mirror of
https://github.com/danny-avila/LibreChat.git
synced 2026-07-04 05:13:52 +00:00
Some checks are pending
Docker Dev Branch Images Build / build (Dockerfile, lc-dev, node) (push) Waiting to run
Docker Dev Branch Images Build / build (Dockerfile.multi, lc-dev-api, api-build) (push) Waiting to run
GitNexus Index / index (push) Waiting to run
GitNexus Index / post-index (push) Blocked by required conditions
* 🔗 feat: Snapshot Files for Shared-Link Attachments Shared-link viewers could read a shared conversation snapshot but not its attachments: file preview/download still went through the owner-scoped file ACL (the /api/files router sits behind requireJwtAuth + owner/agent checks), so anonymous viewers got 401s and authenticated non-owners got 403s — the repeated `[fileAccess] denied` warnings seen for the preview poller. Capture an immutable per-share file snapshot (embedded on the SharedLink document, referencing the original stored object — no byte copy) at share create/update, and serve those files through new share-scoped routes authorized by the existing shared-link view permission (public/ACL) plus snapshot membership, never the owner's live file ACL. - data-schemas: fileSnapshots on the share doc; capture in create/update; read-time rewrite of filepath/preview to /api/share/:id/files/:fileId; getSharedLinkFile + lazy backfillSharedLinkFiles for legacy links - api: GET /api/share/:shareId/files/:file_id[/download|/preview]; route context added to fileAccess denial logs - packages/api: isFileSnapshotEnabled resolver (env + yaml) - data-provider: interface.sharedLinks.snapshotFiles (default on) + client endpoints/services - client: ShareContext.shareId wired to Image, preview hook, and downloads - config: SHARED_LINKS_SNAPSHOT_FILES env override (default on) * 🔒 fix: Address Codex review on shared-link file snapshots Triage of the Codex review on PR #13740 (2 P1, 7 P2 — all valid): - P1 (cross-user access): scope the snapshot lookup to the sharing user's own files so a message referencing another user's file_id can't widen access. - P1 (stored XSS): the inline share-file route now serves only safe preview types inline (raster images/pdf); everything else is forced to attachment with X-Content-Type-Options: nosniff. - Stream shared downloads by default; redirect to a signed URL only on ?direct=true (blob/XHR callers work without bucket CORS). - Read preview status live from the file record (always current for deferred previews) and stop embedding extracted text in the share doc (16MB-limit risk). - Only lazily backfill when the fileSnapshots field is absent (legacy), not on every snapshot miss. - Backfill legacy shares before rewriting message URLs, and gate URL rewriting to public shares so non-public (ACL) shares keep prior behavior (img/anchor can't carry the bearer token). - Frontend: only route a download through the share path when the file was actually snapshotted (rewritten href / filepath), else fall back. * 🔑 feat: Authorize shared-link files for non-public shares via cookie Extends shared-link file access to non-public (ACL) shares (Codex finding 5). `<img>`/anchor requests can't carry the bearer access token, so non-public shares previously 401'd on file loads. Add an optional cookie-auth fallback on the share file routes that resolves the viewer from the `refreshToken` cookie (or signed `openid_user_id` cookie) — the same mechanism secure image links use (validateImageRequest) — then let canAccessSharedLink run the viewer's ACL check. - new middleware optionalShareFileAuth (+ unit spec); applied to the three share file routes after optionalJwtAuth - URL rewriting in getSharedMessages is no longer gated to public shares (the route now authorizes header-less requests), so files work uniformly across public and non-public shares; revert the now-unused req.sharePublic plumbing * 🔒 fix: Second Codex pass on shared-link file snapshots Addresses the follow-up Codex findings on PR #13740: - Don't snapshot transient text-source files: FileSources.text filepaths are Multer temp paths the upload route deletes, so they can't be streamed — removed from the streamable allowlist. - Unset stale snapshots on a disabled-feature update: updateSharedLink now $unsets fileSnapshots when snapshotFiles is false, so an opted-out update can't keep serving file ids the update dropped. - Load tenant config after share resolution: configMiddleware now runs after canAccessSharedLink (which enters the share's tenant ALS context), so per-tenant interface.sharedLinks.snapshotFiles overrides apply to anonymous public views. - Return a clean 404 when the snapshotted object is gone: resolveShareFile now requires the live file record and 404s if it's been deleted/expired, instead of letting the stream error after headers are sent (ENOENT / 500). (The re-flagged P1 about private-viewer rewriting was already fixed in the prior commit's cookie-auth change.) * 🔒 fix: Third Codex pass on shared-link file snapshots Addresses the