Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2026-02-13 21:14:24 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
LibreChat/client/src
History
Danny Avila 599f4a11f1
Some checks are pending
Docker Dev Branch Images Build / build (Dockerfile, lc-dev, node) (push) Waiting to run
Details
Docker Dev Branch Images Build / build (Dockerfile.multi, lc-dev-api, api-build) (push) Waiting to run
Details
🛡️ fix: Secure MCP/Actions OAuth Flows, Resolve Race Condition & Tool Cache Cleanup (#11756) 
* 🔧 fix: Update OAuth error message for clarity

- Changed the default error message in the OAuth error route from 'Unknown error' to 'Unknown OAuth error' to provide clearer context during authentication failures.

* 🔒 feat: Enhance OAuth flow with CSRF protection and session management

- Implemented CSRF protection for OAuth flows by introducing `generateOAuthCsrfToken`, `setOAuthCsrfCookie`, and `validateOAuthCsrf` functions.
- Added session management for OAuth with `setOAuthSession` and `validateOAuthSession` middleware.
- Updated routes to bind CSRF tokens for MCP and action OAuth flows, ensuring secure authentication.
- Enhanced tests to validate CSRF handling and session management in OAuth processes.

* 🔧 refactor: Invalidate cached tools after user plugin disconnection

- Added a call to `invalidateCachedTools` in the `updateUserPluginsController` to ensure that cached tools are refreshed when a user disconnects from an MCP server after a plugin authentication update. This change improves the accuracy of tool data for users.

* chore: imports order

* fix: domain separator regex usage in ToolService

- Moved the declaration of `domainSeparatorRegex` to avoid redundancy in the `loadActionToolsForExecution` function, improving code clarity and performance.

* chore: OAuth flow error handling and CSRF token generation

- Enhanced the OAuth callback route to validate the flow ID format, ensuring proper error handling for invalid states.
- Updated the CSRF token generation function to require a JWT secret, throwing an error if not provided, which improves security and clarity in token generation.
- Adjusted tests to reflect changes in flow ID handling and ensure robust validation across various scenarios.
2026-02-12 14:22:05 -05:00
..
@types 🔧 chore: Update ESLint Config & Run Linter (#10986) 2025-12-15 17:55:25 -05:00
a11y 📦 feat: Move Shared Components to @librechat/client (#8685) 2025-07-27 12:19:01 -04:00
common 🕵️‍♂️ fix: Handle 404 errors on agent queries for favorites (#11587) 2026-02-11 22:12:05 -05:00
components 🛡️ fix: Secure MCP/Actions OAuth Flows, Resolve Race Condition & Tool Cache Cleanup (#11756) 2026-02-12 14:22:05 -05:00
constants 🔐 feat: Granular Role-based Permissions + Entra ID Group Discovery (#7804) 2025-08-13 16:24:17 -04:00
data-provider 🛸 feat: Remote Agent Access with External API Support (#11503) 2026-01-28 17:44:33 -05:00
hooks 🆔 fix: Atomic File Dedupe, Bedrock Tokens Fix, and Allowed MIME Types (#11675) 2026-02-07 13:26:18 -05:00
locales 🌍 i18n: Update translation.json with latest translations (#11739) 2026-02-11 22:56:06 -05:00
Providers 📤 fix: Show Proper Upload Options for Azure and Agent Endpoints (#11081) 2025-12-25 15:54:15 -05:00
routes 🔊 fix: Conversation Search Result Announcement (#11449) 2026-01-22 19:36:46 -05:00
store 🚏 chore: Remove Resumable Stream Toggle (#11258) 2026-01-07 20:37:35 -05:00
utils style(MCP): Enhance dialog accessibility and styling consistency (#11585) 2026-02-11 22:08:40 -05:00
App.jsx 🛜 feat: Enable Network Requests in Offline Mode (#11107) 2025-12-26 09:01:27 -05:00
main.jsx 🎨 feat: add copy-tex to improve copying KaTeX (#7308) 2025-05-15 12:08:47 -04:00
mobile.css 🎨 fix: Layering for Right-hand Side Panel (#11392) 2026-01-18 11:59:26 -05:00
style.css style(MCP): Enhance dialog accessibility and styling consistency (#11585) 2026-02-11 22:08:40 -05:00
vite-env.d.ts 🖱️ fix: Message Scrolling UX; refactor: Frontend UX/DX Optimizations (#3733) 2024-08-21 18:18:45 -04:00