Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2025-12-24 12:20:14 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
LibreChat/package.json
Danny Avila 7b2cedf5ff
feat: Message Rate Limiters, Violation Logging, & Ban System 🔨 (#903) 
* refactor: require Auth middleware in route index files

* feat: concurrent message limiter

* feat: complete concurrent message limiter with caching

* refactor: SSE response methods separated from handleText

* fix(abortMiddleware): fix req and res order to standard, use endpointOption in req.body

* chore: minor name changes

* refactor: add isUUID condition to saveMessage

* fix(concurrentLimiter): logic correctly handles the max number of concurrent messages and res closing/finalization

* chore: bump keyv and remove console.log from Message

* fix(concurrentLimiter): ensure messages are only saved in later message children

* refactor(concurrentLimiter): use KeyvFile instead, could make other stores configurable in the future

* feat: add denyRequest function for error responses

* feat(utils): add isStringTruthy function

Introduce the isStringTruthy function to the utilities module to check if a string value is a case-insensitive match for 'true'

* feat: add optional message rate limiters by IP and userId

* feat: add optional message rate limiters by IP and userId to edit route

* refactor: rename isStringTruthy to isTrue for brevity

* refactor(getError): use map to make code cleaner

* refactor: use memory for concurrent rate limiter to prevent clearing on startup/exit, add multiple log files, fix error message for concurrent violation

* feat: check if errorMessage is object, stringify if so

* chore: send object to denyRequest which will stringify it

* feat: log excessive requests

* fix(getError): correctly pluralize messages

* refactor(limiters): make type consistent between logs and errorMessage

* refactor(cache): move files out of lib/db into separate cache dir
>> feat: add getLogStores function so Keyv instance is not redundantly created on every violation
feat: separate violation logging to own function with logViolation

* fix: cache/index.js export, properly record userViolations

* refactor(messageLimiters): use new logging method, add logging to registrations

* refactor(logViolation): make userLogs an array of logs per user

* feat: add logging to login limiter

* refactor: pass req as first param to logViolation and record offending IP

* refactor: rename isTrue helper fn to isEnabled

* feat: add simple non_browser check and log violation

* fix: open handles in unit tests, remove KeyvMongo as not used and properly mock global fetch

* chore: adjust nodemon ignore paths to properly ignore logs

* feat: add math helper function for safe use of eval

* refactor(api/convos): use middleware at top of file to avoid redundancy

* feat: add delete all static method for Sessions

* fix: redirect to login on refresh if user is not found, or the session is not found but hasn't expired (ban case)

* refactor(getLogStores): adjust return type

* feat: add ban violation and check ban logic
refactor(logViolation): pass both req and res objects

* feat: add removePorts helper function

* refactor: rename getError to getMessageError and add getLoginError for displaying different login errors

* fix(AuthContext): fix type issue and remove unused code

* refactor(bans): ban by ip and user id, send response based on origin

* chore: add frontend ban messages

* refactor(routes/oauth): add ban check to handler, also consolidate logic to avoid redundancy

* feat: add ban check to AI messaging routes

* feat: add ban check to login/registration

* fix(ci/api): mock KeyvMongo to avoid tests hanging

* docs: update .env.example
> refactor(banViolation): calculate interval rate crossover, early return if duration is invalid
ci(banViolation): add tests to ensure users are only banned when expected

* docs: improve wording for mod system

* feat: add configurable env variables for violation scores

* chore: add jsdoc for uaParser.js

* chore: improve ban text log

* chore: update bun test scripts

* refactor(math.js): add fallback values

* fix(KeyvMongo/banLogs): refactor keyv instances to top of files to avoid memory leaks, refactor ban logic to use getLogStores instead
refactor(getLogStores): get a single log store by type

* fix(ci): refactor tests due to banLogs changes, also make sure to clear and revoke sessions even if ban duration is 0

* fix(banViolation.js): getLogStores import

* feat: handle 500 code error at login

* fix(middleware): handle case where user.id is _id and not just id

* ci: add ban secrets for backend unit tests

* refactor: logout user upon ban

* chore: log session delete message only if deletedCount > 0

* refactor: change default ban duration (2h) and make logic more clear in JSDOC

* fix: login and registration limiters will now return rate limiting error

* fix: userId not parsable as non ObjectId string

* feat: add useTimeout hook to properly clear timeouts when invoking functions within them
refactor(AuthContext): cleanup code by using new hook and defining types in ~/common

* fix: login error message for rate limits

* docs: add info for automated mod system and rate limiters, update other docs accordingly