third Codex review pass on PR #13740: - P1: keep shared previews/files pinned to the snapshotted version. Snapshot the small previewRevision; resolveShareFile 404s when the live file's revision no longer matches (file_id reused/overwritten by a later turn), so old links can't surface post-share content — covers both preview text and streamed bytes. - Honor the toggle as a kill switch: resolveShareFile 404s when snapshotFiles is disabled, instead of only skipping backfill, so disabling stops serving already-snapshotted file URLs. - Lazy-sweep orphaned 'pending' previews to 'failed' in the share preview route (mirrors the owner route) so the client poller reaches a terminal state. - Resolve the cookie-fallback user in runAsSystem so strict tenant isolation doesn't throw before canAccessSharedLink establishes the share tenant context. * ✨ feat: Per-link "share files" checkbox for shared links Add a checkbox to the share-link dialog (checked by default) letting the user choose whether to include the conversation's files in the shared link, with copy explaining images/files won't be visible to viewers otherwise. Opting out skips snapshot creation/serving for that link. - client: ShareButton renders the checkbox gated on the new startupConfig.sharedLinksSnapshotFilesEnabled flag; state threads through SharedLinkButton into the create/update mutations as `snapshotFiles`. - data-provider: createSharedLink/updateSharedLink send `snapshotFiles` in the body; TStartupConfig gains `sharedLinksSnapshotFilesEnabled`. - api: POST/PATCH /api/share compute snapshotFiles as isFileSnapshotEnabled(req.config) && body.snapshotFiles !== false (admin gate AND per-link opt-out); config.js exposes the effective enabled flag to clients. - en locale: com_ui_share_files (+ _description). * 🐛 fix: Make the "share files" opt-out actually hide files Unchecking "share files" at creation didn't hide anything: the shared message JSON still carried each file's original (e.g. static-served) path, and because opting out only meant "no fileSnapshots field" — indistinguishable from a legacy link — getSharedMessages would backfill snapshots on first view whenever the admin feature was on, re-enabling files entirely. Fix by persisting and honoring the per-link choice: - Store `snapshotFiles` (boolean) on the SharedLink so opt-out is distinct from a legacy link; set it on create and update. - getSharedMessages computes includeFiles = adminEnabled && link not opted out; when excluded it strips files/attachments from the payload (no original-path leak) and never backfills the opted-out link. - Surface the stored choice via getSharedLink so the dialog checkbox reflects an existing link's actual setting instead of always defaulting to checked. Note: changing the checkbox on an already-created link still applies only when the link is refreshed (which regenerates the URL) — a UX follow-up. * 🔒 fix: Close remaining shared-link file opt-out leaks (Codex) Follow-up to the per-link opt-out, addressing the third Codex pass: - Honor the opt-out on the file route too: getSharedLinkFile now returns the link's `optedOut` choice; resolveShareFile 404s (and never backfills) an opted-out link, so a direct /files/:id request can't re-create snapshots. - Make read/serve viewer-independent: the gate no longer uses the viewer's resolved config (isFileSnapshotEnabled(req.config)) — it uses the link's stored choice plus a global env-only kill switch (isFileSnapshotKillSwitchActive). A viewer's own interface.sharedLinks.snapshotFiles can no longer hide a link's files. Create/update still use the creator's config to set the per-link choice. - Neutralize render URLs for non-snapshotted files: applyShareFileRoute now strips filepath/preview for any file/attachment not in the snapshot, so the owner's original (e.g. static) path can't be loaded through the share. * 🔒 fix: Harden shared-file version pinning and local path handling (Codex) - Refuse reused/overwritten file snapshots more broadly: resolveShareFile now refuses to serve when either previewRevision OR `bytes` changed vs the snapshot. `bytes` catches non-office reused outputs (e.g. code-exec same-filename images that lack previewRevision) and is stable across S3 URL refresh and the pending->ready transition. Same-size content swaps remain a best-effort gap inherent to the no-byte-copy design. - Strip cache-busting query strings before local streaming: code-output images add `?v=...` to filepath; the share route now splits it off so getLocalFileStream resolves the real filename instead of a literal `*.png?v=...` path. * 💬 fix: Clarify that file-sharing changes apply on link refresh For an already-created shared link, changing the "share files" checkbox only takes effect when the link is refreshed (which regenerates the snapshot). Add a note under the checkbox, shown only when a link already exists, so the behavior isn't surprising: "Refresh the link to apply this change — files are snapshotted when the link is refreshed."
