* 📝 chore: Add comment to clarify purpose of check_updates.sh script
* feat: mcp package
* feat: add librechat-mcp package and update dependencies
* feat: refactor MCPConnectionSingleton to handle transport initialization and connection management
* feat: change private methods to public in MCPConnectionSingleton for improved accessibility
* feat: filesystem demo
* chore: everything demo and move everything under mcp workspace
* chore: move ts-node to mcp workspace
* feat: mcp examples
* feat: working sse MCP example
* refactor: rename MCPConnectionSingleton to MCPConnection for clarity
* refactor: replace MCPConnectionSingleton with MCPConnection for consistency
* refactor: manager/connections
* refactor: update MCPConnection to use type definitions from mcp types
* refactor: update MCPManager to use winston logger and enhance server initialization
* refactor: share logger between connections and manager
* refactor: add schema definitions and update MCPManager to accept logger parameter
* feat: map available MCP tools
* feat: load manifest tools
* feat: add MCP tools delimiter constant and update plugin key generation
* feat: call MCP tools
* feat: update librechat-data-provider version to 0.7.63 and enhance StdioOptionsSchema with additional properties
* refactor: simplify typing
* chore: update types/packages
* feat: MCP Tool Content parsing
* chore: update dependencies and improve package configurations
* feat: add 'mcp' directory to package and update configurations
* refactor: return CONTENT_AND_ARTIFACT format for MCP callTool
* chore: bump @librechat/agents
* WIP: MCP artifacts
* chore: bump @librechat/agents to v1.8.7
* fix: ensure filename has extension when saving base64 image
* fix: move base64 buffer conversion before filename extension check
* chore: update backend review workflow to install MCP package
* fix: use correct `mime` method
* fix: enhance file metadata with message and tool call IDs in image saving process
* fix: refactor ToolCall component to handle MCP tool calls and improve domain extraction
* fix: update ToolItem component for default isInstalled value and improve localization in ToolSelectDialog
* fix: update ToolItem component to use consistent text color for tool description
* style: add theming to ToolSelectDialog
* fix: improve domain extraction logic in ToolCall component
* refactor: conversation item theming, fix rename UI bug, optimize props, add missing types
* feat: enhance MCP options schema with base options (iconPath to start) and make transport type optional, infer based on other option fields
* fix: improve reconnection logic with parallel init and exponential backoff and enhance transport debug logging
* refactor: improve logging format
* refactor: improve logging of available tools by displaying tool names
* refactor: improve reconnection/connection logic
* feat: add MCP package build process to Dockerfile
* feat: add fallback icon for tools without an image in ToolItem component
* feat: Assistants Support for MCP Tools
* fix(build): configure rollup to use output.dir for dynamic imports
* chore: update @librechat/agents to version 1.8.8 and add @langchain/anthropic dependency
* fix: update CONFIG_VERSION to 1.2.0
* feat: Add banner schema and model
* feat: Add optional JwtAuth
To handle the conditional logic with and without authentication within the model.
* feat: Add an endpoint to retrieve a banner
* feat: Add implementation for client to use banner and access API
* feat: Display a banner on UI
* feat: Script for updating and deleting banners
* style: Update banner style
* fix: Adjust the height when the banner is displayed
* fix: failed specs
* ✨ v0.7.5-rc2
* docs: update README
* refactor(settings): Update rememberForkOption default value
* a11y: proper screen reader announcements for content blocks
* Update version to 0.7.423 in package-lock.json and packages/data-provider/package.json
* chore: rename rememberForkOption -> rememberDefaultFork to apply new default value
* fix: headlessui menu stealing focus from Settings Dialog when pressing Enter
* Added UI for Terms and Conditions Modal Dialogue
* Handled the logout on not accepting
* Added logic for terms acceptance
* Add terms and conditions modal
* Fixed bug on terms and conditions modal, clicking out of it won't close it now
* Added acceptance of Terms to Database
* Removed unnecessary api endpoints from index.js
* Added NPM script to reset terms acceptance
* Added translations, markdown terms and samples
* Merged terms and conditions modal feature
* feat/Modal Terms and Conditions Dialog
* Amendments as requested by maintainers
* Reset package-lock (again)
* feat: basic invite-user script
* feat: add invite user functionality and registration validation middleware
* fix: invite user fixes
