mirror of
https://github.com/danny-avila/LibreChat.git
synced 2026-07-04 05:13:52 +00:00
Two more message-write paths bypassed ephemeral enforcement: - The edit and feedback endpoints call updateMessage directly, without loading retention config, so editing an older permanent message after a switch to ephemeral left the message and its conversation non-temporary and visible. Load config on those routes and run a new applyForcedRetention helper after the update, which stamps the message and cascades the conversation/messages. - The sendError and denyRequest middleware save messages with retention config but never call saveConvo, so a validation/model error or denied-request message could outlive its conversation. Pass capExpiryToConversation like the other message-only paths. Extract the conversation cascade into a shared cascadeForcedConversationRetention helper used by both saveMessage and applyForcedRetention. |
||
|---|---|---|
| .. | ||
| __test-utils__ | ||
| __tests__ | ||
| admin | ||
| agents | ||
| assistants | ||
| files | ||
| types | ||
| accessPermissions.js | ||
| accessPermissions.sharePolicy.test.js | ||
| accessPermissions.test.js | ||
| actions.js | ||
| apiKeys.js | ||
| auth.2fa-ratelimit.test.js | ||
| auth.cloudfront.test.js | ||
| auth.js | ||
| auth.reset-password-ratelimit.test.js | ||
| balance.js | ||
| banner.js | ||
| categories.js | ||
| config.js | ||
| convos.js | ||
| endpoints.js | ||
| index.js | ||
| keys.js | ||
| mcp.js | ||
| memories.js | ||
| messages.js | ||
| models.js | ||
| oauth.js | ||
| oauth.test.js | ||
| presets.js | ||
| projects.js | ||
| prompts.js | ||
| prompts.test.js | ||
| roles.js | ||
| rum.js | ||
| search.js | ||
| settings.js | ||
| share.js | ||
| skills.js | ||
| skills.tenant.test.js | ||
| skills.test.js | ||
| static.js | ||
| tags.js | ||
| user.js | ||
| user.verify-ratelimit.test.js | ||