523 lines
18 KiB
TypeScript
523 lines
18 KiB
TypeScript
import type { StartupConfigContext } from './config';
|
|
import type { AssistantsEndpoint } from './schemas';
|
|
import { ResourceType } from './accessPermissions';
|
|
import * as q from './types/queries';
|
|
|
|
let BASE_URL = '';
|
|
if (
|
|
typeof process === 'undefined' ||
|
|
(process as typeof process & { browser?: boolean }).browser === true
|
|
) {
|
|
// process is only available in node context, or process.browser is true in client-side code
|
|
// This is to ensure that the BASE_URL is set correctly based on the <base>
|
|
// element in the HTML document, if it exists.
|
|
const baseEl = document.querySelector('base');
|
|
BASE_URL = baseEl?.getAttribute('href') || '/';
|
|
}
|
|
|
|
if (BASE_URL && BASE_URL.endsWith('/')) {
|
|
BASE_URL = BASE_URL.slice(0, -1);
|
|
}
|
|
|
|
export const apiBaseUrl = () => BASE_URL;
|
|
|
|
// Testing this buildQuery function
|
|
const buildQuery = (params: Record<string, unknown>): string => {
|
|
const query = Object.entries(params)
|
|
.filter(([, value]) => {
|
|
if (Array.isArray(value)) {
|
|
return value.length > 0;
|
|
}
|
|
return value !== undefined && value !== null && value !== '';
|
|
})
|
|
.map(([key, value]) => {
|
|
if (Array.isArray(value)) {
|
|
return value.map((v) => `${key}=${encodeURIComponent(v)}`).join('&');
|
|
}
|
|
return `${key}=${encodeURIComponent(String(value))}`;
|
|
})
|
|
.join('&');
|
|
return query ? `?${query}` : '';
|
|
};
|
|
|
|
export const health = () => `${BASE_URL}/health`;
|
|
export const user = () => `${BASE_URL}/api/user`;
|
|
|
|
export const balance = () => `${BASE_URL}/api/balance`;
|
|
|
|
export const userPlugins = () => `${BASE_URL}/api/user/plugins`;
|
|
|
|
export const deleteUser = () => `${BASE_URL}/api/user/delete`;
|
|
|
|
const messagesRoot = `${BASE_URL}/api/messages`;
|
|
|
|
export const messages = (params: q.MessagesListParams) => {
|
|
const { conversationId, messageId, ...rest } = params;
|
|
|
|
if (conversationId && messageId) {
|
|
return `${messagesRoot}/${conversationId}/${messageId}`;
|
|
}
|
|
|
|
if (conversationId) {
|
|
return `${messagesRoot}/${conversationId}`;
|
|
}
|
|
|
|
return `${messagesRoot}${buildQuery(rest)}`;
|
|
};
|
|
|
|
export const messagesArtifacts = (messageId: string) => `${messagesRoot}/artifact/${messageId}`;
|
|
|
|
export const messagesBranch = () => `${messagesRoot}/branch`;
|
|
|
|
const shareRoot = `${BASE_URL}/api/share`;
|
|
export const shareMessages = (shareId: string) => `${shareRoot}/${shareId}`;
|
|
export const getSharedLink = (conversationId: string) => `${shareRoot}/link/${conversationId}`;
|
|
export const getSharedLinks = (
|
|
pageSize: number,
|
|
sortBy: 'title' | 'createdAt',
|
|
sortDirection: 'asc' | 'desc',
|
|
search?: string,
|
|
cursor?: string,
|
|
) =>
|
|
`${shareRoot}?pageSize=${pageSize}&sortBy=${sortBy}&sortDirection=${sortDirection}${
|
|
search ? `&search=${search}` : ''
|
|
}${cursor ? `&cursor=${cursor}` : ''}`;
|
|
export const createSharedLink = (conversationId: string) => `${shareRoot}/${conversationId}`;
|
|
export const updateSharedLink = (shareId: string) => `${shareRoot}/${shareId}`;
|
|
/** Share-scoped file routes: serve snapshotted files via shared-link permission. */
|
|
export const sharedFile = (shareId: string, fileId: string) =>
|
|
`${shareRoot}/${shareId}/files/${encodeURIComponent(fileId)}`;
|
|
export const sharedFileDownload = (shareId: string, fileId: string) =>
|
|
`${sharedFile(shareId, fileId)}/download`;
|
|
export const sharedFilePreview = (shareId: string, fileId: string) =>
|
|
`${sharedFile(shareId, fileId)}/preview`;
|
|
|
|
const keysEndpoint = `${BASE_URL}/api/keys`;
|
|
|
|
export const keys = () => keysEndpoint;
|
|
