✨ v0.7.5-rc1 (#3807)

* fix: markdown rehype highlight accidental removal

* fix: USE_REDIS condition check

* fix: markdown list counter

.env.example

@@ -65,6 +65,7 @@ PROXY=
 # ANYSCALE_API_KEY=
 # APIPIE_API_KEY=
 # COHERE_API_KEY=
+# DEEPSEEK_API_KEY=
 # DATABRICKS_API_KEY=
 # FIREWORKS_API_KEY=
 # GROQ_API_KEY=
@@ -74,6 +75,7 @@ PROXY=
 # PERPLEXITY_API_KEY=
 # SHUTTLEAI_API_KEY=
 # TOGETHERAI_API_KEY=
+# UNIFY_API_KEY=
 
 #============#
 # Anthropic  #
@@ -87,7 +89,6 @@ ANTHROPIC_API_KEY=user_provided
 # Azure      #
 #============#
 
-
 # Note: these variables are DEPRECATED
 # Use the `librechat.yaml` configuration for `azureOpenAI` instead
 # You may also continue to use them if you opt out of using the `librechat.yaml` configuration
@@ -117,7 +118,7 @@ BINGAI_TOKEN=user_provided
 GOOGLE_KEY=user_provided
 # GOOGLE_REVERSE_PROXY=
 
-# Gemini API
+# Gemini API (AI Studio)
 # GOOGLE_MODELS=gemini-1.5-flash-latest,gemini-1.0-pro,gemini-1.0-pro-001,gemini-1.0-pro-latest,gemini-1.0-pro-vision-latest,gemini-1.5-pro-latest,gemini-pro,gemini-pro-vision
 
 # Vertex AI
@@ -125,26 +126,30 @@ GOOGLE_KEY=user_provided
 
 # GOOGLE_TITLE_MODEL=gemini-pro
 
-# Google Gemini Safety Settings
-# NOTE (Vertex AI): You do not have access to the BLOCK_NONE setting by default.
-# To use this restricted HarmBlockThreshold setting, you will need to either:
+# Google Safety Settings
+# NOTE: These settings apply to both Vertex AI and Gemini API (AI Studio)
 #
-# (a) Get access through an allowlist via your Google account team
-# (b) Switch your account type to monthly invoiced billing following this instruction:
-#     https://cloud.google.com/billing/docs/how-to/invoiced-billing
+# For Vertex AI:
+# To use the BLOCK_NONE setting, you need either:
+# (a) Access through an allowlist via your Google account team, or
+# (b) Switch to monthly invoiced billing: https://cloud.google.com/billing/docs/how-to/invoiced-billing
+#
+# For Gemini API (AI Studio):
+# BLOCK_NONE is available by default, no special account requirements.
+#
+# Available options: BLOCK_NONE, BLOCK_ONLY_HIGH, BLOCK_MEDIUM_AND_ABOVE, BLOCK_LOW_AND_ABOVE
 #
 # GOOGLE_SAFETY_SEXUALLY_EXPLICIT=BLOCK_ONLY_HIGH
 # GOOGLE_SAFETY_HATE_SPEECH=BLOCK_ONLY_HIGH
 # GOOGLE_SAFETY_HARASSMENT=BLOCK_ONLY_HIGH
 # GOOGLE_SAFETY_DANGEROUS_CONTENT=BLOCK_ONLY_HIGH
 
-
 #============#
 # OpenAI     #
 #============#
 
 OPENAI_API_KEY=user_provided
-# OPENAI_MODELS=gpt-4o,gpt-3.5-turbo-0125,gpt-3.5-turbo-0301,gpt-3.5-turbo,gpt-4,gpt-4-0613,gpt-4-vision-preview,gpt-3.5-turbo-0613,gpt-3.5-turbo-16k-0613,gpt-4-0125-preview,gpt-4-turbo-preview,gpt-4-1106-preview,gpt-3.5-turbo-1106,gpt-3.5-turbo-instruct,gpt-3.5-turbo-instruct-0914,gpt-3.5-turbo-16k
+# OPENAI_MODELS=gpt-4o,chatgpt-4o-latest,gpt-4o-mini,gpt-3.5-turbo-0125,gpt-3.5-turbo-0301,gpt-3.5-turbo,gpt-4,gpt-4-0613,gpt-4-vision-preview,gpt-3.5-turbo-0613,gpt-3.5-turbo-16k-0613,gpt-4-0125-preview,gpt-4-turbo-preview,gpt-4-1106-preview,gpt-3.5-turbo-1106,gpt-3.5-turbo-instruct,gpt-3.5-turbo-instruct-0914,gpt-3.5-turbo-16k
 
 DEBUG_OPENAI=false
 
@@ -166,7 +171,7 @@ DEBUG_OPENAI=false
 
 ASSISTANTS_API_KEY=user_provided
 # ASSISTANTS_BASE_URL=
-# ASSISTANTS_MODELS=gpt-4o,gpt-3.5-turbo-0125,gpt-3.5-turbo-16k-0613,gpt-3.5-turbo-16k,gpt-3.5-turbo,gpt-4,gpt-4-0314,gpt-4-32k-0314,gpt-4-0613,gpt-3.5-turbo-0613,gpt-3.5-turbo-1106,gpt-4-0125-preview,gpt-4-turbo-preview,gpt-4-1106-preview
+# ASSISTANTS_MODELS=gpt-4o,gpt-4o-mini,gpt-3.5-turbo-0125,gpt-3.5-turbo-16k-0613,gpt-3.5-turbo-16k,gpt-3.5-turbo,gpt-4,gpt-4-0314,gpt-4-32k-0314,gpt-4-0613,gpt-3.5-turbo-0613,gpt-3.5-turbo-1106,gpt-4-0125-preview,gpt-4-turbo-preview,gpt-4-1106-preview
 
 #==========================#
 #   Azure Assistants API   #
@@ -188,7 +193,7 @@ ASSISTANTS_API_KEY=user_provided
 # Plugins    #
 #============#
 
-# PLUGIN_MODELS=gpt-4o,gpt-4,gpt-4-turbo-preview,gpt-4-0125-preview,gpt-4-1106-preview,gpt-4-0613,gpt-3.5-turbo,gpt-3.5-turbo-0125,gpt-3.5-turbo-1106,gpt-3.5-turbo-0613
+# PLUGIN_MODELS=gpt-4o,gpt-4o-mini,gpt-4,gpt-4-turbo-preview,gpt-4-0125-preview,gpt-4-1106-preview,gpt-4-0613,gpt-3.5-turbo,gpt-3.5-turbo-0125,gpt-3.5-turbo-1106,gpt-3.5-turbo-0613
 
 DEBUG_PLUGINS=true
 
@@ -261,7 +266,6 @@ MEILI_NO_ANALYTICS=true
 MEILI_HOST=http://0.0.0.0:7700
 MEILI_MASTER_KEY=DrhYf7zENyR6AlUCKmnz0eYASOQdl6zxH7s7MKFSfFCt
 
-
 #==================================================#
 #          Speech to Text & Text to Speech         #
 #==================================================#
@@ -269,6 +273,16 @@ MEILI_MASTER_KEY=DrhYf7zENyR6AlUCKmnz0eYASOQdl6zxH7s7MKFSfFCt
 STT_API_KEY=
 TTS_API_KEY=
 
+#==================================================#
+#                        RAG                       #
+#==================================================#
+# More info: https://www.librechat.ai/docs/configuration/rag_api
+
+# RAG_OPENAI_BASEURL=
+# RAG_OPENAI_API_KEY=
+# EMBEDDINGS_PROVIDER=openai
+# EMBEDDINGS_MODEL=text-embedding-3-small
+
 #===================================================#
 #                    User System                    #
 #===================================================#
@@ -374,6 +388,8 @@ LDAP_BIND_CREDENTIALS=
 LDAP_USER_SEARCH_BASE=
 LDAP_SEARCH_FILTER=mail={{username}}
 LDAP_CA_CERT_PATH=
+# LDAP_TLS_REJECT_UNAUTHORIZED=
+# LDAP_LOGIN_USES_USERNAME=true
 # LDAP_ID=
 # LDAP_USERNAME=
 # LDAP_FULL_NAME=
@@ -411,6 +427,18 @@ FIREBASE_APP_ID=
 ALLOW_SHARED_LINKS=true
 ALLOW_SHARED_LINKS_PUBLIC=true
 
+#==============================#
+# Static File Cache Control    #
+#==============================#
+
+# Leave commented out to use defaults: 1 day (86400 seconds) for s-maxage and 2 days (172800 seconds) for max-age
+# NODE_ENV must be set to production for these to take effect
+# STATIC_CACHE_MAX_AGE=172800
+# STATIC_CACHE_S_MAX_AGE=86400
+
+# If you have another service in front of your LibreChat doing compression, disable express based compression here
+# DISABLE_COMPRESSION=true
+
 #===================================================#
 #                        UI                         #
 #===================================================#

.eslintrc.js

@@ -12,6 +12,7 @@ module.exports = {
     'plugin:react-hooks/recommended',
     'plugin:jest/recommended',
     'prettier',
+    'plugin:jsx-a11y/recommended',
   ],
   ignorePatterns: [
     'client/dist/**/*',
@@ -32,7 +33,7 @@ module.exports = {
       jsx: true,
     },
   },
-  plugins: ['react', 'react-hooks', '@typescript-eslint', 'import'],
+  plugins: ['react', 'react-hooks', '@typescript-eslint', 'import', 'jsx-a11y'],
   rules: {
     'react/react-in-jsx-scope': 'off',
     '@typescript-eslint/ban-ts-comment': ['error', { 'ts-ignore': 'allow' }],
@@ -65,6 +66,7 @@ module.exports = {
     'no-restricted-syntax': 'off',
     'react/prop-types': ['off'],
     'react/display-name': ['off'],
+    'no-nested-ternary': 'error',
     'no-unused-vars': ['error', { varsIgnorePattern: '^_' }],
     quotes: ['error', 'single'],
   },
@@ -118,6 +120,8 @@ module.exports = {
       ],
       rules: {
         '@typescript-eslint/no-explicit-any': 'error',
+        '@typescript-eslint/no-unnecessary-condition': 'warn',
+        '@typescript-eslint/strict-boolean-expressions': 'warn',
       },
     },
     {

.github/workflows/a11y.yml

@@ -0,0 +1,26 @@
+name: Lint for accessibility issues
+
+on:
+  pull_request:
+    paths:
+      - 'client/src/**'
+  workflow_dispatch:
+    inputs:
+      run_workflow:
+        description: 'Set to true to run this workflow'
+        required: true
+        default: 'false'
+
+jobs:
+  axe-linter:
+    runs-on: ubuntu-latest
+    if: >
+      (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == 'danny-avila/LibreChat') ||
+      (github.event_name == 'workflow_dispatch' && github.event.inputs.run_workflow == 'true')
+    
+    steps:
+      - uses: actions/checkout@v4
+      - uses: dequelabs/axe-linter-action@v1
+        with:
+          api_key: ${{ secrets.AXE_LINTER_API_KEY }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/deploy-dev.yml

@@ -0,0 +1,41 @@
+name: Update Test Server
+
+on:
+  workflow_run:
+    workflows: ["Docker Dev Images Build"]
+    types:
+      - completed
+  workflow_dispatch:
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    if: |
+      github.repository == 'danny-avila/LibreChat' &&
+      (github.event_name == 'workflow_dispatch' || github.event.workflow_run.conclusion == 'success')
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - name: Install SSH Key
+      uses: shimataro/ssh-key-action@v2
+      with:
+        key: ${{ secrets.DO_SSH_PRIVATE_KEY }}
+        known_hosts: ${{ secrets.DO_KNOWN_HOSTS }}
+
+    - name: Run update script on DigitalOcean Droplet
+      env:
+        DO_HOST: ${{ secrets.DO_HOST }}
+        DO_USER: ${{ secrets.DO_USER }}
+      run: |
+        ssh -o StrictHostKeyChecking=no ${DO_USER}@${DO_HOST} << EOF
+        sudo -i -u danny bash << EEOF
+        cd ~/LibreChat && \
+        git fetch origin main && \
+        npm run update:deployed && \
+        git checkout do-deploy && \
+        git rebase main && \
+        npm run start:deployed && \
+        echo "Update completed. Application should be running now."
+        EEOF
+        EOF

.github/workflows/helmcharts.yml

@@ -0,0 +1,35 @@
+name: Build Helm Charts on Tag
+
+# The workflow is triggered when a tag is pushed
+on:
+  push:
+    tags:
+      - "*"
+
+jobs:
+  release:
+    permissions:
+      contents: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Configure Git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
+
+      - name: Install Helm
+        uses: azure/setup-helm@v4
+        env:
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"       
+
+      - name: Run chart-releaser
+        uses: helm/chart-releaser-action@v1.6.0
+        with:
+          charts_dir: helmchart
+        env:
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

.vscode/launch.json

@@ -0,0 +1,16 @@
+{
+  "version": "0.2.0",
+  "configurations": [
+    {
+      "type": "node",
+      "request": "launch",
+      "name": "Launch LibreChat (debug)",
+      "skipFiles": ["<node_internals>/**"],
+      "program": "${workspaceFolder}/api/server/index.js",
+      "env": {
+        "NODE_ENV": "production"
+      },
+      "console": "integratedTerminal"
+    }
+  ]
+}

Dockerfile

@@ -1,4 +1,4 @@
-# v0.7.3
+# v0.7.5-rc1
 
 # Base node image
 FROM node:20-alpine AS node

Dockerfile.multi

@@ -1,43 +1,44 @@
-# v0.7.3
+# Dockerfile.multi
+# v0.7.5-rc1
 
-# Build API, Client and Data Provider
+# Base for all builds
 FROM node:20-alpine AS base
+WORKDIR /app
+RUN apk --no-cache add curl
+RUN npm config set fetch-retry-maxtimeout 600000 && \
+    npm config set fetch-retries 5 && \
+    npm config set fetch-retry-mintimeout 15000
+COPY package*.json ./
+COPY packages/data-provider/package*.json ./packages/data-provider/
+COPY client/package*.json ./client/
+COPY api/package*.json ./api/
+RUN npm ci
 
 # Build data-provider
 FROM base AS data-provider-build
 WORKDIR /app/packages/data-provider
-COPY ./packages/data-provider ./
-RUN npm install; npm cache clean --force
+COPY packages/data-provider ./
 RUN npm run build
 RUN npm prune --production
 
-# React client build
+# Client build
 FROM base AS client-build
 WORKDIR /app/client
-COPY ./client/package*.json ./
-# Copy data-provider to client's node_modules
-COPY --from=data-provider-build /app/packages/data-provider/ /app/client/node_modules/librechat-data-provider/
-RUN npm install; npm cache clean --force
-COPY ./client/ ./
+COPY client ./
+COPY --from=data-provider-build /app/packages/data-provider/dist /app/packages/data-provider/dist
 ENV NODE_OPTIONS="--max-old-space-size=2048"
 RUN npm run build
+RUN npm prune --production
 
-# Node API setup
+# API setup (including client dist)
 FROM base AS api-build
+WORKDIR /app
+COPY api ./api
+COPY config ./config
+COPY --from=data-provider-build /app/packages/data-provider/dist ./packages/data-provider/dist
+COPY --from=client-build /app/client/dist ./client/dist
 WORKDIR /app/api
-COPY api/package*.json ./
-COPY api/ ./
-# Copy helper scripts
-COPY config/ ./
-# Copy data-provider to API's node_modules
-COPY --from=data-provider-build /app/packages/data-provider/ /app/api/node_modules/librechat-data-provider/
-RUN npm install --include prod; npm cache clean --force
-COPY --from=client-build /app/client/dist /app/client/dist
+RUN npm prune --production
 EXPOSE 3080
 ENV HOST=0.0.0.0
 CMD ["node", "server/index.js"]
-
-# Nginx setup
-FROM nginx:1.21.1-alpine AS prod-stage
-COPY ./client/nginx.conf /etc/nginx/conf.d/default.conf
-CMD ["nginx", "-g", "daemon off;"]

README.md

@@ -50,7 +50,7 @@
 - 🔄 Edit, Resubmit, and Continue Messages with Conversation branching
 - 🌿 Fork Messages & Conversations for Advanced Context control
 - 💬 Multimodal Chat:
-    - Upload and analyze images with Claude 3, GPT-4 (including `gpt-4o`), and Gemini Vision 📸
+    - Upload and analyze images with Claude 3, GPT-4 (including `gpt-4o` and `gpt-4o-mini`), and Gemini Vision 📸
     - Chat with Files using Custom Endpoints, OpenAI, Azure, Anthropic, & Google. 🗃️
     - Advanced Agents with Files, Code Interpreter, Tools, and API Actions 🔦
       - Available through the [OpenAI Assistants API](https://platform.openai.com/docs/assistants/overview) 🌤️
@@ -81,7 +81,7 @@ LibreChat brings together the future of assistant AIs with the revolutionary tec
 
 With LibreChat, you no longer need to opt for ChatGPT Plus and can instead use free or pay-per-call APIs. We welcome contributions, cloning, and forking to enhance the capabilities of this advanced chatbot platform.
 
