* refactor: Add existingUsersOnly support to social and SAML auth callbacks
- Add `existingUsersOnly` option to the `socialLogin` handler factory to
reject unknown users instead of creating new accounts
- Refactor SAML strategy callback into `createSamlCallback(existingUsersOnly)`
factory function, mirroring the OpenID `createOpenIDCallback` pattern
- Extract shared SAML config into `getBaseSamlConfig()` helper
- Register `samlAdmin` passport strategy with `existingUsersOnly: true` and
admin-specific callback URL, called automatically from `setupSaml()`
* feat: Register admin OAuth strategy variants for all social providers
- Add admin strategy exports to Google, GitHub, Discord, Facebook, and
Apple strategy files with admin callback URLs and existingUsersOnly
- Extract provider configs into reusable helpers to avoid duplication
between regular and admin strategy constructors
- Re-export all admin strategy factories from strategies/index.js
- Register admin passport strategies (googleAdmin, githubAdmin, etc.)
alongside regular ones in socialLogins.js when env vars are present
* feat: Add admin auth routes for SAML and social OAuth providers
- Add initiation and callback routes for SAML, Google, GitHub, Discord,
Facebook, and Apple to the admin auth router
- Each provider follows the exchange code + PKCE pattern established by
OpenID admin auth: store PKCE challenge on initiation, retrieve on
callback, generate exchange code for the admin panel
- SAML and Apple use POST callbacks with state extracted from
req.body.RelayState and req.body.state respectively
- Extract storePkceChallenge(), retrievePkceChallenge(), and
generateState() helpers; refactor existing OpenID routes to use them
- All callback chains enforce requireAdminAccess, setBalanceConfig,
checkDomainAllowed, and the shared createOAuthHandler
- No changes needed to the generic POST /oauth/exchange endpoint
* fix: Update SAML strategy test to handle dual strategy registration
setupSaml() now registers both 'saml' and 'samlAdmin' strategies,
causing the SamlStrategy mock to be called twice. The verifyCallback
variable was getting overwritten with the admin callback (which has
existingUsersOnly: true), making all new-user tests fail.
Fix: capture only the first callback per setupSaml() call and reset
between tests.
* fix: Address review findings for admin OAuth strategy changes
- Fix existingUsersOnly rejection in socialLogin.js to use
cb(null, false, { message }) instead of cb(error), ensuring
passport's failureRedirect fires correctly for admin flows
- Consolidate duplicate require() calls in strategies/index.js by
destructuring admin exports from the already-imported default export
- Pass pre-parsed baseConfig to setupSamlAdmin() to avoid redundant
certificate file I/O at startup
- Extract getGoogleConfig() helper in googleStrategy.js for consistency
with all other provider strategy files
- Replace randomState() (openid-client) with generateState() (crypto)
in the OpenID admin route for consistency with all other providers,
and remove the now-unused openid-client import
* Reorder import statements in auth.js
* implemented Apple Auth login.
Closes: #3438
TODO:
- write config Doc
* removed some comments
* removed comment
* Add unit tests for Apple login strategy
Introduce comprehensive tests for the Apple login strategy, covering new user creation, existing user updates, and error handling scenarios during the authentication flow. Mocks implemented for external dependencies to ensure isolated testing.
* Remove unnecessary blank line in socialLogins.js
* refactor: checking `ALLOW_SOCIAL_REGISTRATION` with `isEnabled`
* feat: Add findUserByEmail function to UserService
This commit adds a new function, , to the module. This function retrieves a user document from the database based on the provided email. It returns the user document if found, otherwise it returns null. If there is a problem during user retrieval, an error is thrown.
