refactor: updated the code basted on suggestion.

2026-01-28 21:26:13 +01:00 · 2025-02-12 13:07:13 +01:00 · 2025-02-12 13:07:13 +01:00 · f1e031a9f5
commit f1e031a9f5
parent 244b9f94dc
4 changed files with 88 additions and 70 deletions
--- a/api/package.json
+++ b/api/package.json
@ -46,6 +46,7 @@
    "@langchain/google-vertexai": "^0.1.8",
    "@langchain/textsplitters": "^0.1.0",
    "@librechat/agents": "^2.0.4",
+    "@microsoft/microsoft-graph-client": "^3.0.7",
    "@waylaidwanderer/fetch-event-source": "^3.0.1",
    "axios": "1.7.8",
    "bcryptjs": "^2.4.3",
@ -86,8 +87,8 @@
    "ollama": "^0.5.0",
    "openai": "^4.47.1",
    "openai-chat-tokens": "^0.2.8",
-    "openid-client": "^5.4.2",
-    "passport": "^0.6.0",
+    "openid-client": "^6.1.7",
+    "passport": "^0.7.0",
    "passport-apple": "^2.0.2",
    "passport-discord": "^0.1.4",
    "passport-facebook": "^3.0.0",
--- a/api/strategies/OpenId/openidDataMapper.js
+++ b/api/strategies/OpenId/openidDataMapper.js
@ -141,7 +141,6 @@ class MicrosoftDataMapper extends BaseDataMapper {
 * Map provider names to their specific data mappers.
 */
 const PROVIDER_MAPPERS = {
-  // Fully Working
  microsoft: MicrosoftDataMapper,
 };

--- a/api/strategies/openidStrategy.js
+++ b/api/strategies/openidStrategy.js
@ -177,7 +177,11 @@ async function setupOpenId() {
    const requiredRole = process.env.OPENID_REQUIRED_ROLE;
    const requiredRoleParameterPath = process.env.OPENID_REQUIRED_ROLE_PARAMETER_PATH;
    const requiredRoleTokenKind = process.env.OPENID_REQUIRED_ROLE_TOKEN_KIND;
-    const adminRole = process.env.OPENID_ADMIN_ROLE;
+    const adminRolesEnv = process.env.OPENID_ADMIN_ROLE;
+    const adminRoles = adminRolesEnv
+      ? adminRolesEnv.split(',').map(role => role.trim())
+      : [];
+
    const openidLogin = new OpenIDStrategy(
      {
        client,
@ -256,7 +260,7 @@ async function setupOpenId() {
          const token = requiredRoleTokenKind === 'access' ? tokenset.access_token : tokenset.id_token;
          const decodedToken = safeDecode(token);
          const tokenBasedRoles = extractRolesFromToken(decodedToken, requiredRoleParameterPath);
-          const isAdmin = tokenBasedRoles.includes(adminRole);
+          const isAdmin = tokenBasedRoles.some(role => adminRoles.includes(role));
          const assignedRole = isAdmin ? SystemRoles.ADMIN : SystemRoles.USER;
          logger.debug(`[openidStrategy] Assigned system role: ${assignedRole} (isAdmin: ${isAdmin})`);