From f1e031a9f57b82d5fec9ee814cc7c763b8738f04 Mon Sep 17 00:00:00 2001 From: Ruben Talstra Date: Wed, 12 Feb 2025 13:07:13 +0100 Subject: [PATCH] refactor: updated the code basted on suggestion. --- api/package.json | 5 +- api/strategies/OpenId/openidDataMapper.js | 1 - api/strategies/openidStrategy.js | 8 +- package-lock.json | 144 ++++++++++++---------- 4 files changed, 88 insertions(+), 70 deletions(-) diff --git a/api/package.json b/api/package.json index 8d5a997e6..98d8d986c 100644 --- a/api/package.json +++ b/api/package.json @@ -46,6 +46,7 @@ "@langchain/google-vertexai": "^0.1.8", "@langchain/textsplitters": "^0.1.0", "@librechat/agents": "^2.0.4", + "@microsoft/microsoft-graph-client": "^3.0.7", "@waylaidwanderer/fetch-event-source": "^3.0.1", "axios": "1.7.8", "bcryptjs": "^2.4.3", @@ -86,8 +87,8 @@ "ollama": "^0.5.0", "openai": "^4.47.1", "openai-chat-tokens": "^0.2.8", - "openid-client": "^5.4.2", - "passport": "^0.6.0", + "openid-client": "^6.1.7", + "passport": "^0.7.0", "passport-apple": "^2.0.2", "passport-discord": "^0.1.4", "passport-facebook": "^3.0.0", diff --git a/api/strategies/OpenId/openidDataMapper.js b/api/strategies/OpenId/openidDataMapper.js index b3bb85f47..f5200db90 100644 --- a/api/strategies/OpenId/openidDataMapper.js +++ b/api/strategies/OpenId/openidDataMapper.js @@ -141,7 +141,6 @@ class MicrosoftDataMapper extends BaseDataMapper { * Map provider names to their specific data mappers. */ const PROVIDER_MAPPERS = { - // Fully Working microsoft: MicrosoftDataMapper, }; diff --git a/api/strategies/openidStrategy.js b/api/strategies/openidStrategy.js index 1b37a0114..130024208 100644 --- a/api/strategies/openidStrategy.js +++ b/api/strategies/openidStrategy.js @@ -177,7 +177,11 @@ async function setupOpenId() { const requiredRole = process.env.OPENID_REQUIRED_ROLE; const requiredRoleParameterPath = process.env.OPENID_REQUIRED_ROLE_PARAMETER_PATH; const requiredRoleTokenKind = process.env.OPENID_REQUIRED_ROLE_TOKEN_KIND; - const adminRole = process.env.OPENID_ADMIN_ROLE; + const adminRolesEnv = process.env.OPENID_ADMIN_ROLE; + const adminRoles = adminRolesEnv + ? adminRolesEnv.split(',').map(role => role.trim()) + : []; + const openidLogin = new OpenIDStrategy( { client, @@ -256,7 +260,7 @@ async function setupOpenId() { const token = requiredRoleTokenKind === 'access' ? tokenset.access_token : tokenset.id_token; const decodedToken = safeDecode(token); const tokenBasedRoles = extractRolesFromToken(decodedToken, requiredRoleParameterPath); - const isAdmin = tokenBasedRoles.includes(adminRole); + const isAdmin = tokenBasedRoles.some(role => adminRoles.includes(role)); const assignedRole = isAdmin ? SystemRoles.ADMIN : SystemRoles.USER; logger.debug(`[openidStrategy] Assigned system role: ${assignedRole} (isAdmin: ${isAdmin})`); diff --git a/package-lock.json b/package-lock.json index aca6d8f75..d0da4e421 100644 --- a/package-lock.json +++ b/package-lock.json @@ -60,6 +60,7 @@ "@langchain/google-vertexai": "^0.1.8", "@langchain/textsplitters": "^0.1.0", "@librechat/agents": "^2.0.4", + "@microsoft/microsoft-graph-client": "^3.0.7", "@waylaidwanderer/fetch-event-source": "^3.0.1", "axios": "1.7.8", "bcryptjs": "^2.4.3", @@ -100,8 +101,8 @@ "ollama": "^0.5.0", "openai": "^4.47.1", "openai-chat-tokens": "^0.2.8", - "openid-client": "^5.4.2", - "passport": "^0.6.0", + "openid-client": "^6.1.7", + "passport": "^0.7.0", "passport-apple": "^2.0.2", "passport-discord": "^0.1.4", "passport-facebook": "^3.0.0", @@ -779,6 +780,15 @@ "node": ">= 14" } }, + "api/node_modules/jose": { + "version": "5.9.6", + "resolved": "https://registry.npmjs.org/jose/-/jose-5.9.6.tgz", + "integrity": "sha512-AMlnetc9+CV9asI19zHmrgS/WYsWUwCn2R7RzlbJWD7F9eWYUTGyBmU9o6PxngtLGOiDGPRu+Uc4fhKzbpteZQ==", + "license": "MIT", + "funding": { + "url": "https://github.com/sponsors/panva" + } + }, "api/node_modules/mongodb": { "version": "6.10.0", "resolved": "https://registry.npmjs.org/mongodb/-/mongodb-6.10.0.tgz", @@ -953,6 +963,37 @@ } } }, + "api/node_modules/openid-client": { + "version": "6.1.7", + "resolved": "https://registry.npmjs.org/openid-client/-/openid-client-6.1.7.tgz", + "integrity": "sha512-JfY/KvQgOutmG2P+oVNKInE7zIh+im1MQOaO7g5CtNnTWMociA563WweiEMKfR9ry9XG3K2HGvj9wEqhCQkPMg==", + "license": "MIT", + "dependencies": { + "jose": "^5.9.6", + "oauth4webapi": "^3.1.4" + }, + "funding": { + "url": "https://github.com/sponsors/panva" + } + }, + "api/node_modules/passport": { + "version": "0.7.0", + "resolved": "https://registry.npmjs.org/passport/-/passport-0.7.0.tgz", + "integrity": "sha512-cPLl+qZpSc+ireUvt+IzqbED1cHHkDoVYMo30jbJIdOOjQ1MQYZBPiNvmi8UM6lJuOpTPXJGZQk0DtC4y61MYQ==", + "license": "MIT", + "dependencies": { + "passport-strategy": "1.x.x", + "pause": "0.0.1", + "utils-merge": "^1.0.1" + }, + "engines": { + "node": ">= 0.4.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/jaredhanson" + } + }, "api/node_modules/superagent": { "version": "9.0.2", "resolved": "https://registry.npmjs.org/superagent/-/superagent-9.0.2.tgz", @@ -12282,6 +12323,33 @@ "dev": true, "license": "MIT" }, + "node_modules/@microsoft/microsoft-graph-client": { + "version": "3.0.7", + "resolved": "https://registry.npmjs.org/@microsoft/microsoft-graph-client/-/microsoft-graph-client-3.0.7.tgz", + "integrity": "sha512-/AazAV/F+HK4LIywF9C+NYHcJo038zEnWkteilcxC1FM/uK/4NVGDKGrxx7nNq1ybspAroRKT4I1FHfxQzxkUw==", + "license": "MIT", + "dependencies": { + "@babel/runtime": "^7.12.5", + "tslib": "^2.2.0" + }, + "engines": { + "node": ">=12.0.0" + }, + "peerDependenciesMeta": { + "@azure/identity": { + "optional": true + }, + "@azure/msal-browser": { + "optional": true + }, + "buffer": { + "optional": true + }, + "stream-browserify": { + "optional": true + } + } + }, "node_modules/@mistralai/mistralai": { "version": "0.4.0", "resolved": "https://registry.npmjs.org/@mistralai/mistralai/-/mistralai-0.4.0.tgz", @@ -25062,14 +25130,6 @@ "jiti": "bin/jiti.js" } }, - "node_modules/jose": { - "version": "4.15.5", - "resolved": "https://registry.npmjs.org/jose/-/jose-4.15.5.tgz", - "integrity": "sha512-jc7BFxgKPKi94uOvEmzlSWFFe2+vASyXaKUpdQKatWAESU2MWjDfFf0fdfc83CDKcA5QecabZeNLyfhe3yKNkg==", - "funding": { - "url": "https://github.com/sponsors/panva" - } - }, "node_modules/js-base64": { "version": "3.7.2", "resolved": "https://registry.npmjs.org/js-base64/-/js-base64-3.7.2.tgz", @@ -28727,6 +28787,15 @@ "resolved": "https://registry.npmjs.org/oauth/-/oauth-0.10.0.tgz", "integrity": "sha512-1orQ9MT1vHFGQxhuy7E/0gECD3fd2fCC+PIX+/jgmU/gI3EpRocXtmtvxCO5x3WZ443FLTLFWNDjl5MPJf9u+Q==" }, + "node_modules/oauth4webapi": { + "version": "3.1.4", + "resolved": "https://registry.npmjs.org/oauth4webapi/-/oauth4webapi-3.1.4.tgz", + "integrity": "sha512-eVfN3nZNbok2s/ROifO0UAc5G8nRoLSbrcKJ09OqmucgnhXEfdIQOR4gq1eJH1rN3gV7rNw62bDEgftsgFtBEg==", + "license": "MIT", + "funding": { + "url": "https://github.com/sponsors/panva" + } + }, "node_modules/object-assign": { "version": "4.1.1", "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz", @@ -28868,14 +28937,6 @@ "url": "https://github.com/sponsors/ljharb" } }, - "node_modules/oidc-token-hash": { - "version": "5.0.3", - "resolved": "https://registry.npmjs.org/oidc-token-hash/-/oidc-token-hash-5.0.3.tgz", - "integrity": "sha512-IF4PcGgzAr6XXSff26Sk/+P4KZFJVuHAJZj3wgO3vX2bMdNVp/QXTP3P7CEm9V1IdG8lDLY3HhiqpsE/nOwpPw==", - "engines": { - "node": "^10.13.0 || >=12.0.0" - } - }, "node_modules/ollama": { "version": "0.5.9", "resolved": "https://registry.npmjs.org/ollama/-/ollama-0.5.9.tgz", @@ -28985,36 +29046,6 @@ "resolved": "https://registry.npmjs.org/openapi-types/-/openapi-types-12.1.3.tgz", "integrity": "sha512-N4YtSYJqghVu4iek2ZUvcN/0aqH1kRDuNqzcycDxhOUpg7GdvLa2F3DgS6yBNhInhv2r/6I0Flkn7CqL8+nIcw==" }, - "node_modules/openid-client": { - "version": "5.6.4", - "resolved": "https://registry.npmjs.org/openid-client/-/openid-client-5.6.4.tgz", - "integrity": "sha512-T1h3B10BRPKfcObdBklX639tVz+xh34O7GjofqrqiAQdm7eHsQ00ih18x6wuJ/E6FxdtS2u3FmUGPDeEcMwzNA==", - "dependencies": { - "jose": "^4.15.4", - "lru-cache": "^6.0.0", - "object-hash": "^2.2.0", - "oidc-token-hash": "^5.0.3" - }, - "funding": { - "url": "https://github.com/sponsors/panva" - } - }, - "node_modules/openid-client/node_modules/lru-cache": { - "version": "6.0.0", - "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", - "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==", - "dependencies": { - "yallist": "^4.0.0" - }, - "engines": { - "node": ">=10" - } - }, - "node_modules/openid-client/node_modules/yallist": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", - "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==" - }, "node_modules/optionator": { "version": "0.9.3", "resolved": "https://registry.npmjs.org/optionator/-/optionator-0.9.3.tgz", @@ -29257,23 +29288,6 @@ "node": ">= 0.8" } }, - "node_modules/passport": { - "version": "0.6.0", - "resolved": "https://registry.npmjs.org/passport/-/passport-0.6.0.tgz", - "integrity": "sha512-0fe+p3ZnrWRW74fe8+SvCyf4a3Pb2/h7gFkQ8yTJpAO50gDzlfjZUZTO1k5Eg9kUct22OxHLqDZoKUWRHOh9ug==", - "dependencies": { - "passport-strategy": "1.x.x", - "pause": "0.0.1", - "utils-merge": "^1.0.1" - }, - "engines": { - "node": ">= 0.4.0" - }, - "funding": { - "type": "github", - "url": "https://github.com/sponsors/jaredhanson" - } - }, "node_modules/passport-apple": { "version": "2.0.2", "resolved": "https://registry.npmjs.org/passport-apple/-/passport-apple-2.0.2.tgz",