LibreChat/api/server/routes
Marco Beretta 84ab681adf
fix: enforce forced retention on message edits, feedback, and error saves
Two more message-write paths bypassed ephemeral enforcement:

- The edit and feedback endpoints call updateMessage directly, without loading
  retention config, so editing an older permanent message after a switch to
  ephemeral left the message and its conversation non-temporary and visible.
  Load config on those routes and run a new applyForcedRetention helper after the
  update, which stamps the message and cascades the conversation/messages.

- The sendError and denyRequest middleware save messages with retention config
  but never call saveConvo, so a validation/model error or denied-request message
  could outlive its conversation. Pass capExpiryToConversation like the other
  message-only paths.

Extract the conversation cascade into a shared cascadeForcedConversationRetention
helper used by both saveMessage and applyForcedRetention.
2026-07-01 19:38:01 +02:00
..
__test-utils__
__tests__ fix: thread retention config through conversation pin route 2026-06-30 04:51:45 +02:00
admin
agents fix: cap agent abort and disconnect partial saves to the parent expiry 2026-06-30 04:54:43 +02:00
assistants
files
types
accessPermissions.js
accessPermissions.sharePolicy.test.js
accessPermissions.test.js
actions.js
apiKeys.js
auth.2fa-ratelimit.test.js 🪣 refactor: Rate-Limit Token Routes and Cap Remote File Downloads (#13978) 2026-06-26 12:19:03 -04:00
auth.cloudfront.test.js 🪣 refactor: Rate-Limit Token Routes and Cap Remote File Downloads (#13978) 2026-06-26 12:19:03 -04:00
auth.js 🪣 refactor: Rate-Limit Token Routes and Cap Remote File Downloads (#13978) 2026-06-26 12:19:03 -04:00
auth.reset-password-ratelimit.test.js 🪣 refactor: Rate-Limit Token Routes and Cap Remote File Downloads (#13978) 2026-06-26 12:19:03 -04:00
balance.js
banner.js
categories.js
config.js
convos.js fix: thread retention config through conversation pin route 2026-06-30 04:51:45 +02:00
endpoints.js ♻️ refactor: Compute Context Gauge Client-Side, Drop Projection Endpoint (#13953) 2026-06-25 15:29:31 -04:00
index.js
keys.js
mcp.js
memories.js
messages.js fix: enforce forced retention on message edits, feedback, and error saves 2026-07-01 19:38:01 +02:00
models.js
oauth.js
oauth.test.js
presets.js
projects.js
prompts.js
prompts.test.js
roles.js
rum.js
search.js
settings.js
share.js 🔄 feat: Continue Shared Conversations as Personal Copies (#13714) 2026-06-24 16:27:01 -04:00
skills.js
skills.tenant.test.js
skills.test.js
static.js
tags.js
user.js 🪣 refactor: Rate-Limit Token Routes and Cap Remote File Downloads (#13978) 2026-06-26 12:19:03 -04:00
user.verify-ratelimit.test.js 🪣 refactor: Rate-Limit Token Routes and Cap Remote File Downloads (#13978) 2026-06-26 12:19:03 -04:00