The Passport local strategy validation error logged the entire request
body (including the password) into error logs. Replace it with the
email only, matching the metadata shape used by sibling log calls in
the same function.
* chore: move database model methods to /packages/data-schemas
* chore: add TypeScript ESLint rule to warn on unused variables
* refactor: model imports to streamline access
- Consolidated model imports across various files to improve code organization and reduce redundancy.
- Updated imports for models such as Assistant, Message, Conversation, and others to a unified import path.
- Adjusted middleware and service files to reflect the new import structure, ensuring functionality remains intact.
- Enhanced test files to align with the new import paths, maintaining test coverage and integrity.
* chore: migrate database models to packages/data-schemas and refactor all direct Mongoose Model usage outside of data-schemas
* test: update agent model mocks in unit tests
- Added `getAgent` mock to `client.test.js` to enhance test coverage for agent-related functionality.
- Removed redundant `getAgent` and `getAgents` mocks from `openai.spec.js` and `responses.unit.spec.js` to streamline test setup and reduce duplication.
- Ensured consistency in agent mock implementations across test files.
* fix: update types in data-schemas
* refactor: enhance type definitions in transaction and spending methods
- Updated type definitions in `checkBalance.ts` to use specific request and response types.
- Refined `spendTokens.ts` to utilize a new `SpendTxData` interface for better clarity and type safety.
- Improved transaction handling in `transaction.ts` by introducing `TransactionResult` and `TxData` interfaces, ensuring consistent data structures across methods.
- Adjusted unit tests in `transaction.spec.ts` to accommodate new type definitions and enhance robustness.
* refactor: streamline model imports and enhance code organization
- Consolidated model imports across various controllers and services to a unified import path, improving code clarity and reducing redundancy.
- Updated multiple files to reflect the new import structure, ensuring all functionalities remain intact.
- Enhanced overall code organization by removing duplicate import statements and optimizing the usage of model methods.
* feat: implement loadAddedAgent and refactor agent loading logic
- Introduced `loadAddedAgent` function to handle loading agents from added conversations, supporting multi-convo parallel execution.
- Created a new `load.ts` file to encapsulate agent loading functionalities, including `loadEphemeralAgent` and `loadAgent`.
- Updated the `index.ts` file to export the new `load` module instead of the deprecated `loadAgent`.
- Enhanced type definitions and improved error handling in the agent loading process.
- Adjusted unit tests to reflect changes in the agent loading structure and ensure comprehensive coverage.
* refactor: enhance balance handling with new update interface
- Introduced `IBalanceUpdate` interface to streamline balance update operations across the codebase.
- Updated `upsertBalanceFields` method signatures in `balance.ts`, `transaction.ts`, and related tests to utilize the new interface for improved type safety.
- Adjusted type imports in `balance.spec.ts` to include `IBalanceUpdate`, ensuring consistency in balance management functionalities.
- Enhanced overall code clarity and maintainability by refining type definitions related to balance operations.
* feat: add unit tests for loadAgent functionality and enhance agent loading logic
- Introduced comprehensive unit tests for the `loadAgent` function, covering various scenarios including null and empty agent IDs, loading of ephemeral agents, and permission checks.
- Enhanced the `initializeClient` function by moving `getConvoFiles` to the correct position in the database method exports, ensuring proper functionality.
- Improved test coverage for agent loading, including handling of non-existent agents and user permissions.
* chore: reorder memory method exports for consistency
- Moved `deleteAllUserMemories` to the correct position in the exported memory methods, ensuring a consistent and logical order of method exports in `memory.ts`.