|
|
export const userKeyQuery = (name: string) => `${keysEndpoint}?name=${name}`;
|
|
|
|
export const revokeUserKey = (name: string) => `${keysEndpoint}/${name}`;
|
|
|
|
export const revokeAllUserKeys = () => `${keysEndpoint}?all=true`;
|
|
|
|
const apiKeysEndpoint = `${BASE_URL}/api/api-keys`;
|
|
|
|
export const apiKeys = () => apiKeysEndpoint;
|
|
|
|
export const apiKeyById = (id: string) => `${apiKeysEndpoint}/${id}`;
|
|
|
|
export const conversationsRoot = `${BASE_URL}/api/convos`;
|
|
|
|
export const conversations = (params: q.ConversationListParams) => {
|
|
return `${conversationsRoot}${buildQuery(params)}`;
|
|
};
|
|
|
|
export const conversationById = (id: string) => `${conversationsRoot}/${id}`;
|
|
|
|
export const genTitle = (conversationId: string) =>
|
|
`${conversationsRoot}/gen_title/${encodeURIComponent(conversationId)}`;
|
|
|
|
export const updateConversation = () => `${conversationsRoot}/update`;
|
|
|
|
export const archiveConversation = () => `${conversationsRoot}/archive`;
|
|
export const pinConversation = () => `${conversationsRoot}/pin`;
|
|
|
|
export const deleteConversation = () => `${conversationsRoot}`;
|
|
|
|
export const deleteAllConversation = () => `${conversationsRoot}/all`;
|
|
|
|
export const importConversation = () => `${conversationsRoot}/import`;
|
|
|
|
export const forkConversation = () => `${conversationsRoot}/fork`;
|
|
|
|
export const duplicateConversation = () => `${conversationsRoot}/duplicate`;
|
|
|
|
export const projectsRoot = `${BASE_URL}/api/projects`;
|
|
|
|
export const projects = (params: q.ProjectListParams = {}) => {
|
|
return `${projectsRoot}${buildQuery(params)}`;
|
|
};
|
|
|
|
export const projectById = (id: string) => `${projectsRoot}/${encodeURIComponent(id)}`;
|
|
|
|
export const projectConversation = (conversationId: string) =>
|
|
`${projectsRoot}/conversations/${encodeURIComponent(conversationId)}`;
|
|
|
|
export const search = (q: string, cursor?: string | null) =>
|
|
`${BASE_URL}/api/search?q=${q}${cursor ? `&cursor=${cursor}` : ''}`;
|
|
|
|
export const searchEnabled = () => `${BASE_URL}/api/search/enable`;
|
|
|
|
export const presets = () => `${BASE_URL}/api/presets`;
|
|
|
|
export const deletePreset = () => `${BASE_URL}/api/presets/delete`;
|
|
|
|
export const aiEndpoints = () => `${BASE_URL}/api/endpoints`;
|
|
|
|
export const tokenConfig = () => `${BASE_URL}/api/endpoints/token-config`;
|
|
|
|
export const contextProjection = () => `${BASE_URL}/api/endpoints/context-projection`;
|
|
|
|
export const models = () => `${BASE_URL}/api/models`;
|
|
|
|
export const tokenizer = () => `${BASE_URL}/api/tokenizer`;
|
|
|
|
export const login = () => `${BASE_URL}/api/auth/login`;
|
|
|
|
export const logout = () => `${BASE_URL}/api/auth/logout`;
|
|
|
|
export const register = () => `${BASE_URL}/api/auth/register`;
|
|
|
|
export const loginFacebook = () => `${BASE_URL}/api/auth/facebook`;
|
|
|
|
export const loginGoogle = () => `${BASE_URL}/api/auth/google`;
|
|
|
|
export const refreshToken = (retry?: boolean) =>
|
|
`${BASE_URL}/api/auth/refresh${retry === true ? '?retry=true' : ''}`;
|
|
|
|
export const requestPasswordReset = () => `${BASE_URL}/api/auth/requestPasswordReset`;
|
|
|
|
export const resetPassword = () => `${BASE_URL}/api/auth/resetPassword`;
|
|
|
|
export const verifyEmail = () => `${BASE_URL}/api/user/verify`;
|
|
|
|
// Auth page URLs (for client-side navigation and redirects)
|
|
export const loginPage = () => `${BASE_URL}/login`;
|
|
export const registerPage = () => `${BASE_URL}/register`;
|
|
|
|
const REDIRECT_PARAM = 'redirect_to';
|
|
const LOGIN_PATH_RE = /(?:^|\/)login(?:\/|$)/;
|
|
|
|
/**
|
|
* Builds a `/login?redirect_to=...` URL from the given or current location.
