Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2025-09-22 08:12:00 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

🔐 fix: Image Validation when Reusing OpenID Token (#9458)

Browse source 
* 🔧 fix: Enhance OpenID token handling with user ID for image path validation

* 🔧 fix: Change logger level to error for user info fetch failure and remove redundant info log in OpenID user lookup

* 🔧 refactor: Remove validateImageRequest from middleware exports and enhance validation logic in validateImageRequest.js

* Removed validateImageRequest from the middleware index.
* Improved error handling and validation checks in validateImageRequest.js, including handling of OpenID tokens, URL length, and malformed URLs.
* Updated tests in validateImages.spec.js to cover new validation scenarios and edge cases.
This commit is contained in:
Danny Avila 2025-09-05 03:12:17 -04:00 committed by GitHub
parent e705b09280
commit cd73cb0b3e
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
9 changed files with 401 additions and 152 deletions
Download patch file Download diff file Expand all files Collapse all files

2
api/server/controllers/AuthController.js
View file

@ -75,7 +75,7 @@ const refreshController = async (req, res) => {
if (!user) {
return res.status(401).redirect('/login');
}
const token = setOpenIDAuthTokens(tokenset, res);
const token = setOpenIDAuthTokens(tokenset, res, user._id.toString());
return res.status(200).send({ token, user });
} catch (error) {
logger.error('[refreshController] OpenID token refresh error', error);