* refactor: consolidate direct model access to a central place of functions
* style(Registration): add spinner to continue button
* refactor: import ordrer
* feat: improve invite user script and error handling
* fix: merge conflict
* refactor: remove `console.log` and use `logger`
* fix: token operation and checkinvite issues
* bring back comment and remove console log
* fix: return invalid token when token is not found
* fix: getInvite fix
* refactor: Update Token.js to use async/await syntax for update and delete operations
* feat: Refactor Token.js to use async/await syntax for createToken and findToken functions
* refactor(inviteUser): define functions outside of module.exports
* Update AuthService.js
---------
Co-authored-by: Danny Avila <danny@librechat.ai>
* chore: playwright setup update
* refactor: update ChatRoute component with accessible loading spinner with live region
* chore(Message): typing
* ci: first pass, a11y testing
* refactor: update lang attribute in index.html to "en-US"
* ci: jsx-a11y dev eslint plugin
* ci: jsx plugin
* fix: Exclude 'vite.config.ts' from TypeScript compilation for testing
* fix(a11y): Remove tabIndex from non-interactive element in MessagesView component
* fix(a11y):
- Visible, non-interactive elements with click handlers must have at least one keyboard listener.eslintjsx-a11y/click-events-have-key-events
- Avoid non-native interactive elements. If using native HTML is not possible, add an appropriate role and support for tabbing, mouse, keyboard, and touch inputs to an interactive content element.eslintjsx-a11y/no-static-element-interactions
chore: remove unused bookmarks panel
- fix some "Unexpected nullable boolean value in conditional" warnings
* fix(NewChat): a11y, nested button issue, add aria-label, remove implicit role
* fix(a11y):
- partially address #3515 with `main` landmark
other:
- eslint@typescript-eslint/strict-boolean-expressions
* chore(MenuButton): Use button element instead of div for accessibility
* chore: Update TitleButton to use button element for accessibility
* chore: Update TitleButton to use button element for accessibility
* refactor(ChatMenuItem): Improve focus accessibility and code readability
* chore(MenuButton): Update aria-label to dynamically include primaryText
* fix(a11y): SearchBar
- If a form control does not have a properly associated text label, the function or purpose of that form control may not be presented to screen reader users. Visible form labels also provide visible descriptions and larger clickable targets for form controls which placeholders do not.
* chore: remove duplicate SearchBar twcss
* fix(a11y):
- The edit and copy buttons that are visually hidden are exposed to Assistive technology and are announced to screen reader users.
* fix(a11y): visible focus outline
* fix(a11y): The button to select the LLM Model has the aria-haspopup and aria- expanded attributes which makes its role ambuguous and unclear. It functions like a combobox but doesn't fully support that interaction and also fucntions like a dialog but doesn't completely support that interaction either.
* fix(a11y): fix visible focus outline
* fix(a11y): Scroll to bottom button missing accessible name #3474
* fix(a11y): The page lacks any heading structure. There should be at least one H1 and other headings to help users understand the orgainzation of the page and the contents.
Note: h1 won't be correct here so made it h2
* fix(a11y): LLM controls aria-labels
* fix(a11y): There is no visible focus outline to the 'send message' button
* fix(a11y): fix visible focus outline for Fork button
* refactor(MessageRender): add focus ring to message cards, consolidate complex conditions, add logger for setting latest message, add tabindex for card
* fix: focus border color and fix set latest message card condition
* fix(a11y): Adequate contrast for MessageAudio buttton
* feat: Add GitHub Actions workflow for accessibility linting
* chore: Update GitHub Actions workflow for accessibility linting to include client/src/** path
* fix(Nav): navmask and accessibility
* fix: Update Nav component to handle potential undefined type in SearchContext
* fix(a11y): add focus visibility to attach files button #3475
* fix(a11y): discernible text for NewChat button
* fix(a11y): accessible landmark names, all page content in landmarks, ensures landmarks are unique #3514#3515
* fix(Prompts): update isChatRoute prop to be required in List component
* fix(a11y): buttons must have discernible text
* v0.7.2
* chore: uninstall hnswlib-node
* bump package provider
* bump librechat-data-provider in lockfile
* README: ross index
* chore: center star history
* Basic implementation of ChatGPT conversation import
* remove debug code
* Handle citations
* Fix updatedAt in import
* update default model