* WIP: app.locals refactoring
WIP: appConfig
fix: update memory configuration retrieval to use getAppConfig based on user role
fix: update comment for AppConfig interface to clarify purpose
🏷️ refactor: Update tests to use getAppConfig for endpoint configurations
ci: Update AppService tests to initialize app config instead of app.locals
ci: Integrate getAppConfig into remaining tests
refactor: Update multer storage destination to use promise-based getAppConfig and improve error handling in tests
refactor: Rename initializeAppConfig to setAppConfig and update related tests
ci: Mock getAppConfig in various tests to provide default configurations
refactor: Update convertMCPToolsToPlugins to use mcpManager for server configuration and adjust related tests
chore: rename `Config/getAppConfig` -> `Config/app`
fix: streamline OpenAI image tools configuration by removing direct appConfig dependency and using function parameters
chore: correct parameter documentation for imageOutputType in ToolService.js
refactor: remove `getCustomConfig` dependency in config route
refactor: update domain validation to use appConfig for allowed domains
refactor: use appConfig registration property
chore: remove app parameter from AppService invocation
refactor: update AppConfig interface to correct registration and turnstile configurations
refactor: remove getCustomConfig dependency and use getAppConfig in PluginController, multer, and MCP services
refactor: replace getCustomConfig with getAppConfig in STTService, TTSService, and related files
refactor: replace getCustomConfig with getAppConfig in Conversation and Message models, update tempChatRetention functions to use AppConfig type
refactor: update getAppConfig calls in Conversation and Message models to include user role for temporary chat expiration
ci: update related tests
refactor: update getAppConfig call in getCustomConfigSpeech to include user role
fix: update appConfig usage to access allowedDomains from actions instead of registration
refactor: enhance AppConfig to include fileStrategies and update related file strategy logic
refactor: update imports to use normalizeEndpointName from @librechat/api and remove redundant definitions
chore: remove deprecated unused RunManager
refactor: get balance config primarily from appConfig
refactor: remove customConfig dependency for appConfig and streamline loadConfigModels logic
refactor: remove getCustomConfig usage and use app config in file citations
refactor: consolidate endpoint loading logic into loadEndpoints function
refactor: update appConfig access to use endpoints structure across various services
refactor: implement custom endpoints configuration and streamline endpoint loading logic
refactor: update getAppConfig call to include user role parameter
refactor: streamline endpoint configuration and enhance appConfig usage across services
refactor: replace getMCPAuthMap with getUserMCPAuthMap and remove unused getCustomConfig file
refactor: add type annotation for loadedEndpoints in loadEndpoints function
refactor: move /services/Files/images/parse to TS API
chore: add missing FILE_CITATIONS permission to IRole interface
refactor: restructure toolkits to TS API
refactor: separate manifest logic into its own module
refactor: consolidate tool loading logic into a new tools module for startup logic
refactor: move interface config logic to TS API
refactor: migrate checkEmailConfig to TypeScript and update imports
refactor: add FunctionTool interface and availableTools to AppConfig
refactor: decouple caching and DB operations from AppService, make part of consolidated `getAppConfig`
WIP: fix tests
* fix: rebase conflicts
* refactor: remove app.locals references
* refactor: replace getBalanceConfig with getAppConfig in various strategies and middleware
* refactor: replace appConfig?.balance with getBalanceConfig in various controllers and clients
* test: add balance configuration to titleConvo method in AgentClient tests
* chore: remove unused `openai-chat-tokens` package
* chore: remove unused imports in initializeMCPs.js
* refactor: update balance configuration to use getAppConfig instead of getBalanceConfig
* refactor: integrate configMiddleware for centralized configuration handling
* refactor: optimize email domain validation by removing unnecessary async calls
* refactor: simplify multer storage configuration by removing async calls
* refactor: reorder imports for better readability in user.js
* refactor: replace getAppConfig calls with req.config for improved performance
* chore: replace getAppConfig calls with req.config in tests for centralized configuration handling
* chore: remove unused override config
* refactor: add configMiddleware to endpoint route and replace getAppConfig with req.config
* chore: remove customConfig parameter from TTSService constructor
* refactor: pass appConfig from request to processFileCitations for improved configuration handling
* refactor: remove configMiddleware from endpoint route and retrieve appConfig directly in getEndpointsConfig if not in `req.config`
* test: add mockAppConfig to processFileCitations tests for improved configuration handling
* fix: pass req.config to hasCustomUserVars and call without await after synchronous refactor
* fix: type safety in useExportConversation
* refactor: retrieve appConfig using getAppConfig in PluginController and remove configMiddleware from plugins route, to avoid always retrieving when plugins are cached
* chore: change `MongoUser` typedef to `IUser`
* fix: Add `user` and `config` fields to ServerRequest and update JSDoc type annotations from Express.Request to ServerRequest
* fix: remove unused setAppConfig mock from Server configuration tests
* refactor: `packages/api` build scripts for better inline debugging
* refactor: Explicitly select secure fields as no longer returned by default, exclude backupCodes from user data retrieval in authentication and 2FA processes
* refactor: Backup Codes UI to not expect backup codes, only regeneration
* refactor: Ensure secure fields are deleted from user data in getUserController
* fix: add undefined password check in local user authentication
* fix: edge case - issue deleting user when no conversations in deleteUserController
* feat: Integrate Mailgun API for email sending functionality
* fix: undefined SESSION_EXPIRY handling and add tests
* fix: update import path for isEnabled utility in azureUtils.js to resolve circular dep.
