mirror of
https://github.com/danny-avila/LibreChat.git
synced 2026-02-13 21:14:24 +01:00
599f4a11f1
* 🔧 fix: Update OAuth error message for clarity - Changed the default error message in the OAuth error route from 'Unknown error' to 'Unknown OAuth error' to provide clearer context during authentication failures. * 🔒 feat: Enhance OAuth flow with CSRF protection and session management - Implemented CSRF protection for OAuth flows by introducing `generateOAuthCsrfToken`, `setOAuthCsrfCookie`, and `validateOAuthCsrf` functions. - Added session management for OAuth with `setOAuthSession` and `validateOAuthSession` middleware. - Updated routes to bind CSRF tokens for MCP and action OAuth flows, ensuring secure authentication. - Enhanced tests to validate CSRF handling and session management in OAuth processes. * 🔧 refactor: Invalidate cached tools after user plugin disconnection - Added a call to `invalidateCachedTools` in the `updateUserPluginsController` to ensure that cached tools are refreshed when a user disconnects from an MCP server after a plugin authentication update. This change improves the accuracy of tool data for users. * chore: imports order * fix: domain separator regex usage in ToolService - Moved the declaration of `domainSeparatorRegex` to avoid redundancy in the `loadActionToolsForExecution` function, improving code clarity and performance. * chore: OAuth flow error handling and CSRF token generation - Enhanced the OAuth callback route to validate the flow ID format, ensuring proper error handling for invalid states. - Updated the CSRF token generation function to require a JWT secret, throwing an error if not provided, which improves security and clarity in token generation. - Adjusted tests to reflect changes in flow ID handling and ensure robust validation across various scenarios. |
||
|---|---|---|
| .. | ||
| accessResources | ||
| assistants | ||
| config | ||
| limiters | ||
| roles | ||
| spec | ||
| validate | ||
| abortMiddleware.js | ||
| abortMiddleware.spec.js | ||
| abortRun.js | ||
| buildEndpointOption.js | ||
| canDeleteAccount.js | ||
| checkBan.js | ||
| checkDomainAllowed.js | ||
| checkInviteUser.js | ||
| checkPeoplePickerAccess.js | ||
| checkPeoplePickerAccess.spec.js | ||
| checkSharePublicAccess.js | ||
| checkSharePublicAccess.spec.js | ||
| denyRequest.js | ||
| error.js | ||
| index.js | ||
| logHeaders.js | ||
| moderateText.js | ||
| noIndex.js | ||
| optionalJwtAuth.js | ||
| requireJwtAuth.js | ||
| requireLdapAuth.js | ||
| requireLocalAuth.js | ||
| setHeaders.js | ||
| uaParser.js | ||
| validateImageRequest.js | ||
| validateMessageReq.js | ||
| validateModel.js | ||
| validatePasswordReset.js | ||
| validateRegistration.js | ||