LibreChat/api/server/middleware
Danny Avila 8dc6d60750
🛡️ fix: Enforce MULTI_CONVO and agent ACL checks on addedConvo (#12243)
* 🛡️ fix: Enforce MULTI_CONVO and agent ACL checks on addedConvo

addedConvo.agent_id was passed through to loadAddedAgent without any
permission check, enabling an authenticated user to load and execute
another user's private agent via the parallel multi-convo feature.

The middleware now chains a checkAddedConvoAccess gate after the primary
agent check: when req.body.addedConvo is present it verifies the user
has MULTI_CONVO:USE role permission, and when the addedConvo agent_id is
a real (non-ephemeral) agent it runs the same canAccessResource ACL
check used for the primary agent.

* refactor: Harden addedConvo middleware and avoid duplicate agent fetch

- Convert checkAddedConvoAccess to curried factory matching Express
  middleware signature: (requiredPermission) => (req, res, next)
- Call checkPermission directly for the addedConvo agent instead of
  routing through canAccessResource's tempReq pattern; this avoids
  orphaning the resolved agent document and enables caching it on
  req.resolvedAddedAgent for downstream loadAddedAgent
- Update loadAddedAgent to use req.resolvedAddedAgent when available,
  eliminating a duplicate getAgent DB call per chat request
- Validate addedConvo is a plain object and agent_id is a string
  before passing to isEphemeralAgentId (prevents TypeError on object
  injection, returns 400-equivalent early exit instead of 500)
- Fix JSDoc: "VIEW access" → "same permission as primary agent",
  add @param/@returns to helpers, restore @example on factory
- Fix redundant return await in resolveAgentIdFromBody

* test: Add canAccessAgentFromBody spec covering IDOR fix

26 integration tests using MongoMemoryServer with real models, ACL
entries, and PermissionService — no mocks for core logic.

Covered paths:
- Factory validation (requiredPermission type check)
- Primary agent: missing agent_id, ephemeral, non-agents endpoint
- addedConvo absent / invalid shape (string, array, object injection)
- MULTI_CONVO:USE gate: denied, missing role, ADMIN bypass
- Agent resource ACL: no ACL → 403, insufficient bits → 403,
  nonexistent agent → 404, valid ACL → next + cached on req
- End-to-end: both real agents, primary denied short-circuits,
  ephemeral primary + real addedConvo
2026-03-15 17:12:45 -04:00
..
accessResources 🛡️ fix: Enforce MULTI_CONVO and agent ACL checks on addedConvo (#12243) 2026-03-15 17:12:45 -04:00
assistants
config
limiters 🚦 fix: Add Rate Limiting to Conversation Duplicate Endpoint (#12218) 2026-03-13 23:40:44 -04:00
roles 🔧 refactor: Permission handling for Resource Sharing (#11283) 2026-01-10 14:02:56 -05:00
spec
validate ✍️ fix: Validation for Conversation Title Updates (#11099) 2025-12-25 12:59:48 -05:00
abortMiddleware.js 🧮 refactor: Bulk Transactions & Balance Updates for Token Spending (#11996) 2026-03-01 12:26:36 -05:00
abortMiddleware.spec.js 🧮 refactor: Bulk Transactions & Balance Updates for Token Spending (#11996) 2026-03-01 12:26:36 -05:00
abortRun.js 📦 chore: Bump Express.js to v5 (#10671) 2025-12-11 16:36:15 -05:00
buildEndpointOption.js 🎭 feat: Override Custom Endpoint Schema with Specified Params Endpoint (#11788) 2026-02-13 23:04:51 -05:00
buildEndpointOption.spec.js 🎭 feat: Override Custom Endpoint Schema with Specified Params Endpoint (#11788) 2026-02-13 23:04:51 -05:00
canDeleteAccount.js
checkBan.js 🪦 refactor: Remove Legacy Code (#10533) 2025-12-11 16:36:12 -05:00
checkDomainAllowed.js
checkInviteUser.js
checkPeoplePickerAccess.js
checkPeoplePickerAccess.spec.js
checkSharePublicAccess.js 🛸 feat: Remote Agent Access with External API Support (#11503) 2026-01-28 17:44:33 -05:00
checkSharePublicAccess.spec.js 🔧 refactor: Permission handling for Resource Sharing (#11283) 2026-01-10 14:02:56 -05:00
denyRequest.js
error.js 📦 refactor: Request Message Sanitization for Smaller Final Response (#10792) 2025-12-03 14:26:49 -05:00
index.js 🚦 refactor: Concurrent Request Limiter for Resumable Streams (#11167) 2026-01-01 11:10:56 -05:00
logHeaders.js
moderateText.js
noIndex.js
optionalJwtAuth.js
requireJwtAuth.js 🛡️ fix: Secure MCP/Actions OAuth Flows, Resolve Race Condition & Tool Cache Cleanup (#11756) 2026-02-12 14:22:05 -05:00
requireLdapAuth.js
requireLocalAuth.js
setHeaders.js
uaParser.js
validateImageRequest.js 🍪 refactor: Move OpenID Tokens from Cookies to Server-Side Sessions (#11236) 2026-01-06 15:22:10 -05:00
validateMessageReq.js
validateModel.js
validatePasswordReset.js
validateRegistration.js