* refactor: move model definitions and database-related methods to packages/data-schemas
* ci: update tests due to new DB structure
fix: disable mocking `librechat-data-provider`
feat: Add schema exports to data-schemas package
- Introduced a new schema module that exports various schemas including action, agent, and user schemas.
- Updated index.ts to include the new schema exports for better modularity and organization.
ci: fix appleStrategy tests
fix: Agent.spec.js
ci: refactor handleTools tests to use MongoMemoryServer for in-memory database
fix: getLogStores imports
ci: update banViolation tests to use MongoMemoryServer and improve session mocking
test: refactor samlStrategy tests to improve mock configurations and user handling
ci: fix crypto mock in handleText tests for improved accuracy
ci: refactor spendTokens tests to improve model imports and setup
ci: refactor Message model tests to use MongoMemoryServer and improve database interactions
* refactor: streamline IMessage interface and move feedback properties to types/message.ts
* refactor: use exported initializeRoles from `data-schemas`, remove api workspace version (this serves as an example of future migrations that still need to happen)
* refactor: update model imports to use destructuring from `~/db/models` for consistency and clarity
* refactor: remove unused mongoose imports from model files for cleaner code
* refactor: remove unused mongoose imports from Share, Prompt, and Transaction model files for cleaner code
* refactor: remove unused import in Transaction model for cleaner code
* ci: update deploy workflow to reference new Docker Dev Branch Images Build and add new workflow for building Docker images on dev branch
* chore: cleanup imports
* feat: verification email
* chore: email verification invalid; localize: update
* fix: redirect to login when signup: fix: save emailVerified correctly
* docs: update ALLOW_UNVERIFIED_EMAIL_LOGIN; fix: don't accept login only when ALLOW_UNVERIFIED_EMAIL_LOGIN = true
* fix: user needs to be authenticated
* style: update
* fix: registration success message and redirect logic
* refactor: use `isEnabled` in ALLOW_UNVERIFIED_EMAIL_LOGIN
* refactor: move checkEmailConfig to server/utils
* refactor: use req as param for verifyEmail function
* chore: jsdoc
* chore: remove console log
* refactor: rename `createNewUser` to `createSocialUser`
* refactor: update typing and add expiresAt field to userSchema
* refactor: begin use of user methods over direct model access for User
* refactor: initial email verification rewrite
* chore: typing
* refactor: registration flow rewrite
* chore: remove help center text
* refactor: update getUser to getUserById and add findUser methods. general fixes from recent changes
* refactor: Update updateUser method to remove expiresAt field and use $set and $unset operations, createUser now returns Id only
* refactor: Update openidStrategy to use optional chaining for avatar check, move saveBuffer init to buffer condition
* refactor: logout on deleteUser mutatation
* refactor: Update openidStrategy login success message format
* refactor: Add emailVerified field to Discord and Facebook profile details
* refactor: move limiters to separate middleware dir
* refactor: Add limiters for email verification and password reset
* refactor: Remove getUserController and update routes and controllers accordingly
* refactor: Update getUserById method to exclude password and version fields
* refactor: move verification to user route, add resend verification option
* refactor: Improve email verification process and resend option
* refactor: remove more direct model access of User and remove unused code
* refactor: replace user authentication methods and token generation
* fix: add user.id to jwt user
* refactor: Update AuthContext to include setError function, add resend link to Login Form, make registration redirect shorter
* fix(updateUserPluginsService): ensure userPlugins variable is defined
* refactor: Delete all shared links for a specific user
* fix: remove use of direct User.save() in handleExistingUser
* fix(importLibreChatConvo): handle missing createdAt field in messages
---------
Co-authored-by: Danny Avila <danny@librechat.ai>
* wip: first pass for azure endpoint schema
* refactor: azure config to return groupMap and modelConfigMap
* wip: naming and schema changes
* refactor(errorsToString): move to data-provider
* feat: rename to azureGroups, add additional tests, tests all expected outcomes, return errors
* feat(AppService): load Azure groups
* refactor(azure): use imported types, write `mapModelToAzureConfig`