-[![Watch the video](https://img.youtube.com/vi/bSVHEbVPNl4/maxresdefault.jpg)](https://www.youtube.com/watch?v=bSVHEbVPNl4)
+[![Watch the video](https://raw.githubusercontent.com/LibreChat-AI/librechat.ai/main/public/images/changelog/v0.7.4.png)](https://www.youtube.com/watch?v=cvosUxogdpI)
 Click on the thumbnail to open the video☝️
 
 ---

api/app/clients/AnthropicClient.js

@@ -2,20 +2,24 @@ const Anthropic = require('@anthropic-ai/sdk');
 const { HttpsProxyAgent } = require('https-proxy-agent');
 const { encoding_for_model: encodingForModel, get_encoding: getEncoding } = require('tiktoken');
 const {
-  getResponseSender,
+  Constants,
   EModelEndpoint,
+  anthropicSettings,
+  getResponseSender,
   validateVisionModel,
 } = require('librechat-data-provider');
 const { encodeAndFormat } = require('~/server/services/Files/images/encode');
 const {
   truncateText,
   formatMessage,
+  addCacheControl,
   titleFunctionPrompt,
   parseParamFromPrompt,
   createContextHandlers,
 } = require('./prompts');
-const spendTokens = require('~/models/spendTokens');
-const { getModelMaxTokens } = require('~/utils');
+const { spendTokens, spendStructuredTokens } = require('~/models/spendTokens');
+const { getModelMaxTokens, matchModelName } = require('~/utils');
+const { sleep } = require('~/server/utils');
 const BaseClient = require('./BaseClient');
 const { logger } = require('~/config');
 
@@ -29,6 +33,9 @@ function delayBeforeRetry(attempts, baseDelay = 1000) {
   return new Promise((resolve) => setTimeout(resolve, baseDelay * attempts));
 }
 
+const tokenEventTypes = new Set(['message_start', 'message_delta']);
+const { legacy } = anthropicSettings;
+
 class AnthropicClient extends BaseClient {
   constructor(apiKey, options = {}) {
     super(apiKey, options);
@@ -39,6 +46,24 @@ class AnthropicClient extends BaseClient {
       ? options.contextStrategy.toLowerCase()
       : 'discard';
     this.setOptions(options);
+    /** @type {string | undefined} */
+    this.systemMessage;
+    /** @type {AnthropicMessageStartEvent| undefined} */
+    this.message_start;
+    /** @type {AnthropicMessageDeltaEvent| undefined} */
+    this.message_delta;
+    /** Whether the model is part of the Claude 3 Family
+     * @type {boolean} */
+    this.isClaude3;
+    /** Whether to use Messages API or Completions API
+     * @type {boolean} */
+    this.useMessages;
+    /** Whether or not the model is limited to the legacy amount of output tokens
+     * @type {boolean} */
+    this.isLegacyOutput;
+    /** Whether or not the model supports Prompt Caching
+     * @type {boolean} */
+    this.supportsCacheControl;
   }
 
   setOptions(options) {
@@ -58,18 +83,28 @@ class AnthropicClient extends BaseClient {
       this.options = options;
     }
 
-    const modelOptions = this.options.modelOptions || {};
-    this.modelOptions = {
-      ...modelOptions,
-      // set some good defaults (check for undefined in some cases because they may be 0)
-      model: modelOptions.model || 'claude-1',
-      temperature: typeof modelOptions.temperature === 'undefined' ? 1 : modelOptions.temperature, // 0 - 1, 1 is default
-      topP: typeof modelOptions.topP === 'undefined' ? 0.7 : modelOptions.topP, // 0 - 1, default: 0.7
-      topK: typeof modelOptions.topK === 'undefined' ? 40 : modelOptions.topK, // 1-40, default: 40
-      stop: modelOptions.stop, // no stop method for now
-    };
+    this.modelOptions = Object.assign(
+      {
+        model: anthropicSettings.model.default,
+      },
+      this.modelOptions,
+      this.options.modelOptions,
+    );
+
+    const modelMatch = matchModelName(this.modelOptions.model, EModelEndpoint.anthropic);
+    this.isClaude3 = modelMatch.startsWith('claude-3');
+    this.isLegacyOutput = !modelMatch.startsWith('claude-3-5-sonnet');
+    this.supportsCacheControl =
+      this.options.promptCache && this.checkPromptCacheSupport(modelMatch);
+
+    if (
+      this.isLegacyOutput &&
+      this.modelOptions.maxOutputTokens &&
+      this.modelOptions.maxOutputTokens > legacy.maxOutputTokens.default
+    ) {
+      this.modelOptions.maxOutputTokens = legacy.maxOutputTokens.default;
+    }
 
-    this.isClaude3 = this.modelOptions.model.includes('claude-3');
     this.useMessages = this.isClaude3 || !!this.options.attachments;
 
     this.defaultVisionModel = this.options.visionModel ?? 'claude-3-sonnet-20240229';
@@ -119,10 +154,11 @@ class AnthropicClient extends BaseClient {
 
   /**
    * Get the initialized Anthropic client.
+   * @param {Partial<Anthropic.ClientOptions>} requestOptions - The options for the client.
    * @returns {Anthropic} The Anthropic client instance.
    */
-  getClient() {
-    /** @type {Anthropic.default.RequestOptions} */
+  getClient(requestOptions) {
+    /** @type {Anthropic.ClientOptions} */
     const options = {
       fetch: this.fetch,
       apiKey: this.apiKey,
@@ -136,13 +172,74 @@ class AnthropicClient extends BaseClient {
       options.baseURL = this.options.reverseProxyUrl;
     }
 
+    if (
+      this.supportsCacheControl &&
+      requestOptions?.model &&
+      requestOptions.model.includes('claude-3-5-sonnet')
+    ) {
+      options.defaultHeaders = {
+        'anthropic-beta': 'max-tokens-3-5-sonnet-2024-07-15,prompt-caching-2024-07-31',
+      };
+    } else if (this.supportsCacheControl) {
+      options.defaultHeaders = {
+        'anthropic-beta': 'prompt-caching-2024-07-31',
+      };
+    }
+
     return new Anthropic(options);
   }
 
-  getTokenCountForResponse(response) {
+  /**
+   * Get stream usage as returned by this client's API response.
+   * @returns {AnthropicStreamUsage} The stream usage object.
+   */
+  getStreamUsage() {
+    const inputUsage = this.message_start?.message?.usage ?? {};
+    const outputUsage = this.message_delta?.usage ?? {};
+    return Object.assign({}, inputUsage, outputUsage);
+  }
+
+  /**
+   * Calculates the correct token count for the current message based on the token count map and API usage.
+   * Edge case: If the calculation results in a negative value, it returns the original estimate.
+   * If revisiting a conversation with a chat history entirely composed of token estimates,
+   * the cumulative token count going forward should become more accurate as the conversation progresses.
+   * @param {Object} params - The parameters for the calculation.
+   * @param {Record<string, number>} params.tokenCountMap - A map of message IDs to their token counts.
+   * @param {string} params.currentMessageId - The ID of the current message to calculate.
+   * @param {AnthropicStreamUsage} params.usage - The usage object returned by the API.
+   * @returns {number} The correct token count for the current message.
+   */
+  calculateCurrentTokenCount({ tokenCountMap, currentMessageId, usage }) {
+    const originalEstimate = tokenCountMap[currentMessageId] || 0;
+
+    if (!usage || typeof usage.input_tokens !== 'number') {
+      return originalEstimate;
+    }
+
+    tokenCountMap[currentMessageId] = 0;
+    const totalTokensFromMap = Object.values(tokenCountMap).reduce((sum, count) => {
+      const numCount = Number(count);
+      return sum + (isNaN(numCount) ? 0 : numCount);
+    }, 0);
+    const totalInputTokens =
+      (usage.input_tokens ?? 0) +
+      (usage.cache_creation_input_tokens ?? 0) +
+      (usage.cache_read_input_tokens ?? 0);
+
+    const currentMessageTokens = totalInputTokens - totalTokensFromMap;
+    return currentMessageTokens > 0 ? currentMessageTokens : originalEstimate;
+  }
+
+  /**
+   * Get Token Count for LibreChat Message
+   * @param {TMessage} responseMessage
+   * @returns {number}
+   */
+  getTokenCountForResponse(responseMessage) {
     return this.getTokenCountForMessage({
       role: 'assistant',
-      content: response.text,
+      content: responseMessage.text,
     });
   }
 
@@ -195,7 +292,38 @@ class AnthropicClient extends BaseClient {
     return files;
   }
 
-  async recordTokenUsage({ promptTokens, completionTokens, model, context = 'message' }) {
+  /**
+   * @param {object} params
+   * @param {number} params.promptTokens
+   * @param {number} params.completionTokens
+   * @param {AnthropicStreamUsage} [params.usage]
+   * @param {string} [params.model]
+   * @param {string} [params.context='message']
+   * @returns {Promise<void>}
+   */
+  async recordTokenUsage({ promptTokens, completionTokens, usage, model, context = 'message' }) {
+    if (usage != null && usage?.input_tokens != null) {
+      const input = usage.input_tokens ?? 0;
+      const write = usage.cache_creation_input_tokens ?? 0;
+      const read = usage.cache_read_input_tokens ?? 0;
+
+      await spendStructuredTokens(
+        {
+          context,
+          user: this.user,
+          conversationId: this.conversationId,
+          model: model ?? this.modelOptions.model,
+          endpointTokenConfig: this.options.endpointTokenConfig,
+        },
+        {
+          promptTokens: { input, write, read },
+          completionTokens,
+        },
+      );
+
+      return;
+    }
+
     await spendTokens(
       {
         context,
@@ -543,6 +671,18 @@ class AnthropicClient extends BaseClient {
       : await client.completions.create(options);
   }
 
+  /**
+   * @param {string} modelName
+   * @returns {boolean}
+   */
+  checkPromptCacheSupport(modelName) {
+    const modelMatch = matchModelName(modelName, EModelEndpoint.anthropic);
+    if (modelMatch === 'claude-3-5-sonnet' || modelMatch === 'claude-3-haiku') {
+      return true;
+    }
+    return false;
+  }
+
   async sendCompletion(payload, { onProgress, abortController }) {
     if (!abortController) {
       abortController = new AbortController();
@@ -556,8 +696,6 @@ class AnthropicClient extends BaseClient {
     }
 
     logger.debug('modelOptions', { modelOptions });
-
-    const client = this.getClient();
     const metadata = {
       user_id: this.user,
     };
@@ -585,16 +723,28 @@ class AnthropicClient extends BaseClient {
 
     if (this.useMessages) {
       requestOptions.messages = payload;
-      requestOptions.max_tokens = maxOutputTokens || 1500;
+      requestOptions.max_tokens = maxOutputTokens || legacy.maxOutputTokens.default;
     } else {
       requestOptions.prompt = payload;
       requestOptions.max_tokens_to_sample = maxOutputTokens || 1500;
     }
 
-    if (this.systemMessage) {
+    if (this.systemMessage && this.supportsCacheControl === true) {
+      requestOptions.system = [
+        {
+          type: 'text',
+          text: this.systemMessage,
+          cache_control: { type: 'ephemeral' },
+        },
+      ];
+    } else if (this.systemMessage) {
       requestOptions.system = this.systemMessage;
     }
 
+    if (this.supportsCacheControl === true && this.useMessages) {
+      requestOptions.messages = addCacheControl(requestOptions.messages);
+    }
+
     logger.debug('[AnthropicClient]', { ...requestOptions });
 
     const handleChunk = (currentChunk) => {
@@ -605,12 +755,14 @@ class AnthropicClient extends BaseClient {
     };
 
     const maxRetries = 3;
+    const streamRate = this.options.streamRate ?? Constants.DEFAULT_STREAM_RATE;
     async function processResponse() {
       let attempts = 0;
 
       while (attempts < maxRetries) {
         let response;
         try {
+          const client = this.getClient(requestOptions);
           response = await this.createResponse(client, requestOptions);
 
           signal.addEventListener('abort', () => {
@@ -622,11 +774,18 @@ class AnthropicClient extends BaseClient {
 
           for await (const completion of response) {
             // Handle each completion as before
+            const type = completion?.type ?? '';
+            if (tokenEventTypes.has(type)) {
+              logger.debug(`[AnthropicClient] ${type}`, completion);
+              this[type] = completion;
+            }
             if (completion?.delta?.text) {
               handleChunk(completion.delta.text);
             } else if (completion.completion) {
               handleChunk(completion.completion);
             }
+
+            await sleep(streamRate);
           }
 
           // Successful processing, exit loop
@@ -663,6 +822,7 @@ class AnthropicClient extends BaseClient {
       maxContextTokens: this.options.maxContextTokens,
       promptPrefix: this.options.promptPrefix,
       modelLabel: this.options.modelLabel,
+      promptCache: this.options.promptCache,
       resendFiles: this.options.resendFiles,
       iconURL: this.options.iconURL,
       greeting: this.options.greeting,
@@ -708,6 +868,8 @@ class AnthropicClient extends BaseClient {
    */
   async titleConvo({ text, responseText = '' }) {
     let title = 'New Chat';
+    this.message_delta = undefined;
+    this.message_start = undefined;
     const convo = `<initial_message>
   ${truncateText(text)}
   </initial_message>
@@ -737,7 +899,11 @@ class AnthropicClient extends BaseClient {
       };
 
       try {
-        const response = await this.createResponse(this.getClient(), requestOptions, true);
+        const response = await this.createResponse(
+          this.getClient(requestOptions),
+          requestOptions,
+          true,
+        );
         let promptTokens = response?.usage?.input_tokens;
         let completionTokens = response?.usage?.output_tokens;
         if (!promptTokens) {

api/app/clients/BaseClient.js

@@ -1,10 +1,11 @@
 const crypto = require('crypto');
 const fetch = require('node-fetch');
-const { supportsBalanceCheck, Constants } = require('librechat-data-provider');
+const { supportsBalanceCheck, Constants, CacheKeys, Time } = require('librechat-data-provider');
 const { getMessages, saveMessage, updateMessage, saveConvo } = require('~/models');
 const { addSpaceIfNeeded, isEnabled } = require('~/server/utils');
 const checkBalance = require('~/models/checkBalance');
 const { getFiles } = require('~/models/File');
+const { getLogStores } = require('~/cache');
 const TextStream = require('./TextStream');
 const { logger } = require('~/config');
 
@@ -53,10 +54,22 @@ class BaseClient {
     throw new Error('Subclasses attempted to call summarizeMessages without implementing it');
   }
 
-  async getTokenCountForResponse(response) {
-    logger.debug('`[BaseClient] recordTokenUsage` not implemented.', response);
+  /**
+   * Abstract method to get the token count for a message. Subclasses must implement this method.
+   * @param {TMessage} responseMessage
+   * @returns {number}
+   */
+  getTokenCountForResponse(responseMessage) {
+    logger.debug('`[BaseClient] recordTokenUsage` not implemented.', responseMessage);
   }
 