* Use job scheduler to handle import requests
* import job status endpoint
* Add wrapper around Agenda
* Rate limits for import endpoint
* rename import api path
* Batch save import to mongo
* Improve naming
* Add documenting comments
* Test for importers
* Change button for importing conversations
* Frontend changes
* Import job status endpoint
* Import endpoint response
* Add translations to new phrases
* Fix conversations refreshing
* cleanup unused functions
* set timeout for import job status polling
* Add documentation
* get extra spaces back
* Improve error message
* Fix translation files after merge
* fix translation files 2
* Add zh translation for import functionality
* Sync mailisearch index after import
* chore: add dummy uri for jest tests, as MONGO_URI should only be real for E2E tests
* docs: fix links
* docs: fix conversationsImport section
* fix: user role issue for librechat imports
* refactor: import conversations from json
- organize imports
- add additional jsdocs
- use multer with diskStorage to avoid loading file into memory outside of job
- use filepath instead of loading data string for imports
- replace console logs and some logger.info() with logger.debug
- only use multer for import route
* fix: undefined metadata edge case and replace ChatGtp -> ChatGpt
* Refactor importChatGptConvo function to handle undefined metadata edge case and replace ChatGtp with ChatGpt
* fix: chatgpt importer
* feat: maintain tree relationship for librechat messages
* chore: use enum
* refactor: saveMessage to use single object arg, replace console logs, add userId to log message
* chore: additional comment
* chore: multer edge case
* feat: first pass, maintain tree relationship
* chore: organize
* chore: remove log
* ci: add heirarchy test for chatgpt
* ci: test maintaining of heirarchy for librechat
* wip: allow non-text content type messages
* refactor: import content part object json string
* refactor: more content types to format
* chore: consolidate messageText formatting
* docs: update on changes, bump data-provider/config versions, update readme
* refactor(indexSync): singleton pattern for MeiliSearchClient
* refactor: debug log after batch is done
* chore: add back indexSync error handling
---------
Co-authored-by: jakubmieszczak <jakub.mieszczak@zendesk.com>
Co-authored-by: Danny Avila <danny@librechat.ai>
* chore: bump data-provider
* feat: script to check recent dependency updates
* fix: override vite/rollup version for vite build fix
- also remove unused vite-plugin-html
- add vite build to file output command
* chore: bump rollup override to last known working version (v4.16.0 is breaking)
* chore(vite): increase file size cache for workbox
* fix: resolve openai to last known version using assistants v1 latest features and default header
* chore: update openrouter examples
* fix(bun): fix bun compatibility to allow gzip header: https://github.com/oven-sh/bun/issues/267#issuecomment-1854460357
* chore: update custom config examples
* fix(OpenAIClient.chatCompletion): remove redundant call of stream.controller.abort() as `break` aborts the request and prevents abort errors when not called redundantly
* chore: bump bun.lockb
* fix: remove result-thinking class when message is no longer streaming
* fix(bun): improve Bun support by forcing use of old method in bun env, also update old methods with new customizable params
* fix(ci): pass tests
* feat: send the LibreChat user ID as a query param when fetching the list of models
* chore: update bun
* chore: change bun command for building data-provider
* refactor: prefer use of `getCustomConfig` to access custom config, also move to `server/services/Config`
* refactor: make endpoints/custom option for the config optional, add userIdQuery, and use modelQueries log store in ModelService
* refactor(ModelService): use env variables at runtime, use default models from data-provider, and add tests
* docs: add `userIdQuery`
* fix(ci): import changed
* Style: Infinite Scroll and Group convos by date
* Style: Infinite Scroll and Group convos by date- Redesign NavBar
* Style: Infinite Scroll and Group convos by date- Redesign NavBar - Clean code
* Style: Infinite Scroll and Group convos by date- Redesign NavBar - Redesign NewChat Component
* Style: Infinite Scroll and Group convos by date- Redesign NavBar - Redesign NewChat Component
* Style: Infinite Scroll and Group convos by date- Redesign NavBar - Redesign NewChat Component
* Including OpenRouter and Mistral icon
* refactor(Conversations): cleanup use of utility functions and typing
* refactor(Nav/NewChat): use localStorage `lastConversationSetup` to determine the endpoint to use, as well as icons -> JSX components, remove use of `endpointSelected`
* refactor: remove use of `isFirstToday`