* refactor: move `extractEnvVariable` to data-provider
* refactor(validateAzureGroups): throw on duplicate groups or models; feat(mapModelToAzureConfig): throw if env vars not present, add tests
* refactor(AppService): ensure each model is properly configured on startup
* refactor: deprecate azureOpenAI environment variables in favor of librechat.yaml config
* feat: use helper functions to handle and order enabled/default endpoints; initialize azureOpenAI from config file
* refactor: redefine types as well as load azureOpenAI models from config file
* chore(ci): fix test description naming
* feat(azureOpenAI): use validated model grouping for request authentication
* chore: bump data-provider following rebase
* chore: bump config file version noting significant changes
* feat: add title options and switch azure configs for titling and vision requests
* feat: enable azure plugins from config file
* fix(ci): pass tests
* chore(.env.example): mark `PLUGINS_USE_AZURE` as deprecated
* fix(fetchModels): early return if apiKey not passed
* chore: fix azure config typing
* refactor(mapModelToAzureConfig): return baseURL and headers as well as azureOptions
* feat(createLLM): use `azureOpenAIBasePath`
* feat(parsers): resolveHeaders
* refactor(extractBaseURL): handle invalid input
* feat(OpenAIClient): handle headers and baseURL for azureConfig
* fix(ci): pass `OpenAIClient` tests
* chore: extract env var for azureOpenAI group config, baseURL
* docs: azureOpenAI config setup docs
* feat: safe check of potential conflicting env vars that map to unique placeholders
* fix: reset apiKey when model switches from originally requested model (vision or title)
* chore: linting
* docs: CONFIG_PATH notes in custom_config.md
* chore: cleanup client depend 🧹
* chore: replace joi with zod and remove unused user validator
* chore: move dep from root to api, cleanup other unused api deps
* chore: remove unused dev dep
* chore: update bun lockfile
* fix: bun scripts
* chore: add bun flag to update script
* chore: remove legacy webpack + babel dev deps
* chore: add back dev deps needed for frontend unit testing
* fix(validators): make schemas as expected and more robust with a full test suite of edge cases
* chore: remove axios from root package, remove path from api, update bun
* build/refactor: move lint/prettier packages to project root, install husky, add pre-commit hook
* refactor: reformat files
* build: put full eslintrc back with all rules
* server-side JWT auth implementation
* move oauth routes and strategies, fix bugs
* backend modifications for wiring up the frontend login and reg forms
* Add frontend data services for login and registration
* Add login and registration forms
* Implment auth context, functional client side auth
* protect routes with jwt auth
* finish local strategy (using local storage)
* Start setting up google auth
* disable token refresh, remove old auth middleware
* refactor client, add ApiErrorBoundary context
* disable google and facebook strategies
* fix: fix presets not displaying specific to user
* fix: fix issue with browser refresh
* fix: casing issue with User.js (#11)
* delete user.js to be renamed
* fix: fix casing issue with User.js
* comment out api error watcher temporarily
* fix: issue with api error watcher (#12)
* delete user.js to be renamed
* fix: fix casing issue with User.js
* comment out api error watcher temporarily
* feat: add google auth social login
* fix: make google login url dynamic based on dev/prod
* fix: bug where UI is briefly displayed before redirecting to login
* fix: fix cookie expires value for local auth
* Update README.md
* Update LOCAL_INSTALL structure
* Add local testing instructions
* Only load google strategy if client id and secret are provided
* Update .env.example files with new params
* fix issue with not redirecting to register form
* only show google login button if value is set in .env
* cleanup log messages
* Add label to button for google login on login form
* doc: fix client/server url values in .env.example
* feat: add error message details to registration failure
* Restore preventing paste on confirm password
* auto-login user after registering
* feat: forgot password (#24)
* make login/reg pages look like openai's
* add password reset data services
* new form designs similar to openai, add password reset pages
* add api's for password reset
* email utils for password reset
* remove bcrypt salt rounds from process.env
* refactor: restructure api auth code, consolidate routes (#25)
* add api's for password reset
* remove bcrypt salt rounds from process.env
