mirror of
https://github.com/danny-avila/LibreChat.git
synced 2025-12-17 17:00:15 +01:00
eed43e6662
- Implement RBAC with viewer/editor/owner roles using bitwise permissions
- Add AccessRole, AclEntry, and Group models for permission management
- Create PermissionService for core permission logic and validation
- Integrate Microsoft Graph API for Entra ID user/group search
- Add middleware for resource access validation with custom ID resolvers
- Implement bulk permission updates with transaction support
- Create permission management UI with people picker and role selection
- Add public sharing capabilities for resources
- Include database migration for existing agent ownership
- Support hybrid local/Entra ID identity management
- Add comprehensive test coverage for all new services
chore: Update @librechat/data-schemas to version 0.0.9 and export common module in index.ts
fix: Update userGroup tests to mock logger correctly and change principalId expectation from null to undefined
150 lines
2.7 KiB
TypeScript
150 lines
2.7 KiB
TypeScript
import { Schema } from 'mongoose';
|
|
import { SystemRoles } from 'librechat-data-provider';
|
|
import { IUser } from '~/types';
|
|
|
|
// Session sub-schema
|
|
const SessionSchema = new Schema(
|
|
{
|
|
refreshToken: {
|
|
type: String,
|
|
default: '',
|
|
},
|
|
},
|
|
{ _id: false },
|
|
);
|
|
|
|
// Backup code sub-schema
|
|
const BackupCodeSchema = new Schema(
|
|
{
|
|
codeHash: { type: String, required: true },
|
|
used: { type: Boolean, default: false },
|
|
usedAt: { type: Date, default: null },
|
|
},
|
|
{ _id: false },
|
|
);
|
|
|
|
const userSchema = new Schema<IUser>(
|
|
{
|
|
name: {
|
|
type: String,
|
|
},
|
|
username: {
|
|
type: String,
|
|
lowercase: true,
|
|
default: '',
|
|
},
|
|
email: {
|
|
type: String,
|
|
required: [true, "can't be blank"],
|
|
lowercase: true,
|
|
unique: true,
|
|
match: [/\S+@\S+\.\S+/, 'is invalid'],
|
|
index: true,
|
|
},
|
|
emailVerified: {
|
|
type: Boolean,
|
|
required: true,
|
|
default: false,
|
|
},
|
|
password: {
|
|
type: String,
|
|
trim: true,
|
|
minlength: 8,
|
|
maxlength: 128,
|
|
},
|
|
avatar: {
|
|
type: String,
|
|
required: false,
|
|
},
|
|
provider: {
|
|
type: String,
|
|
required: true,
|
|
default: 'local',
|
|
},
|
|
role: {
|
|
type: String,
|
|
default: SystemRoles.USER,
|
|
},
|
|
googleId: {
|
|
type: String,
|
|
unique: true,
|
|
sparse: true,
|
|
},
|
|
facebookId: {
|
|
type: String,
|
|
unique: true,
|
|
sparse: true,
|
|
},
|
|
openidId: {
|
|
type: String,
|
|
unique: true,
|
|
sparse: true,
|
|
},
|
|
samlId: {
|
|
type: String,
|
|
unique: true,
|
|
sparse: true,
|
|
},
|
|
ldapId: {
|
|
type: String,
|
|
unique: true,
|
|
sparse: true,
|
|
},
|
|
githubId: {
|
|
type: String,
|
|
unique: true,
|
|
sparse: true,
|
|
},
|
|
discordId: {
|
|
type: String,
|
|
unique: true,
|
|
sparse: true,
|
|
},
|
|
appleId: {
|
|
type: String,
|
|
unique: true,
|
|
sparse: true,
|
|
},
|
|
plugins: {
|
|
type: Array,
|
|
},
|
|
twoFactorEnabled: {
|
|
type: Boolean,
|
|
default: false,
|
|
},
|
|
totpSecret: {
|
|
type: String,
|
|
},
|
|
backupCodes: {
|
|
type: [BackupCodeSchema],
|
|
},
|
|
refreshToken: {
|
|
type: [SessionSchema],
|
|
},
|
|
expiresAt: {
|
|
type: Date,
|
|
expires: 604800, // 7 days in seconds
|
|
},
|
|
termsAccepted: {
|
|
type: Boolean,
|
|
default: false,
|
|
},
|
|
personalization: {
|
|
type: {
|
|
memories: {
|
|
type: Boolean,
|
|
default: true,
|
|
},
|
|
},
|
|
default: {},
|
|
},
|
|
/** Field for external source identification (for consistency with TPrincipal schema) */
|
|
idOnTheSource: {
|
|
type: String,
|
|
sparse: true,
|
|
},
|
|
},
|
|
{ timestamps: true },
|
|
);
|
|
|
|
export default userSchema;
|