+  /**
+   * Abstract method to record token usage. Subclasses must implement this method.
+   * If a correction to the token usage is needed, the method should return an object with the corrected token counts.
+   * @param {number} promptTokens
+   * @param {number} completionTokens
+   * @returns {Promise<void>}
+   */
   async recordTokenUsage({ promptTokens, completionTokens }) {
     logger.debug('`[BaseClient] recordTokenUsage` not implemented.', {
       promptTokens,
@@ -535,15 +548,105 @@ class BaseClient {
       this.getTokenCountForResponse &&
       this.getTokenCount
     ) {
-      responseMessage.tokenCount = this.getTokenCountForResponse(responseMessage);
-      const completionTokens = this.getTokenCount(completion);
-      await this.recordTokenUsage({ promptTokens, completionTokens });
+      let completionTokens;
+
+      /**
+       * Metadata about input/output costs for the current message. The client
+       * should provide a function to get the current stream usage metadata; if not,
+       * use the legacy token estimations.
+       * @type {StreamUsage | null} */
+      const usage = this.getStreamUsage != null ? this.getStreamUsage() : null;
+
+      if (usage != null && Number(usage.output_tokens) > 0) {
+        responseMessage.tokenCount = usage.output_tokens;
+        completionTokens = responseMessage.tokenCount;
+        await this.updateUserMessageTokenCount({ usage, tokenCountMap, userMessage, opts });
+      } else {
+        responseMessage.tokenCount = this.getTokenCountForResponse(responseMessage);
+        completionTokens = this.getTokenCount(completion);
+      }
+
+      await this.recordTokenUsage({ promptTokens, completionTokens, usage });
     }
+
+    if (this.userMessagePromise) {
+      await this.userMessagePromise;
+    }
+
     this.responsePromise = this.saveMessageToDatabase(responseMessage, saveOptions, user);
+    const messageCache = getLogStores(CacheKeys.MESSAGES);
+    messageCache.set(
+      responseMessageId,
+      {
+        text: responseMessage.text,
+        complete: true,
+      },
+      Time.FIVE_MINUTES,
+    );
     delete responseMessage.tokenCount;
     return responseMessage;
   }
 
+  /**
+   * Stream usage should only be used for user message token count re-calculation if:
+   * - The stream usage is available, with input tokens greater than 0,
+   * - the client provides a function to calculate the current token count,
+   * - files are being resent with every message (default behavior; or if `false`, with no attachments),
+   * - the `promptPrefix` (custom instructions) is not set.
+   *
+   * In these cases, the legacy token estimations would be more accurate.
+   *
+   * TODO: included system messages in the `orderedMessages` accounting, potentially as a
+   * separate message in the UI. ChatGPT does this through "hidden" system messages.
+   * @param {object} params
+   * @param {StreamUsage} params.usage
+   * @param {Record<string, number>} params.tokenCountMap
+   * @param {TMessage} params.userMessage
+   * @param {object} params.opts
+   */
+  async updateUserMessageTokenCount({ usage, tokenCountMap, userMessage, opts }) {
+    /** @type {boolean} */
+    const shouldUpdateCount =
+      this.calculateCurrentTokenCount != null &&
+      Number(usage.input_tokens) > 0 &&
+      (this.options.resendFiles ||
+        (!this.options.resendFiles && !this.options.attachments?.length)) &&
+      !this.options.promptPrefix;
+
+    if (!shouldUpdateCount) {
+      return;
+    }
+
+    const userMessageTokenCount = this.calculateCurrentTokenCount({
+      currentMessageId: userMessage.messageId,
+      tokenCountMap,
+      usage,
+    });
+
+    if (userMessageTokenCount === userMessage.tokenCount) {
+      return;
+    }
+
+    userMessage.tokenCount = userMessageTokenCount;
+    /*
+      Note: `AskController` saves the user message, so we update the count of its `userMessage` reference
+    */
+    if (typeof opts?.getReqData === 'function') {
+      opts.getReqData({
+        userMessage,
+      });
+    }
+    /*
+      Note: we update the user message to be sure it gets the calculated token count;
+      though `AskController` saves the user message, EditController does not
+    */
+    await this.userMessagePromise;
+    await this.updateMessageInDatabase({
+      messageId: userMessage.messageId,
+      tokenCount: userMessageTokenCount,
+    });
+  }
+
   async loadHistory(conversationId, parentMessageId = null) {
     logger.debug('[BaseClient] Loading history:', { conversationId, parentMessageId });
 
@@ -598,28 +701,45 @@ class BaseClient {
    * @param {string | null} user
    */
   async saveMessageToDatabase(message, endpointOptions, user = null) {
-    const savedMessage = await saveMessage({
-      ...message,
-      endpoint: this.options.endpoint,
-      unfinished: false,
-      user,
-    });
+    if (this.user && user !== this.user) {
+      throw new Error('User mismatch.');
+    }
+
+    const savedMessage = await saveMessage(
+      this.options.req,
+      {
+        ...message,
+        endpoint: this.options.endpoint,
+        unfinished: false,
+        user,
+      },
+      { context: 'api/app/clients/BaseClient.js - saveMessageToDatabase #saveMessage' },
+    );
 
     if (this.skipSaveConvo) {
       return { message: savedMessage };
     }
-    const conversation = await saveConvo(user, {
-      conversationId: message.conversationId,
-      endpoint: this.options.endpoint,
-      endpointType: this.options.endpointType,
-      ...endpointOptions,
-    });
+
+    const conversation = await saveConvo(
+      this.options.req,
+      {
+        conversationId: message.conversationId,
+        endpoint: this.options.endpoint,
+        endpointType: this.options.endpointType,
+        ...endpointOptions,
+      },
+      { context: 'api/app/clients/BaseClient.js - saveMessageToDatabase #saveConvo' },
+    );
 
     return { message: savedMessage, conversation };
   }
 
+  /**
+   * Update a message in the database.
+   * @param {Partial<TMessage>} message
+   */
   async updateMessageInDatabase(message) {
-    await updateMessage(message);
+    await updateMessage(this.options.req, message);
   }
 
   /**

api/app/clients/GoogleClient.js

@@ -13,10 +13,12 @@ const {
   endpointSettings,
   EModelEndpoint,
   VisionModes,
+  Constants,
   AuthKeys,
 } = require('librechat-data-provider');
 const { encodeAndFormat } = require('~/server/services/Files/images');
 const { getModelMaxTokens } = require('~/utils');
+const { sleep } = require('~/server/utils');
 const { logger } = require('~/config');
 const {
   formatMessage,
@@ -118,19 +120,7 @@ class GoogleClient extends BaseClient {
       .filter((ex) => ex)
       .filter((obj) => obj.input.content !== '' && obj.output.content !== '');
 
-    const modelOptions = this.options.modelOptions || {};
-    this.modelOptions = {
-      ...modelOptions,
-      // set some good defaults (check for undefined in some cases because they may be 0)
-      model: modelOptions.model || settings.model.default,
-      temperature:
-        typeof modelOptions.temperature === 'undefined'
-          ? settings.temperature.default
-          : modelOptions.temperature,
-      topP: typeof modelOptions.topP === 'undefined' ? settings.topP.default : modelOptions.topP,
-      topK: typeof modelOptions.topK === 'undefined' ? settings.topK.default : modelOptions.topK,
-      // stop: modelOptions.stop // no stop method for now
-    };
+    this.modelOptions = this.options.modelOptions || {};
 
     this.options.attachments?.then((attachments) => this.checkVisionRequest(attachments));
 
@@ -620,8 +610,9 @@ class GoogleClient extends BaseClient {
   }
 
   async getCompletion(_payload, options = {}) {
-    const { onProgress, abortController } = options;
     const { parameters, instances } = _payload;
+    const { onProgress, abortController } = options;
+    const streamRate = this.options.streamRate ?? Constants.DEFAULT_STREAM_RATE;
     const { messages: _messages, context, examples: _examples } = instances?.[0] ?? {};
 
     let examples;
@@ -674,7 +665,6 @@ class GoogleClient extends BaseClient {
 
     const modelName = clientOptions.modelName ?? clientOptions.model ?? '';
     if (modelName?.includes('1.5') && !this.project_id) {
-      /** @type {GenerativeModel} */
       const client = model;
       const requestOptions = {
         contents: _payload,
@@ -690,8 +680,7 @@ class GoogleClient extends BaseClient {
         };
       }
 
-      const safetySettings = _payload.safetySettings;
-      requestOptions.safetySettings = safetySettings;
+      requestOptions.safetySettings = _payload.safetySettings;
 
       const delay = modelName.includes('flash') ? 8 : 14;
       const result = await client.generateContentStream(requestOptions);
@@ -701,21 +690,28 @@ class GoogleClient extends BaseClient {
           delay,
         });
         reply += chunkText;
+        await sleep(streamRate);
       }
       return reply;
     }
 
-    const safetySettings = _payload.safetySettings;
     const stream = await model.stream(messages, {
       signal: abortController.signal,
       timeout: 7000,
-      safetySettings: safetySettings,
+      safetySettings: _payload.safetySettings,
     });
 
-    let delay = this.isGenerativeModel ? 12 : 8;
-    if (modelName.includes('flash')) {
-      delay = 5;
+    let delay = this.options.streamRate || 8;
+
+    if (!this.options.streamRate) {
+      if (this.isGenerativeModel) {
+        delay = 12;
+      }
+      if (modelName.includes('flash')) {
+        delay = 5;
+      }
     }
+
     for await (const chunk of stream) {
       const chunkText = chunk?.content ?? chunk;
       await this.generateTextStream(chunkText, onProgress, {
@@ -800,7 +796,7 @@ class GoogleClient extends BaseClient {
       });
 
       reply = titleResponse.content;
-
+      // TODO: RECORD TOKEN USAGE
       return reply;
     }
   }
@@ -860,38 +856,36 @@ class GoogleClient extends BaseClient {
   }
 
   async sendCompletion(payload, opts = {}) {
-    const modelName = payload.parameters?.model;
-
-    if (modelName && modelName.toLowerCase().includes('gemini')) {
-      const safetySettings = [
-        {
-          category: 'HARM_CATEGORY_SEXUALLY_EXPLICIT',
-          threshold:
-            process.env.GOOGLE_SAFETY_SEXUALLY_EXPLICIT || 'HARM_BLOCK_THRESHOLD_UNSPECIFIED',
-        },
-        {
-          category: 'HARM_CATEGORY_HATE_SPEECH',
-          threshold: process.env.GOOGLE_SAFETY_HATE_SPEECH || 'HARM_BLOCK_THRESHOLD_UNSPECIFIED',
-        },
-        {
-          category: 'HARM_CATEGORY_HARASSMENT',
-          threshold: process.env.GOOGLE_SAFETY_HARASSMENT || 'HARM_BLOCK_THRESHOLD_UNSPECIFIED',
-        },
-        {
-          category: 'HARM_CATEGORY_DANGEROUS_CONTENT',
-          threshold:
-            process.env.GOOGLE_SAFETY_DANGEROUS_CONTENT || 'HARM_BLOCK_THRESHOLD_UNSPECIFIED',
-        },
-      ];
-
-      payload.safetySettings = safetySettings;
-    }
+    payload.safetySettings = this.getSafetySettings();
 
     let reply = '';
     reply = await this.getCompletion(payload, opts);
     return reply.trim();
   }
 
+  getSafetySettings() {
+    return [
+      {
+        category: 'HARM_CATEGORY_SEXUALLY_EXPLICIT',
+        threshold:
+          process.env.GOOGLE_SAFETY_SEXUALLY_EXPLICIT || 'HARM_BLOCK_THRESHOLD_UNSPECIFIED',
+      },
+      {
+        category: 'HARM_CATEGORY_HATE_SPEECH',
+        threshold: process.env.GOOGLE_SAFETY_HATE_SPEECH || 'HARM_BLOCK_THRESHOLD_UNSPECIFIED',
+      },
+      {
+        category: 'HARM_CATEGORY_HARASSMENT',
+        threshold: process.env.GOOGLE_SAFETY_HARASSMENT || 'HARM_BLOCK_THRESHOLD_UNSPECIFIED',
+      },
+      {
+        category: 'HARM_CATEGORY_DANGEROUS_CONTENT',
+        threshold:
+          process.env.GOOGLE_SAFETY_DANGEROUS_CONTENT || 'HARM_BLOCK_THRESHOLD_UNSPECIFIED',
+      },
+    ];
+  }
+
   /* TO-DO: Handle tokens with Google tokenization NOTE: these are required */
   static getTokenizer(encoding, isModelName = false, extendSpecialTokens = {}) {
     if (tokenizersCache[encoding]) {

api/app/clients/OllamaClient.js

@@ -1,7 +1,9 @@
 const { z } = require('zod');
 const axios = require('axios');
 const { Ollama } = require('ollama');
+const { Constants } = require('librechat-data-provider');
 const { deriveBaseURL } = require('~/utils');
+const { sleep } = require('~/server/utils');
 const { logger } = require('~/config');
 
 const ollamaPayloadSchema = z.object({
@@ -40,6 +42,7 @@ const getValidBase64 = (imageUrl) => {
 class OllamaClient {
   constructor(options = {}) {
     const host = deriveBaseURL(options.baseURL ?? 'http://localhost:11434');
+    this.streamRate = options.streamRate ?? Constants.DEFAULT_STREAM_RATE;
     /** @type {Ollama} */
     this.client = new Ollama({ host });
   }
@@ -136,6 +139,8 @@ class OllamaClient {
           stream.controller.abort();
           break;
         }
+
+        await sleep(this.streamRate);
       }
     }
     // TODO: regular completion

api/app/clients/OpenAIClient.js

@@ -6,6 +6,7 @@ const {
   ImageDetail,
   EModelEndpoint,
   resolveHeaders,
+  openAISettings,
   ImageDetailCost,
   CohereConstants,
   getResponseSender,
@@ -27,9 +28,9 @@ const {
   createContextHandlers,
 } = require('./prompts');
 const { encodeAndFormat } = require('~/server/services/Files/images/encode');
+const { spendTokens } = require('~/models/spendTokens');
 const { isEnabled, sleep } = require('~/server/utils');
 const { handleOpenAIErrors } = require('./tools/util');
-const spendTokens = require('~/models/spendTokens');
 const { createLLM, RunManager } = require('./llm');
 const ChatGPTClient = require('./ChatGPTClient');
 const { summaryBuffer } = require('./memory');
@@ -85,26 +86,13 @@ class OpenAIClient extends BaseClient {
       this.apiKey = this.options.openaiApiKey;
     }
 
-    const modelOptions = this.options.modelOptions || {};
-
-    if (!this.modelOptions) {
-      this.modelOptions = {
-        ...modelOptions,
-        model: modelOptions.model || 'gpt-3.5-turbo',
-        temperature:
-          typeof modelOptions.temperature === 'undefined' ? 0.8 : modelOptions.temperature,
-        top_p: typeof modelOptions.top_p === 'undefined' ? 1 : modelOptions.top_p,
-        presence_penalty:
-          typeof modelOptions.presence_penalty === 'undefined' ? 1 : modelOptions.presence_penalty,
-        stop: modelOptions.stop,
-      };
-    } else {
-      // Update the modelOptions if it already exists
-      this.modelOptions = {
-        ...this.modelOptions,
-        ...modelOptions,
-      };
-    }
+    this.modelOptions = Object.assign(
+      {
+        model: openAISettings.model.default,
+      },
+      this.modelOptions,
+      this.options.modelOptions,
+    );
 
     this.defaultVisionModel = this.options.visionModel ?? 'gpt-4-vision-preview';
     if (typeof this.options.attachments?.then === 'function') {
@@ -827,7 +815,7 @@ class OpenAIClient extends BaseClient {
 
       const instructionsPayload = [
         {
-          role: this.options.titleMessageRole ?? 'system',
+          role: this.options.titleMessageRole ?? (this.isOllama ? 'user' : 'system'),
           content: `Please generate ${titleInstruction}
 