* refactor: consolidate auth routes, use controller pattern
* refactor: code cleanup
* feat: migrate data to first user (#26)
* refactor: use /api for auth routes
* fix: use user id instead of username
* feat: migrate data to first user on register
* fix: fix social login routes after refactor (#27)
* refactor: use /api for auth routes
* fix: use user id instead of username
* feat: migrate data to first user on register
* fix: fix social login routes
* fix: issue with auto-login when logging out then logging in with new browser window (#28)
* refactor: use /api for auth routes
* fix: use user id instead of username
* feat: migrate data to first user on register
* fix: fix social login routes
* fix: fix issue with auto-login in new tab
* doc: Update README and .env.example files with user system information (#29)
* refactor: use /api for auth routes
* fix: use user id instead of username
* feat: migrate data to first user on register
* fix: fix social login routes
* fix: fix issue with auto-login in new tab
* doc: update README and .env.example files
* Fixup: LOCAL_INSTALL.md PS instructions (#200) (#30)
Co-authored-by: alfredo-f <alfredo.fomitchenko@mail.polimi.it>
* feat: send user with completion to protect against abuse (#31)
* Fixup: LOCAL_INSTALL.md PS instructions (#200)
* server-side JWT auth implementation
* move oauth routes and strategies, fix bugs
* backend modifications for wiring up the frontend login and reg forms
* Add frontend data services for login and registration
* Add login and registration forms
* Implment auth context, functional client side auth
* protect routes with jwt auth
* finish local strategy (using local storage)
* Start setting up google auth
* disable token refresh, remove old auth middleware
* refactor client, add ApiErrorBoundary context
* disable google and facebook strategies
* fix: fix presets not displaying specific to user
* fix: fix issue with browser refresh
* fix: casing issue with User.js (#11)
* delete user.js to be renamed
* fix: fix casing issue with User.js
* comment out api error watcher temporarily
* feat: add google auth social login
* fix: make google login url dynamic based on dev/prod
* fix: bug where UI is briefly displayed before redirecting to login
* fix: fix cookie expires value for local auth
* Only load google strategy if client id and secret are provided
* Update .env.example files with new params
* fix issue with not redirecting to register form
* only show google login button if value is set in .env
* cleanup log messages
* Add label to button for google login on login form
* doc: fix client/server url values in .env.example
* feat: add error message details to registration failure
* Restore preventing paste on confirm password
* auto-login user after registering
* feat: forgot password (#24)
* make login/reg pages look like openai's
* add password reset data services
* new form designs similar to openai, add password reset pages
* add api's for password reset
* email utils for password reset
* remove bcrypt salt rounds from process.env
* refactor: restructure api auth code, consolidate routes (#25)
* add api's for password reset
* remove bcrypt salt rounds from process.env
* refactor: consolidate auth routes, use controller pattern
* refactor: code cleanup
* feat: migrate data to first user (#26)
* refactor: use /api for auth routes
* fix: use user id instead of username
* feat: migrate data to first user on register
* fix: fix social login routes after refactor (#27)
* refactor: use /api for auth routes
* fix: use user id instead of username
* feat: migrate data to first user on register
* fix: fix social login routes
* fix: issue with auto-login when logging out then logging in with new browser window (#28)
* refactor: use /api for auth routes
* fix: use user id instead of username
* feat: migrate data to first user on register
* fix: fix social login routes
* fix: fix issue with auto-login in new tab
* doc: Update README and .env.example files with user system information (#29)
* refactor: use /api for auth routes
* fix: use user id instead of username
* feat: migrate data to first user on register
* fix: fix social login routes
* fix: fix issue with auto-login in new tab
* doc: update README and .env.example files
* Send user id to openai to protect against abuse
* add meilisearch to gitignore
* Remove webpack
---------
Co-authored-by: alfredo-f <alfredo.fomitchenko@mail.polimi.it>
---------
Co-authored-by: Danny Avila <110412045+danny-avila@users.noreply.github.com>
Co-authored-by: Alfredo Fomitchenko <alfredo.fomitchenko@mail.polimi.it>