* refactor(Nav): remove use of `endpointSelected`, consolidate scrolling logic to its own hook `useNavScrolling`, remove use of recoil `conversation`
* refactor: Add spinner to bottom of list, throttle fetching, move query hooks to client workspace
* chore: sort by `updatedAt` field
* refactor: optimize conversation infinite query, use optimistic updates, add conversation helpers for managing pagination, remove unnecessary operations
* feat: gen_title route for generating the title for the conversation
* style(Convo): change hover bg-color
* refactor: memoize groupedConversations and return as array of tuples, correctly update convos pre/post message stream, only call genTitle if conversation is new, make `addConversation` dynamically either add/update depending if convo exists in pages already, reorganize type definitions
* style: rename Header NewChat Button -> HeaderNewChat, add NewChatIcon, closely match main Nav New Chat button to ChatGPT
* style(NewChat): add hover bg color
* style: cleanup comments, match ChatGPT nav styling, redesign search bar, make part of new chat sticky header, move Nav under same parent as outlet/mobilenav, remove legacy code, search only if searchQuery is not empty
* feat: add tests for conversation helpers and ensure no duplicate conversations are ever grouped
* style: hover bg-color
* feat: alt-click on convo item to open conversation in new tab
* chore: send error message when `gen_title` fails
---------
Co-authored-by: Walber Cardoso <walbercardoso@gmail.com>
* Refactoring opening of DB to config/helpers.js
* Adding two user scripts:
- 'delete-user' to remove a user definitely
- 'list-balances' to show the balances of all the users
* chore: add back BrowserOp
* chore: make CI env and not DEV env generate refresh tokens every time
* chore: make 'CI' env var captilization uniform across the app
* chore: change NODE_ENV for playwright to
* refactor: use keyv for search caching with 1 min expirations
* feat: keyvRedis; chore: bump keyv, bun.lockb, add jsconfig for vscode file resolution
* feat: api/search redis support
* refactor(redis) use ioredis cluster for keyv
fix(OpenID): when redis is configured, use redis memory store for express-session
* fix: revert using uri for keyvredis
* fix(SearchBar): properly debounce search queries, fix weird render behaviors
* refactor: add authentication to search endpoint and show error messages in results
* feat: redis support for violation logs
* fix(logViolation): ensure a number is always being stored in cache
* feat(concurrentLimiter): uses clearPendingReq, clears pendingReq on abort, redis support
* fix(api/search/enable): query only when authenticated
* feat(ModelService): redis support
* feat(checkBan): redis support
* refactor(api/search): consolidate keyv logic
* fix(ci): add default empty value for REDIS_URI
* refactor(keyvRedis): use condition to initialize keyvRedis assignment
* refactor(connectDb): handle disconnected state (should create a new conn)
* fix(ci/e2e): handle case where cleanUp did not successfully run
* fix(getDefaultEndpoint): return endpoint from localStorage if defined and endpointsConfig is default
* ci(e2e): remove afterAll messages as startup/cleanUp will clear messages
* ci(e2e): remove teardown for CI until further notice
* chore: bump playwright/test
* ci(e2e): reinstate teardown as CI issue is specific to github env
* fix(ci): click settings menu trigger by testid
* refactor(Chains/llms): allow passing callbacks
* refactor(BaseClient): accurately count completion tokens as generation only
* refactor(OpenAIClient): remove unused getTokenCountForResponse, pass streaming var and callbacks in initializeLLM
* wip: summary prompt tokens
* refactor(summarizeMessages): new cut-off strategy that generates a better summary by adding context from beginning, truncating the middle, and providing the end
wip: draft out relevant providers and variables for token tracing
* refactor(createLLM): make streaming prop false by default
* chore: remove use of getTokenCountForResponse
* refactor(agents): use BufferMemory as ConversationSummaryBufferMemory token usage not easy to trace
* chore: remove passing of streaming prop, also console log useful vars for tracing
* feat: formatFromLangChain helper function to count tokens for ChatModelStart
* refactor(initializeLLM): add role for LLM tracing
* chore(formatFromLangChain): update JSDoc
* feat(formatMessages): formats langChain messages into OpenAI payload format
* chore: install openai-chat-tokens
* refactor(formatMessage): optimize conditional langChain logic
fix(formatFromLangChain): fix destructuring
* feat: accurate prompt tokens for ChatModelStart before generation
* refactor(handleChatModelStart): move to callbacks dir, use factory function
* refactor(initializeLLM): rename 'role' to 'context'
