CERBERUS/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2026-06-26 09:21:33 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
LibreChat/api/server/routes/auth.js
Danny Avila 5011be4d38
🚦 fix: Guard Auth Continuation with Dedicated Limiter (#13555) 
* fix: refine auth continuation handling

* test: align auth route mock setup

* fix: separate auth continuation throttling

* test: format auth route mock

* fix: preserve continuation limiter context

* fix: hydrate continuation user before bans
2026-06-06 14:21:28 -04:00

103 lines
3.2 KiB
JavaScript
Raw Blame History

const express = require('express');
const { createSetBalanceConfig, forceRefreshCloudFrontAuthCookies } = require('@librechat/api');
const {
resetPasswordRequestController,
resetPasswordController,
registrationController,
graphTokenController,
refreshController,
} = require('~/server/controllers/AuthController');
const {
regenerateBackupCodes,
disable2FA,
confirm2FA,
enable2FA,
verify2FA,
} = require('~/server/controllers/TwoFactorController');
const { verify2FAWithTempToken } = require('~/server/controllers/auth/TwoFactorAuthController');
const { logoutController } = require('~/server/controllers/auth/LogoutController');
const { loginController } = require('~/server/controllers/auth/LoginController');
const { findBalanceByUser, upsertBalanceFields } = require('~/models');
const { getAppConfig } = require('~/server/services/Config');
const middleware = require('~/server/middleware');
const setBalanceConfig = createSetBalanceConfig({
getAppConfig,
findBalanceByUser,
upsertBalanceFields,
});
const router = express.Router();
const getCloudFrontAuthCookieRefreshResult = (req, res) => {
const warmedResult = req.cloudFrontAuthCookieRefreshResult;
if (warmedResult && (warmedResult.attempted || !warmedResult.enabled)) {
return warmedResult;
}
return forceRefreshCloudFrontAuthCookies(req, res, req.user);
};
const ldapAuth = !!process.env.LDAP_URL && !!process.env.LDAP_USER_SEARCH_BASE;
//Local
router.post('/logout', middleware.requireJwtAuth, logoutController);
router.post(
'/login',
middleware.logHeaders,
middleware.loginLimiter,
middleware.checkBan,
ldapAuth ? middleware.requireLdapAuth : middleware.requireLocalAuth,
setBalanceConfig,
loginController,
);
router.post('/refresh', refreshController);
router.post('/cloudfront/refresh', middleware.requireJwtAuth, (req, res) => {
const result = getCloudFrontAuthCookieRefreshResult(req, res);
if (!result.enabled) {
return res.sendStatus(404);
}
const status = result.refreshed ? 200 : 500;
return res.status(status).json({
ok: result.refreshed,
expiresInSec: result.expiresInSec,
refreshAfterSec: result.refreshAfterSec,
});
});
router.post(
'/register',
middleware.registerLimiter,
middleware.checkBan,
middleware.checkInviteUser,
middleware.validateRegistration,
registrationController,
);
router.post(
'/requestPasswordReset',
middleware.resetPasswordLimiter,
middleware.checkBan,
middleware.validatePasswordReset,
resetPasswordRequestController,
);
router.post(
'/resetPassword',
middleware.checkBan,
middleware.validatePasswordReset,
resetPasswordController,
);
router.post('/2fa/enable', middleware.requireJwtAuth, enable2FA);
router.post('/2fa/verify', middleware.requireJwtAuth, verify2FA);
router.post(
'/2fa/verify-temp',
middleware.setTwoFactorTempUser,
middleware.twoFactorTempLimiter,
middleware.checkBan,
verify2FAWithTempToken,
);
router.post('/2fa/confirm', middleware.requireJwtAuth, confirm2FA);
router.post('/2fa/disable', middleware.requireJwtAuth, disable2FA);
router.post('/2fa/backup/regenerate', middleware.requireJwtAuth, regenerateBackupCodes);
router.get('/graph-token', middleware.requireJwtAuth, graphTokenController);
module.exports = router;
Reference in a new issue View git blame Copy permalink