* refactor: add socialLogin to remove repetitive code
* chore: fix `endpoint` typescript issues and typo in console info message
* feat(api): files GET endpoint and save only file_id references to messages
* refactor(client): `useGetFiles` query hook, update file types, optimistic update of filesQuery on file upload
* refactor(buildTree): update to use params object and accept fileMap
* feat: map files to messages; refactor(ChatView): messages only available after files are fetched
* fix: fetch files only when authenticated
* feat(api): AppService
- rename app.locals.configs to app.locals.paths
- load custom config use fileStrategy from yaml config in app.locals
* refactor: separate Firebase and Local strategies, call based on config
* refactor: modularize file strategies and employ with use of DALL-E
* refactor(librechat.yaml): add fileStrategy field
* feat: add source to MongoFile schema, as well as BatchFile, and ExtendedFile types
* feat: employ file strategies for upload/delete files
* refactor(deleteFirebaseFile): add user id validation for firebase file deletion
* chore(deleteFirebaseFile): update jsdocs
* feat: employ strategies for vision requests
* fix(client): handle messages with deleted files
* fix(client): ensure `filesToDelete` always saves/sends `file.source`
* feat(openAI): configurable `resendImages` and `imageDetail`
* refactor(getTokenCountForMessage): recursive process only when array of Objects and only their values (not keys) aside from `image_url` types
* feat(OpenAIClient): calculateImageTokenCost
* chore: remove comment
* refactor(uploadAvatar): employ fileStrategy for avatars, from social logins or user upload
* docs: update docs on how to configure fileStrategy
* fix(ci): mock winston and winston related modules, update DALLE3.spec.js with changes made
* refactor(redis): change terminal message to reflect current development state
* fix(DALL-E-2): pass fileStrategy to dall-e
* localization + api-endpoint
* docs: added firebase documentation
* chore: icons
* chore: SettingsTabs
* feat: account pannel; fix: gear icons
* docs: position update
* feat: firebase
* feat: plugin support
* route
* fixed bugs with firebase and moved a lot of files
* chore(DALLE3): using UUID v4
* feat: support for social strategies; moved '/images' path
* fix: data ignored
* gitignore update
* docs: update firebase guide
* refactor: Firebase
- use singleton pattern for firebase initialization, initially on server start
- reorganize imports, move firebase specific files to own service under Files
- rename modules to remove 'avatar' redundancy
- fix imports based on changes
* ci(DALLE/DALLE3): fix tests to use logger and new expected outputs, add firebase tests
* refactor(loadToolWithAuth): pass userId to tool as field
* feat(images/parse): feat: Add URL Image Basename Extraction
Implement a new module to extract the basename of an image from a given URL. This addition includes the function, which parses the URL and retrieves the basename using the Node.js 'url' and 'path' modules. The function is documented with JSDoc comments for better maintainability and understanding. This feature enhances the application's ability to handle and process image URLs efficiently.
* refactor(addImages): function to use a more specific regular expression for observedImagePath based on the generated image markdown standard across the app
* refactor(DALLE/DALLE3): utilize `getImageBasename` and `this.userId`; fix: pass correct image path to firebase url helper
* fix(addImages): make more general to match any image markdown descriptor
* fix(parse/getImageBasename): test result of this function for an actual image basename
* ci(DALLE3): mock getImageBasename
* refactor(AuthContext): use Recoil atom state for user
* feat: useUploadAvatarMutation, react-query hook for avatar upload
* fix(Toast): stack z-order of Toast over all components (1000)
* refactor(showToast): add optional status field to avoid importing NotificationSeverity on each use of the function
* refactor(routes/avatar): remove unnecessary get route, get userId from req.user.id, require auth on POST request
* chore(uploadAvatar): TODO: remove direct use of Model, `User`
* fix(client): fix Spinner imports
* refactor(Avatar): use react-query hook, Toast, remove unnecessary states, add optimistic UI to upload
