Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2026-02-13 13:04:24 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
LibreChat/api/server/routes
History
Danny Avila 599f4a11f1
Some checks are pending
Docker Dev Branch Images Build / build (Dockerfile, lc-dev, node) (push) Waiting to run
Details
Docker Dev Branch Images Build / build (Dockerfile.multi, lc-dev-api, api-build) (push) Waiting to run
Details
🛡️ fix: Secure MCP/Actions OAuth Flows, Resolve Race Condition & Tool Cache Cleanup (#11756) 
* 🔧 fix: Update OAuth error message for clarity

- Changed the default error message in the OAuth error route from 'Unknown error' to 'Unknown OAuth error' to provide clearer context during authentication failures.

* 🔒 feat: Enhance OAuth flow with CSRF protection and session management

- Implemented CSRF protection for OAuth flows by introducing `generateOAuthCsrfToken`, `setOAuthCsrfCookie`, and `validateOAuthCsrf` functions.
- Added session management for OAuth with `setOAuthSession` and `validateOAuthSession` middleware.
- Updated routes to bind CSRF tokens for MCP and action OAuth flows, ensuring secure authentication.
- Enhanced tests to validate CSRF handling and session management in OAuth processes.

* 🔧 refactor: Invalidate cached tools after user plugin disconnection

- Added a call to `invalidateCachedTools` in the `updateUserPluginsController` to ensure that cached tools are refreshed when a user disconnects from an MCP server after a plugin authentication update. This change improves the accuracy of tool data for users.

* chore: imports order

* fix: domain separator regex usage in ToolService

- Moved the declaration of `domainSeparatorRegex` to avoid redundancy in the `loadActionToolsForExecution` function, improving code clarity and performance.

* chore: OAuth flow error handling and CSRF token generation

- Enhanced the OAuth callback route to validate the flow ID format, ensuring proper error handling for invalid states.
- Updated the CSRF token generation function to require a JWT secret, throwing an error if not provided, which improves security and clarity in token generation.
- Adjusted tests to reflect changes in flow ID handling and ensure robust validation across various scenarios.
2026-02-12 14:22:05 -05:00
..
__tests__ 🛡️ fix: Secure MCP/Actions OAuth Flows, Resolve Race Condition & Tool Cache Cleanup (#11756) 2026-02-12 14:22:05 -05:00
admin 🔐 feat: Admin Auth. Routes with Secure Cross-Origin Token Exchange (#11297) 2026-01-28 17:44:31 -05:00
agents 🛸 feat: Remote Agent Access with External API Support (#11503) 2026-01-28 17:44:33 -05:00
assistants 📦 chore: Bump Express.js to v5 (#10671) 2025-12-11 16:36:15 -05:00
files 🔀 refactor: Endpoint Check for File Uploads in Images Route (#11352) 2026-01-14 14:07:58 -05:00
types WIP: Update UI to match Official Style; Vision and Assistants 👷🏽 (#1190) 2023-11-16 10:42:24 -05:00
accessPermissions.js 🛸 feat: Remote Agent Access with External API Support (#11503) 2026-01-28 17:44:33 -05:00
accessPermissions.test.js 🪪 fix: Misleading MCP Server Lookup Method Name (#11315) 2026-01-12 21:04:25 -05:00
actions.js 🛡️ fix: Secure MCP/Actions OAuth Flows, Resolve Race Condition & Tool Cache Cleanup (#11756) 2026-02-12 14:22:05 -05:00
apiKeys.js 🛸 feat: Remote Agent Access with External API Support (#11503) 2026-01-28 17:44:33 -05:00
auth.js 🛜 refactor: Streamline App Config Usage (#9234) 2025-08-26 12:10:18 -04:00
balance.js feat: Accurate Token Usage Tracking & Optional Balance (#1018) 2023-10-05 18:34:10 -04:00
banner.js 🚀 feat: Banner (#3952) 2024-09-11 09:34:25 -04:00
categories.js 🗨️ feat: Prompts (#3131) 2024-06-20 20:24:32 -04:00
config.js 🧩 refactor: Decouple MCP Config from Startup Config (#10689) 2025-12-11 16:36:34 -05:00
convos.js 🔧 fix: Sorting and Pagination logic for Conversations (#11242) 2026-01-07 09:44:45 -05:00
endpoints.js 🛜 refactor: Streamline App Config Usage (#9234) 2025-08-26 12:10:18 -04:00
index.js 🛸 feat: Remote Agent Access with External API Support (#11503) 2026-01-28 17:44:33 -05:00
keys.js 🧵 refactor: Migrate Endpoint Initialization to TypeScript (#10794) 2025-12-11 16:37:16 -05:00
mcp.js 🛡️ fix: Secure MCP/Actions OAuth Flows, Resolve Race Condition & Tool Cache Cleanup (#11756) 2026-02-12 14:22:05 -05:00
memories.js 🛜 refactor: Streamline App Config Usage (#9234) 2025-08-26 12:10:18 -04:00
messages.js 🔧 fix: Sorting and Pagination logic for Conversations (#11242) 2026-01-07 09:44:45 -05:00
models.js 🛠️ refactor: Model Loading and Custom Endpoint Error Handling (#1849) 2024-02-20 12:57:58 -05:00
oauth.js 🛡️ fix: Secure MCP/Actions OAuth Flows, Resolve Race Condition & Tool Cache Cleanup (#11756) 2026-02-12 14:22:05 -05:00
presets.js 🧹 chore: Cleanup Logger and Utility Imports (#9935) 2025-10-01 23:30:47 -04:00
prompts.js 🔧 refactor: Permission handling for Resource Sharing (#11283) 2026-01-10 14:02:56 -05:00
prompts.test.js 🔧 refactor: Permission handling for Resource Sharing (#11283) 2026-01-10 14:02:56 -05:00
roles.js 🛸 feat: Remote Agent Access with External API Support (#11503) 2026-01-28 17:44:33 -05:00
search.js 🧹 chore: Cleanup Logger and Utility Imports (#9935) 2025-10-01 23:30:47 -04:00
settings.js 📌 feat: Pin Agents and Models in the Sidebar (#10634) 2025-12-11 16:38:20 -05:00
share.js 🔗 fix: Add branch-specific shared links (targetMessageId) (#10016) 2025-10-10 08:42:05 -04:00
static.js 🧹 chore: Cleanup Logger and Utility Imports (#9935) 2025-10-01 23:30:47 -04:00
tags.js 🔒 fix: Agents Config/Permission Checks after Streamline Change (#8089) 2025-06-26 18:53:05 -04:00
user.js 📌 feat: Pin Agents and Models in the Sidebar (#10634) 2025-12-11 16:38:20 -05:00