* feat(Balance/Transaction): new schema/models for tracking token spend
refactor(Key): factor out model export to separate file
* refactor(initializeClient): add req,res objects to client options
* feat: add-balance script to add to an existing users' token balance
refactor(Transaction): use multiplier map/function, return balance update
* refactor(Tx): update enum for tokenType, return 1 for multiplier if no map match
* refactor(Tx): add fair fallback value multiplier incase the config result is undefined
* refactor(Balance): rename 'tokens' to 'tokenCredits'
* feat: balance check, add tx.js for new tx-related methods and tests
* chore(summaryPrompts): update prompt token count
* refactor(callbacks): pass req, res
wip: check balance
* refactor(Tx): make convoId a String type, fix(calculateTokenValue)
* refactor(BaseClient): add conversationId as client prop when assigned
* feat(RunManager): track LLM runs with manager, track token spend from LLM,
refactor(OpenAIClient): use RunManager to create callbacks, pass user prop to langchain api calls
* feat(spendTokens): helper to spend prompt/completion tokens
* feat(checkBalance): add helper to check, log, deny request if balance doesn't have enough funds
refactor(Balance): static check method to return object instead of boolean now
wip(OpenAIClient): implement use of checkBalance
* refactor(initializeLLM): add token buffer to assure summary isn't generated when subsequent payload is too large
refactor(OpenAIClient): add checkBalance
refactor(createStartHandler): add checkBalance
* chore: remove prompt and completion token logging from route handler
* chore(spendTokens): add JSDoc
* feat(logTokenCost): record transactions for basic api calls
* chore(ask/edit): invoke getResponseSender only once per API call
* refactor(ask/edit): pass promptTokens to getIds and include in abort data
* refactor(getIds -> getReqData): rename function
* refactor(Tx): increase value if incomplete message
* feat: record tokenUsage when message is aborted
* refactor: subtract tokens when payload includes function_call
* refactor: add namespace for token_balance
* fix(spendTokens): only execute if corresponding token type amounts are defined
* refactor(checkBalance): throws Error if not enough token credits
* refactor(runTitleChain): pass and use signal, spread object props in create helpers, and use 'call' instead of 'run'
* fix(abortMiddleware): circular dependency, and default to empty string for completionTokens
* fix: properly cancel title requests when there isn't enough tokens to generate
* feat(predictNewSummary): custom chain for summaries to allow signal passing
refactor(summaryBuffer): use new custom chain
* feat(RunManager): add getRunByConversationId method, refactor: remove run and throw llm error on handleLLMError
* refactor(createStartHandler): if summary, add error details to runs
* fix(OpenAIClient): support aborting from summarization & showing error to user
refactor(summarizeMessages): remove unnecessary operations counting summaryPromptTokens and note for alternative, pass signal to summaryBuffer
* refactor(logTokenCost -> recordTokenUsage): rename
* refactor(checkBalance): include promptTokens in errorMessage
* refactor(checkBalance/spendTokens): move to models dir
* fix(createLanguageChain): correctly pass config
* refactor(initializeLLM/title): add tokenBuffer of 150 for balance check
* refactor(openAPIPlugin): pass signal and memory, filter functions by the one being called
* refactor(createStartHandler): add error to run if context is plugins as well
* refactor(RunManager/handleLLMError): throw error immediately if plugins, don't remove run
* refactor(PluginsClient): pass memory and signal to tools, cleanup error handling logic
* chore: use absolute equality for addTitle condition
* refactor(checkBalance): move checkBalance to execute after userMessage and tokenCounts are saved, also make conditional
* style: icon changes to match official
* fix(BaseClient): getTokenCountForResponse -> getTokenCount
* fix(formatLangChainMessages): add kwargs as fallback prop from lc_kwargs, update JSDoc
* refactor(Tx.create): does not update balance if CHECK_BALANCE is not enabled
* fix(e2e/cleanUp): cleanup new collections, import all model methods from index
* fix(config/add-balance): add uncaughtException listener
* fix: circular dependency
* refactor(initializeLLM/checkBalance): append new generations to errorMessage if cost exceeds balance
* fix(handleResponseMessage): only record token usage in this method if not error and completion is not skipped
* fix(createStartHandler): correct condition for generations
* chore: bump postcss due to moderate severity vulnerability
* chore: bump zod due to low severity vulnerability
* chore: bump openai & data-provider version
* feat(types): OpenAI Message types
