LibreChat/api/server/middleware
Dustin Healy 3de0512e21 feat: rate-limit /api/mcp/app-tool-call per user
Adds mcpAppToolCallLimiter (60 req/min per user) to prevent DoS
amplification through the MCP app iframe tool-call proxy. Follows the
same express-rate-limit + limiterCache + logViolation pattern as
toolCallLimiter.
2026-06-23 19:22:25 -07:00
..
__tests__ 📈 fix: Isolate RUM Telemetry Proxy Auth from App Auth (#13765) 2026-06-15 12:49:44 -04:00
accessResources 🔗 feat: Snapshot Files for Shared-Link Attachments (#13740) 2026-06-20 23:05:13 -04:00
assistants ⚗️ feat: Agent Context Compaction/Summarization (#12287) 2026-03-21 14:28:56 -04:00
config refactor: Short-Circuit Config Override Resolution (#12553) 2026-04-07 22:38:08 -04:00
limiters feat: rate-limit /api/mcp/app-tool-call per user 2026-06-23 19:22:25 -07:00
roles ⚗️ feat: Agent Context Compaction/Summarization (#12287) 2026-03-21 14:28:56 -04:00
spec
validate 📦 refactor: Consolidate DB models, encapsulating Mongoose usage in data-schemas (#11830) 2026-03-21 14:28:53 -04:00
abortMiddleware.js 🖇️ feat: Reference Selected Chat Text with Multi-Quote Popup (#13868) 2026-06-21 08:33:11 -04:00
abortMiddleware.spec.js 🪢 chore: Consolidate Pricing and Tx Imports After tx.js Module Removal (#12086) 2026-03-21 14:28:53 -04:00
abortRun.js 📦 refactor: Consolidate DB models, encapsulating Mongoose usage in data-schemas (#11830) 2026-03-21 14:28:53 -04:00
buildEndpointOption.js 🪃 fix: Restore Raw Spec Fallback for Enforced Presets (#13804) 2026-06-16 21:10:22 -04:00
buildEndpointOption.spec.js 🪃 fix: Restore Raw Spec Fallback for Enforced Presets (#13804) 2026-06-16 21:10:22 -04:00
canAccessSharedLink.js 🔗 feat: Add Granular Access Control to Shared Links via ACL System (#13051) 2026-06-03 14:17:17 -04:00
canDeleteAccount.js 📜 feat: Implement System Grants for Capability-Based Authorization (#11896) 2026-03-21 14:28:54 -04:00
canDeleteAccount.spec.js 📜 feat: Implement System Grants for Capability-Based Authorization (#11896) 2026-03-21 14:28:54 -04:00
checkBan.js ♾️ fix: Permanent Ban Cache and Expired Ban Cleanup Defects (#12324) 2026-03-20 12:47:51 -04:00
checkDomainAllowed.js 🪪 fix: Resolve Group-Scoped Config Overrides (#13176) 2026-05-18 10:16:20 -04:00
checkInviteUser.js 📦 refactor: Consolidate DB models, encapsulating Mongoose usage in data-schemas (#11830) 2026-03-21 14:28:53 -04:00
checkPeoplePickerAccess.js 📦 refactor: Consolidate DB models, encapsulating Mongoose usage in data-schemas (#11830) 2026-03-21 14:28:53 -04:00
checkPeoplePickerAccess.spec.js 📦 refactor: Consolidate DB models, encapsulating Mongoose usage in data-schemas (#11830) 2026-03-21 14:28:53 -04:00
checkSharePublicAccess.js 🗝️ fix: Enforce Skill Share Role Permission (#13062) 2026-05-11 09:39:58 -04:00
checkSharePublicAccess.spec.js 🗝️ fix: Enforce Skill Share Role Permission (#13062) 2026-05-11 09:39:58 -04:00
denyRequest.js 📦 refactor: Consolidate DB models, encapsulating Mongoose usage in data-schemas (#11830) 2026-03-21 14:28:53 -04:00
error.js 📦 refactor: Consolidate DB models, encapsulating Mongoose usage in data-schemas (#11830) 2026-03-21 14:28:53 -04:00
index.js 📈 fix: Isolate RUM Telemetry Proxy Auth from App Auth (#13765) 2026-06-15 12:49:44 -04:00
logHeaders.js
moderateText.js 🖇️ feat: Reference Selected Chat Text with Multi-Quote Popup (#13868) 2026-06-21 08:33:11 -04:00
noIndex.js
optionalJwtAuth.js 🔐 feat: Mint Code API Auth Tokens (#13028) 2026-05-09 16:09:10 -04:00
optionalShareFileAuth.js 🔗 feat: Snapshot Files for Shared-Link Attachments (#13740) 2026-06-20 23:05:13 -04:00
optionalShareFileAuth.spec.js 🔗 feat: Snapshot Files for Shared-Link Attachments (#13740) 2026-06-20 23:05:13 -04:00
requireJwtAuth.js 📈 fix: Isolate RUM Telemetry Proxy Auth from App Auth (#13765) 2026-06-15 12:49:44 -04:00
requireLdapAuth.js
requireLocalAuth.js
setHeaders.js
setTwoFactorTempUser.js 🚦 fix: Guard Auth Continuation with Dedicated Limiter (#13555) 2026-06-06 14:21:28 -04:00
uaParser.js
validateImageRequest.js 🍪 refactor: Move OpenID Tokens from Cookies to Server-Side Sessions (#11236) 2026-01-06 15:22:10 -05:00
validateMessageReq.js 🧵 fix: Prevent Message Loading Race During Streaming (#13295) 2026-05-24 18:50:00 -04:00
validateModel.js 🏗️ refactor: Remove Redundant Caching, Migrate Config Services to TypeScript (#12466) 2026-03-30 16:49:48 -04:00
validatePasswordReset.js
validateRegistration.js