mirror of
https://github.com/danny-avila/LibreChat.git
synced 2025-12-19 18:00:15 +01:00
126 lines
4.2 KiB
JavaScript
126 lines
4.2 KiB
JavaScript
const openIdClient = require('openid-client');
|
|
const cookies = require('cookie');
|
|
const jwt = require('jsonwebtoken');
|
|
const {
|
|
registerUser,
|
|
resetPassword,
|
|
setAuthTokens,
|
|
requestPasswordReset,
|
|
setOpenIDAuthTokens,
|
|
} = require('~/server/services/AuthService');
|
|
const { getOpenIdConfig } = require('~/strategies');
|
|
const { logger } = require('~/config');
|
|
const { isEnabled } = require('~/server/utils');
|
|
const db = require('~/lib/db/connectDb');
|
|
|
|
const registrationController = async (req, res) => {
|
|
try {
|
|
const response = await registerUser(req.body);
|
|
const { status, message } = response;
|
|
res.status(status).send({ message });
|
|
} catch (err) {
|
|
logger.error('[registrationController]', err);
|
|
return res.status(500).json({ message: err.message });
|
|
}
|
|
};
|
|
|
|
const resetPasswordRequestController = async (req, res) => {
|
|
try {
|
|
const resetService = await requestPasswordReset(req);
|
|
if (resetService instanceof Error) {
|
|
return res.status(400).json(resetService);
|
|
} else {
|
|
return res.status(200).json(resetService);
|
|
}
|
|
} catch (e) {
|
|
logger.error('[resetPasswordRequestController]', e);
|
|
return res.status(400).json({ message: e.message });
|
|
}
|
|
};
|
|
|
|
const resetPasswordController = async (req, res) => {
|
|
try {
|
|
const resetPasswordService = await resetPassword(
|
|
req.body.userId,
|
|
req.body.token,
|
|
req.body.password,
|
|
);
|
|
if (resetPasswordService instanceof Error) {
|
|
return res.status(400).json(resetPasswordService);
|
|
} else {
|
|
await db.models.Session.deleteAllUserSessions({ userId: req.body.userId });
|
|
return res.status(200).json(resetPasswordService);
|
|
}
|
|
} catch (e) {
|
|
logger.error('[resetPasswordController]', e);
|
|
return res.status(400).json({ message: e.message });
|
|
}
|
|
};
|
|
|
|
const refreshController = async (req, res) => {
|
|
const refreshToken = req.headers.cookie ? cookies.parse(req.headers.cookie).refreshToken : null;
|
|
const token_provider = req.headers.cookie
|
|
? cookies.parse(req.headers.cookie).token_provider
|
|
: null;
|
|
if (!refreshToken) {
|
|
return res.status(200).send('Refresh token not provided');
|
|
}
|
|
if (token_provider === 'openid' && isEnabled(process.env.OPENID_REUSE_TOKENS) === true) {
|
|
try {
|
|
const openIdConfig = getOpenIdConfig();
|
|
const tokenset = await openIdClient.refreshTokenGrant(openIdConfig, refreshToken);
|
|
const claims = tokenset.claims();
|
|
const user = await findUser({ email: claims.email });
|
|
if (!user) {
|
|
return res.status(401).redirect('/login');
|
|
}
|
|
const token = setOpenIDAuthTokens(tokenset, res);
|
|
return res.status(200).send({ token, user });
|
|
} catch (error) {
|
|
logger.error('[refreshController] OpenID token refresh error', error);
|
|
return res.status(403).send('Invalid OpenID refresh token');
|
|
}
|
|
}
|
|
try {
|
|
const payload = jwt.verify(refreshToken, process.env.JWT_REFRESH_SECRET);
|
|
const user = await db.models.User.getUserById(payload.id, '-password -__v -totpSecret');
|
|
if (!user) {
|
|
return res.status(401).redirect('/login');
|
|
}
|
|
|
|
const userId = payload.id;
|
|
|
|
if (process.env.NODE_ENV === 'CI') {
|
|
const token = await setAuthTokens(userId, res);
|
|
return res.status(200).send({ token, user });
|
|
}
|
|
|
|
// Find the session with the hashed refresh token
|
|
const session = await db.models.Session.findSession({
|
|
userId: userId,
|
|
refreshToken: refreshToken,
|
|
});
|
|
|
|
if (session && session.expiration > new Date()) {
|
|
const token = await setAuthTokens(userId, res, session._id);
|
|
res.status(200).send({ token, user });
|
|
} else if (req?.query?.retry) {
|
|
// Retrying from a refresh token request that failed (401)
|
|
res.status(403).send('No session found');
|
|
} else if (payload.exp < Date.now() / 1000) {
|
|
res.status(403).redirect('/login');
|
|
} else {
|
|
res.status(401).send('Refresh token expired or not found for this user');
|
|
}
|
|
} catch (err) {
|
|
logger.error(`[refreshController] Refresh token: ${refreshToken}`, err);
|
|
res.status(403).send('Invalid refresh token');
|
|
}
|
|
};
|
|
|
|
module.exports = {
|
|
refreshController,
|
|
registrationController,
|
|
resetPasswordController,
|
|
resetPasswordRequestController,
|
|
};
|