* fix(avatar/localStrategy): correctly save local profile picture and cache bust for immediate rendering; fix: firebase init info message (only show once)
* fix: use `includes` instead of `endsWith` for checking manual query of avatar image path in case more queries are appended (as is done in avatar/localStrategy)
---------
Co-authored-by: Danny Avila <messagedaniel@protonmail.com>
* WIP: initial logging changes
add several transports in ~/config/winston
omit messages in logs, truncate long strings
add short blurb in dotenv for debug logging
GoogleClient: using logger
OpenAIClient: using logger, handleOpenAIErrors
Adding typedef for payload message
bumped winston and using winston-daily-rotate-file
moved config for server paths to ~/config dir
Added `DEBUG_LOGGING=true` to .env.example
* WIP: Refactor logging statements in code
* WIP: Refactor logging statements and import configurations
* WIP: Refactor logging statements and import configurations
* refactor: broadcast Redis initialization message with `info` not `debug`
* refactor: complete Refactor logging statements and import configurations
* chore: delete unused tools
* fix: circular dependencies due to accessing logger
* refactor(handleText): handle booleans and write tests
* refactor: redact sensitive values, better formatting
* chore: improve log formatting, avoid passing strings to 2nd arg
* fix(ci): fix jest tests due to logger changes
* refactor(getAvailablePluginsController): cache plugins as they are static and avoids async addOpenAPISpecs call every time
* chore: update docs
* chore: update docs
* chore: create separate meiliSync logger, clean up logs to avoid being unnecessarily verbose
* chore: spread objects where they are commonly logged to allow string truncation
* chore: improve error log formatting
* Add files via upload
* Create linode-setup.md
* Create cloudflare-setup.md
* Update cloudflare-setup.md
* Delete 4-linode.png
* Delete 3-linode.png
* Add files via upload
* Add files via upload
* Update cloudflare-setup.md
* Update linode-setup.md
* Rename cloudflare-setup.md to cloudflare.md
* Rename linode-setup.md to linode.md
* Update mkdocs.yml
* Update cloudflare.md
* Update linode.md
* Update README.md
* Update README.md
* Update linode.md
sentence in Italian
* v1
The frontend has been completed, along with the .env variables.
However, there is an issue of infinite loading thereafter.
* Fix email and remove deprecated GitHub passport
* Update user_auth_system.md
add How to Set Up a Github Authentication
* Update .env.example
Improved the comment above the GitHub client ID and secret.
* Update user_auth_system.md
* Update package.json
* Remove unnecessary passport GitHub package
* fixed conflicts
fixed conflicts between Berry-13:main and danny-avila:main
in api/server/index.js 45:54
* Delete e -i HEAD~2
* (WIP) Discord Login
* Fix duplicate githubLoginEnabled
* .env.example restore
* Update user_auth_system.md
Discord Login
* Fix and new Feature
1. Added Discord login to .env.example.
2. Created Google, Github, and Discord icons in client\src\components\svg.
3. Added the social login option in the .env file; it fixes the ---or---. Check Discord for more information.
* fix Login.tsx and Registration.tsx
* Update user_auth_system.md
* Update .env.example
* Added OpenID Icon
* quick discord icon fix
* discord strategy fix
* remove comment
* Add files via upload
* Create linode-setup.md
* Create cloudflare-setup.md
* Update cloudflare-setup.md
* Delete 4-linode.png
* Delete 3-linode.png
* Add files via upload
* Add files via upload
* Update cloudflare-setup.md
* Update linode-setup.md
* Rename cloudflare-setup.md to cloudflare.md
* Rename linode-setup.md to linode.md
* Update mkdocs.yml
* Update cloudflare.md
* Update linode.md
* Update README.md
* Update README.md
* Update linode.md
sentence in Italian
* v1
The frontend has been completed, along with the .env variables.
However, there is an issue of infinite loading thereafter.
* Fix email and remove deprecated GitHub passport
* Update user_auth_system.md
add How to Set Up a Github Authentication
* Update .env.example
Improved the comment above the GitHub client ID and secret.
* Update user_auth_system.md
* Update package.json
* Remove unnecessary passport GitHub package
* fixed conflicts
fixed conflicts between Berry-13:main and danny-avila:main
in api/server/index.js 45:54
* Delete e -i HEAD~2