 ${convo}
@@ -1182,8 +1170,10 @@ ${convo}
         });
       }
 
+      const streamRate = this.options.streamRate ?? Constants.DEFAULT_STREAM_RATE;
+
       if (this.message_file_map && this.isOllama) {
-        const ollamaClient = new OllamaClient({ baseURL });
+        const ollamaClient = new OllamaClient({ baseURL, streamRate });
         return await ollamaClient.chatCompletion({
           payload: modelOptions,
           onProgress,
@@ -1192,7 +1182,15 @@ ${convo}
       }
 
       let UnexpectedRoleError = false;
+      /** @type {Promise<void>} */
+      let streamPromise;
+      /** @type {(value: void | PromiseLike<void>) => void} */
+      let streamResolve;
+
       if (modelOptions.stream) {
+        streamPromise = new Promise((resolve) => {
+          streamResolve = resolve;
+        });
         const stream = await openai.beta.chat.completions
           .stream({
             ...modelOptions,
@@ -1204,13 +1202,17 @@ ${convo}
           .on('error', (err) => {
             handleOpenAIErrors(err, errorCallback, 'stream');
           })
-          .on('finalChatCompletion', (finalChatCompletion) => {
+          .on('finalChatCompletion', async (finalChatCompletion) => {
             const finalMessage = finalChatCompletion?.choices?.[0]?.message;
-            if (finalMessage && finalMessage?.role !== 'assistant') {
+            if (!finalMessage) {
+              return;
+            }
+            await streamPromise;
+            if (finalMessage?.role !== 'assistant') {
               finalChatCompletion.choices[0].message.role = 'assistant';
             }
 
-            if (finalMessage && !finalMessage?.content?.trim()) {
+            if (typeof finalMessage.content !== 'string' || finalMessage.content.trim() === '') {
               finalChatCompletion.choices[0].message.content = intermediateReply;
             }
           })
@@ -1221,8 +1223,6 @@ ${convo}
             }
           });
 
-        const azureDelay = this.modelOptions.model?.includes('gpt-4') ? 30 : 17;
-
         for await (const chunk of stream) {
           const token = chunk.choices[0]?.delta?.content || '';
           intermediateReply += token;
@@ -1232,11 +1232,11 @@ ${convo}
             break;
           }
 
-          if (this.azure) {
-            await sleep(azureDelay);
-          }
+          await sleep(streamRate);
         }
 
+        streamResolve();
+
         if (!UnexpectedRoleError) {
           chatCompletion = await stream.finalChatCompletion().catch((err) => {
             handleOpenAIErrors(err, errorCallback, 'finalChatCompletion');
@@ -1264,14 +1264,23 @@ ${convo}
         throw new Error('Chat completion failed');
       }
 
-      const { message, finish_reason } = chatCompletion.choices[0];
-      if (chatCompletion) {
-        this.metadata = { finish_reason };
+      const { choices } = chatCompletion;
+      if (!Array.isArray(choices) || choices.length === 0) {
+        logger.warn('[OpenAIClient] Chat completion response has no choices');
+        return intermediateReply;
       }
 
+      const { message, finish_reason } = choices[0] ?? {};
+      this.metadata = { finish_reason };
+
       logger.debug('[OpenAIClient] chatCompletion response', chatCompletion);
 
-      if (!message?.content?.trim() && intermediateReply.length) {
+      if (!message) {
+        logger.warn('[OpenAIClient] Message is undefined in chatCompletion response');
+        return intermediateReply;
+      }
+
+      if (typeof message.content !== 'string' || message.content.trim() === '') {
         logger.debug(
           '[OpenAIClient] chatCompletion: using intermediateReply due to empty message.content',
           { intermediateReply },

api/app/clients/PluginsClient.js

@@ -1,5 +1,6 @@
 const OpenAIClient = require('./OpenAIClient');
 const { CallbackManager } = require('langchain/callbacks');
+const { CacheKeys, Time } = require('librechat-data-provider');
 const { BufferMemory, ChatMessageHistory } = require('langchain/memory');
 const { initializeCustomAgent, initializeFunctionsAgent } = require('./agents');
 const { addImages, buildErrorInput, buildPromptPrefix } = require('./output_parsers');
@@ -11,6 +12,7 @@ const { SelfReflectionTool } = require('./tools');
 const { isEnabled } = require('~/server/utils');
 const { extractBaseURL } = require('~/utils');
 const { loadTools } = require('./tools/util');
+const { getLogStores } = require('~/cache');
 const { logger } = require('~/config');
 
 class PluginsClient extends OpenAIClient {
@@ -220,6 +222,13 @@ class PluginsClient extends OpenAIClient {
     }
   }
 
+  /**
+   *
+   * @param {TMessage} responseMessage
+   * @param {Partial<TMessage>} saveOptions
+   * @param {string} user
+   * @returns
+   */
   async handleResponseMessage(responseMessage, saveOptions, user) {
     const { output, errorMessage, ...result } = this.result;
     logger.debug('[PluginsClient][handleResponseMessage] Output:', {
@@ -239,6 +248,15 @@ class PluginsClient extends OpenAIClient {
     }
 
     this.responsePromise = this.saveMessageToDatabase(responseMessage, saveOptions, user);
+    const messageCache = getLogStores(CacheKeys.MESSAGES);
+    messageCache.set(
+      responseMessage.messageId,
+      {
+        text: responseMessage.text,
+        complete: true,
+      },
+      Time.FIVE_MINUTES,
+    );
     delete responseMessage.tokenCount;
     return { ...responseMessage, ...result };
   }

api/app/clients/llm/RunManager.js

@@ -1,5 +1,5 @@
 const { createStartHandler } = require('~/app/clients/callbacks');
-const spendTokens = require('~/models/spendTokens');
+const { spendTokens } = require('~/models/spendTokens');
 const { logger } = require('~/config');
 
 class RunManager {

api/app/clients/output_parsers/addImages.js

@@ -60,10 +60,10 @@ function addImages(intermediateSteps, responseMessage) {
     if (!observation || !observation.includes('![')) {
       return;
     }
-    const observedImagePath = observation.match(/!\[.*\]\([^)]*\)/g);
+    const observedImagePath = observation.match(/!\[[^(]*\]\([^)]*\)/g);
     if (observedImagePath && !responseMessage.text.includes(observedImagePath[0])) {
-      responseMessage.text += '\n' + observation;
-      logger.debug('[addImages] added image from intermediateSteps:', observation);
+      responseMessage.text += '\n' + observedImagePath[0];
+      logger.debug('[addImages] added image from intermediateSteps:', observedImagePath[0]);
     }
   });
 }

api/app/clients/output_parsers/addImages.spec.js

@@ -81,4 +81,62 @@ describe('addImages', () => {
     addImages(intermediateSteps, responseMessage);
     expect(responseMessage.text).toBe(`${originalText}\n${imageMarkdown}`);
   });
+
+  it('should extract only image markdowns when there is text between them', () => {
+    const markdownWithTextBetweenImages = `
+      ![image1](/images/image1.png)
+      Some text between images that should not be included.
+      ![image2](/images/image2.png)
+      More text that should be ignored.
+      ![image3](/images/image3.png)
+    `;
+    intermediateSteps.push({ observation: markdownWithTextBetweenImages });
+    addImages(intermediateSteps, responseMessage);
+    expect(responseMessage.text).toBe('\n![image1](/images/image1.png)');
+  });
+
+  it('should only return the first image when multiple images are present', () => {
+    const markdownWithMultipleImages = `
+      ![image1](/images/image1.png)
+      ![image2](/images/image2.png)
+      ![image3](/images/image3.png)
+    `;
+    intermediateSteps.push({ observation: markdownWithMultipleImages });
+    addImages(intermediateSteps, responseMessage);
+    expect(responseMessage.text).toBe('\n![image1](/images/image1.png)');
+  });
+
+  it('should not include any text or metadata surrounding the image markdown', () => {
+    const markdownWithMetadata = `
+      Title: Test Document
+      Author: John Doe
+      ![image1](/images/image1.png)
+      Some content after the image.
+      Vector values: [0.1, 0.2, 0.3]
+    `;
+    intermediateSteps.push({ observation: markdownWithMetadata });
+    addImages(intermediateSteps, responseMessage);
+    expect(responseMessage.text).toBe('\n![image1](/images/image1.png)');
+  });
+
+  it('should handle complex markdown with multiple images and only return the first one', () => {
+    const complexMarkdown = `
+      # Document Title
+      
+      ## Section 1
+      Here's some text with an embedded image:
+      ![image1](/images/image1.png)
+      
+      ## Section 2
+      More text here...
+      ![image2](/images/image2.png)
+      
+      ### Subsection
+      Even more content
+      ![image3](/images/image3.png)
+    `;
+    intermediateSteps.push({ observation: complexMarkdown });
+    addImages(intermediateSteps, responseMessage);
+    expect(responseMessage.text).toBe('\n![image1](/images/image1.png)');
+  });
 });

api/app/clients/prompts/addCacheControl.js

@@ -0,0 +1,43 @@
+/**
+ * Anthropic API: Adds cache control to the appropriate user messages in the payload.
+ * @param {Array<AnthropicMessage>} messages - The array of message objects.
+ * @returns {Array<AnthropicMessage>} - The updated array of message objects with cache control added.
+ */
+function addCacheControl(messages) {
+  if (!Array.isArray(messages) || messages.length < 2) {
+    return messages;
+  }
+
+  const updatedMessages = [...messages];
+  let userMessagesModified = 0;
+
+  for (let i = updatedMessages.length - 1; i >= 0 && userMessagesModified < 2; i--) {
+    const message = updatedMessages[i];
+    if (message.role !== 'user') {
+      continue;
+    }
+
+    if (typeof message.content === 'string') {
+      message.content = [
+        {
+          type: 'text',
+          text: message.content,
+          cache_control: { type: 'ephemeral' },
+        },
+      ];
+      userMessagesModified++;
+    } else if (Array.isArray(message.content)) {
+      for (let j = message.content.length - 1; j >= 0; j--) {
+        if (message.content[j].type === 'text') {
+          message.content[j].cache_control = { type: 'ephemeral' };
+          userMessagesModified++;
+          break;
+        }
+      }
+    }
+  }
+
+  return updatedMessages;
+}
+
+module.exports = addCacheControl;

api/app/clients/prompts/addCacheControl.spec.js

@@ -0,0 +1,227 @@
+const addCacheControl = require('./addCacheControl');
+
+describe('addCacheControl', () => {
+  test('should add cache control to the last two user messages with array content', () => {
+    const messages = [
+      { role: 'user', content: [{ type: 'text', text: 'Hello' }] },
+      { role: 'assistant', content: [{ type: 'text', text: 'Hi there' }] },
+      { role: 'user', content: [{ type: 'text', text: 'How are you?' }] },
+      { role: 'assistant', content: [{ type: 'text', text: 'I\'m doing well, thanks!' }] },
+      { role: 'user', content: [{ type: 'text', text: 'Great!' }] },
+    ];
+
+    const result = addCacheControl(messages);
+
+    expect(result[0].content[0]).not.toHaveProperty('cache_control');
+    expect(result[2].content[0].cache_control).toEqual({ type: 'ephemeral' });
+    expect(result[4].content[0].cache_control).toEqual({ type: 'ephemeral' });
+  });
+
+  test('should add cache control to the last two user messages with string content', () => {
+    const messages = [
+      { role: 'user', content: 'Hello' },
+      { role: 'assistant', content: 'Hi there' },
+      { role: 'user', content: 'How are you?' },
+      { role: 'assistant', content: 'I\'m doing well, thanks!' },
+      { role: 'user', content: 'Great!' },
+    ];
+
+    const result = addCacheControl(messages);
+
+    expect(result[0].content).toBe('Hello');
+    expect(result[2].content[0]).toEqual({
+      type: 'text',
+      text: 'How are you?',
+      cache_control: { type: 'ephemeral' },
+    });
+    expect(result[4].content[0]).toEqual({
+      type: 'text',
+      text: 'Great!',
+      cache_control: { type: 'ephemeral' },
+    });
+  });
+
+  test('should handle mixed string and array content', () => {
+    const messages = [
+      { role: 'user', content: 'Hello' },
+      { role: 'assistant', content: 'Hi there' },
+      { role: 'user', content: [{ type: 'text', text: 'How are you?' }] },
+    ];
+
+    const result = addCacheControl(messages);
+
+    expect(result[0].content[0]).toEqual({
+      type: 'text',
+      text: 'Hello',
+      cache_control: { type: 'ephemeral' },
+    });
+    expect(result[2].content[0].cache_control).toEqual({ type: 'ephemeral' });
+  });
+
+  test('should handle less than two user messages', () => {
+    const messages = [
+      { role: 'user', content: 'Hello' },
+      { role: 'assistant', content: 'Hi there' },
+    ];
+
+    const result = addCacheControl(messages);
+
+    expect(result[0].content[0]).toEqual({
+      type: 'text',
+      text: 'Hello',
+      cache_control: { type: 'ephemeral' },
+    });
+    expect(result[1].content).toBe('Hi there');
+  });
+
+  test('should return original array if no user messages', () => {
+    const messages = [
+      { role: 'assistant', content: 'Hi there' },
+      { role: 'assistant', content: 'How can I help?' },
+    ];
+
+    const result = addCacheControl(messages);
+
+    expect(result).toEqual(messages);
+  });
+
+  test('should handle empty array', () => {
+    const messages = [];
+    const result = addCacheControl(messages);
+    expect(result).toEqual([]);
+  });
+
+  test('should handle non-array input', () => {
+    const messages = 'not an array';
+    const result = addCacheControl(messages);
+    expect(result).toBe('not an array');
+  });
+
+  test('should not modify assistant messages', () => {
+    const messages = [
+      { role: 'user', content: 'Hello' },
+      { role: 'assistant', content: 'Hi there' },
+      { role: 'user', content: 'How are you?' },
+    ];
+
+    const result = addCacheControl(messages);
+
+    expect(result[1].content).toBe('Hi there');
+  });
+
+  test('should handle multiple content items in user messages', () => {
+    const messages = [
+      {
+        role: 'user',
+        content: [
+          { type: 'text', text: 'Hello' },
+          { type: 'image', url: 'http://example.com/image.jpg' },
+          { type: 'text', text: 'This is an image' },
+        ],
+      },
+      { role: 'assistant', content: 'Hi there' },
+      { role: 'user', content: 'How are you?' },
+    ];
+
+    const result = addCacheControl(messages);
+
+    expect(result[0].content[0]).not.toHaveProperty('cache_control');
+    expect(result[0].content[1]).not.toHaveProperty('cache_control');
+    expect(result[0].content[2].cache_control).toEqual({ type: 'ephemeral' });
+    expect(result[2].content[0]).toEqual({
+      type: 'text',
+      text: 'How are you?',
+      cache_control: { type: 'ephemeral' },
+    });
+  });
+
+  test('should handle an array with mixed content types', () => {
+    const messages = [
+      { role: 'user', content: 'Hello' },
+      { role: 'assistant', content: 'Hi there' },
+      { role: 'user', content: [{ type: 'text', text: 'How are you?' }] },
+      { role: 'assistant', content: 'I\'m doing well, thanks!' },
+      { role: 'user', content: 'Great!' },
+    ];
+
+    const result = addCacheControl(messages);
+
+    expect(result[0].content).toEqual('Hello');
+    expect(result[2].content[0]).toEqual({
+      type: 'text',
+      text: 'How are you?',
+      cache_control: { type: 'ephemeral' },
+    });
+    expect(result[4].content).toEqual([
+      {
+        type: 'text',
+        text: 'Great!',
+        cache_control: { type: 'ephemeral' },
+      },
+    ]);
+    expect(result[1].content).toBe('Hi there');
+    expect(result[3].content).toBe('I\'m doing well, thanks!');
+  });
+
+  test('should handle edge case with multiple content types', () => {
+    const messages = [
+      {
+        role: 'user',
+        content: [
+          {
+            type: 'image',
+            source: { type: 'base64', media_type: 'image/png', data: 'some_base64_string' },
+          },
+          {
+            type: 'image',
+            source: { type: 'base64', media_type: 'image/png', data: 'another_base64_string' },
+          },
+          { type: 'text', text: 'what do all these images have in common' },
+        ],
+      },
+      { role: 'assistant', content: 'I see multiple images.' },
+      { role: 'user', content: 'Correct!' },
+    ];
+
+    const result = addCacheControl(messages);
+
+    expect(result[0].content[0]).not.toHaveProperty('cache_control');
+    expect(result[0].content[1]).not.toHaveProperty('cache_control');
+    expect(result[0].content[2].cache_control).toEqual({ type: 'ephemeral' });
+    expect(result[2].content[0]).toEqual({
+      type: 'text',
+      text: 'Correct!',
+      cache_control: { type: 'ephemeral' },
+    });
+  });
+
+  test('should handle user message with no text block', () => {
+    const messages = [
+      {
+        role: 'user',
+        content: [
+          {
+            type: 'image',
+            source: { type: 'base64', media_type: 'image/png', data: 'some_base64_string' },
+          },
+          {
+            type: 'image',
+            source: { type: 'base64', media_type: 'image/png', data: 'another_base64_string' },
+          },
+        ],
+      },
+      { role: 'assistant', content: 'I see two images.' },
+      { role: 'user', content: 'Correct!' },
+    ];
+
+    const result = addCacheControl(messages);
+
+    expect(result[0].content[0]).not.toHaveProperty('cache_control');
+    expect(result[0].content[1]).not.toHaveProperty('cache_control');
+    expect(result[2].content[0]).toEqual({
+      type: 'text',
+      text: 'Correct!',
+      cache_control: { type: 'ephemeral' },
+    });
+  });
+});

api/app/clients/prompts/index.js

@@ -1,3 +1,4 @@
+const addCacheControl = require('./addCacheControl');
 const formatMessages = require('./formatMessages');
 const summaryPrompts = require('./summaryPrompts');
 const handleInputs = require('./handleInputs');
@@ -8,6 +9,7 @@ const createVisionPrompt = require('./createVisionPrompt');
 const createContextHandlers = require('./createContextHandlers');
 
 module.exports = {
+  addCacheControl,
   ...formatMessages,
   ...summaryPrompts,
   ...handleInputs,

api/app/clients/specs/AnthropicClient.test.js

@@ -1,4 +1,6 @@
-const AnthropicClient = require('../AnthropicClient');
+const { anthropicSettings } = require('librechat-data-provider');
+const AnthropicClient = require('~/app/clients/AnthropicClient');
+
 const HUMAN_PROMPT = '\n\nHuman:';
 const AI_PROMPT = '\n\nAssistant:';
 
