📧 feat: email verification (#2344)

* feat: verification email * chore: email verification invalid; localize: update * fix: redirect to login when signup: fix: save emailVerified correctly * docs: update ALLOW_UNVERIFIED_EMAIL_LOGIN; fix: don't accept login only when ALLOW_UNVERIFIED_EMAIL_LOGIN = true * fix: user needs to be authenticated * style: update * fix: registration success message and redirect logic * refactor: use `isEnabled` in ALLOW_UNVERIFIED_EMAIL_LOGIN * refactor: move checkEmailConfig to server/utils * refactor: use req as param for verifyEmail function * chore: jsdoc * chore: remove console log * refactor: rename `createNewUser` to `createSocialUser` * refactor: update typing and add expiresAt field to userSchema * refactor: begin use of user methods over direct model access for User * refactor: initial email verification rewrite * chore: typing * refactor: registration flow rewrite * chore: remove help center text * refactor: update getUser to getUserById and add findUser methods. general fixes from recent changes * refactor: Update updateUser method to remove expiresAt field and use $set and $unset operations, createUser now returns Id only * refactor: Update openidStrategy to use optional chaining for avatar check, move saveBuffer init to buffer condition * refactor: logout on deleteUser mutatation * refactor: Update openidStrategy login success message format * refactor: Add emailVerified field to Discord and Facebook profile details * refactor: move limiters to separate middleware dir * refactor: Add limiters for email verification and password reset * refactor: Remove getUserController and update routes and controllers accordingly * refactor: Update getUserById method to exclude password and version fields * refactor: move verification to user route, add resend verification option * refactor: Improve email verification process and resend option * refactor: remove more direct model access of User and remove unused code * refactor: replace user authentication methods and token generation * fix: add user.id to jwt user * refactor: Update AuthContext to include setError function, add resend link to Login Form, make registration redirect shorter * fix(updateUserPluginsService): ensure userPlugins variable is defined * refactor: Delete all shared links for a specific user * fix: remove use of direct User.save() in handleExistingUser * fix(importLibreChatConvo): handle missing createdAt field in messages --------- Co-authored-by: Danny Avila <danny@librechat.ai>
2025-12-17 00:40:14 +01:00 · 2024-06-07 21:06:47 +02:00 · 2024-06-07 21:06:47 +02:00 · ee673d682e
commit ee673d682e
parent b7fef6958b
67 changed files with 1863 additions and 1117 deletions
--- a/api/server/middleware/limiters/importLimiters.js
+++ b/api/server/middleware/limiters/importLimiters.js
@ -0,0 +1,69 @@
+const rateLimit = require('express-rate-limit');
+const { ViolationTypes } = require('librechat-data-provider');
+const logViolation = require('~/cache/logViolation');
+
+const getEnvironmentVariables = () => {
+  const IMPORT_IP_MAX = parseInt(process.env.IMPORT_IP_MAX) || 100;
+  const IMPORT_IP_WINDOW = parseInt(process.env.IMPORT_IP_WINDOW) || 15;
+  const IMPORT_USER_MAX = parseInt(process.env.IMPORT_USER_MAX) || 50;
+  const IMPORT_USER_WINDOW = parseInt(process.env.IMPORT_USER_WINDOW) || 15;
+
+  const importIpWindowMs = IMPORT_IP_WINDOW * 60 * 1000;
+  const importIpMax = IMPORT_IP_MAX;
+  const importIpWindowInMinutes = importIpWindowMs / 60000;
+
+  const importUserWindowMs = IMPORT_USER_WINDOW * 60 * 1000;
+  const importUserMax = IMPORT_USER_MAX;
+  const importUserWindowInMinutes = importUserWindowMs / 60000;
+
+  return {
+    importIpWindowMs,
+    importIpMax,
+    importIpWindowInMinutes,
+    importUserWindowMs,
+    importUserMax,
+    importUserWindowInMinutes,
+  };
+};
+
+const createImportHandler = (ip = true) => {
+  const { importIpMax, importIpWindowInMinutes, importUserMax, importUserWindowInMinutes } =
+    getEnvironmentVariables();
+
+  return async (req, res) => {
+    const type = ViolationTypes.FILE_UPLOAD_LIMIT;
+    const errorMessage = {
+      type,
+      max: ip ? importIpMax : importUserMax,
+      limiter: ip ? 'ip' : 'user',
+      windowInMinutes: ip ? importIpWindowInMinutes : importUserWindowInMinutes,
+    };
+
+    await logViolation(req, res, type, errorMessage);
+    res.status(429).json({ message: 'Too many conversation import requests. Try again later' });
+  };
+};
+
+const createImportLimiters = () => {
+  const { importIpWindowMs, importIpMax, importUserWindowMs, importUserMax } =
+    getEnvironmentVariables();
+
+  const importIpLimiter = rateLimit({
+    windowMs: importIpWindowMs,
+    max: importIpMax,
+    handler: createImportHandler(),
+  });
+
+  const importUserLimiter = rateLimit({
+    windowMs: importUserWindowMs,
+    max: importUserMax,
+    handler: createImportHandler(false),
+    keyGenerator: function (req) {
+      return req.user?.id; // Use the user ID or NULL if not available
+    },
+  });
+
+  return { importIpLimiter, importUserLimiter };
+};
+
+module.exports = { createImportLimiters };