|
|
* Returns plain `/login` (no param) when already on a login route to prevent recursive nesting.
|
|
*/
|
|
export function buildLoginRedirectUrl(pathname?: string, search?: string, hash?: string): string {
|
|
const p = pathname ?? window.location.pathname;
|
|
if (LOGIN_PATH_RE.test(p)) {
|
|
return '/login';
|
|
}
|
|
const s = search ?? window.location.search;
|
|
const h = hash ?? window.location.hash;
|
|
|
|
const stripped =
|
|
BASE_URL && (p === BASE_URL || p.startsWith(BASE_URL + '/'))
|
|
? p.slice(BASE_URL.length) || '/'
|
|
: p;
|
|
const currentPath = `${stripped}${s}${h}`;
|
|
if (!currentPath || currentPath === '/') {
|
|
return '/login';
|
|
}
|
|
return `/login?${REDIRECT_PARAM}=${encodeURIComponent(currentPath)}`;
|
|
}
|
|
|
|
export const resendVerificationEmail = () => `${BASE_URL}/api/user/verify/resend`;
|
|
|
|
export const plugins = () => `${BASE_URL}/api/plugins`;
|
|
|
|
export const mcpReinitialize = (serverName: string) =>
|
|
`${BASE_URL}/api/mcp/${serverName}/reinitialize`;
|
|
export const mcpConnectionStatus = () => `${BASE_URL}/api/mcp/connection/status`;
|
|
export const mcpServerConnectionStatus = (serverName: string) =>
|
|
`${BASE_URL}/api/mcp/connection/status/${serverName}`;
|
|
export const mcpAuthValues = (serverName: string) => {
|
|
return `${BASE_URL}/api/mcp/${serverName}/auth-values`;
|
|
};
|
|
|
|
export const cancelMCPOAuth = (serverName: string) => {
|
|
return `${BASE_URL}/api/mcp/oauth/cancel/${serverName}`;
|
|
};
|
|
|
|
export const mcpOAuthBind = (serverName: string) => `${BASE_URL}/api/mcp/${serverName}/oauth/bind`;
|
|
|
|
export const actionOAuthBind = (actionId: string) =>
|
|
`${BASE_URL}/api/actions/${actionId}/oauth/bind`;
|
|
|
|
export const config = (context?: StartupConfigContext) =>
|
|
`${BASE_URL}/api/config${buildQuery({ context })}`;
|
|
|
|
export const prompts = () => `${BASE_URL}/api/prompts`;
|
|
|
|
export const addPromptToGroup = (groupId: string) =>
|
|
`${BASE_URL}/api/prompts/groups/${groupId}/prompts`;
|
|
|
|
export const assistants = ({
|
|
path = '',
|
|
options,
|
|
version,
|
|
endpoint,
|
|
isAvatar,
|
|
}: {
|
|
path?: string;
|
|
options?: object;
|
|
endpoint?: AssistantsEndpoint;
|
|
version: number | string;
|
|
isAvatar?: boolean;
|
|
}) => {
|
|
let url = isAvatar === true ? `${images()}/assistants` : `${BASE_URL}/api/assistants/v${version}`;
|
|
|
|
if (path && path !== '') {
|
|
url += `/${path}`;
|
|
}
|
|
|
|
if (endpoint) {
|
|
options = {
|
|
...(options ?? {}),
|
|
endpoint,
|
|
};
|
|
}
|
|
|
|
if (options && Object.keys(options).length > 0) {
|
|
const queryParams = new URLSearchParams(options as Record<string, string>).toString();
|
|
url += `?${queryParams}`;
|
|
}
|
|
|
|
return url;
|
|
};
|
|
|
|
