Related to #3084
Implements URL encoding for email addresses in verification links and decodes them upon verification.
- **Encode email addresses** in `sendVerificationEmail` and `resendVerificationEmail` functions using `encodeURIComponent` to ensure special characters like `+` are correctly handled in the verification link.
- **Decode email addresses** in the `verifyEmail` function using `decodeURIComponent` to accurately retrieve and validate the email address from the verification link against the database.
---
For more details, open the [Copilot Workspace session](https://copilot-workspace.githubnext.com/danny-avila/LibreChat/issues/3084?shareId=9c32df30-4156-4082-a3eb-fff54eaba5b3).
* Google tag manager integration
* change location of react-gtm-module package
* refactor: move react-gtm-module usage from Chat/Footer to useAppStartup hook
---------
Co-authored-by: Danny Avila <danny@librechat.ai>
* feat: Add index to conversationId field in messageSchema
* refactor: prevent immediate event close on error
* refactor: use undici instead of node-fetch in non-Bun environment
* feat: added "Save draft locally" to Message settings
* feat: add hook to save chat input as draft every second
* fix: use filepath if the file does not have a preview prop
* fix: not to delete temporary files when navigating to a new chat
* chore: translations
* chore: import order
* chore: import order
---------
Co-authored-by: Danny Avila <danacordially@gmail.com>
Co-authored-by: Danny Avila <danny@librechat.ai>
* fix: user.id assignment in jwtStrategy.js
* refactor(sendEmail): pass params as object, await email sending to propogate errors and restrict registration flow
* fix(Conversations): handle missing updatedAt field
* refactor: use `processDeleteRequest` when deleting user account for user file deletion
* refactor: delete orphaned files when deleting user account
* fix: remove unnecessary 404 status code in server/index.js
* feat: verification email
* chore: email verification invalid; localize: update
* fix: redirect to login when signup: fix: save emailVerified correctly
* docs: update ALLOW_UNVERIFIED_EMAIL_LOGIN; fix: don't accept login only when ALLOW_UNVERIFIED_EMAIL_LOGIN = true
* fix: user needs to be authenticated
* style: update
* fix: registration success message and redirect logic
* refactor: use `isEnabled` in ALLOW_UNVERIFIED_EMAIL_LOGIN
* refactor: move checkEmailConfig to server/utils
* refactor: use req as param for verifyEmail function
* chore: jsdoc
* chore: remove console log
* refactor: rename `createNewUser` to `createSocialUser`
* refactor: update typing and add expiresAt field to userSchema
* refactor: begin use of user methods over direct model access for User
* refactor: initial email verification rewrite
* chore: typing
* refactor: registration flow rewrite
* chore: remove help center text
* refactor: update getUser to getUserById and add findUser methods. general fixes from recent changes
* refactor: Update updateUser method to remove expiresAt field and use $set and $unset operations, createUser now returns Id only
* refactor: Update openidStrategy to use optional chaining for avatar check, move saveBuffer init to buffer condition
* refactor: logout on deleteUser mutatation
* refactor: Update openidStrategy login success message format
* refactor: Add emailVerified field to Discord and Facebook profile details
* refactor: move limiters to separate middleware dir
* refactor: Add limiters for email verification and password reset
* refactor: Remove getUserController and update routes and controllers accordingly
* refactor: Update getUserById method to exclude password and version fields
* refactor: move verification to user route, add resend verification option
* refactor: Improve email verification process and resend option
* refactor: remove more direct model access of User and remove unused code
* refactor: replace user authentication methods and token generation
* fix: add user.id to jwt user
* refactor: Update AuthContext to include setError function, add resend link to Login Form, make registration redirect shorter
* fix(updateUserPluginsService): ensure userPlugins variable is defined
* refactor: Delete all shared links for a specific user
* fix: remove use of direct User.save() in handleExistingUser
* fix(importLibreChatConvo): handle missing createdAt field in messages
---------
Co-authored-by: Danny Avila <danny@librechat.ai>
* refactor: checking `ALLOW_SOCIAL_REGISTRATION` with `isEnabled`
* feat: Add findUserByEmail function to UserService
This commit adds a new function, , to the module. This function retrieves a user document from the database based on the provided email. It returns the user document if found, otherwise it returns null. If there is a problem during user retrieval, an error is thrown.
* refactor: add socialLogin to remove repetitive code
* feat: password reset disable option; fix: account email leak
* fix(LoginSpec): typo
* test: fixed LoginForm test
* fix: disable password reset when undefined
* refactor: use a helper function
* fix: tests
* feat: Remove unused error message in password reset process
* chore: Update password reset email message
* refactor: only allow password reset if explicitly allowed
* feat: Add password reset email service configuration check
The code changes in `checks.js` add a new function `checkPasswordReset()` that checks if the email service is configured when password reset is enabled. If the email service is not configured, a warning message is logged. This change ensures secure password reset functionality by prompting the user to configure the email service.
