const conditions = [];
+
+    if (query.userId) {
+      conditions.push({ userId: query.userId });
+    }
+    if (query.token) {
+      conditions.push({ token: query.token });
+    }
+    if (query.email) {
+      conditions.push({ email: query.email });
+    }
+
+    const token = await Token.findOne({
+      $and: conditions,
+    }).lean();
+
+    return token;
+  } catch (error) {
+    logger.debug('An error occurred while finding token:', error);
+    throw error;
+  }
+}
+
+/**
+ * Updates a Token document that matches the provided query.
+ * @param {Object} query - The query to match against.
+ * @param {mongoose.Types.ObjectId|String} query.userId - The ID of the user.
+ * @param {String} query.token - The token value.
+ * @param {Object} updateData - The data to update the Token with.
+ * @returns {Promise<mongoose.Document|null>} The updated Token document, or null if not found.
+ * @throws Will throw an error if the update operation fails.
+ */
+async function updateToken(query, updateData) {
+  try {
+    return await Token.findOneAndUpdate(query, updateData, { new: true });
+  } catch (error) {
+    logger.debug('An error occurred while updating token:', error);
+    throw error;
+  }
+}
+
+/**
+ * Deletes all Token documents that match the provided token, user ID, or email.
+ * @param {Object} query - The query to match against.
+ * @param {mongoose.Types.ObjectId|String} query.userId - The ID of the user.
+ * @param {String} query.token - The token value.
+ * @param {String} query.email - The email of the user.
+ * @returns {Promise<Object>} The result of the delete operation.
+ * @throws Will throw an error if the delete operation fails.
+ */
+async function deleteTokens(query) {
+  try {
+    return await Token.deleteMany({
+      $or: [{ userId: query.userId }, { token: query.token }, { email: query.email }],
+    });
+  } catch (error) {
+    logger.debug('An error occurred while deleting tokens:', error);
+    throw error;
+  }
+}
+
+module.exports = {
+  createToken,
+  findToken,
+  updateToken,
+  deleteTokens,
+};
--- a/api/models/index.js
+++ b/api/models/index.js
@ -1,11 +1,3 @@
-const {
-  getMessages,
-  saveMessage,
-  recordMessage,
-  updateMessage,
-  deleteMessagesSince,
-  deleteMessages,
-} = require('./Message');
 const {
  comparePassword,
  deleteUserById,
@ -16,8 +8,6 @@ const {
  countUsers,
  findUser,
 } = require('./userMethods');
-const { getConvoTitle, getConvo, saveConvo, deleteConvos } = require('./Conversation');
-const { getPreset, getPresets, savePreset, deletePresets } = require('./Preset');
 const {
  findFileById,
  createFile,
@ -27,26 +17,40 @@ const {
  getFiles,
  updateFileUsage,
 } = require('./File');
-const Key = require('./Key');
-const User = require('./User');
+const {
+  getMessages,
+  saveMessage,
+  recordMessage,
+  updateMessage,
+  deleteMessagesSince,
+  deleteMessages,
+} = require('./Message');
+const { getConvoTitle, getConvo, saveConvo, deleteConvos } = require('./Conversation');
+const { getPreset, getPresets, savePreset, deletePresets } = require('./Preset');
+const { createToken, findToken, updateToken, deleteTokens } = require('./Token');
 const Session = require('./Session');
 const Balance = require('./Balance');
+const User = require('./User');
+const Key = require('./Key');

 module.exports = {
-  User,
-  Key,
-  Session,
-  Balance,
-
  comparePassword,
  deleteUserById,
  generateToken,
  getUserById,
-  countUsers,
-  createUser,
  updateUser,
+  createUser,
+  countUsers,
  findUser,

+  findFileById,
+  createFile,
+  updateFile,
+  deleteFile,
+  deleteFiles,
+  getFiles,
+  updateFileUsage,
+
  getMessages,
  saveMessage,
  recordMessage,
@ -64,11 +68,13 @@ module.exports = {
  savePreset,
  deletePresets,

-  findFileById,
-  createFile,
-  updateFile,
-  deleteFile,
-  deleteFiles,
-  getFiles,
-  updateFileUsage,
+  createToken,
+  findToken,
+  updateToken,
+  deleteTokens,
+
+  User,
+  Key,
+  Session,
+  Balance,
 };
--- a/api/models/inviteUser.js
+++ b/api/models/inviteUser.js
@ -0,0 +1,70 @@
+const crypto = require('crypto');
+const bcrypt = require('bcryptjs');
+const mongoose = require('mongoose');
+const { createToken, findToken } = require('./Token');
+const logger = require('~/config/winston');
+
+/**
+ * @module inviteUser
+ * @description This module provides functions to create and get user invites
+ */
+
+/**
+ * @function createInvite
+ * @description This function creates a new user invite
+ * @param {string} email - The email of the user to invite
+ * @returns {Promise<Object>} A promise that resolves to the saved invite document
+ * @throws {Error} If there is an error creating the invite
+ */
+const createInvite = async (email) => {
+  try {
+    let token = crypto.randomBytes(32).toString('hex');
+    const hash = bcrypt.hashSync(token, 10);
+    const encodedToken = encodeURIComponent(token);
+
+    const fakeUserId = new mongoose.Types.ObjectId();
+
+    await createToken({
+      userId: fakeUserId,
+      email,
+      token: hash,
+      createdAt: Date.now(),
+      expiresIn: 604800,
+    });
+
+    return encodedToken;
+  } catch (error) {
+    logger.error('[createInvite] Error creating invite', error);
+    return { message: 'Error creating invite' };
+  }
+};
+
+/**
+ * @function getInvite
+ * @description This function retrieves a user invite
+ * @param {string} encodedToken - The token of the invite to retrieve
+ * @param {string} email - The email of the user to validate
+ * @returns {Promise<Object>} A promise that resolves to the retrieved invite document
+ * @throws {Error} If there is an error retrieving the invite, if the invite does not exist, or if the email does not match
+ */
+const getInvite = async (encodedToken, email) => {
+  try {
+    const token = decodeURIComponent(encodedToken);
+    const hash = bcrypt.hashSync(token, 10);
+    const invite = await findToken({ token: hash, email });
+
+    if (!invite) {
+      throw new Error('Invite not found or email does not match');
+    }
+
+    return invite;
+  } catch (error) {
+    logger.error('[getInvite] Error getting invite', error);
+    return { error: true, message: error.message };
+  }
+};
+
+module.exports = {
+  createInvite,
+  getInvite,
+};
--- a/api/models/schema/tokenSchema.js
+++ b/api/models/schema/tokenSchema.js
@ -18,8 +18,13 @@ const tokenSchema = new Schema({
    type: Date,
    required: true,
    default: Date.now,
-    expires: 900,
+  },
+  expiresAt: {
+    type: Date,
+    required: true,
  },
 });

-module.exports = mongoose.model('Token', tokenSchema);
+tokenSchema.index({ expiresAt: 1 }, { expireAfterSeconds: 0 });
+
+module.exports = tokenSchema;