📧 feat: email verification (#2344)

* feat: verification email * chore: email verification invalid; localize: update * fix: redirect to login when signup: fix: save emailVerified correctly * docs: update ALLOW_UNVERIFIED_EMAIL_LOGIN; fix: don't accept login only when ALLOW_UNVERIFIED_EMAIL_LOGIN = true * fix: user needs to be authenticated * style: update * fix: registration success message and redirect logic * refactor: use `isEnabled` in ALLOW_UNVERIFIED_EMAIL_LOGIN * refactor: move checkEmailConfig to server/utils * refactor: use req as param for verifyEmail function * chore: jsdoc * chore: remove console log * refactor: rename `createNewUser` to `createSocialUser` * refactor: update typing and add expiresAt field to userSchema * refactor: begin use of user methods over direct model access for User * refactor: initial email verification rewrite * chore: typing * refactor: registration flow rewrite * chore: remove help center text * refactor: update getUser to getUserById and add findUser methods. general fixes from recent changes * refactor: Update updateUser method to remove expiresAt field and use $set and $unset operations, createUser now returns Id only * refactor: Update openidStrategy to use optional chaining for avatar check, move saveBuffer init to buffer condition * refactor: logout on deleteUser mutatation * refactor: Update openidStrategy login success message format * refactor: Add emailVerified field to Discord and Facebook profile details * refactor: move limiters to separate middleware dir * refactor: Add limiters for email verification and password reset * refactor: Remove getUserController and update routes and controllers accordingly * refactor: Update getUserById method to exclude password and version fields * refactor: move verification to user route, add resend verification option * refactor: Improve email verification process and resend option * refactor: remove more direct model access of User and remove unused code * refactor: replace user authentication methods and token generation * fix: add user.id to jwt user * refactor: Update AuthContext to include setError function, add resend link to Login Form, make registration redirect shorter * fix(updateUserPluginsService): ensure userPlugins variable is defined * refactor: Delete all shared links for a specific user * fix: remove use of direct User.save() in handleExistingUser * fix(importLibreChatConvo): handle missing createdAt field in messages --------- Co-authored-by: Danny Avila <danny@librechat.ai>
2025-12-24 04:10:15 +01:00 · 2024-06-07 21:06:47 +02:00 · 2024-06-07 21:06:47 +02:00 · ee673d682e
commit ee673d682e
parent b7fef6958b
67 changed files with 1863 additions and 1117 deletions
--- a/api/models/schema/fileSchema.js
+++ b/api/models/schema/fileSchema.js
@ -3,9 +3,9 @@ const mongoose = require('mongoose');

 /**
 * @typedef {Object} MongoFile
- * @property {mongoose.Schema.Types.ObjectId} [_id] - MongoDB Document ID
+ * @property {ObjectId} [_id] - MongoDB Document ID
 * @property {number} [__v] - MongoDB Version Key
- * @property {mongoose.Schema.Types.ObjectId} user - User ID
+ * @property {ObjectId} user - User ID
 * @property {string} [conversationId] - Optional conversation ID
 * @property {string} file_id - File identifier
 * @property {string} [temp_file_id] - Temporary File identifier
@ -14,17 +14,19 @@ const mongoose = require('mongoose');
 * @property {string} filepath - Location of the file
 * @property {'file'} object - Type of object, always 'file'
 * @property {string} type - Type of file
- * @property {number} usage - Number of uses of the file
+ * @property {number} [usage=0] - Number of uses of the file
 * @property {string} [context] - Context of the file origin
- * @property {boolean} [embedded] - Whether or not the file is embedded in vector db
+ * @property {boolean} [embedded=false] - Whether or not the file is embedded in vector db
 * @property {string} [model] - The model to identify the group region of the file (for Azure OpenAI hosting)
- * @property {string} [source] - The source of the file
+ * @property {string} [source] - The source of the file (e.g., from FileSources)
 * @property {number} [width] - Optional width of the file
 * @property {number} [height] - Optional height of the file
- * @property {Date} [expiresAt] - Optional height of the file
+ * @property {Date} [expiresAt] - Optional expiration date of the file
 * @property {Date} [createdAt] - Date when the file was created
 * @property {Date} [updatedAt] - Date when the file was updated
 */
+
+/** @type {MongooseSchema<MongoFile>} */
 const fileSchema = mongoose.Schema(
  {
    user: {
@ -91,7 +93,7 @@ const fileSchema = mongoose.Schema(
    height: Number,
    expiresAt: {
      type: Date,
-      expires: 3600,
+      expires: 3600, // 1 hour in seconds
    },
  },
  {
--- a/api/models/schema/tokenSchema.js
+++ b/api/models/schema/tokenSchema.js
@ -7,6 +7,9 @@ const tokenSchema = new Schema({
    required: true,
    ref: 'user',
  },
+  email: {
+    type: String,
+  },
  token: {
    type: String,
    required: true,
--- a/api/models/schema/userSchema.js
+++ b/api/models/schema/userSchema.js
@ -1,5 +1,35 @@
 const mongoose = require('mongoose');

+/**
+ * @typedef {Object} MongoSession
+ * @property {string} [refreshToken] - The refresh token
+ */
+
+/**
+ * @typedef {Object} MongoUser
+ * @property {ObjectId} [_id] - MongoDB Document ID
+ * @property {string} [name] - The user's name
+ * @property {string} [username] - The user's username, in lowercase
+ * @property {string} email - The user's email address
+ * @property {boolean} emailVerified - Whether the user's email is verified
+ * @property {string} [password] - The user's password, trimmed with 8-128 characters
+ * @property {string} [avatar] - The URL of the user's avatar
+ * @property {string} provider - The provider of the user's account (e.g., 'local', 'google')
+ * @property {string} [role='USER'] - The role of the user
+ * @property {string} [googleId] - Optional Google ID for the user
+ * @property {string} [facebookId] - Optional Facebook ID for the user
+ * @property {string} [openidId] - Optional OpenID ID for the user
+ * @property {string} [ldapId] - Optional LDAP ID for the user
+ * @property {string} [githubId] - Optional GitHub ID for the user
+ * @property {string} [discordId] - Optional Discord ID for the user
+ * @property {Array} [plugins=[]] - List of plugins used by the user
+ * @property {Array.<MongoSession>} [refreshToken] - List of sessions with refresh tokens
+ * @property {Date} [expiresAt] - Optional expiration date of the file
+ * @property {Date} [createdAt] - Date when the user was created (added by timestamps)
+ * @property {Date} [updatedAt] - Date when the user was last updated (added by timestamps)
+ */
+
+/** @type {MongooseSchema<MongoSession>} */
 const Session = mongoose.Schema({
  refreshToken: {
    type: String,
@ -7,6 +37,7 @@ const Session = mongoose.Schema({
  },
 });

+/** @type {MongooseSchema<MongoUser>} */
 const userSchema = mongoose.Schema(
  {
    name: {
@ -86,6 +117,10 @@ const userSchema = mongoose.Schema(
    refreshToken: {
      type: [Session],
    },
+    expiresAt: {
+      type: Date,
+      expires: 604800, // 7 days in seconds
+    },
  },
  { timestamps: true },
 );