@@ -22,7 +24,7 @@ describe('AnthropicClient', () => {
     const options = {
       modelOptions: {
         model,
-        temperature: 0.7,
+        temperature: anthropicSettings.temperature.default,
       },
     };
     client = new AnthropicClient('test-api-key');
@@ -33,7 +35,42 @@ describe('AnthropicClient', () => {
     it('should set the options correctly', () => {
       expect(client.apiKey).toBe('test-api-key');
       expect(client.modelOptions.model).toBe(model);
-      expect(client.modelOptions.temperature).toBe(0.7);
+      expect(client.modelOptions.temperature).toBe(anthropicSettings.temperature.default);
+    });
+
+    it('should set legacy maxOutputTokens for non-Claude-3 models', () => {
+      const client = new AnthropicClient('test-api-key');
+      client.setOptions({
+        modelOptions: {
+          model: 'claude-2',
+          maxOutputTokens: anthropicSettings.maxOutputTokens.default,
+        },
+      });
+      expect(client.modelOptions.maxOutputTokens).toBe(
+        anthropicSettings.legacy.maxOutputTokens.default,
+      );
+    });
+    it('should not set maxOutputTokens if not provided', () => {
+      const client = new AnthropicClient('test-api-key');
+      client.setOptions({
+        modelOptions: {
+          model: 'claude-3',
+        },
+      });
+      expect(client.modelOptions.maxOutputTokens).toBeUndefined();
+    });
+
+    it('should not set legacy maxOutputTokens for Claude-3 models', () => {
+      const client = new AnthropicClient('test-api-key');
+      client.setOptions({
+        modelOptions: {
+          model: 'claude-3-opus-20240229',
+          maxOutputTokens: anthropicSettings.legacy.maxOutputTokens.default,
+        },
+      });
+      expect(client.modelOptions.maxOutputTokens).toBe(
+        anthropicSettings.legacy.maxOutputTokens.default,
+      );
     });
   });
 
@@ -136,4 +173,212 @@ describe('AnthropicClient', () => {
       expect(prompt).toContain('You are Claude-2');
     });
   });
+
+  describe('getClient', () => {
+    it('should set legacy maxOutputTokens for non-Claude-3 models', () => {
+      const client = new AnthropicClient('test-api-key');
+      client.setOptions({
+        modelOptions: {
+          model: 'claude-2',
+          maxOutputTokens: anthropicSettings.legacy.maxOutputTokens.default,
+        },
+      });
+      expect(client.modelOptions.maxOutputTokens).toBe(
+        anthropicSettings.legacy.maxOutputTokens.default,
+      );
+    });
+
+    it('should not set legacy maxOutputTokens for Claude-3 models', () => {
+      const client = new AnthropicClient('test-api-key');
+      client.setOptions({
+        modelOptions: {
+          model: 'claude-3-opus-20240229',
+          maxOutputTokens: anthropicSettings.legacy.maxOutputTokens.default,
+        },
+      });
+      expect(client.modelOptions.maxOutputTokens).toBe(
+        anthropicSettings.legacy.maxOutputTokens.default,
+      );
+    });
+
+    it('should add beta header for claude-3-5-sonnet model', () => {
+      const client = new AnthropicClient('test-api-key');
+      const modelOptions = {
+        model: 'claude-3-5-sonnet-20240307',
+      };
+      client.setOptions({ modelOptions, promptCache: true });
+      const anthropicClient = client.getClient(modelOptions);
+      expect(anthropicClient._options.defaultHeaders).toBeDefined();
+      expect(anthropicClient._options.defaultHeaders).toHaveProperty('anthropic-beta');
+      expect(anthropicClient._options.defaultHeaders['anthropic-beta']).toBe(
+        'max-tokens-3-5-sonnet-2024-07-15,prompt-caching-2024-07-31',
+      );
+    });
+
+    it('should add beta header for claude-3-haiku model', () => {
+      const client = new AnthropicClient('test-api-key');
+      const modelOptions = {
+        model: 'claude-3-haiku-2028',
+      };
+      client.setOptions({ modelOptions, promptCache: true });
+      const anthropicClient = client.getClient(modelOptions);
+      expect(anthropicClient._options.defaultHeaders).toBeDefined();
+      expect(anthropicClient._options.defaultHeaders).toHaveProperty('anthropic-beta');
+      expect(anthropicClient._options.defaultHeaders['anthropic-beta']).toBe(
+        'prompt-caching-2024-07-31',
+      );
+    });
+
+    it('should not add beta header for other models', () => {
+      const client = new AnthropicClient('test-api-key');
+      client.setOptions({
+        modelOptions: {
+          model: 'claude-2',
+        },
+      });
+      const anthropicClient = client.getClient();
+      expect(anthropicClient.defaultHeaders).not.toHaveProperty('anthropic-beta');
+    });
+  });
+
+  describe('calculateCurrentTokenCount', () => {
+    let client;
+
+    beforeEach(() => {
+      client = new AnthropicClient('test-api-key');
+    });
+
+    it('should calculate correct token count when usage is provided', () => {
+      const tokenCountMap = {
+        msg1: 10,
+        msg2: 20,
+        currentMsg: 30,
+      };
+      const currentMessageId = 'currentMsg';
+      const usage = {
+        input_tokens: 70,
+        output_tokens: 50,
+      };
+
+      const result = client.calculateCurrentTokenCount({ tokenCountMap, currentMessageId, usage });
+
+      expect(result).toBe(40); // 70 - (10 + 20) = 40
+    });
+
+    it('should return original estimate if calculation results in negative value', () => {
+      const tokenCountMap = {
+        msg1: 40,
+        msg2: 50,
+        currentMsg: 30,
+      };
+      const currentMessageId = 'currentMsg';
+      const usage = {
+        input_tokens: 80,
+        output_tokens: 50,
+      };
+
+      const result = client.calculateCurrentTokenCount({ tokenCountMap, currentMessageId, usage });
+
+      expect(result).toBe(30); // Original estimate
+    });
+
+    it('should handle cache creation and read input tokens', () => {
+      const tokenCountMap = {
+        msg1: 10,
+        msg2: 20,
+        currentMsg: 30,
+      };
+      const currentMessageId = 'currentMsg';
+      const usage = {
+        input_tokens: 50,
+        cache_creation_input_tokens: 10,
+        cache_read_input_tokens: 20,
+        output_tokens: 40,
+      };
+
+      const result = client.calculateCurrentTokenCount({ tokenCountMap, currentMessageId, usage });
+
+      expect(result).toBe(50); // (50 + 10 + 20) - (10 + 20) = 50
+    });
+
+    it('should handle missing usage properties', () => {
+      const tokenCountMap = {
+        msg1: 10,
+        msg2: 20,
+        currentMsg: 30,
+      };
+      const currentMessageId = 'currentMsg';
+      const usage = {
+        output_tokens: 40,
+      };
+
+      const result = client.calculateCurrentTokenCount({ tokenCountMap, currentMessageId, usage });
+
+      expect(result).toBe(30); // Original estimate
+    });
+
+    it('should handle empty tokenCountMap', () => {
+      const tokenCountMap = {};
+      const currentMessageId = 'currentMsg';
+      const usage = {
+        input_tokens: 50,
+        output_tokens: 40,
+      };
+
+      const result = client.calculateCurrentTokenCount({ tokenCountMap, currentMessageId, usage });
+
+      expect(result).toBe(50);
+      expect(Number.isNaN(result)).toBe(false);
+    });
+
+    it('should handle zero values in usage', () => {
+      const tokenCountMap = {
+        msg1: 10,
+        currentMsg: 20,
+      };
+      const currentMessageId = 'currentMsg';
+      const usage = {
+        input_tokens: 0,
+        cache_creation_input_tokens: 0,
+        cache_read_input_tokens: 0,
+        output_tokens: 0,
+      };
+
+      const result = client.calculateCurrentTokenCount({ tokenCountMap, currentMessageId, usage });
+
+      expect(result).toBe(20); // Should return original estimate
+      expect(Number.isNaN(result)).toBe(false);
+    });
+
+    it('should handle undefined usage', () => {
+      const tokenCountMap = {
+        msg1: 10,
+        currentMsg: 20,
+      };
+      const currentMessageId = 'currentMsg';
+      const usage = undefined;
+
+      const result = client.calculateCurrentTokenCount({ tokenCountMap, currentMessageId, usage });
+
+      expect(result).toBe(20); // Should return original estimate
+      expect(Number.isNaN(result)).toBe(false);
+    });
+
+    it('should handle non-numeric values in tokenCountMap', () => {
+      const tokenCountMap = {
+        msg1: 'ten',
+        currentMsg: 20,
+      };
+      const currentMessageId = 'currentMsg';
+      const usage = {
+        input_tokens: 30,
+        output_tokens: 10,
+      };
+
+      const result = client.calculateCurrentTokenCount({ tokenCountMap, currentMessageId, usage });
+
+      expect(result).toBe(30); // Should return 30 (input_tokens) - 0 (ignored 'ten') = 30
+      expect(Number.isNaN(result)).toBe(false);
+    });
+  });
 });

api/app/clients/specs/BaseClient.test.js

@@ -1,7 +1,7 @@
 const { Constants } = require('librechat-data-provider');
 const { initializeFakeClient } = require('./FakeClient');
 
-jest.mock('../../../lib/db/connectDb');
+jest.mock('~/lib/db/connectDb');
 jest.mock('~/models', () => ({
   User: jest.fn(),
   Key: jest.fn(),
@@ -631,5 +631,32 @@ describe('BaseClient', () => {
         }),
       );
     });
+
+    test('userMessagePromise is awaited before saving response message', async () => {
+      // Mock the saveMessageToDatabase method
+      TestClient.saveMessageToDatabase = jest.fn().mockImplementation(() => {
+        return new Promise((resolve) => setTimeout(resolve, 100)); // Simulate a delay
+      });
+
+      // Send a message
+      const messagePromise = TestClient.sendMessage('Hello, world!');
+
+      // Wait a short time to ensure the user message save has started
+      await new Promise((resolve) => setTimeout(resolve, 50));
+
+      // Check that saveMessageToDatabase has been called once (for the user message)
+      expect(TestClient.saveMessageToDatabase).toHaveBeenCalledTimes(1);
+
+      // Wait for the message to be fully processed
+      await messagePromise;
+
+      // Check that saveMessageToDatabase has been called twice (once for user message, once for response)
+      expect(TestClient.saveMessageToDatabase).toHaveBeenCalledTimes(2);
+
+      // Check the order of calls
+      const calls = TestClient.saveMessageToDatabase.mock.calls;
+      expect(calls[0][0].isCreatedByUser).toBe(true); // First call should be for user message
+      expect(calls[1][0].isCreatedByUser).toBe(false); // Second call should be for response message
+    });
   });
 });

api/app/clients/specs/OpenAIClient.tokens.js

@@ -38,7 +38,12 @@ const run = async () => {
   "On the other hand, we denounce with righteous indignation and dislike men who are so beguiled and demoralized by the charms of pleasure of the moment, so blinded by desire, that they cannot foresee the pain and trouble that are bound to ensue; and equal blame belongs to those who fail in their duty through weakness of will, which is the same as saying through shrinking from toil and pain. These cases are perfectly simple and easy to distinguish. In a free hour, when our power of choice is untrammelled and when nothing prevents our being able to do what we like best, every pleasure is to be welcomed and every pain avoided. But in certain circumstances and owing to the claims of duty or the obligations of business it will frequently occur that pleasures have to be repudiated and annoyances accepted. The wise man therefore always holds in these matters to this principle of selection: he rejects pleasures to secure other greater pleasures, or else he endures pains to avoid worse pains."
   `;
   const model = 'gpt-3.5-turbo';
-  const maxContextTokens = model === 'gpt-4' ? 8191 : model === 'gpt-4-32k' ? 32767 : 4095; // 1 less than maximum
+  let maxContextTokens = 4095;
+  if (model === 'gpt-4') {
+    maxContextTokens = 8191;
+  } else if (model === 'gpt-4-32k') {
+    maxContextTokens = 32767;
+  }
   const clientOptions = {
     reverseProxyUrl: process.env.OPENAI_REVERSE_PROXY || null,
     maxContextTokens,

api/app/clients/tools/structured/GoogleSearch.js

@@ -12,9 +12,15 @@ class GoogleSearchResults extends Tool {
     this.envVarApiKey = 'GOOGLE_SEARCH_API_KEY';
     this.envVarSearchEngineId = 'GOOGLE_CSE_ID';
     this.override = fields.override ?? false;
-    this.apiKey = fields.apiKey ?? getEnvironmentVariable(this.envVarApiKey);
+    this.apiKey = fields[this.envVarApiKey] ?? getEnvironmentVariable(this.envVarApiKey);
     this.searchEngineId =
-      fields.searchEngineId ?? getEnvironmentVariable(this.envVarSearchEngineId);
+      fields[this.envVarSearchEngineId] ?? getEnvironmentVariable(this.envVarSearchEngineId);
+
+    if (!this.override && (!this.apiKey || !this.searchEngineId)) {
+      throw new Error(
+        `Missing ${this.envVarApiKey} or ${this.envVarSearchEngineId} environment variable.`,
+      );
+    }
 
     this.kwargs = fields?.kwargs ?? {};
     this.name = 'google';

api/app/clients/tools/structured/TavilySearchResults.js

@@ -12,7 +12,7 @@ class TavilySearchResults extends Tool {
     this.envVar = 'TAVILY_API_KEY';
     /* Used to initialize the Tool without necessary variables. */
     this.override = fields.override ?? false;
-    this.apiKey = fields.apiKey ?? this.getApiKey();
+    this.apiKey = fields[this.envVar] ?? this.getApiKey();
 
     this.kwargs = fields?.kwargs ?? {};
     this.name = 'tavily_search_results_json';
@@ -82,7 +82,9 @@ class TavilySearchResults extends Tool {
 
     const json = await response.json();
     if (!response.ok) {
-      throw new Error(`Request failed with status ${response.status}: ${json.error}`);
+      throw new Error(
+        `Request failed with status ${response.status}: ${json?.detail?.error || json?.error}`,
+      );
     }
 
     return JSON.stringify(json);

