mirror of
https://github.com/danny-avila/LibreChat.git
synced 2026-05-14 08:27:49 +00:00
6b5596ec36
* fix: refresh CloudFront media cookies * fix: satisfy changed-file lint * fix: centralize CloudFront image retry * fix: honor base path for CloudFront refresh * fix: bypass auth refresh for CloudFront cookie retry * fix: pass app auth header to CloudFront retry * test: cover CloudFront refresh with OpenID reuse * fix: avoid duplicate CloudFront refresh retries * fix: clear CloudFront scope cookie with matching flags
97 lines
3.1 KiB
JavaScript
97 lines
3.1 KiB
JavaScript
const express = require('express');
|
|
const { createSetBalanceConfig, forceRefreshCloudFrontAuthCookies } = require('@librechat/api');
|
|
const {
|
|
resetPasswordRequestController,
|
|
resetPasswordController,
|
|
registrationController,
|
|
graphTokenController,
|
|
refreshController,
|
|
} = require('~/server/controllers/AuthController');
|
|
const {
|
|
regenerateBackupCodes,
|
|
disable2FA,
|
|
confirm2FA,
|
|
enable2FA,
|
|
verify2FA,
|
|
} = require('~/server/controllers/TwoFactorController');
|
|
const { verify2FAWithTempToken } = require('~/server/controllers/auth/TwoFactorAuthController');
|
|
const { logoutController } = require('~/server/controllers/auth/LogoutController');
|
|
const { loginController } = require('~/server/controllers/auth/LoginController');
|
|
const { findBalanceByUser, upsertBalanceFields } = require('~/models');
|
|
const { getAppConfig } = require('~/server/services/Config');
|
|
const middleware = require('~/server/middleware');
|
|
|
|
const setBalanceConfig = createSetBalanceConfig({
|
|
getAppConfig,
|
|
findBalanceByUser,
|
|
upsertBalanceFields,
|
|
});
|
|
|
|
const router = express.Router();
|
|
const getCloudFrontAuthCookieRefreshResult = (req, res) => {
|
|
const warmedResult = req.cloudFrontAuthCookieRefreshResult;
|
|
if (warmedResult && (warmedResult.attempted || !warmedResult.enabled)) {
|
|
return warmedResult;
|
|
}
|
|
|
|
return forceRefreshCloudFrontAuthCookies(req, res, req.user);
|
|
};
|
|
|
|
const ldapAuth = !!process.env.LDAP_URL && !!process.env.LDAP_USER_SEARCH_BASE;
|
|
//Local
|
|
router.post('/logout', middleware.requireJwtAuth, logoutController);
|
|
router.post(
|
|
'/login',
|
|
middleware.logHeaders,
|
|
middleware.loginLimiter,
|
|
middleware.checkBan,
|
|
ldapAuth ? middleware.requireLdapAuth : middleware.requireLocalAuth,
|
|
setBalanceConfig,
|
|
loginController,
|
|
);
|
|
router.post('/refresh', refreshController);
|
|
router.post('/cloudfront/refresh', middleware.requireJwtAuth, (req, res) => {
|
|
const result = getCloudFrontAuthCookieRefreshResult(req, res);
|
|
if (!result.enabled) {
|
|
return res.sendStatus(404);
|
|
}
|
|
|
|
const status = result.refreshed ? 200 : 500;
|
|
return res.status(status).json({
|
|
ok: result.refreshed,
|
|
expiresInSec: result.expiresInSec,
|
|
refreshAfterSec: result.refreshAfterSec,
|
|
});
|
|
});
|
|
router.post(
|
|
'/register',
|
|
middleware.registerLimiter,
|
|
middleware.checkBan,
|
|
middleware.checkInviteUser,
|
|
middleware.validateRegistration,
|
|
registrationController,
|
|
);
|
|
router.post(
|
|
'/requestPasswordReset',
|
|
middleware.resetPasswordLimiter,
|
|
middleware.checkBan,
|
|
middleware.validatePasswordReset,
|
|
resetPasswordRequestController,
|
|
);
|
|
router.post(
|
|
'/resetPassword',
|
|
middleware.checkBan,
|
|
middleware.validatePasswordReset,
|
|
resetPasswordController,
|
|
);
|
|
|
|
router.post('/2fa/enable', middleware.requireJwtAuth, enable2FA);
|
|
router.post('/2fa/verify', middleware.requireJwtAuth, verify2FA);
|
|
router.post('/2fa/verify-temp', middleware.checkBan, verify2FAWithTempToken);
|
|
router.post('/2fa/confirm', middleware.requireJwtAuth, confirm2FA);
|
|
router.post('/2fa/disable', middleware.requireJwtAuth, disable2FA);
|
|
router.post('/2fa/backup/regenerate', middleware.requireJwtAuth, regenerateBackupCodes);
|
|
|
|
router.get('/graph-token', middleware.requireJwtAuth, graphTokenController);
|
|
|
|
module.exports = router;
|