* chore: update bun lockfile
* refactor(CodeBlock): add error block formatting
* refactor(utils/Plugin): factor out formatJSON and cn to separate files (json.ts and cn.ts), add extractJSON
* chore(logViolation): delete user_id after error is logged
* refactor(getMessageError -> Error): change to React.FC, add token_balance handling, use extractJSON to determine JSON instead of regex
* fix(DALL-E): use latest openai SDK
* chore: reorganize imports, fix type issue
* feat(server): add balance route
* fix(api/models): add auth
* feat(data-provider): /api/balance query
* feat: show balance if checking is enabled, refetch on final message or error
* chore: update docs, .env.example with token_usage info, add balance script command
* fix(Balance): fallback to empty obj for balance query
* style: slight adjustment of balance element
* docs(token_usage): add PR notes
* chore(ChatGPTClient.js): add support for OpenRouter API
chore(OpenAIClient.js): add support for OpenRouter API
* chore: comment out token debugging
* chore: add back streamResult assignment
* chore: remove double condition/assignment from merging
* refactor(routes/endpoints): -> controller/services logic
* feat: add openrouter model fetching
* chore: remove unused endpointsConfig in cleanupPreset function
* refactor: separate models concern from endpointsConfig
* refactor(data-provider): add TModels type and make TEndpointsConfig adaptible to new endpoint keys
* refactor: complete models endpoint service in data-provider
* refactor: onMutate for refreshToken and login, invalidate models query
* feat: complete models endpoint logic for frontend
* chore: remove requireJwtAuth from /api/endpoints and /api/models as not implemented yet
* fix: endpoint will not be overwritten and instead use active value
* feat: openrouter support for plugins
* chore(EndpointOptionsDialog): remove unused recoil value
* refactor(schemas/parseConvo): add handling of secondaryModels to use first of defined secondary models, which includes last selected one as first, or default to the convo's secondary model value
* refactor: remove hooks from store and move to hooks
refactor(switchToConversation): make switchToConversation use latest recoil state, which is necessary to get the most up-to-date models list, replace wrapper function
refactor(getDefaultConversation): factor out logic into 3 pieces to reduce complexity.
* fix: backend tests
* feat: optimistic update by calling newConvo when models are fetched
* feat: openrouter support for titling convos
* feat: cache models fetch
* chore: add missing dep to AuthContext useEffect
* chore: fix useTimeout types
* chore: delete old getDefaultConvo file
* chore: remove newConvo logic from Root, remove console log from api models caching
* chore: ensure bun is used for building in b:client script
* fix: default endpoint will not default to null on a completely fresh login (no localStorage/cookies)
* chore: add openrouter docs to free_ai_apis.md and .env.example
* chore: remove openrouter console logs
* feat: add debugging env variable for Plugins
* chore: cleanup client depend 🧹
* chore: replace joi with zod and remove unused user validator
* chore: move dep from root to api, cleanup other unused api deps
* chore: remove unused dev dep
* chore: update bun lockfile
* fix: bun scripts
* chore: add bun flag to update script
* chore: remove legacy webpack + babel dev deps
* chore: add back dev deps needed for frontend unit testing
* fix(validators): make schemas as expected and more robust with a full test suite of edge cases
* chore: remove axios from root package, remove path from api, update bun
* refactor: require Auth middleware in route index files
* feat: concurrent message limiter
* feat: complete concurrent message limiter with caching
* refactor: SSE response methods separated from handleText
* fix(abortMiddleware): fix req and res order to standard, use endpointOption in req.body
* chore: minor name changes
* refactor: add isUUID condition to saveMessage
* fix(concurrentLimiter): logic correctly handles the max number of concurrent messages and res closing/finalization
* chore: bump keyv and remove console.log from Message
* fix(concurrentLimiter): ensure messages are only saved in later message children
* refactor(concurrentLimiter): use KeyvFile instead, could make other stores configurable in the future
* feat: add denyRequest function for error responses
* feat(utils): add isStringTruthy function
Introduce the isStringTruthy function to the utilities module to check if a string value is a case-insensitive match for 'true'
* feat: add optional message rate limiters by IP and userId
* feat: add optional message rate limiters by IP and userId to edit route
* refactor: rename isStringTruthy to isTrue for brevity