export const agents = ({ path = '', options }: { path?: string; options?: object }) => {
|
|
let url = `${BASE_URL}/api/agents`;
|
|
|
|
if (path && path !== '') {
|
|
url += `/${path}`;
|
|
}
|
|
|
|
if (options && Object.keys(options).length > 0) {
|
|
const queryParams = new URLSearchParams(options as Record<string, string>).toString();
|
|
url += `?${queryParams}`;
|
|
}
|
|
|
|
return url;
|
|
};
|
|
|
|
export const activeJobs = () => `${BASE_URL}/api/agents/chat/active`;
|
|
|
|
export const mcp = {
|
|
tools: `${BASE_URL}/api/mcp/tools`,
|
|
servers: `${BASE_URL}/api/mcp/servers`,
|
|
};
|
|
|
|
export const mcpServer = (serverName: string) => `${BASE_URL}/api/mcp/servers/${serverName}`;
|
|
|
|
export const revertAgentVersion = (agent_id: string) => `${agents({ path: `${agent_id}/revert` })}`;
|
|
|
|
export const files = () => `${BASE_URL}/api/files`;
|
|
export const fileUpload = () => `${BASE_URL}/api/files`;
|
|
export const fileDelete = () => `${BASE_URL}/api/files`;
|
|
export const fileDownload = (userId: string, fileId: string) =>
|
|
`${BASE_URL}/api/files/download/${userId}/${fileId}`;
|
|
/* Deferred-preview lifecycle endpoint. Returns
|
|
* `{ status, text?, textFormat?, previewError? }` so the frontend can
|
|
* poll while background HTML extraction is in flight. See PR #12957. */
|
|
export const filePreview = (fileId: string) =>
|
|
`${BASE_URL}/api/files/${encodeURIComponent(fileId)}/preview`;
|
|
export const fileConfig = () => `${BASE_URL}/api/files/config`;
|
|
export const agentFiles = (agentId: string) => `${BASE_URL}/api/files/agent/${agentId}`;
|
|
|
|
export const images = () => `${files()}/images`;
|
|
|
|
export const avatar = () => `${images()}/avatar`;
|
|
|
|
export const speech = () => `${files()}/speech`;
|
|
|
|
export const speechToText = () => `${speech()}/stt`;
|
|
|
|
export const textToSpeech = () => `${speech()}/tts`;
|
|
|
|
export const textToSpeechManual = () => `${textToSpeech()}/manual`;
|
|
|
|
export const textToSpeechVoices = () => `${textToSpeech()}/voices`;
|
|
|
|
export const getCustomConfigSpeech = () => `${speech()}/config/get`;
|
|
|
|
export const getPromptGroup = (_id: string) => `${prompts()}/groups/${_id}`;
|
|
|
|
export const getPromptGroupsWithFilters = (filter: object) => {
|
|
let url = `${prompts()}/groups`;
|
|
// Filter out undefined/null values
|
|
const cleanedFilter = Object.entries(filter).reduce(
|
|
(acc, [key, value]) => {
|
|
if (value !== undefined && value !== null && value !== '') {
|
|
acc[key] = value;
|
|
}
|
|
return acc;
|
|
},
|
|
{} as Record<string, string>,
|
|
);
|
|
|
|
if (Object.keys(cleanedFilter).length > 0) {
|
|
const queryParams = new URLSearchParams(cleanedFilter).toString();
|
|
url += `?${queryParams}`;
|
|
}
|
|
return url;
