Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2026-04-07 00:15:23 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
LibreChat/api/server/socialLogins.js
CMF\e-leite 50af2e0ff1 Merge remote-tracking branch 'upstream/dev' into fix/openid-pkce-secret 
# Conflicts:
#	api/server/routes/config.js
#	api/strategies/openidStrategy.spec.js
2026-04-02 18:32:11 +01:00

119 lines
3.6 KiB
JavaScript
Raw Blame History

const passport = require('passport');
const session = require('express-session');
const { CacheKeys } = require('librechat-data-provider');
const { isEnabled, shouldUseSecureCookie } = require('@librechat/api');
const { logger, DEFAULT_SESSION_EXPIRY } = require('@librechat/data-schemas');
const {
openIdJwtLogin,
facebookLogin,
facebookAdminLogin,
discordLogin,
discordAdminLogin,
setupOpenId,
googleLogin,
googleAdminLogin,
githubLogin,
githubAdminLogin,
appleLogin,
appleAdminLogin,
setupSaml,
} = require('~/strategies');
const { getLogStores } = require('~/cache');
/**
* Configures OpenID Connect for the application.
* @param {Express.Application} app - The Express application instance.
* @returns {Promise<void>}
*/
async function configureOpenId(app) {
logger.info('Configuring OpenID Connect...');
const sessionExpiry = Number(process.env.SESSION_EXPIRY) || DEFAULT_SESSION_EXPIRY;
const sessionOptions = {
secret: process.env.OPENID_SESSION_SECRET,
resave: false,
saveUninitialized: false,
store: getLogStores(CacheKeys.OPENID_SESSION),
cookie: {
maxAge: sessionExpiry,
secure: shouldUseSecureCookie(),
},
};
app.use(session(sessionOptions));
app.use(passport.session());
const config = await setupOpenId();
if (!config) {
logger.error('OpenID Connect configuration failed - strategy not registered.');
return;
}
if (isEnabled(process.env.OPENID_REUSE_TOKENS)) {
logger.info('OpenID token reuse is enabled.');
passport.use('openidJwt', openIdJwtLogin(config));
}
logger.info('OpenID Connect configured successfully.');
}
/**
*
* @param {Express.Application} app
*/
const configureSocialLogins = async (app) => {
logger.info('Configuring social logins...');
if (process.env.GOOGLE_CLIENT_ID && process.env.GOOGLE_CLIENT_SECRET) {
passport.use(googleLogin());
passport.use('googleAdmin', googleAdminLogin());
}
if (process.env.FACEBOOK_CLIENT_ID && process.env.FACEBOOK_CLIENT_SECRET) {
passport.use(facebookLogin());
passport.use('facebookAdmin', facebookAdminLogin());
}
if (process.env.GITHUB_CLIENT_ID && process.env.GITHUB_CLIENT_SECRET) {
passport.use(githubLogin());
passport.use('githubAdmin', githubAdminLogin());
}
if (process.env.DISCORD_CLIENT_ID && process.env.DISCORD_CLIENT_SECRET) {
passport.use(discordLogin());
passport.use('discordAdmin', discordAdminLogin());
}
if (process.env.APPLE_CLIENT_ID && process.env.APPLE_PRIVATE_KEY_PATH) {
passport.use(appleLogin());
passport.use('appleAdmin', appleAdminLogin());
}
if (
process.env.OPENID_CLIENT_ID &&
(isEnabled(process.env.OPENID_USE_PKCE) || process.env.OPENID_CLIENT_SECRET?.trim()) &&
process.env.OPENID_ISSUER &&
process.env.OPENID_SCOPE &&
process.env.OPENID_SESSION_SECRET
) {
await configureOpenId(app);
}
if (
process.env.SAML_ENTRY_POINT &&
process.env.SAML_ISSUER &&
process.env.SAML_CERT &&
process.env.SAML_SESSION_SECRET
) {
logger.info('Configuring SAML Connect...');
const sessionExpiry = Number(process.env.SESSION_EXPIRY) || DEFAULT_SESSION_EXPIRY;
const sessionOptions = {
secret: process.env.SAML_SESSION_SECRET,
resave: false,
saveUninitialized: false,
store: getLogStores(CacheKeys.SAML_SESSION),
cookie: {
maxAge: sessionExpiry,
secure: shouldUseSecureCookie(),
},
};
app.use(session(sessionOptions));
app.use(passport.session());
setupSaml();
logger.info('SAML Connect configured.');
}
};
module.exports = configureSocialLogins;
Reference in a new issue View git blame Copy permalink