Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2026-01-20 09:16:13 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
LibreChat/api/server/socialLogins.js
Danny Avila 277fbd10cb
🔒 fix: Session Expiry Management for OpenID/SAML (#11407) 
- Added session cookie options for OpenID and SAML configurations, including maxAge and secure attributes based on the environment.
    - Introduced DEFAULT_SESSION_EXPIRY from data-schemas for better session handling.
2026-01-19 12:01:43 -05:00

111 lines
3.2 KiB
JavaScript
Raw Blame History

const passport = require('passport');
const session = require('express-session');
const { isEnabled } = require('@librechat/api');
const { CacheKeys } = require('librechat-data-provider');
const { logger, DEFAULT_SESSION_EXPIRY } = require('@librechat/data-schemas');
const {
openIdJwtLogin,
facebookLogin,
discordLogin,
setupOpenId,
googleLogin,
githubLogin,
appleLogin,
setupSaml,
} = require('~/strategies');
const { getLogStores } = require('~/cache');
/**
* Configures OpenID Connect for the application.
* @param {Express.Application} app - The Express application instance.
* @returns {Promise<void>}
*/
async function configureOpenId(app) {
logger.info('Configuring OpenID Connect...');
const isProduction = process.env.NODE_ENV === 'production';
const sessionExpiry = Number(process.env.SESSION_EXPIRY) || DEFAULT_SESSION_EXPIRY;
const sessionOptions = {
secret: process.env.OPENID_SESSION_SECRET,
resave: false,
saveUninitialized: false,
store: getLogStores(CacheKeys.OPENID_SESSION),
cookie: {
maxAge: sessionExpiry,
secure: isProduction,
},
};
app.use(session(sessionOptions));
app.use(passport.session());
const config = await setupOpenId();
if (!config) {
logger.error('OpenID Connect configuration failed - strategy not registered.');
return;
}
if (isEnabled(process.env.OPENID_REUSE_TOKENS)) {
logger.info('OpenID token reuse is enabled.');
passport.use('openidJwt', openIdJwtLogin(config));
}
logger.info('OpenID Connect configured successfully.');
}
/**
*
* @param {Express.Application} app
*/
const configureSocialLogins = async (app) => {
logger.info('Configuring social logins...');
if (process.env.GOOGLE_CLIENT_ID && process.env.GOOGLE_CLIENT_SECRET) {
passport.use(googleLogin());
}
if (process.env.FACEBOOK_CLIENT_ID && process.env.FACEBOOK_CLIENT_SECRET) {
passport.use(facebookLogin());
}
if (process.env.GITHUB_CLIENT_ID && process.env.GITHUB_CLIENT_SECRET) {
passport.use(githubLogin());
}
if (process.env.DISCORD_CLIENT_ID && process.env.DISCORD_CLIENT_SECRET) {
passport.use(discordLogin());
}
if (process.env.APPLE_CLIENT_ID && process.env.APPLE_PRIVATE_KEY_PATH) {
passport.use(appleLogin());
}
if (
process.env.OPENID_CLIENT_ID &&
process.env.OPENID_CLIENT_SECRET &&
process.env.OPENID_ISSUER &&
process.env.OPENID_SCOPE &&
process.env.OPENID_SESSION_SECRET
) {
await configureOpenId(app);
}
if (
process.env.SAML_ENTRY_POINT &&
process.env.SAML_ISSUER &&
process.env.SAML_CERT &&
process.env.SAML_SESSION_SECRET
) {
logger.info('Configuring SAML Connect...');
const isProduction = process.env.NODE_ENV === 'production';
const sessionExpiry = Number(process.env.SESSION_EXPIRY) || DEFAULT_SESSION_EXPIRY;
const sessionOptions = {
secret: process.env.SAML_SESSION_SECRET,
resave: false,
saveUninitialized: false,
store: getLogStores(CacheKeys.SAML_SESSION),
cookie: {
maxAge: sessionExpiry,
secure: isProduction,
},
};
app.use(session(sessionOptions));
app.use(passport.session());
setupSaml();
logger.info('SAML Connect configured.');
}
};
module.exports = configureSocialLogins;
Reference in a new issue View git blame Copy permalink