|
|
};
|
|
|
|
export const getPromptsWithFilters = (filter: object) => {
|
|
let url = prompts();
|
|
if (Object.keys(filter).length > 0) {
|
|
const queryParams = new URLSearchParams(filter as Record<string, string>).toString();
|
|
url += `?${queryParams}`;
|
|
}
|
|
return url;
|
|
};
|
|
|
|
export const getPrompt = (_id: string) => `${prompts()}/${_id}`;
|
|
|
|
export const getRandomPrompts = (limit: number, skip: number) =>
|
|
`${prompts()}/random?limit=${limit}&skip=${skip}`;
|
|
|
|
export const postPrompt = prompts;
|
|
|
|
export const updatePromptGroup = getPromptGroup;
|
|
|
|
export const recordPromptGroupUsage = (groupId: string) => `${prompts()}/groups/${groupId}/use`;
|
|
|
|
export const updatePromptLabels = (_id: string) => `${getPrompt(_id)}/labels`;
|
|
|
|
export const updatePromptTag = (_id: string) => `${getPrompt(_id)}/tags/production`;
|
|
|
|
export const deletePromptGroup = getPromptGroup;
|
|
|
|
export const deletePrompt = ({ _id, groupId }: { _id: string; groupId: string }) => {
|
|
return `${prompts()}/${_id}?groupId=${groupId}`;
|
|
};
|
|
|
|
export const getCategories = () => `${BASE_URL}/api/categories`;
|
|
|
|
export const getAllPromptGroups = () => `${prompts()}/all`;
|
|
|
|
/* Skills */
|
|
export const skills = () => `${BASE_URL}/api/skills`;
|
|
export const importSkill = () => `${skills()}/import`;
|
|
|
|
export const getSkill = (id: string) => `${skills()}/${encodeURIComponent(id)}`;
|
|
|
|
export const listSkillsWithFilters = (
|
|
filter: Record<string, string | number | undefined | null>,
|
|
) => {
|
|
const cleaned = Object.entries(filter).reduce(
|
|
(acc, [key, value]) => {
|
|
if (value !== undefined && value !== null && value !== '') {
|
|
acc[key] = String(value);
|
|
}
|
|
return acc;
|
|
},
|
|
{} as Record<string, string>,
|
|
);
|
|
const query =
|
|
Object.keys(cleaned).length > 0 ? `?${new URLSearchParams(cleaned).toString()}` : '';
|
|
return `${skills()}${query}`;
|
|
};
|
|
|
|
export const skillFiles = (id: string) => `${getSkill(id)}/files`;
|
|
|
|
export const skillFile = (id: string, relativePath: string) =>
|
|
`${skillFiles(id)}/${encodeURIComponent(relativePath)}`;
|
|
|
|
export const adminSkillsSync = () => `${BASE_URL}/api/admin/skills/sync`;
|
|
export const adminSkillsSyncStatus = () => `${adminSkillsSync()}/status`;
|
|
export const adminSkillsSyncRun = () => `${adminSkillsSync()}/run`;
|
|
export const adminSkillsSyncCredential = (credentialKey: string) =>
|
|
`${adminSkillsSync()}/credentials/${encodeURIComponent(credentialKey)}`;
|
|
|
|
/**
|
|
* Skill filesystem tree (phase 2). URL shape mirrors the original UI PR so
|
|
* the tree hooks keep their call surface. `path` is pre-encoded by the
|
|
* caller (e.g. `${nodeId}/content`).
