LibreChat/api/server/services/start/interface.js

const {
  SystemRoles,
  Permissions,
  PermissionTypes,
  removeNullishValues,
} = require('librechat-data-provider');
const { logger } = require('@librechat/data-schemas');
const { isMemoryEnabled } = require('@librechat/api');
const { updateAccessPermissions, getRoleByName } = require('~/models/Role');

/**
 * Updates role permissions intelligently - only updates permission types that:
 * 1. Don't exist in the database (first time setup)
 * 2. Are explicitly configured in the config file
 * @param {object} params - The role name to update
 * @param {string} params.roleName - The role name to update
 * @param {object} params.allPermissions - All permissions to potentially update
 * @param {object} params.interfaceConfig - The interface config from librechat.yaml
 */
async function updateRolePermissions({ roleName, allPermissions, interfaceConfig }) {
  const existingRole = await getRoleByName(roleName);
  const existingPermissions = existingRole?.permissions || {};
  const permissionsToUpdate = {};

  for (const [permType, perms] of Object.entries(allPermissions)) {
    const permTypeExists = existingPermissions[permType];

    const isExplicitlyConfigured = interfaceConfig && hasExplicitConfig(interfaceConfig, permType);

    // Only update if: doesn't exist OR explicitly configured
    if (!permTypeExists || isExplicitlyConfigured) {
      permissionsToUpdate[permType] = perms;
      if (!permTypeExists) {
        logger.debug(`Role '${roleName}': Setting up default permissions for '${permType}'`);
      } else if (isExplicitlyConfigured) {
        logger.debug(`Role '${roleName}': Applying explicit config for '${permType}'`);
      }
    } else {
      logger.debug(`Role '${roleName}': Preserving existing permissions for '${permType}'`);
    }
  }

  if (Object.keys(permissionsToUpdate).length > 0) {
    await updateAccessPermissions(roleName, permissionsToUpdate, existingRole);
  }
}

/**
 * Checks if a permission type has explicit configuration
 */
function hasExplicitConfig(interfaceConfig, permissionType) {
  switch (permissionType) {
    case PermissionTypes.PROMPTS:
      return interfaceConfig.prompts !== undefined;
    case PermissionTypes.BOOKMARKS:
      return interfaceConfig.bookmarks !== undefined;
    case PermissionTypes.MEMORIES:
      return interfaceConfig.memories !== undefined;
    case PermissionTypes.MULTI_CONVO:
      return interfaceConfig.multiConvo !== undefined;
    case PermissionTypes.AGENTS:
      return interfaceConfig.agents !== undefined;
    case PermissionTypes.TEMPORARY_CHAT:
      return interfaceConfig.temporaryChat !== undefined;
    case PermissionTypes.RUN_CODE:
      return interfaceConfig.runCode !== undefined;
    case PermissionTypes.WEB_SEARCH:
      return interfaceConfig.webSearch !== undefined;
    case PermissionTypes.PEOPLE_PICKER:
      return interfaceConfig.peoplePicker !== undefined;
    case PermissionTypes.MARKETPLACE:
      return interfaceConfig.marketplace !== undefined;
    case PermissionTypes.FILE_SEARCH:
      return interfaceConfig.fileSearch !== undefined;
    case PermissionTypes.FILE_CITATIONS:
      return interfaceConfig.fileCitations !== undefined;
    default:
      return false;
  }
}

/**
 * Loads the default interface object.
 * @param {TCustomConfig | undefined} config - The loaded custom configuration.
 * @param {TConfigDefaults} configDefaults - The custom configuration default values.
 * @returns {Promise<TCustomConfig['interface']>} The default interface object.
 */
async function loadDefaultInterface(config, configDefaults) {
  const { interface: interfaceConfig } = config ?? {};
  const { interface: defaults } = configDefaults;
  const hasModelSpecs = config?.modelSpecs?.list?.length > 0;
  const includesAddedEndpoints = config?.modelSpecs?.addedEndpoints?.length > 0;

  const memoryConfig = config?.memory;
  const memoryEnabled = isMemoryEnabled(memoryConfig);
  /** Only disable memories if memory config is present but disabled/invalid */
  const shouldDisableMemories = memoryConfig && !memoryEnabled;
  /** Check if personalization is enabled (defaults to true if memory is configured and enabled) */
  const isPersonalizationEnabled =
    memoryConfig && memoryEnabled && memoryConfig.personalize !== false;