* chore: bump data-provider version
2023-09-13 10:57:07 -04:00

101 lines
4.1 KiB
JSON
Raw Blame History

{
"name": "LibreChat",
"version": "0.5.8",
"description": "",
"workspaces": [
"api",
"client",
"packages/*"
],
"scripts": {
"install": "node config/install.js",
"update": "node config/update.js",
"rebuild:package-lock": "node config/packages",
"reinstall": "node config/update.js -l -g",
"reinstall:docker": "node config/update.js -d -g",
"update:local": "node config/update.js -l",
"update:docker": "node config/update.js -d",
"update:single": "node config/update.js -s",
"update:sudo": "node config/update.js --sudo",
"update:deployed": "node config/deployed-update.js",
"rebase:deployed": "node config/deployed-update.js --rebase",
"start:deployed": "docker-compose -f ./deploy-compose.yml up -d",
"stop:deployed": "docker-compose -f ./deploy-compose.yml down",
"upgrade": "node config/upgrade.js",
"create-user": "node config/create-user.js",
"backend": "cross-env NODE_ENV=production node api/server/index.js",
"backend:dev": "cross-env NODE_ENV=production npx nodemon api/server/index.js",
"backend:stop": "node config/stop-backend.js",
"build:data-provider": "cd packages/data-provider && npm run build",
"frontend": "npm run build:data-provider && cd client && npm run build",
"frontend:ci": "npm run build:data-provider && cd client && npm run build:ci",
"frontend:dev": "cd client && npm run dev",
"e2e": "playwright test --config=e2e/playwright.config.local.ts",
"e2e:ci": "playwright test --config=e2e/playwright.config.ts",
"e2e:debug": "cross-env PWDEBUG=1 playwright test --config=e2e/playwright.config.local.ts",
"e2e:codegen": "npx playwright codegen --load-storage=e2e/storageState.json http://localhost:3080/chat/new",
"e2e:login": "npx playwright codegen --save-storage=e2e/auth.json http://localhost:3080/login",
"e2e:github": "act -W .github/workflows/playwright.yml --secret-file my.secrets",
"test:client": "cd client && npm run test",
"test:api": "cd api && npm run test",
"e2e:update": "playwright test --config=e2e/playwright.config.js --update-snapshots",
"e2e:report": "npx playwright show-report e2e/playwright-report",
"prepare": "node config/prepare.js",
"lint:fix": "eslint --fix \"{,!(node_modules)/**/}*.{js,jsx,ts,tsx}\"",
"lint": "eslint \"{,!(node_modules)/**/}*.{js,jsx,ts,tsx}\"",
"format": "prettier-eslint --write \"{,!(node_modules)/**/}*.{js,jsx,ts,tsx}\"",
"b:api": "NODE_ENV=production bun run api/server/index.js",
"b:api:dev": "NODE_ENV=development bun run --watch api/server/index.js",
"b:data-provider": "cd packages/data-provider && bun run b:build",
"b:client": "bun run b:data-provider && cd client && bun run b:build",
"b:client:dev": "cd client && bun run b:dev",
"b:test:client": "cd client && bun run b:test",
"b:test:api": "cd api && bun run b:test"
},
"repository": {
"type": "git",
"url": "git+https://github.com/danny-avila/LibreChat.git"
},
"author": "",
"license": "ISC",
"bugs": {
"url": "https://github.com/danny-avila/LibreChat/issues"
},
"homepage": "https://github.com/danny-avila/LibreChat#readme",
"dependencies": {
"axios": "^1.4.0",
"passport-facebook": "^3.0.0"
},
"devDependencies": {
"@playwright/test": "^1.32.1",
"@typescript-eslint/eslint-plugin": "^5.62.0",
"@typescript-eslint/parser": "^5.62.0",
"babel-eslint": "^10.1.0",
"cross-env": "^7.0.3",
"eslint": "^8.41.0",
"eslint-config-airbnb-base": "^15.0.0",
"eslint-config-prettier": "^8.9.0",
"eslint-import-resolver-typescript": "^3.5.5",
"eslint-plugin-import": "^2.28.0",
"eslint-plugin-jest": "^27.2.1",
"eslint-plugin-prettier": "^4.2.1",
"eslint-plugin-react": "^7.32.2",
"eslint-plugin-react-hooks": "^4.6.0",
"husky": "^8.0.0",
"jest": "^29.5.0",
"lint-staged": "^13.2.2",
"prettier": "^2.8.8",
"prettier-eslint": "^15.0.1",
"prettier-eslint-cli": "^7.1.0",
"prettier-plugin-tailwindcss": "^0.2.2"
},
"nodemonConfig": {
"ignore": [
"api/data/",
"data/",
"client/",
"admin/",
"packages/"
]
}
}
Reference in a new issue View git blame Copy permalink