mirror of
https://github.com/danny-avila/LibreChat.git
synced 2026-01-30 14:25:19 +01:00
ee44c6344d
* 🔒 feat: Sanitize Placeholders in User-provider MCP Server Config Headers
* Implemented sanitization for dangerous credential placeholders in headers to prevent credential exfiltration when MCP servers are shared.
* Added tests to verify that dangerous placeholders are stripped from headers during both add and update operations, while safe placeholders are preserved.
* Refactored ServerConfigsDB to include a new sanitizeCredentialPlaceholders function for header processing.
* ci: tests for preserving credential placeholders in YAML configs
* Introduced new tests to ensure that LIBRECHAT_OPENID and LIBRECHAT_USER placeholders are preserved in admin configuration headers when added to the cache.
* Validated that the expected placeholders remain intact during retrieval, enhancing the integrity of configuration management.
|
||
|---|---|---|
| .. | ||
| __tests__ | ||
| oauth | ||
| registry | ||
| types | ||
| auth.ts | ||
| connection.ts | ||
| ConnectionsRepository.ts | ||
| enum.ts | ||
| errors.ts | ||
| mcpConfig.ts | ||
| MCPConnectionFactory.ts | ||
| MCPManager.ts | ||
| parsers.ts | ||
| UserConnectionManager.ts | ||
| utils.ts | ||
| zod.ts | ||