mirror of
https://github.com/danny-avila/LibreChat.git
synced 2026-01-13 14:08:51 +01:00
f8774983a0
* 🔧 fix: MCP server ID resolver in access permissions (#11315) - Replaced `findMCPServerById` with `findMCPServerByObjectId` in access permissions route and corresponding tests for improved clarity and consistency in resource identification. * 🔧 refactor: Update MCP server resource access methods to use server name - Replaced instances of `findMCPServerById` with `findMCPServerByServerName` across middleware, database, and test files for improved clarity and consistency in resource identification. - Updated related comments and test cases to reflect the change in method usage. * chore: Increase timeout for Redis update in GenerationJobManager integration tests - Updated the timeout duration from 50ms to 200ms in the GenerationJobManager integration tests to ensure reliable verification of final event data in Redis after emitting the done event.
61 lines
2 KiB
JavaScript
61 lines
2 KiB
JavaScript
const { ResourceType } = require('librechat-data-provider');
|
|
const { canAccessResource } = require('./canAccessResource');
|
|
const { findMCPServerByServerName } = require('~/models');
|
|
|
|
/**
|
|
* MCP Server name resolver function
|
|
* Resolves MCP server name (e.g., "my-mcp-server") to MongoDB ObjectId
|
|
*
|
|
* @param {string} serverName - Server name from route parameter
|
|
* @returns {Promise<Object|null>} MCP server document with _id field, or null if not found
|
|
*/
|
|
const resolveMCPServerName = async (serverName) => {
|
|
return await findMCPServerByServerName(serverName);
|
|
};
|
|
|
|
/**
|
|
* MCP Server-specific middleware factory that creates middleware to check MCP server access permissions.
|
|
* This middleware extends the generic canAccessResource to handle MCP server custom ID resolution.
|
|
*
|
|
* @param {Object} options - Configuration options
|
|
* @param {number} options.requiredPermission - The permission bit required (1=view, 2=edit, 4=delete, 8=share)
|
|
* @param {string} [options.resourceIdParam='serverName'] - The name of the route parameter containing the MCP server custom ID
|
|
* @returns {Function} Express middleware function
|
|
*
|
|
* @example
|
|
* // Basic usage for viewing MCP servers
|
|
* router.get('/servers/:serverName',
|
|
* canAccessMCPServerResource({ requiredPermission: 1 }),
|
|
* getMCPServer
|
|
* );
|
|
*
|
|
* @example
|
|
* // Custom resource ID parameter and edit permission
|
|
* router.patch('/servers/:id',
|
|
* canAccessMCPServerResource({
|
|
* requiredPermission: 2,
|
|
* resourceIdParam: 'id'
|
|
* }),
|
|
* updateMCPServer
|
|
* );
|
|
*/
|
|
const canAccessMCPServerResource = (options) => {
|
|
const { requiredPermission, resourceIdParam = 'serverName' } = options;
|
|
|
|
if (!requiredPermission || typeof requiredPermission !== 'number') {
|
|
throw new Error(
|
|
'canAccessMCPServerResource: requiredPermission is required and must be a number',
|
|
);
|
|
}
|
|
|
|
return canAccessResource({
|
|
resourceType: ResourceType.MCPSERVER,
|
|
requiredPermission,
|
|
resourceIdParam,
|
|
idResolver: resolveMCPServerName,
|
|
});
|
|
};
|
|
|
|
module.exports = {
|
|
canAccessMCPServerResource,
|
|
};
|