api/app/clients/tools/structured/specs/GoogleSearch.spec.js

@@ -0,0 +1,50 @@
+const GoogleSearch = require('../GoogleSearch');
+
+jest.mock('node-fetch');
+jest.mock('@langchain/core/utils/env');
+
+describe('GoogleSearch', () => {
+  let originalEnv;
+  const mockApiKey = 'mock_api';
+  const mockSearchEngineId = 'mock_search_engine_id';
+
+  beforeAll(() => {
+    originalEnv = { ...process.env };
+  });
+
+  beforeEach(() => {
+    jest.resetModules();
+    process.env = {
+      ...originalEnv,
+      GOOGLE_SEARCH_API_KEY: mockApiKey,
+      GOOGLE_CSE_ID: mockSearchEngineId,
+    };
+  });
+
+  afterEach(() => {
+    jest.clearAllMocks();
+    process.env = originalEnv;
+  });
+
+  it('should use mockApiKey and mockSearchEngineId when environment variables are not set', () => {
+    const instance = new GoogleSearch({
+      GOOGLE_SEARCH_API_KEY: mockApiKey,
+      GOOGLE_CSE_ID: mockSearchEngineId,
+    });
+    expect(instance.apiKey).toBe(mockApiKey);
+    expect(instance.searchEngineId).toBe(mockSearchEngineId);
+  });
+
+  it('should throw an error if GOOGLE_SEARCH_API_KEY or GOOGLE_CSE_ID is missing', () => {
+    delete process.env.GOOGLE_SEARCH_API_KEY;
+    expect(() => new GoogleSearch()).toThrow(
+      'Missing GOOGLE_SEARCH_API_KEY or GOOGLE_CSE_ID environment variable.',
+    );
+
+    process.env.GOOGLE_SEARCH_API_KEY = mockApiKey;
+    delete process.env.GOOGLE_CSE_ID;
+    expect(() => new GoogleSearch()).toThrow(
+      'Missing GOOGLE_SEARCH_API_KEY or GOOGLE_CSE_ID environment variable.',
+    );
+  });
+});

api/app/clients/tools/structured/specs/TavilySearchResults.spec.js

@@ -0,0 +1,38 @@
+const TavilySearchResults = require('../TavilySearchResults');
+
+jest.mock('node-fetch');
+jest.mock('@langchain/core/utils/env');
+
+describe('TavilySearchResults', () => {
+  let originalEnv;
+  const mockApiKey = 'mock_api_key';
+
+  beforeAll(() => {
+    originalEnv = { ...process.env };
+  });
+
+  beforeEach(() => {
+    jest.resetModules();
+    process.env = {
+      ...originalEnv,
+      TAVILY_API_KEY: mockApiKey,
+    };
+  });
+
+  afterEach(() => {
+    jest.clearAllMocks();
+    process.env = originalEnv;
+  });
+
+  it('should throw an error if TAVILY_API_KEY is missing', () => {
+    delete process.env.TAVILY_API_KEY;
+    expect(() => new TavilySearchResults()).toThrow('Missing TAVILY_API_KEY environment variable.');
+  });
+
+  it('should use mockApiKey when TAVILY_API_KEY is not set in the environment', () => {
+    const instance = new TavilySearchResults({
+      TAVILY_API_KEY: mockApiKey,
+    });
+    expect(instance.apiKey).toBe(mockApiKey);
+  });
+});

api/cache/clearPendingReq.js

@@ -35,7 +35,7 @@ const clearPendingReq = async ({ userId, cache: _cache }) => {
     return;
   }
 
-  const key = `${USE_REDIS ? namespace : ''}:${userId ?? ''}`;
+  const key = `${isEnabled(USE_REDIS) ? namespace : ''}:${userId ?? ''}`;
   const currentReq = +((await cache.get(key)) ?? 0);
 
   if (currentReq && currentReq >= 1) {

api/cache/getLogStores.js

@@ -1,13 +1,11 @@
 const Keyv = require('keyv');
-const { CacheKeys, ViolationTypes } = require('librechat-data-provider');
+const { CacheKeys, ViolationTypes, Time } = require('librechat-data-provider');
 const { logFile, violationFile } = require('./keyvFiles');
 const { math, isEnabled } = require('~/server/utils');
 const keyvRedis = require('./keyvRedis');
 const keyvMongo = require('./keyvMongo');
 
 const { BAN_DURATION, USE_REDIS } = process.env ?? {};
-const THIRTY_MINUTES = 1800000;
-const TEN_MINUTES = 600000;
 
 const duration = math(BAN_DURATION, 7200000);
 
@@ -29,17 +27,21 @@ const roles = isEnabled(USE_REDIS)
   ? new Keyv({ store: keyvRedis })
   : new Keyv({ namespace: CacheKeys.ROLES });
 
-const audioRuns = isEnabled(USE_REDIS) // ttl: 30 minutes
-  ? new Keyv({ store: keyvRedis, ttl: TEN_MINUTES })
-  : new Keyv({ namespace: CacheKeys.AUDIO_RUNS, ttl: TEN_MINUTES });
+const audioRuns = isEnabled(USE_REDIS)
+  ? new Keyv({ store: keyvRedis, ttl: Time.TEN_MINUTES })
+  : new Keyv({ namespace: CacheKeys.AUDIO_RUNS, ttl: Time.TEN_MINUTES });
 
-const tokenConfig = isEnabled(USE_REDIS) // ttl: 30 minutes
-  ? new Keyv({ store: keyvRedis, ttl: THIRTY_MINUTES })
-  : new Keyv({ namespace: CacheKeys.TOKEN_CONFIG, ttl: THIRTY_MINUTES });
+const messages = isEnabled(USE_REDIS)
+  ? new Keyv({ store: keyvRedis, ttl: Time.FIVE_MINUTES })
+  : new Keyv({ namespace: CacheKeys.MESSAGES, ttl: Time.FIVE_MINUTES });
 
-const genTitle = isEnabled(USE_REDIS) // ttl: 2 minutes
-  ? new Keyv({ store: keyvRedis, ttl: 120000 })
-  : new Keyv({ namespace: CacheKeys.GEN_TITLE, ttl: 120000 });
+const tokenConfig = isEnabled(USE_REDIS)
+  ? new Keyv({ store: keyvRedis, ttl: Time.THIRTY_MINUTES })
+  : new Keyv({ namespace: CacheKeys.TOKEN_CONFIG, ttl: Time.THIRTY_MINUTES });
+
+const genTitle = isEnabled(USE_REDIS)
+  ? new Keyv({ store: keyvRedis, ttl: Time.TWO_MINUTES })
+  : new Keyv({ namespace: CacheKeys.GEN_TITLE, ttl: Time.TWO_MINUTES });
 
 const modelQueries = isEnabled(process.env.USE_REDIS)
   ? new Keyv({ store: keyvRedis })
@@ -47,7 +49,7 @@ const modelQueries = isEnabled(process.env.USE_REDIS)
 
 const abortKeys = isEnabled(USE_REDIS)
   ? new Keyv({ store: keyvRedis })
-  : new Keyv({ namespace: CacheKeys.ABORT_KEYS, ttl: 600000 });
+  : new Keyv({ namespace: CacheKeys.ABORT_KEYS, ttl: Time.TEN_MINUTES });
 
 const namespaces = {
   [CacheKeys.ROLES]: roles,
@@ -67,6 +69,7 @@ const namespaces = {
   registrations: createViolationInstance('registrations'),
   [ViolationTypes.TTS_LIMIT]: createViolationInstance(ViolationTypes.TTS_LIMIT),
   [ViolationTypes.STT_LIMIT]: createViolationInstance(ViolationTypes.STT_LIMIT),
+  [ViolationTypes.CONVO_ACCESS]: createViolationInstance(ViolationTypes.CONVO_ACCESS),
   [ViolationTypes.FILE_UPLOAD_LIMIT]: createViolationInstance(ViolationTypes.FILE_UPLOAD_LIMIT),
   [ViolationTypes.VERIFY_EMAIL_LIMIT]: createViolationInstance(ViolationTypes.VERIFY_EMAIL_LIMIT),
   [ViolationTypes.RESET_PASSWORD_LIMIT]: createViolationInstance(
@@ -81,6 +84,7 @@ const namespaces = {
   [CacheKeys.GEN_TITLE]: genTitle,
   [CacheKeys.MODEL_QUERIES]: modelQueries,
   [CacheKeys.AUDIO_RUNS]: audioRuns,
+  [CacheKeys.MESSAGES]: messages,
 };
 
 /**

api/config/parsers.js

@@ -109,6 +109,14 @@ const condenseArray = (item) => {
  * @returns {string} - The formatted log message.
  */
 const debugTraverse = winston.format.printf(({ level, message, timestamp, ...metadata }) => {
+  if (!message) {
+    return `${timestamp} ${level}`;
+  }
+
+  if (!message?.trim || typeof message !== 'string') {
+    return `${timestamp} ${level}: ${JSON.stringify(message)}`;
+  }
+
   let msg = `${timestamp} ${level}: ${truncateLongStrings(message?.trim(), 150)}`;
   try {
     if (level !== 'debug') {

api/models/Conversation.js

@@ -2,6 +2,20 @@ const Conversation = require('./schema/convoSchema');
 const { getMessages, deleteMessages } = require('./Message');
 const logger = require('~/config/winston');
 
+/**
+ * Searches for a conversation by conversationId and returns a lean document with only conversationId and user.
+ * @param {string} conversationId - The conversation's ID.
+ * @returns {Promise<{conversationId: string, user: string} | null>} The conversation object with selected fields or null if not found.
+ */
+const searchConversation = async (conversationId) => {
+  try {
+    return await Conversation.findOne({ conversationId }, 'conversationId user').lean();
+  } catch (error) {
+    logger.error('[searchConversation] Error searching conversation', error);
+    throw new Error('Error searching conversation');
+  }
+};
+
 /**
  * Retrieves a single conversation for a given user and conversation ID.
  * @param {string} user - The user's ID.
@@ -19,22 +33,40 @@ const getConvo = async (user, conversationId) => {
 
 module.exports = {
   Conversation,
-  saveConvo: async (user, { conversationId, newConversationId, ...convo }) => {
+  searchConversation,
+  /**
+   * Saves a conversation to the database.
+   * @param {Object} req - The request object.
+   * @param {string} conversationId - The conversation's ID.
+   * @param {Object} metadata - Additional metadata to log for operation.
+   * @returns {Promise<TConversation>} The conversation object.
+   */
+  saveConvo: async (req, { conversationId, newConversationId, ...convo }, metadata) => {
     try {
+      if (metadata && metadata?.context) {
+        logger.debug(`[saveConvo] ${metadata.context}`);
+      }
       const messages = await getMessages({ conversationId }, '_id');
-      const update = { ...convo, messages, user };
+      const update = { ...convo, messages, user: req.user.id };
       if (newConversationId) {
         update.conversationId = newConversationId;
       }
 
-      const conversation = await Conversation.findOneAndUpdate({ conversationId, user }, update, {
-        new: true,
-        upsert: true,
-      });
+      const conversation = await Conversation.findOneAndUpdate(
+        { conversationId, user: req.user.id },
+        update,
+        {
+          new: true,
+          upsert: true,
+        },
+      );
 
       return conversation.toObject();
     } catch (error) {
       logger.error('[saveConvo] Error saving conversation', error);
+      if (metadata && metadata?.context) {
+        logger.info(`[saveConvo] ${metadata.context}`);
+      }
       return { message: 'Error saving conversation' };
     }
   },
@@ -56,13 +88,16 @@ module.exports = {
       throw new Error('Failed to save conversations in bulk.');
     }
   },
-  getConvosByPage: async (user, pageNumber = 1, pageSize = 25, isArchived = false) => {
+  getConvosByPage: async (user, pageNumber = 1, pageSize = 25, isArchived = false, tags) => {
     const query = { user };
     if (isArchived) {
       query.isArchived = true;
     } else {
       query.$or = [{ isArchived: false }, { isArchived: { $exists: false } }];
     }
+    if (Array.isArray(tags) && tags.length > 0) {
+      query.tags = { $in: tags };
+    }
     try {
       const totalConvos = (await Conversation.countDocuments(query)) || 1;
       const totalPages = Math.ceil(totalConvos / pageSize);

api/models/ConversationTag.js

@@ -0,0 +1,249 @@
+const ConversationTag = require('./schema/conversationTagSchema');
+const Conversation = require('./schema/convoSchema');
+const logger = require('~/config/winston');
+
+/**
+ * Retrieves all conversation tags for a user.
+ * @param {string} user - The user ID.
+ * @returns {Promise<Array>} An array of conversation tags.
+ */
+const getConversationTags = async (user) => {
+  try {
+    return await ConversationTag.find({ user }).sort({ position: 1 }).lean();
+  } catch (error) {
+    logger.error('[getConversationTags] Error getting conversation tags', error);
+    throw new Error('Error getting conversation tags');
+  }
+};
+
+/**
+ * Creates a new conversation tag.
+ * @param {string} user - The user ID.
+ * @param {Object} data - The tag data.
+ * @param {string} data.tag - The tag name.
+ * @param {string} [data.description] - The tag description.
+ * @param {boolean} [data.addToConversation] - Whether to add the tag to a conversation.
+ * @param {string} [data.conversationId] - The conversation ID to add the tag to.
+ * @returns {Promise<Object>} The created tag.
+ */
+const createConversationTag = async (user, data) => {
+  try {
+    const { tag, description, addToConversation, conversationId } = data;
+
+    const existingTag = await ConversationTag.findOne({ user, tag }).lean();
+    if (existingTag) {
+      return existingTag;
+    }
+
+    const maxPosition = await ConversationTag.findOne({ user }).sort('-position').lean();
+    const position = (maxPosition?.position || 0) + 1;
+
+    const newTag = await ConversationTag.findOneAndUpdate(
+      { tag, user },
+      {
+        tag,
+        user,
+        count: addToConversation ? 1 : 0,
+        position,
+        description,
+        $setOnInsert: { createdAt: new Date() },
+      },
+      {
+        new: true,
+        upsert: true,
+        lean: true,
+      },
+    );
+
+    if (addToConversation && conversationId) {
+      await Conversation.findOneAndUpdate(
+        { user, conversationId },
+        { $addToSet: { tags: tag } },
+        { new: true },
+      );
+    }
+
+    return newTag;
+  } catch (error) {
+    logger.error('[createConversationTag] Error creating conversation tag', error);
+    throw new Error('Error creating conversation tag');
+  }
+};
+
+/**
+ * Updates an existing conversation tag.
+ * @param {string} user - The user ID.
+ * @param {string} oldTag - The current tag name.
+ * @param {Object} data - The updated tag data.
+ * @param {string} [data.tag] - The new tag name.
+ * @param {string} [data.description] - The updated description.
+ * @param {number} [data.position] - The new position.
+ * @returns {Promise<Object>} The updated tag.
+ */
+const updateConversationTag = async (user, oldTag, data) => {
+  try {
+    const { tag: newTag, description, position } = data;
+
+    const existingTag = await ConversationTag.findOne({ user, tag: oldTag }).lean();
+    if (!existingTag) {
+      return null;
+    }
+
+    if (newTag && newTag !== oldTag) {
+      const tagAlreadyExists = await ConversationTag.findOne({ user, tag: newTag }).lean();
+      if (tagAlreadyExists) {
+        throw new Error('Tag already exists');
+      }
+
+      await Conversation.updateMany({ user, tags: oldTag }, { $set: { 'tags.$': newTag } });
+    }
+
+    const updateData = {};
+    if (newTag) {
+      updateData.tag = newTag;
+    }
+    if (description !== undefined) {
+      updateData.description = description;
+    }
+    if (position !== undefined) {
+      await adjustPositions(user, existingTag.position, position);
+      updateData.position = position;
+    }
+
+    return await ConversationTag.findOneAndUpdate({ user, tag: oldTag }, updateData, {
+      new: true,
+      lean: true,
+    });
+  } catch (error) {
+    logger.error('[updateConversationTag] Error updating conversation tag', error);
+    throw new Error('Error updating conversation tag');
+  }
+};
+
+/**
+ * Adjusts positions of tags when a tag's position is changed.
+ * @param {string} user - The user ID.
+ * @param {number} oldPosition - The old position of the tag.
+ * @param {number} newPosition - The new position of the tag.
+ * @returns {Promise<void>}
+ */
+const adjustPositions = async (user, oldPosition, newPosition) => {
+  if (oldPosition === newPosition) {
+    return;
+  }
+
+  const update = oldPosition < newPosition ? { $inc: { position: -1 } } : { $inc: { position: 1 } };
+  const position =
+    oldPosition < newPosition
+      ? {
+        $gt: Math.min(oldPosition, newPosition),
+        $lte: Math.max(oldPosition, newPosition),
+      }
+      : {
+        $gte: Math.min(oldPosition, newPosition),
+        $lt: Math.max(oldPosition, newPosition),
+      };
+
+  await ConversationTag.updateMany(
+    {
+      user,
+      position,
+    },
+    update,
+  );
+};
+
+/**
+ * Deletes a conversation tag.
+ * @param {string} user - The user ID.
+ * @param {string} tag - The tag to delete.
+ * @returns {Promise<Object>} The deleted tag.
+ */
+const deleteConversationTag = async (user, tag) => {
+  try {
+    const deletedTag = await ConversationTag.findOneAndDelete({ user, tag }).lean();
+    if (!deletedTag) {
+      return null;
+    }
+
+    await Conversation.updateMany({ user, tags: tag }, { $pull: { tags: tag } });
+
+    await ConversationTag.updateMany(
+      { user, position: { $gt: deletedTag.position } },
+      { $inc: { position: -1 } },
+    );
+
+    return deletedTag;
+  } catch (error) {
+    logger.error('[deleteConversationTag] Error deleting conversation tag', error);
+    throw new Error('Error deleting conversation tag');
+  }
+};
+
+/**
+ * Updates tags for a specific conversation.
+ * @param {string} user - The user ID.
+ * @param {string} conversationId - The conversation ID.
+ * @param {string[]} tags - The new set of tags for the conversation.
+ * @returns {Promise<string[]>} The updated list of tags for the conversation.
+ */
+const updateTagsForConversation = async (user, conversationId, tags) => {
+  try {
+    const conversation = await Conversation.findOne({ user, conversationId }).lean();
+    if (!conversation) {
+      throw new Error('Conversation not found');
+    }
+
+    const oldTags = new Set(conversation.tags);
+    const newTags = new Set(tags);
+
+    const addedTags = [...newTags].filter((tag) => !oldTags.has(tag));
+    const removedTags = [...oldTags].filter((tag) => !newTags.has(tag));
+
+    const bulkOps = [];
+
+    for (const tag of addedTags) {
+      bulkOps.push({
+        updateOne: {
+          filter: { user, tag },
+          update: { $inc: { count: 1 } },
+          upsert: true,
+        },
+      });
+    }
+
+    for (const tag of removedTags) {
+      bulkOps.push({
+        updateOne: {
+          filter: { user, tag },
+          update: { $inc: { count: -1 } },
+        },
+      });
+    }
+
+    if (bulkOps.length > 0) {
+      await ConversationTag.bulkWrite(bulkOps);
+    }
+
+    const updatedConversation = (
+      await Conversation.findOneAndUpdate(
+        { user, conversationId },
+        { $set: { tags: [...newTags] } },
+        { new: true },
+      )
+    ).toObject();
+
+    return updatedConversation.tags;
+  } catch (error) {
+    logger.error('[updateTagsForConversation] Error updating tags', error);
+    throw new Error('Error updating tags for conversation');
+  }
+};
+
+module.exports = {
+  getConversationTags,
+  createConversationTag,
+  updateConversationTag,
+  deleteConversationTag,
+  updateTagsForConversation,
+};

