📧 feat: email verification (#2344)

* feat: verification email * chore: email verification invalid; localize: update * fix: redirect to login when signup: fix: save emailVerified correctly * docs: update ALLOW_UNVERIFIED_EMAIL_LOGIN; fix: don't accept login only when ALLOW_UNVERIFIED_EMAIL_LOGIN = true * fix: user needs to be authenticated * style: update * fix: registration success message and redirect logic * refactor: use `isEnabled` in ALLOW_UNVERIFIED_EMAIL_LOGIN * refactor: move checkEmailConfig to server/utils * refactor: use req as param for verifyEmail function * chore: jsdoc * chore: remove console log * refactor: rename `createNewUser` to `createSocialUser` * refactor: update typing and add expiresAt field to userSchema * refactor: begin use of user methods over direct model access for User * refactor: initial email verification rewrite * chore: typing * refactor: registration flow rewrite * chore: remove help center text * refactor: update getUser to getUserById and add findUser methods. general fixes from recent changes * refactor: Update updateUser method to remove expiresAt field and use $set and $unset operations, createUser now returns Id only * refactor: Update openidStrategy to use optional chaining for avatar check, move saveBuffer init to buffer condition * refactor: logout on deleteUser mutatation * refactor: Update openidStrategy login success message format * refactor: Add emailVerified field to Discord and Facebook profile details * refactor: move limiters to separate middleware dir * refactor: Add limiters for email verification and password reset * refactor: Remove getUserController and update routes and controllers accordingly * refactor: Update getUserById method to exclude password and version fields * refactor: move verification to user route, add resend verification option * refactor: Improve email verification process and resend option * refactor: remove more direct model access of User and remove unused code * refactor: replace user authentication methods and token generation * fix: add user.id to jwt user * refactor: Update AuthContext to include setError function, add resend link to Login Form, make registration redirect shorter * fix(updateUserPluginsService): ensure userPlugins variable is defined * refactor: Delete all shared links for a specific user * fix: remove use of direct User.save() in handleExistingUser * fix(importLibreChatConvo): handle missing createdAt field in messages --------- Co-authored-by: Danny Avila <danny@librechat.ai>
2025-12-17 08:50:15 +01:00 · 2024-06-07 21:06:47 +02:00 · 2024-06-07 21:06:47 +02:00 · ee673d682e
commit ee673d682e
parent b7fef6958b
67 changed files with 1863 additions and 1117 deletions
--- a/api/server/middleware/limiters/uploadLimiters.js
+++ b/api/server/middleware/limiters/uploadLimiters.js
@ -0,0 +1,75 @@
+const rateLimit = require('express-rate-limit');
+const { ViolationTypes } = require('librechat-data-provider');
+const logViolation = require('~/cache/logViolation');
+
+const getEnvironmentVariables = () => {
+  const FILE_UPLOAD_IP_MAX = parseInt(process.env.FILE_UPLOAD_IP_MAX) || 100;
+  const FILE_UPLOAD_IP_WINDOW = parseInt(process.env.FILE_UPLOAD_IP_WINDOW) || 15;
+  const FILE_UPLOAD_USER_MAX = parseInt(process.env.FILE_UPLOAD_USER_MAX) || 50;
+  const FILE_UPLOAD_USER_WINDOW = parseInt(process.env.FILE_UPLOAD_USER_WINDOW) || 15;
+
+  const fileUploadIpWindowMs = FILE_UPLOAD_IP_WINDOW * 60 * 1000;
+  const fileUploadIpMax = FILE_UPLOAD_IP_MAX;
+  const fileUploadIpWindowInMinutes = fileUploadIpWindowMs / 60000;
+
+  const fileUploadUserWindowMs = FILE_UPLOAD_USER_WINDOW * 60 * 1000;
+  const fileUploadUserMax = FILE_UPLOAD_USER_MAX;
+  const fileUploadUserWindowInMinutes = fileUploadUserWindowMs / 60000;
+
+  return {
+    fileUploadIpWindowMs,
+    fileUploadIpMax,
+    fileUploadIpWindowInMinutes,
+    fileUploadUserWindowMs,
+    fileUploadUserMax,
+    fileUploadUserWindowInMinutes,
+  };
+};
+
+const createFileUploadHandler = (ip = true) => {
+  const {
+    fileUploadIpMax,
+    fileUploadIpWindowInMinutes,
+    fileUploadUserMax,
+    fileUploadUserWindowInMinutes,
+  } = getEnvironmentVariables();
+
+  return async (req, res) => {
+    const type = ViolationTypes.FILE_UPLOAD_LIMIT;
+    const errorMessage = {
+      type,
+      max: ip ? fileUploadIpMax : fileUploadUserMax,
+      limiter: ip ? 'ip' : 'user',
+      windowInMinutes: ip ? fileUploadIpWindowInMinutes : fileUploadUserWindowInMinutes,
+    };
+
+    await logViolation(req, res, type, errorMessage);
+    res.status(429).json({ message: 'Too many file upload requests. Try again later' });
+  };
+};
+
+const createFileLimiters = () => {
+  const { fileUploadIpWindowMs, fileUploadIpMax, fileUploadUserWindowMs, fileUploadUserMax } =
+    getEnvironmentVariables();
+
+  const fileUploadIpLimiter = rateLimit({
+    windowMs: fileUploadIpWindowMs,
+    max: fileUploadIpMax,
+    handler: createFileUploadHandler(),
+  });
+
+  const fileUploadUserLimiter = rateLimit({
+    windowMs: fileUploadUserWindowMs,
+    max: fileUploadUserMax,
+    handler: createFileUploadHandler(false),
+    keyGenerator: function (req) {
+      return req.user?.id; // Use the user ID or NULL if not available
+    },
+  });
+
+  return { fileUploadIpLimiter, fileUploadUserLimiter };
+};
+
+module.exports = {
+  createFileLimiters,
+};