LibreChat/api/server/middleware/accessResources/canAccessSkillResource.js
Danny Avila 2c8d54e18c
Some checks are pending
Docker Dev Branch Images Build / build (Dockerfile, lc-dev, node) (push) Waiting to run
Docker Dev Branch Images Build / build (Dockerfile.multi, lc-dev-api, api-build) (push) Waiting to run
GitNexus Index / index (push) Waiting to run
GitNexus Index / post-index (push) Blocked by required conditions
🗂️ feat: Add Deployment Skill Directory (#13523)
* feat: Add deployment skill directory

* chore: Address deployment skill review feedback

* fix: Include deployment skill file metadata

* test: Add deployment skills e2e smoke test
2026-06-05 10:24:28 -04:00

56 lines
1.9 KiB
JavaScript

const { ResourceType, PermissionBits } = require('librechat-data-provider');
const { canAccessResource } = require('./canAccessResource');
const { getSkillById } = require('~/models');
const { getDeploymentSkillById } = require('@librechat/api');
/**
* Skill-specific middleware factory that checks skill access permissions.
* Wraps the generic `canAccessResource` with the SKILL resource type and
* `getSkillById` as the ID resolver.
*
* @param {Object} options
* @param {number} options.requiredPermission - Permission bit required (1=view, 2=edit, 4=delete, 8=share)
* @param {string} [options.resourceIdParam='id'] - Route parameter name holding the skill id
* @returns {Function} Express middleware
*/
const canAccessSkillResource = (options) => {
const { requiredPermission, resourceIdParam = 'id' } = options || {};
if (!requiredPermission || typeof requiredPermission !== 'number') {
throw new Error('canAccessSkillResource: requiredPermission is required and must be a number');
}
const aclMiddleware = canAccessResource({
resourceType: ResourceType.SKILL,
requiredPermission,
resourceIdParam,
idResolver: getSkillById,
});
return (req, res, next) => {
const rawResourceId = req.params[resourceIdParam];
const deploymentSkill = rawResourceId ? getDeploymentSkillById(rawResourceId) : null;
if (!deploymentSkill) {
return aclMiddleware(req, res, next);
}
if (requiredPermission !== PermissionBits.VIEW) {
return res.status(403).json({
error: 'Forbidden',
message: 'Deployment skills are read-only',
});
}
req.resourceAccess = {
resourceType: ResourceType.SKILL,
resourceId: deploymentSkill._id,
customResourceId: rawResourceId,
permission: requiredPermission,
userId: req.user?.id,
resourceInfo: deploymentSkill,
};
return next();
};
};
module.exports = {
canAccessSkillResource,
};