Co-authored-by: Berry-13 <root@Berry>
Co-authored-by: Danny Avila <messagedaniel@protonmail.com>
Co-authored-by: Danny Avila <danny@librechat.ai>
* chore: remove import order rules
* refactor: simplify password reset logic and align against Observable Response Discrepancy
* chore: make password reset warning more prominent
* chore(AuthService): better logging for password resets, refactor requestPasswordReset to use req object, fix sendEmail error when email config is not present
* refactor: fix styling of password reset email message
* chore: add missing type for passwordResetEnabled, TStartupConfig
* fix(LoginForm): prevent login form flickering
* fix(ci): Update login form to use mocked startupConfig for rendering correctly
* refactor: Improve password reset UI, applies DRY
* chore: Add logging to password reset validation middleware
* chore(CONTRIBUTING): Update import order conventions
---------
Co-authored-by: Danny Avila <danny@librechat.ai>
Co-authored-by: Berry-13 <root@Berry>
Co-authored-by: Danny Avila <messagedaniel@protonmail.com>
* initial commit
* fix: UserController bugs; fix: lint errors
* fix: delete files
* language support
* style(DeleteAccount): update to the latest style
* style: fix after merge main
* chore: Add canDeleteAccount middleware for user deletion endpoint
* chore: renamed to ALLOW_ACCOUNT_DELETION
* fix(canDeleteAccount): use uppercase admin role
* chore: imports order
* chore: Enable account deletion by default if omitted/commented out
* chore: Add logging for user account deletion
* chore: Bump data-provider package version to 0.6.6
* chore: Import Transaction model in UserController
* chore: Update CONFIG_VERSION to 1.1.4
* chore: Update user account deletion logging
* chore: Refactor user account deletion logic
---------
Co-authored-by: Berry-13 <root@Berry>
Co-authored-by: Danny Avila <messagedaniel@protonmail.com>
Co-authored-by: Danny Avila <danny@librechat.ai>
The useMentions hook in the client/src/hooks/Input/useMentions.ts file has been updated to handle cases where the assistant lists for the endpoints 'assistants' and 'azureAssistants' are empty. This change ensures that the hook does not throw an error when attempting to access assistantListMap[EModelEndpoint.assistants] or assistantListMap[EModelEndpoint.azureAssistants]. Instead, it defaults to an empty array for these cases.
* Added necessary "ports" section for it to work by default
* Added (commented out) example GCP Vertex volume mount for auth config and for ENV variable.
* refactor(EditPresetDialog): dynamically update current editable preset model on endpoint change
* feat: Add null check for models in EditPresetDialog
* chore(AlertDialogPortal): typing
* fix(EditPresetDialog): prevent Unknown endpoint edge case for custom endpoints
* fix: remove double initialization of speech routes
* refactor(useMessageHelpers): more consistent latestMessage updates based on unique textKey and early returns when setting
* feat: TTS/STT rate limiters
* chore: remove console log
* fix: make modular chat true by default
* refactor(ToolService): streamline logging and tool error handling, also ensure generated outputs always have `output` field
* refactor(useSSE): error message for server connection issue
* refactor: add back capture group of sensitive information.js
* hotfix: cohere chinese character unicode issue, return aggregated reply
* chore: remove unused code
* refactor: Update NewChatButtonIcon component to use JSX syntax
The NewChatButtonIcon component in the Nav folder has been updated to use JSX syntax instead of calling the Icon function directly. This change improves code readability and maintainability.
* remove use memo
* refactor: allow passing `select` to messages db query
* fix: initial fix for non-recursive messages
* ci: first pass, importers test rewrite
* fix(groupConversationsByDate): handle edge case of conversation.updatedAt being null
* fix: correctly handle non-recursive uploads
* feat: imports non-recursive conversations with branches correctly
* feat: support retaining original options on import
* refactor: Allow `messageTree` field for Import of non-recursive conversations
* 🚑 fix: re-fetch messages when exporting
* Revert "🚑 fix: re-fetch messages when exporting"
This reverts commit 693b86e955.
* 🚑 fix: use the same logic to get export data as useChatHelper
* refactor(useExportConversation): use query cache to build messages tree on request
* chore: organize imports
---------
Co-authored-by: Danny Avila <danny@librechat.ai>
* chore: use node-fetch for OpenAIClient fetch key for non-crashing usage of AbortController in Bun runtime
* chore: variable order
* fix(useSSE): prevent finalHandler call in abortConversation to update messages/conversation after user navigated away
* chore: params order
* refactor: organize intermediate message logic and ensure correct variables are passed
* fix: Add stt and tts routes before upload limiters, prevent bans
* fix(abortRun): temp fix to delete unfinished messages to avoid message thread parent relationship issues
* refactor: Update AnthropicClient to use node-fetch for fetch key and add proxy support
* fix(gptPlugins): ensure parentMessageId/messageId relationship is maintained
* feat(BaseClient): custom fetch function to analyze/edit payloads just before sending (also prevents abortController crash on Bun runtime)
* feat: `directEndpoint` and `titleMessageRole` custom endpoint options
* chore: Bump version to 0.6.6 in data-provider package.json
* 🔧 fix: prevent unnecessary re-rendering of components using useLocalize hook
The useLocalize hook now uses useCallback to create a memoized version of the localize function. This will prevent unnecessary recalculations when the language value changes.
* 🚑 fix: not reset the bodyText if it has a value set.
* ♻️ refactor: Login form improvement
* display error message when API is down
* add loading animation to Login form while fetching data
* optimize startupConfig to fetch data only on initial render to prevent unnecessary API calls
* 🚑 fix: clear authentication error messages on successful login
* ♻️ refactor: componentize duplicate codes on registration and login screens
* chore: update types
* refactor: layout rendering order
* refactor: startup title fix
* refactor: reset/request-reset-password under new AuthLayout
* ci: fix Login.spec.ts
* ci: fix registration.spec.tsx
---------
Co-authored-by: Danny Avila <danny@librechat.ai>
