Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2025-09-22 06:00:56 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

🔐 fix: Image Validation when Reusing OpenID Token (#9458)

Browse source 
* 🔧 fix: Enhance OpenID token handling with user ID for image path validation

* 🔧 fix: Change logger level to error for user info fetch failure and remove redundant info log in OpenID user lookup

* 🔧 refactor: Remove validateImageRequest from middleware exports and enhance validation logic in validateImageRequest.js

* Removed validateImageRequest from the middleware index.
* Improved error handling and validation checks in validateImageRequest.js, including handling of OpenID tokens, URL length, and malformed URLs.
* Updated tests in validateImages.spec.js to cover new validation scenarios and edge cases.
This commit is contained in:
Danny Avila 2025-09-05 03:12:17 -04:00 committed by GitHub
parent e705b09280
commit cd73cb0b3e
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
9 changed files with 401 additions and 152 deletions
Download patch file Download diff file Expand all files Collapse all files

3
packages/api/src/auth/openid.ts
View file

@ -17,9 +17,6 @@ export async function findOpenIDUser({
strategyName?: string;
}): Promise<{ user: IUser | null; error: string | null; migration: boolean }> {
let user = await findUser({ openidId });
logger.info(`[${strategyName}] user ${user ? 'found' : 'not found'} with openidId: ${openidId}`);
// If user not found by openidId, try to find by email
if (!user && email) {
user = await findUser({ email });
logger.warn(