api/models/Message.js

@@ -1,204 +1,342 @@
 const { z } = require('zod');
 const Message = require('./schema/messageSchema');
-const logger = require('~/config/winston');
+const { logger } = require('~/config');
 
 const idSchema = z.string().uuid();
 
+/**
+ * Saves a message in the database.
+ *
+ * @async
+ * @function saveMessage
+ * @param {Express.Request} req - The request object containing user information.
+ * @param {Object} params - The message data object.
+ * @param {string} params.endpoint - The endpoint where the message originated.
+ * @param {string} params.iconURL - The URL of the sender's icon.
+ * @param {string} params.messageId - The unique identifier for the message.
+ * @param {string} params.newMessageId - The new unique identifier for the message (if applicable).
+ * @param {string} params.conversationId - The identifier of the conversation.
+ * @param {string} [params.parentMessageId] - The identifier of the parent message, if any.
+ * @param {string} params.sender - The identifier of the sender.
+ * @param {string} params.text - The text content of the message.
+ * @param {boolean} params.isCreatedByUser - Indicates if the message was created by the user.
+ * @param {string} [params.error] - Any error associated with the message.
+ * @param {boolean} [params.unfinished] - Indicates if the message is unfinished.
+ * @param {Object[]} [params.files] - An array of files associated with the message.
+ * @param {boolean} [params.isEdited] - Indicates if the message was edited.
+ * @param {string} [params.finish_reason] - Reason for finishing the message.
+ * @param {number} [params.tokenCount] - The number of tokens in the message.
+ * @param {string} [params.plugin] - Plugin associated with the message.
+ * @param {string[]} [params.plugins] - An array of plugins associated with the message.
+ * @param {string} [params.model] - The model used to generate the message.
+ * @param {Object} [metadata] - Additional metadata for this operation
+ * @param {string} [metadata.context] - The context of the operation
+ * @returns {Promise<TMessage>} The updated or newly inserted message document.
+ * @throws {Error} If there is an error in saving the message.
+ */
+async function saveMessage(req, params, metadata) {
+  try {
+    if (!req || !req.user || !req.user.id) {
+      throw new Error('User not authenticated');
+    }
+
+    const {
+      text,
+      error,
+      model,
+      files,
+      plugin,
+      sender,
+      plugins,
+      iconURL,
+      endpoint,
+      isEdited,
+      messageId,
+      unfinished,
+      tokenCount,
+      newMessageId,
+      finish_reason,
+      conversationId,
+      parentMessageId,
+      isCreatedByUser,
+    } = params;
+
+    const validConvoId = idSchema.safeParse(conversationId);
+    if (!validConvoId.success) {
+      logger.warn(`Invalid conversation ID: ${conversationId}`);
+      if (metadata && metadata?.context) {
+        logger.info(`---\`saveMessage\` context: ${metadata.context}`);
+      }
+
+      logger.info(`---Invalid conversation ID Params:
+
+${JSON.stringify(params, null, 2)}
+
+`);
+      return;
+    }
+
+    const update = {
+      user: req.user.id,
+      iconURL,
+      endpoint,
+      messageId: newMessageId || messageId,
+      conversationId,
+      parentMessageId,
+      sender,
+      text,
+      isCreatedByUser,
+      isEdited,
+      finish_reason,
+      error,
+      unfinished,
+      tokenCount,
+      plugin,
+      plugins,
+      model,
+    };
+
+    if (files) {
+      update.files = files;
+    }
+
+    const message = await Message.findOneAndUpdate({ messageId, user: req.user.id }, update, {
+      upsert: true,
+      new: true,
+    });
+
+    return message.toObject();
+  } catch (err) {
+    logger.error('Error saving message:', err);
+    if (metadata && metadata?.context) {
+      logger.info(`---\`saveMessage\` context: ${metadata.context}`);
+    }
+    throw err;
+  }
+}
+
+/**
+ * Saves multiple messages in the database in bulk.
+ *
+ * @async
+ * @function bulkSaveMessages
+ * @param {Object[]} messages - An array of message objects to save.
+ * @returns {Promise<Object>} The result of the bulk write operation.
+ * @throws {Error} If there is an error in saving messages in bulk.
+ */
+async function bulkSaveMessages(messages) {
+  try {
+    const bulkOps = messages.map((message) => ({
+      updateOne: {
+        filter: { messageId: message.messageId },
+        update: message,
+        upsert: true,
+      },
+    }));
+
+    const result = await Message.bulkWrite(bulkOps);
+    return result;
+  } catch (err) {
+    logger.error('Error saving messages in bulk:', err);
+    throw err;
+  }
+}
+
+/**
+ * Records a message in the database.
+ *
+ * @async
+ * @function recordMessage
+ * @param {Object} params - The message data object.
+ * @param {string} params.user - The identifier of the user.
+ * @param {string} params.endpoint - The endpoint where the message originated.
+ * @param {string} params.messageId - The unique identifier for the message.
+ * @param {string} params.conversationId - The identifier of the conversation.
+ * @param {string} [params.parentMessageId] - The identifier of the parent message, if any.
+ * @param {Partial<TMessage>} rest - Any additional properties from the TMessage typedef not explicitly listed.
+ * @returns {Promise<Object>} The updated or newly inserted message document.
+ * @throws {Error} If there is an error in saving the message.
+ */
+async function recordMessage({
+  user,
+  endpoint,
+  messageId,
+  conversationId,
+  parentMessageId,
+  ...rest
+}) {
+  try {
+    // No parsing of convoId as may use threadId
+    const message = {
+      user,
+      endpoint,
+      messageId,
+      conversationId,
+      parentMessageId,
+      ...rest,
+    };
+
+    return await Message.findOneAndUpdate({ user, messageId }, message, {
+      upsert: true,
+      new: true,
+    });
+  } catch (err) {
+    logger.error('Error recording message:', err);
+    throw err;
+  }
+}
+
+/**
+ * Updates the text of a message.
+ *
+ * @async
+ * @function updateMessageText
+ * @param {Object} params - The update data object.
+ * @param {Object} req - The request object.
+ * @param {string} params.messageId - The unique identifier for the message.
+ * @param {string} params.text - The new text content of the message.
+ * @returns {Promise<void>}
+ * @throws {Error} If there is an error in updating the message text.
+ */
+async function updateMessageText(req, { messageId, text }) {
+  try {
+    await Message.updateOne({ messageId, user: req.user.id }, { text });
+  } catch (err) {
+    logger.error('Error updating message text:', err);
+    throw err;
+  }
+}
+
+/**
+ * Updates a message.
+ *
+ * @async
+ * @function updateMessage
+ * @param {Object} req - The request object.
+ * @param {Object} message - The message object containing update data.
+ * @param {string} message.messageId - The unique identifier for the message.
+ * @param {string} [message.text] - The new text content of the message.
+ * @param {Object[]} [message.files] - The files associated with the message.
+ * @param {boolean} [message.isCreatedByUser] - Indicates if the message was created by the user.
+ * @param {string} [message.sender] - The identifier of the sender.
+ * @param {number} [message.tokenCount] - The number of tokens in the message.
+ * @param {Object} [metadata] - The operation metadata
+ * @param {string} [metadata.context] - The operation metadata
+ * @returns {Promise<TMessage>} The updated message document.
+ * @throws {Error} If there is an error in updating the message or if the message is not found.
+ */
+async function updateMessage(req, message, metadata) {
+  try {
+    const { messageId, ...update } = message;
+    update.isEdited = true;
+    const updatedMessage = await Message.findOneAndUpdate(
+      { messageId, user: req.user.id },
+      update,
+      {
+        new: true,
+      },
+    );
+
+    if (!updatedMessage) {
+      throw new Error('Message not found or user not authorized.');
+    }
+
+    return {
+      messageId: updatedMessage.messageId,
+      conversationId: updatedMessage.conversationId,
+      parentMessageId: updatedMessage.parentMessageId,
+      sender: updatedMessage.sender,
+      text: updatedMessage.text,
+      isCreatedByUser: updatedMessage.isCreatedByUser,
+      tokenCount: updatedMessage.tokenCount,
+      isEdited: true,
+    };
+  } catch (err) {
+    logger.error('Error updating message:', err);
+    if (metadata && metadata?.context) {
+      logger.info(`---\`updateMessage\` context: ${metadata.context}`);
+    }
+    throw err;
+  }
+}
+
+/**
+ * Deletes messages in a conversation since a specific message.
+ *
+ * @async
+ * @function deleteMessagesSince
+ * @param {Object} params - The parameters object.
+ * @param {Object} req - The request object.
+ * @param {string} params.messageId - The unique identifier for the message.
+ * @param {string} params.conversationId - The identifier of the conversation.
+ * @returns {Promise<Number>} The number of deleted messages.
+ * @throws {Error} If there is an error in deleting messages.
+ */
+async function deleteMessagesSince(req, { messageId, conversationId }) {
+  try {
+    const message = await Message.findOne({ messageId, user: req.user.id }).lean();
+
+    if (message) {
+      const query = Message.find({ conversationId, user: req.user.id });
+      return await query.deleteMany({
+        createdAt: { $gt: message.createdAt },
+      });
+    }
+    return undefined;
+  } catch (err) {
+    logger.error('Error deleting messages:', err);
+    throw err;
+  }
+}
+
+/**
+ * Retrieves messages from the database.
+ * @async
+ * @function getMessages
+ * @param {Record<string, unknown>} filter - The filter criteria.
+ * @param {string | undefined} [select] - The fields to select.
+ * @returns {Promise<TMessage[]>} The messages that match the filter criteria.
+ * @throws {Error} If there is an error in retrieving messages.
+ */
+async function getMessages(filter, select) {
+  try {
+    if (select) {
+      return await Message.find(filter).select(select).sort({ createdAt: 1 }).lean();
+    }
+
+    return await Message.find(filter).sort({ createdAt: 1 }).lean();
+  } catch (err) {
+    logger.error('Error getting messages:', err);
+    throw err;
+  }
+}
+
+/**
+ * Deletes messages from the database.
+ *
+ * @async
+ * @function deleteMessages
+ * @param {Object} filter - The filter criteria to find messages to delete.
+ * @returns {Promise<Object>} The metadata with count of deleted messages.
+ * @throws {Error} If there is an error in deleting messages.
+ */
+async function deleteMessages(filter) {
+  try {
+    return await Message.deleteMany(filter);
+  } catch (err) {
+    logger.error('Error deleting messages:', err);
+    throw err;
+  }
+}
+
 module.exports = {
   Message,
-
-  async saveMessage({
-    user,
-    endpoint,
-    iconURL,
-    messageId,
-    newMessageId,
-    conversationId,
-    parentMessageId,
-    sender,
-    text,
-    isCreatedByUser,
-    error,
-    unfinished,
-    files,
-    isEdited,
-    finish_reason,
-    tokenCount,
-    plugin,
-    plugins,
-    model,
-  }) {
-    try {
-      const validConvoId = idSchema.safeParse(conversationId);
-      if (!validConvoId.success) {
-        return;
-      }
-
-      const update = {
-        user,
-        iconURL,
-        endpoint,
-        messageId: newMessageId || messageId,
-        conversationId,
-        parentMessageId,
-        sender,
-        text,
-        isCreatedByUser,
-        isEdited,
-        finish_reason,
-        error,
-        unfinished,
-        tokenCount,
-        plugin,
-        plugins,
-        model,
-      };
-
-      if (files) {
-        update.files = files;
-      }
-
-      const message = await Message.findOneAndUpdate({ messageId }, update, {
-        upsert: true,
-        new: true,
-      });
-
-      return message.toObject();
-    } catch (err) {
-      logger.error('Error saving message:', err);
-      throw new Error('Failed to save message.');
-    }
-  },
-
-  async bulkSaveMessages(messages) {
-    try {
-      const bulkOps = messages.map((message) => ({
-        updateOne: {
-          filter: { messageId: message.messageId },
-          update: message,
-          upsert: true,
-        },
-      }));
-
-      const result = await Message.bulkWrite(bulkOps);
-      return result;
-    } catch (err) {
-      logger.error('Error saving messages in bulk:', err);
-      throw new Error('Failed to save messages in bulk.');
-    }
-  },
-
-  /**
-   * Records a message in the database.
-   *
-   * @async
-   * @function recordMessage
-   * @param {Object} params - The message data object.
-   * @param {string} params.user - The identifier of the user.
-   * @param {string} params.endpoint - The endpoint where the message originated.
-   * @param {string} params.messageId - The unique identifier for the message.
-   * @param {string} params.conversationId - The identifier of the conversation.
-   * @param {string} [params.parentMessageId] - The identifier of the parent message, if any.
-   * @param {Partial<TMessage>} rest - Any additional properties from the TMessage typedef not explicitly listed.
-   * @returns {Promise<Object>} The updated or newly inserted message document.
-   * @throws {Error} If there is an error in saving the message.
-   */
-  async recordMessage({ user, endpoint, messageId, conversationId, parentMessageId, ...rest }) {
-    try {
-      // No parsing of convoId as may use threadId
-      const message = {
-        user,
-        endpoint,
-        messageId,
-        conversationId,
-        parentMessageId,
-        ...rest,
-      };
-
-      return await Message.findOneAndUpdate({ user, messageId }, message, {
-        upsert: true,
-        new: true,
-      });
-    } catch (err) {
-      logger.error('Error saving message:', err);
-      throw new Error('Failed to save message.');
-    }
-  },
-  async updateMessageText({ messageId, text }) {
-    try {
-      await Message.updateOne({ messageId }, { text });
-    } catch (err) {
-      logger.error('Error updating message text:', err);
-      throw new Error('Failed to update message text.');
-    }
-  },
-  async updateMessage(message) {
-    try {
-      const { messageId, ...update } = message;
-      update.isEdited = true;
-      const updatedMessage = await Message.findOneAndUpdate({ messageId }, update, {
-        new: true,
-      });
-
-      if (!updatedMessage) {
-        throw new Error('Message not found.');
-      }
-
-      return {
-        messageId: updatedMessage.messageId,
-        conversationId: updatedMessage.conversationId,
-        parentMessageId: updatedMessage.parentMessageId,
-        sender: updatedMessage.sender,
-        text: updatedMessage.text,
-        isCreatedByUser: updatedMessage.isCreatedByUser,
-        tokenCount: updatedMessage.tokenCount,
-        isEdited: true,
-      };
-    } catch (err) {
-      logger.error('Error updating message:', err);
-      throw new Error('Failed to update message.');
-    }
-  },
-  async deleteMessagesSince({ messageId, conversationId }) {
-    try {
-      const message = await Message.findOne({ messageId }).lean();
-
-      if (message) {
-        return await Message.find({ conversationId }).deleteMany({
-          createdAt: { $gt: message.createdAt },
-        });
-      }
-    } catch (err) {
-      logger.error('Error deleting messages:', err);
-      throw new Error('Failed to delete messages.');
-    }
-  },
-
-  /**
-   * Retrieves messages from the database.
-   * @param {Record<string, unknown>} filter
-   * @param {string | undefined} [select]
-   * @returns
-   */
-  async getMessages(filter, select) {
-    try {
-      if (select) {
-        return await Message.find(filter).select(select).sort({ createdAt: 1 }).lean();
-      }
-
-      return await Message.find(filter).sort({ createdAt: 1 }).lean();
-    } catch (err) {
-      logger.error('Error getting messages:', err);
-      throw new Error('Failed to get messages.');
-    }
-  },
-
-  async deleteMessages(filter) {
-    try {
-      return await Message.deleteMany(filter);
-    } catch (err) {
-      logger.error('Error deleting messages:', err);
-      throw new Error('Failed to delete messages.');
-    }
-  },
+  saveMessage,
+  bulkSaveMessages,
+  recordMessage,
+  updateMessageText,
+  updateMessage,
+  deleteMessagesSince,
+  getMessages,
+  deleteMessages,
 };

