mirror of
https://github.com/danny-avila/LibreChat.git
synced 2025-09-22 08:12:00 +02:00
bf80cf30b3
* feat: integrate OpenID Connect support with token reuse
- Added `jwks-rsa` and `new-openid-client` dependencies for OpenID Connect functionality.
- Implemented OpenID token refresh logic in `AuthController`.
- Enhanced `LogoutController` to handle OpenID logout and session termination.
- Updated JWT authentication middleware to support OpenID token provider.
- Modified OAuth routes to accommodate OpenID authentication and token management.
- Created `setOpenIDAuthTokens` function to manage OpenID tokens in cookies.
- Upgraded OpenID strategy with user info fetching and token exchange protocol.
- Introduced `openIdJwtLogin` strategy for handling OpenID JWT tokens.
- Added caching mechanism for exchanged OpenID tokens.
- Updated configuration to include OpenID exchanged tokens cache key.
- updated .env.example to include the new env variables needed for the feature.
* fix: update return type in downloadImage documentation for clarity and fixed openIdJwtLogin env variables
* fix: update Jest configuration and tests for OpenID strategy integration
* fix: update OpenID strategy to include callback URL in setup
* fix: fix optionalJwtAuth middleware to support OpenID token reuse and improve currentUrl method in CustomOpenIDStrategy to override the dynamic host issue related to proxy (e.g. cloudfront)
* fix: fixed code formatting
* Fix: Add mocks for openid-client and passport strategy in Jest configuration to fix unit tests
* fix eslint errors: Format mock file openid-client.
* ✨ feat: Add PKCE support for OpenID and default handling in strategy setup
---------
Co-authored-by: Atef Bellaaj <slalom.bellaaj@external.daimlertruck.com>
Co-authored-by: Ruben Talstra <RubenTalstra1211@outlook.com>
23 lines
962 B
JavaScript
23 lines
962 B
JavaScript
const passport = require('passport');
|
|
const cookies = require('cookie');
|
|
const { isEnabled } = require('~/server/utils');
|
|
|
|
/**
|
|
* Custom Middleware to handle JWT authentication, with support for OpenID token reuse
|
|
* Switches between JWT and OpenID authentication based on cookies and environment settings
|
|
*/
|
|
const requireJwtAuth = (req, res, next) => {
|
|
// Check if token provider is specified in cookies
|
|
const cookieHeader = req.headers.cookie;
|
|
const tokenProvider = cookieHeader ? cookies.parse(cookieHeader).token_provider : null;
|
|
|
|
// Use OpenID authentication if token provider is OpenID and OPENID_REUSE_TOKENS is enabled
|
|
if (tokenProvider === 'openid' && isEnabled(process.env.OPENID_REUSE_TOKENS)) {
|
|
return passport.authenticate('openidJwt', { session: false })(req, res, next);
|
|
}
|
|
|
|
// Default to standard JWT authentication
|
|
return passport.authenticate('jwt', { session: false })(req, res, next);
|
|
};
|
|
|
|
module.exports = requireJwtAuth;
|