|
|
*/
|
|
export const skillTree = ({ skillId, path = '' }: { skillId: string; path?: string }) => {
|
|
let url = `${BASE_URL}/api/skills/${encodeURIComponent(skillId)}/tree`;
|
|
if (path) {
|
|
url += `/${path}`;
|
|
}
|
|
return url;
|
|
};
|
|
|
|
/* Skill active states (per-user overrides) */
|
|
export const skillStates = () => `${BASE_URL}/api/user/settings/skills/active`;
|
|
|
|
/* Roles */
|
|
export const roles = () => `${BASE_URL}/api/roles`;
|
|
export const adminRoles = () => `${BASE_URL}/api/admin/roles`;
|
|
export const getRole = (roleName: string) => `${roles()}/${encodeURIComponent(roleName)}`;
|
|
export const updatePromptPermissions = (roleName: string) => `${getRole(roleName)}/prompts`;
|
|
export const updateMemoryPermissions = (roleName: string) => `${getRole(roleName)}/memories`;
|
|
export const updateAgentPermissions = (roleName: string) => `${getRole(roleName)}/agents`;
|
|
export const updatePeoplePickerPermissions = (roleName: string) =>
|
|
`${getRole(roleName)}/people-picker`;
|
|
export const updateMCPServersPermissions = (roleName: string) => `${getRole(roleName)}/mcp-servers`;
|
|
export const updateRemoteAgentsPermissions = (roleName: string) =>
|
|
`${getRole(roleName)}/remote-agents`;
|
|
|
|
export const updateMarketplacePermissions = (roleName: string) =>
|
|
`${getRole(roleName)}/marketplace`;
|
|
export const updateSkillPermissions = (roleName: string) => `${getRole(roleName)}/skills`;
|
|
|
|
/* Conversation Tags */
|
|
export const conversationTags = (tag?: string) =>
|
|
`${BASE_URL}/api/tags${tag != null && tag ? `/${encodeURIComponent(tag)}` : ''}`;
|
|
|
|
export const conversationTagsList = (pageNumber: string, sort?: string, order?: string) =>
|
|
`${conversationTags()}/list?pageNumber=${pageNumber}${sort ? `&sort=${sort}` : ''}${
|
|
order ? `&order=${order}` : ''
|
|
}`;
|
|
|
|
export const addTagToConversation = (conversationId: string) =>
|
|
`${conversationTags()}/convo/${conversationId}`;
|
|
|
|
export const userTerms = () => `${BASE_URL}/api/user/terms`;
|
|
export const acceptUserTerms = () => `${BASE_URL}/api/user/terms/accept`;
|
|
export const banner = () => `${BASE_URL}/api/banner`;
|
|
|
|
// Message Feedback
|
|
export const feedback = (conversationId: string, messageId: string) =>
|
|
`${BASE_URL}/api/messages/${conversationId}/${messageId}/feedback`;
|
|
|
|
// Two-Factor Endpoints
|
|
export const enableTwoFactor = () => `${BASE_URL}/api/auth/2fa/enable`;
|
|
export const verifyTwoFactor = () => `${BASE_URL}/api/auth/2fa/verify`;
|
|
export const confirmTwoFactor = () => `${BASE_URL}/api/auth/2fa/confirm`;
|
|
export const disableTwoFactor = () => `${BASE_URL}/api/auth/2fa/disable`;
|
|
export const regenerateBackupCodes = () => `${BASE_URL}/api/auth/2fa/backup/regenerate`;
|
|
export const verifyTwoFactorTemp = () => `${BASE_URL}/api/auth/2fa/verify-temp`;
|
|
|
|
/* Memories */
|
|
export const memories = () => `${BASE_URL}/api/memories`;
|
|
export const memory = (key: string) => `${memories()}/${encodeURIComponent(key)}`;
|
|
export const memoryPreferences = () => `${memories()}/preferences`;
|
|
|
|
export const searchPrincipals = (params: q.PrincipalSearchParams) => {
|
|
const { q: query, limit, types } = params;
|
|
let url = `${BASE_URL}/api/permissions/search-principals?q=${encodeURIComponent(query)}`;
|
|
|
|
if (limit !== undefined) {
|
|
url += `&limit=${limit}`;
|
|
}
|
|
|
|
if (types && types.length > 0) {
|
|
url += `&types=${types.join(',')}`;
|
|
}
|
|
|
|
return url;
|
|
};
|
|
|
|
export const getAccessRoles = (resourceType: ResourceType) =>
|
|
`${BASE_URL}/api/permissions/${resourceType}/roles`;
|
|
|
|
export const getResourcePermissions = (resourceType: ResourceType, resourceId: string) =>
|
|
`${BASE_URL}/api/permissions/${resourceType}/${resourceId}`;
|
|
|
|
export const updateResourcePermissions = (resourceType: ResourceType, resourceId: string) =>
|
|
`${BASE_URL}/api/permissions/${resourceType}/${resourceId}`;
|
|
|
|
export const getEffectivePermissions = (resourceType: ResourceType, resourceId: string) =>
|
|
`${BASE_URL}/api/permissions/${resourceType}/${resourceId}/effective`;
|
|
|
|
export const getAllEffectivePermissions = (resourceType: ResourceType) =>
|
|
`${BASE_URL}/api/permissions/${resourceType}/effective/all`;
|
|
|
|
// SharePoint Graph API Token
|
|
export const graphToken = (scopes: string) =>
|
|
`${BASE_URL}/api/auth/graph-token?scopes=${encodeURIComponent(scopes)}`;
|