  /** @type {TCustomConfig['interface']} */
  const loadedInterface = removeNullishValues({
    endpointsMenu:
      interfaceConfig?.endpointsMenu ?? (hasModelSpecs ? false : defaults.endpointsMenu),
    modelSelect:
      interfaceConfig?.modelSelect ??
      (hasModelSpecs ? includesAddedEndpoints : defaults.modelSelect),
    parameters: interfaceConfig?.parameters ?? (hasModelSpecs ? false : defaults.parameters),
    presets: interfaceConfig?.presets ?? (hasModelSpecs ? false : defaults.presets),
    sidePanel: interfaceConfig?.sidePanel ?? defaults.sidePanel,
    privacyPolicy: interfaceConfig?.privacyPolicy ?? defaults.privacyPolicy,
    termsOfService: interfaceConfig?.termsOfService ?? defaults.termsOfService,
    mcpServers: interfaceConfig?.mcpServers ?? defaults.mcpServers,
    bookmarks: interfaceConfig?.bookmarks ?? defaults.bookmarks,
    memories: shouldDisableMemories ? false : (interfaceConfig?.memories ?? defaults.memories),
    prompts: interfaceConfig?.prompts ?? defaults.prompts,
    multiConvo: interfaceConfig?.multiConvo ?? defaults.multiConvo,
    agents: interfaceConfig?.agents ?? defaults.agents,
    temporaryChat: interfaceConfig?.temporaryChat ?? defaults.temporaryChat,
    runCode: interfaceConfig?.runCode ?? defaults.runCode,
    webSearch: interfaceConfig?.webSearch ?? defaults.webSearch,
    fileSearch: interfaceConfig?.fileSearch ?? defaults.fileSearch,
    fileCitations: interfaceConfig?.fileCitations ?? defaults.fileCitations,
    customWelcome: interfaceConfig?.customWelcome ?? defaults.customWelcome,
    peoplePicker: {
      users: interfaceConfig?.peoplePicker?.users ?? defaults.peoplePicker?.users,
      groups: interfaceConfig?.peoplePicker?.groups ?? defaults.peoplePicker?.groups,
      roles: interfaceConfig?.peoplePicker?.roles ?? defaults.peoplePicker?.roles,
    },
    marketplace: {
      use: interfaceConfig?.marketplace?.use ?? defaults.marketplace?.use,
    },
  });

  for (const roleName of [SystemRoles.USER, SystemRoles.ADMIN]) {
    await updateRolePermissions({
      roleName,
      allPermissions: {
        [PermissionTypes.PROMPTS]: { [Permissions.USE]: loadedInterface.prompts },
        [PermissionTypes.BOOKMARKS]: { [Permissions.USE]: loadedInterface.bookmarks },
        [PermissionTypes.MEMORIES]: {
          [Permissions.USE]: loadedInterface.memories,
          [Permissions.OPT_OUT]: isPersonalizationEnabled,
        },
        [PermissionTypes.MULTI_CONVO]: { [Permissions.USE]: loadedInterface.multiConvo },
        [PermissionTypes.AGENTS]: { [Permissions.USE]: loadedInterface.agents },
        [PermissionTypes.TEMPORARY_CHAT]: { [Permissions.USE]: loadedInterface.temporaryChat },
        [PermissionTypes.RUN_CODE]: { [Permissions.USE]: loadedInterface.runCode },
        [PermissionTypes.WEB_SEARCH]: { [Permissions.USE]: loadedInterface.webSearch },
        [PermissionTypes.PEOPLE_PICKER]: {
          [Permissions.VIEW_USERS]: loadedInterface.peoplePicker?.users,
          [Permissions.VIEW_GROUPS]: loadedInterface.peoplePicker?.groups,
          [Permissions.VIEW_ROLES]: loadedInterface.peoplePicker?.roles,
        },
        [PermissionTypes.MARKETPLACE]: {
          [Permissions.USE]: loadedInterface.marketplace?.use,
        },
        [PermissionTypes.FILE_SEARCH]: { [Permissions.USE]: loadedInterface.fileSearch },
        [PermissionTypes.FILE_CITATIONS]: { [Permissions.USE]: loadedInterface.fileCitations },
      },
      interfaceConfig,
    });
  }

  let i = 0;
  const logSettings = () => {
    // log interface object and model specs object (without list) for reference
    logger.warn(`\`interface\` settings:\n${JSON.stringify(loadedInterface, null, 2)}`);
    logger.warn(
      `\`modelSpecs\` settings:\n${JSON.stringify(
        { ...(config?.modelSpecs ?? {}), list: undefined },
        null,
        2,
      )}`,
    );
  };

  // warn about config.modelSpecs.prioritize if true and presets are enabled, that default presets will conflict with prioritizing model specs.
  if (config?.modelSpecs?.prioritize && loadedInterface.presets) {
    logger.warn(
      "Note: Prioritizing model specs can conflict with default presets if a default preset is set. It's recommended to disable presets from the interface or disable use of a default preset.",
    );
    i === 0 && i++;
  }

  // warn about config.modelSpecs.enforce if true and if any of these, endpointsMenu, modelSelect, presets, or parameters are enabled, that enforcing model specs can conflict with these options.
  if (
    config?.modelSpecs?.enforce &&
    (loadedInterface.endpointsMenu ||
      loadedInterface.modelSelect ||
      loadedInterface.presets ||
      loadedInterface.parameters)
  ) {
    logger.warn(
      "Note: Enforcing model specs can conflict with the interface options: endpointsMenu, modelSelect, presets, and parameters. It's recommended to disable these options from the interface or disable enforcing model specs.",
    );
    i === 0 && i++;
  }
  // warn if enforce is true and prioritize is not, that enforcing model specs without prioritizing them can lead to unexpected behavior.
  if (config?.modelSpecs?.enforce && !config?.modelSpecs?.prioritize) {
    logger.warn(
      "Note: Enforcing model specs without prioritizing them can lead to unexpected behavior. It's recommended to enable prioritizing model specs if enforcing them.",
    );
    i === 0 && i++;
  }

  if (i > 0) {
    logSettings();
  }

  return loadedInterface;
}

module.exports = { loadDefaultInterface };