* refactor(getError): use map to make code cleaner
* refactor: use memory for concurrent rate limiter to prevent clearing on startup/exit, add multiple log files, fix error message for concurrent violation
* feat: check if errorMessage is object, stringify if so
* chore: send object to denyRequest which will stringify it
* feat: log excessive requests
* fix(getError): correctly pluralize messages
* refactor(limiters): make type consistent between logs and errorMessage
* refactor(cache): move files out of lib/db into separate cache dir
>> feat: add getLogStores function so Keyv instance is not redundantly created on every violation
feat: separate violation logging to own function with logViolation
* fix: cache/index.js export, properly record userViolations
* refactor(messageLimiters): use new logging method, add logging to registrations
* refactor(logViolation): make userLogs an array of logs per user
* feat: add logging to login limiter
* refactor: pass req as first param to logViolation and record offending IP
* refactor: rename isTrue helper fn to isEnabled
* feat: add simple non_browser check and log violation
* fix: open handles in unit tests, remove KeyvMongo as not used and properly mock global fetch
* chore: adjust nodemon ignore paths to properly ignore logs
* feat: add math helper function for safe use of eval
* refactor(api/convos): use middleware at top of file to avoid redundancy
* feat: add delete all static method for Sessions
* fix: redirect to login on refresh if user is not found, or the session is not found but hasn't expired (ban case)
* refactor(getLogStores): adjust return type
* feat: add ban violation and check ban logic
refactor(logViolation): pass both req and res objects
* feat: add removePorts helper function
* refactor: rename getError to getMessageError and add getLoginError for displaying different login errors
* fix(AuthContext): fix type issue and remove unused code
* refactor(bans): ban by ip and user id, send response based on origin
* chore: add frontend ban messages
* refactor(routes/oauth): add ban check to handler, also consolidate logic to avoid redundancy
* feat: add ban check to AI messaging routes
* feat: add ban check to login/registration
* fix(ci/api): mock KeyvMongo to avoid tests hanging
* docs: update .env.example
> refactor(banViolation): calculate interval rate crossover, early return if duration is invalid
ci(banViolation): add tests to ensure users are only banned when expected
* docs: improve wording for mod system
* feat: add configurable env variables for violation scores
* chore: add jsdoc for uaParser.js
* chore: improve ban text log
* chore: update bun test scripts
* refactor(math.js): add fallback values
* fix(KeyvMongo/banLogs): refactor keyv instances to top of files to avoid memory leaks, refactor ban logic to use getLogStores instead
refactor(getLogStores): get a single log store by type
* fix(ci): refactor tests due to banLogs changes, also make sure to clear and revoke sessions even if ban duration is 0
* fix(banViolation.js): getLogStores import
* feat: handle 500 code error at login
* fix(middleware): handle case where user.id is _id and not just id
* ci: add ban secrets for backend unit tests
* refactor: logout user upon ban
* chore: log session delete message only if deletedCount > 0
* refactor: change default ban duration (2h) and make logic more clear in JSDOC
* fix: login and registration limiters will now return rate limiting error
* fix: userId not parsable as non ObjectId string
* feat: add useTimeout hook to properly clear timeouts when invoking functions within them
refactor(AuthContext): cleanup code by using new hook and defining types in ~/common
* fix: login error message for rate limits
* docs: add info for automated mod system and rate limiters, update other docs accordingly
* chore: bump data-provider version
* feat(api): refresh token logic
* feat(client): refresh token logic
* feat(data-provider): refresh token logic
* fix: SSE uses esm
* chore: add default refresh token expiry to AuthService, add message about env var not set when generating a token
* chore: update scripts to more compatible bun methods, ran bun install again
* chore: update env.example and playwright workflow with JWT_REFRESH_SECRET
* chore: update breaking changes docs
* chore: add timeout to url visit
* chore: add default SESSION_EXPIRY in generateToken logic, add act script for testing github actions
* fix(e2e): refresh automatically in development environment to pass e2e tests
* chore: add 'api' image to tag release workflow
* docs: update DO deployment docs to include instruction about latest stable release, as well as security best practices
* Release v0.5.8
* docs: Update digitalocean.md with firewall section images
* docs: make_your_own.md formatting fix for mkdocs
