mirror of
https://github.com/danny-avila/LibreChat.git
synced 2026-03-04 23:30:19 +01:00
619d35360d
* ♻️ refactor: Centralize `buildLoginRedirectUrl` in data-provider Move `buildLoginRedirectUrl` from `client/src/utils/redirect.ts` into `packages/data-provider/src/api-endpoints.ts` so the axios 401 interceptor (and any other data-provider consumer) can use the canonical implementation with the LOGIN_PATH_RE guard and BASE_URL awareness. The client module now re-exports from `librechat-data-provider`, keeping all existing imports working unchanged. * 🔒 fix: Shared link 401 interceptor bypass and redirect loop (#12033) Fixes three issues in the axios 401 response interceptor that prevented private shared links (ALLOW_SHARED_LINKS_PUBLIC=false) from working: 1. `window.location.href.includes('share/')` matched the full URL (including query params and hash), causing false positives. Changed to `window.location.pathname.startsWith('/share/')`. 2. When token refresh returned no token on a share page, the interceptor logged and fell through without redirecting, causing an infinite retry loop via React Query. Now redirects to login using `buildLoginRedirectUrl()` which preserves the share URL for post-login navigation. 3. `processQueue` was never called in the no-token branch, leaving queued requests with dangling promise callbacks. Added `processQueue(error, null)` before the redirect. * ✅ test: Comprehensive 401 interceptor tests for shared link auth flow Rewrite interceptor test suite to cover all shared link auth scenarios: - Unauthenticated user on share page with failed refresh → redirect - Authenticated user on share page with failed refresh → redirect - share/ in query params does NOT bypass the auth header guard - Login path guard: redirect to plain /login (no redirect_to loop) - Refresh success: assert exact call count (toBe(3) vs toBeGreaterThan) Test reliability improvements: - window.location teardown moved to afterEach (no state leak on failure) - expect.assertions(N) on all tests (catch silent false passes) - Shared setWindowLocation helper for consistent location mocking * ♻️ refactor: Import `buildLoginRedirectUrl` directly from data-provider Update `AuthContext.tsx` and `useAuthRedirect.ts` to import `buildLoginRedirectUrl` from `librechat-data-provider` instead of re-exporting through `~/utils/redirect.ts`. Convert `redirect.ts` to ESM-style inline exports and remove the re-export of `buildLoginRedirectUrl`. * ✅ test: Move `buildLoginRedirectUrl` tests to data-provider Tests for `buildLoginRedirectUrl` now live alongside the implementation in `packages/data-provider/specs/api-endpoints.spec.ts`. Removed the duplicate describe block from the client redirect test file since it no longer owns that function.
86 lines
3.1 KiB
TypeScript
86 lines
3.1 KiB
TypeScript
/**
|
|
* @jest-environment jsdom
|
|
*/
|
|
import { buildLoginRedirectUrl } from '../src/api-endpoints';
|
|
|
|
describe('buildLoginRedirectUrl', () => {
|
|
let savedLocation: Location;
|
|
|
|
beforeEach(() => {
|
|
savedLocation = window.location;
|
|
Object.defineProperty(window, 'location', {
|
|
value: { pathname: '/c/abc123', search: '?model=gpt-4', hash: '#msg-5' },
|
|
writable: true,
|
|
});
|
|
});
|
|
|
|
afterEach(() => {
|
|
Object.defineProperty(window, 'location', { value: savedLocation, writable: true });
|
|
});
|
|
|
|
it('builds a login URL from explicit args', () => {
|
|
const result = buildLoginRedirectUrl('/c/new', '?q=hello', '');
|
|
expect(result).toBe('/login?redirect_to=%2Fc%2Fnew%3Fq%3Dhello');
|
|
});
|
|
|
|
it('encodes complex paths with query and hash', () => {
|
|
const result = buildLoginRedirectUrl('/c/new', '?q=hello&submit=true', '#section');
|
|
expect(result).toContain('redirect_to=');
|
|
const encoded = result.split('redirect_to=')[1];
|
|
expect(decodeURIComponent(encoded)).toBe('/c/new?q=hello&submit=true#section');
|
|
});
|
|
|
|
it('falls back to window.location when no args provided', () => {
|
|
const result = buildLoginRedirectUrl();
|
|
const encoded = result.split('redirect_to=')[1];
|
|
expect(decodeURIComponent(encoded)).toBe('/c/abc123?model=gpt-4#msg-5');
|
|
});
|
|
|
|
it('falls back to "/" when all location parts are empty', () => {
|
|
Object.defineProperty(window, 'location', {
|
|
value: { pathname: '', search: '', hash: '' },
|
|
writable: true,
|
|
});
|
|
const result = buildLoginRedirectUrl();
|
|
expect(result).toBe('/login?redirect_to=%2F');
|
|
});
|
|
|
|
it('returns plain /login when pathname is /login (prevents recursive redirect)', () => {
|
|
const result = buildLoginRedirectUrl('/login', '?redirect_to=%2Fc%2Fnew', '');
|
|
expect(result).toBe('/login');
|
|
});
|
|
|
|
it('returns plain /login when window.location is already /login', () => {
|
|
Object.defineProperty(window, 'location', {
|
|
value: { pathname: '/login', search: '?redirect_to=%2Fc%2Fabc', hash: '' },
|
|
writable: true,
|
|
});
|
|
const result = buildLoginRedirectUrl();
|
|
expect(result).toBe('/login');
|
|
});
|
|
|
|
it('returns plain /login for /login sub-paths', () => {
|
|
const result = buildLoginRedirectUrl('/login/2fa', '', '');
|
|
expect(result).toBe('/login');
|
|
});
|
|
|
|
it('returns plain /login for basename-prefixed /login (e.g. /librechat/login)', () => {
|
|
Object.defineProperty(window, 'location', {
|
|
value: { pathname: '/librechat/login', search: '?redirect_to=%2Fc%2Fabc', hash: '' },
|
|
writable: true,
|
|
});
|
|
const result = buildLoginRedirectUrl();
|
|
expect(result).toBe('/login');
|
|
});
|
|
|
|
it('returns plain /login for basename-prefixed /login sub-paths', () => {
|
|
const result = buildLoginRedirectUrl('/librechat/login/2fa', '', '');
|
|
expect(result).toBe('/login');
|
|
});
|
|
|
|
it('does NOT match paths where "login" is a substring of a segment', () => {
|
|
const result = buildLoginRedirectUrl('/c/loginhistory', '', '');
|
|
expect(result).toContain('redirect_to=');
|
|
expect(decodeURIComponent(result.split('redirect_to=')[1])).toBe('/c/loginhistory');
|
|
});
|
|
});
|