api/models/Message.spec.js

@@ -0,0 +1,239 @@
+const mongoose = require('mongoose');
+const { v4: uuidv4 } = require('uuid');
+
+jest.mock('mongoose');
+
+const mockFindQuery = {
+  select: jest.fn().mockReturnThis(),
+  sort: jest.fn().mockReturnThis(),
+  lean: jest.fn().mockReturnThis(),
+  deleteMany: jest.fn().mockResolvedValue({ deletedCount: 1 }),
+};
+
+const mockSchema = {
+  findOneAndUpdate: jest.fn(),
+  updateOne: jest.fn(),
+  findOne: jest.fn(() => ({
+    lean: jest.fn(),
+  })),
+  find: jest.fn(() => mockFindQuery),
+  deleteMany: jest.fn(),
+};
+
+mongoose.model.mockReturnValue(mockSchema);
+
+jest.mock('~/models/schema/messageSchema', () => mockSchema);
+
+jest.mock('~/config/winston', () => ({
+  error: jest.fn(),
+}));
+
+const {
+  saveMessage,
+  getMessages,
+  updateMessage,
+  deleteMessages,
+  updateMessageText,
+  deleteMessagesSince,
+} = require('~/models/Message');
+
+describe('Message Operations', () => {
+  let mockReq;
+  let mockMessage;
+
+  beforeEach(() => {
+    jest.clearAllMocks();
+
+    mockReq = {
+      user: { id: 'user123' },
+    };
+
+    mockMessage = {
+      messageId: 'msg123',
+      conversationId: uuidv4(),
+      text: 'Hello, world!',
+      user: 'user123',
+    };
+
+    mockSchema.findOneAndUpdate.mockResolvedValue({
+      toObject: () => mockMessage,
+    });
+  });
+
+  describe('saveMessage', () => {
+    it('should save a message for an authenticated user', async () => {
+      const result = await saveMessage(mockReq, mockMessage);
+      expect(result).toEqual(mockMessage);
+      expect(mockSchema.findOneAndUpdate).toHaveBeenCalledWith(
+        { messageId: 'msg123', user: 'user123' },
+        expect.objectContaining({ user: 'user123' }),
+        expect.any(Object),
+      );
+    });
+
+    it('should throw an error for unauthenticated user', async () => {
+      mockReq.user = null;
+      await expect(saveMessage(mockReq, mockMessage)).rejects.toThrow('User not authenticated');
+    });
+
+    it('should throw an error for invalid conversation ID', async () => {
+      mockMessage.conversationId = 'invalid-id';
+      await expect(saveMessage(mockReq, mockMessage)).resolves.toBeUndefined();
+    });
+  });
+
+  describe('updateMessageText', () => {
+    it('should update message text for the authenticated user', async () => {
+      await updateMessageText(mockReq, { messageId: 'msg123', text: 'Updated text' });
+      expect(mockSchema.updateOne).toHaveBeenCalledWith(
+        { messageId: 'msg123', user: 'user123' },
+        { text: 'Updated text' },
+      );
+    });
+  });
+
+  describe('updateMessage', () => {
+    it('should update a message for the authenticated user', async () => {
+      mockSchema.findOneAndUpdate.mockResolvedValue(mockMessage);
+      const result = await updateMessage(mockReq, { messageId: 'msg123', text: 'Updated text' });
+      expect(result).toEqual(
+        expect.objectContaining({
+          messageId: 'msg123',
+          text: 'Hello, world!',
+          isEdited: true,
+        }),
+      );
+    });
+
+    it('should throw an error if message is not found', async () => {
+      mockSchema.findOneAndUpdate.mockResolvedValue(null);
+      await expect(
+        updateMessage(mockReq, { messageId: 'nonexistent', text: 'Test' }),
+      ).rejects.toThrow('Message not found or user not authorized.');
+    });
+  });
+
+  describe('deleteMessagesSince', () => {
+    it('should delete messages only for the authenticated user', async () => {
+      mockSchema.findOne().lean.mockResolvedValueOnce({ createdAt: new Date() });
+      mockFindQuery.deleteMany.mockResolvedValueOnce({ deletedCount: 1 });
+      const result = await deleteMessagesSince(mockReq, {
+        messageId: 'msg123',
+        conversationId: 'convo123',
+      });
+      expect(mockSchema.findOne).toHaveBeenCalledWith({ messageId: 'msg123', user: 'user123' });
+      expect(mockSchema.find).not.toHaveBeenCalled();
+      expect(result).toBeUndefined();
+    });
+
+    it('should return undefined if no message is found', async () => {
+      mockSchema.findOne().lean.mockResolvedValueOnce(null);
+      const result = await deleteMessagesSince(mockReq, {
+        messageId: 'nonexistent',
+        conversationId: 'convo123',
+      });
+      expect(result).toBeUndefined();
+    });
+  });
+
+  describe('getMessages', () => {
+    it('should retrieve messages with the correct filter', async () => {
+      const filter = { conversationId: 'convo123' };
+      await getMessages(filter);
+      expect(mockSchema.find).toHaveBeenCalledWith(filter);
+      expect(mockFindQuery.sort).toHaveBeenCalledWith({ createdAt: 1 });
+      expect(mockFindQuery.lean).toHaveBeenCalled();
+    });
+  });
+
+  describe('deleteMessages', () => {
+    it('should delete messages with the correct filter', async () => {
+      await deleteMessages({ user: 'user123' });
+      expect(mockSchema.deleteMany).toHaveBeenCalledWith({ user: 'user123' });
+    });
+  });
+
+  describe('Conversation Hijacking Prevention', () => {
+    it('should not allow editing a message in another user\'s conversation', async () => {
+      const attackerReq = { user: { id: 'attacker123' } };
+      const victimConversationId = 'victim-convo-123';
+      const victimMessageId = 'victim-msg-123';
+
+      mockSchema.findOneAndUpdate.mockResolvedValue(null);
+
+      await expect(
+        updateMessage(attackerReq, {
+          messageId: victimMessageId,
+          conversationId: victimConversationId,
+          text: 'Hacked message',
+        }),
+      ).rejects.toThrow('Message not found or user not authorized.');
+
+      expect(mockSchema.findOneAndUpdate).toHaveBeenCalledWith(
+        { messageId: victimMessageId, user: 'attacker123' },
+        expect.anything(),
+        expect.anything(),
+      );
+    });
+
+    it('should not allow deleting messages from another user\'s conversation', async () => {
+      const attackerReq = { user: { id: 'attacker123' } };
+      const victimConversationId = 'victim-convo-123';
+      const victimMessageId = 'victim-msg-123';
+
+      mockSchema.findOne().lean.mockResolvedValueOnce(null); // Simulating message not found for this user
+      const result = await deleteMessagesSince(attackerReq, {
+        messageId: victimMessageId,
+        conversationId: victimConversationId,
+      });
+
+      expect(result).toBeUndefined();
+      expect(mockSchema.findOne).toHaveBeenCalledWith({
+        messageId: victimMessageId,
+        user: 'attacker123',
+      });
+    });
+
+    it('should not allow inserting a new message into another user\'s conversation', async () => {
+      const attackerReq = { user: { id: 'attacker123' } };
+      const victimConversationId = uuidv4(); // Use a valid UUID
+
+      await expect(
+        saveMessage(attackerReq, {
+          conversationId: victimConversationId,
+          text: 'Inserted malicious message',
+          messageId: 'new-msg-123',
+        }),
+      ).resolves.not.toThrow(); // It should not throw an error
+
+      // Check that the message was saved with the attacker's user ID
+      expect(mockSchema.findOneAndUpdate).toHaveBeenCalledWith(
+        { messageId: 'new-msg-123', user: 'attacker123' },
+        expect.objectContaining({
+          user: 'attacker123',
+          conversationId: victimConversationId,
+        }),
+        expect.anything(),
+      );
+    });
+
+    it('should allow retrieving messages from any conversation', async () => {
+      const victimConversationId = 'victim-convo-123';
+
+      await getMessages({ conversationId: victimConversationId });
+
+      expect(mockSchema.find).toHaveBeenCalledWith({
+        conversationId: victimConversationId,
+      });
+
+      mockSchema.find.mockReturnValueOnce({
+        select: jest.fn().mockReturnThis(),
+        sort: jest.fn().mockReturnThis(),
+        lean: jest.fn().mockResolvedValue([{ text: 'Test message' }]),
+      });
+
+      const result = await getMessages({ conversationId: victimConversationId });
+      expect(result).toEqual([{ text: 'Test message' }]);
+    });
+  });
+});

api/models/Role.js

@@ -1,6 +1,15 @@
-const { SystemRoles, CacheKeys, roleDefaults } = require('librechat-data-provider');
+const {
+  CacheKeys,
+  SystemRoles,
+  roleDefaults,
+  PermissionTypes,
+  removeNullishValues,
+  promptPermissionsSchema,
+  bookmarkPermissionsSchema,
+} = require('librechat-data-provider');
 const getLogStores = require('~/cache/getLogStores');
 const Role = require('~/models/schema/roleSchema');
+const { logger } = require('~/config');
 
 /**
  * Retrieve a role by name and convert the found role document to a plain object.
@@ -61,6 +70,63 @@ const updateRoleByName = async function (roleName, updates) {
   }
 };
 
+const permissionSchemas = {
+  [PermissionTypes.PROMPTS]: promptPermissionsSchema,
+  [PermissionTypes.BOOKMARKS]: bookmarkPermissionsSchema,
+};
+
+/**
+ * Updates access permissions for a specific role and multiple permission types.
+ * @param {SystemRoles} roleName - The role to update.
+ * @param {Object.<PermissionTypes, Object.<Permissions, boolean>>} permissionsUpdate - Permissions to update and their values.
+ */
+async function updateAccessPermissions(roleName, permissionsUpdate) {
+  const updates = {};
+  for (const [permissionType, permissions] of Object.entries(permissionsUpdate)) {
+    if (permissionSchemas[permissionType]) {
+      updates[permissionType] = removeNullishValues(permissions);
+    }
+  }
+
+  if (Object.keys(updates).length === 0) {
+    return;
+  }
+
+  try {
+    const role = await getRoleByName(roleName);
+    if (!role) {
+      return;
+    }
+
+    const updatedPermissions = {};
+    let hasChanges = false;
+
+    for (const [permissionType, permissions] of Object.entries(updates)) {
+      const currentPermissions = role[permissionType] || {};
+      updatedPermissions[permissionType] = { ...currentPermissions };
+
+      for (const [permission, value] of Object.entries(permissions)) {
+        if (currentPermissions[permission] !== value) {
+          updatedPermissions[permissionType][permission] = value;
+          hasChanges = true;
+          logger.info(
+            `Updating '${roleName}' role ${permissionType} '${permission}' permission from ${currentPermissions[permission]} to: ${value}`,
+          );
+        }
+      }
+    }
+
+    if (hasChanges) {
+      await updateRoleByName(roleName, updatedPermissions);
+      logger.info(`Updated '${roleName}' role permissions`);
+    } else {
+      logger.info(`No changes needed for '${roleName}' role permissions`);
+    }
+  } catch (error) {
+    logger.error(`Failed to update ${roleName} role permissions:`, error);
+  }
+}
+
 /**
  * Initialize default roles in the system.
  * Creates the default roles (ADMIN, USER) if they don't exist in the database.
@@ -83,4 +149,5 @@ module.exports = {
   getRoleByName,
   initializeRoles,
   updateRoleByName,
+  updateAccessPermissions,
 };

api/models/Role.spec.js

@@ -0,0 +1,197 @@
+const mongoose = require('mongoose');
+const { MongoMemoryServer } = require('mongodb-memory-server');
+const { SystemRoles, PermissionTypes } = require('librechat-data-provider');
+const Role = require('~/models/schema/roleSchema');
+const { updateAccessPermissions } = require('~/models/Role');
+const getLogStores = require('~/cache/getLogStores');
+
+// Mock the cache
+jest.mock('~/cache/getLogStores', () => {
+  return jest.fn().mockReturnValue({
+    get: jest.fn(),
+    set: jest.fn(),
+    del: jest.fn(),
+  });
+});
+
+let mongoServer;
+
+beforeAll(async () => {
+  mongoServer = await MongoMemoryServer.create();
+  const mongoUri = mongoServer.getUri();
+  await mongoose.connect(mongoUri);
+});
+
+afterAll(async () => {
+  await mongoose.disconnect();
+  await mongoServer.stop();
+});
+
+beforeEach(async () => {
+  await Role.deleteMany({});
+  getLogStores.mockClear();
+});
+
+describe('updateAccessPermissions', () => {
+  it('should update permissions when changes are needed', async () => {
+    await new Role({
+      name: SystemRoles.USER,
+      [PermissionTypes.PROMPTS]: {
+        CREATE: true,
+        USE: true,
+        SHARED_GLOBAL: false,
+      },
+    }).save();
+
+    await updateAccessPermissions(SystemRoles.USER, {
+      [PermissionTypes.PROMPTS]: {
+        CREATE: true,
+        USE: true,
+        SHARED_GLOBAL: true,
+      },
+    });
+
+    const updatedRole = await Role.findOne({ name: SystemRoles.USER }).lean();
+    expect(updatedRole[PermissionTypes.PROMPTS]).toEqual({
+      CREATE: true,
+      USE: true,
+      SHARED_GLOBAL: true,
+    });
+  });
+
+  it('should not update permissions when no changes are needed', async () => {
+    await new Role({
+      name: SystemRoles.USER,
+      [PermissionTypes.PROMPTS]: {
+        CREATE: true,
+        USE: true,
+        SHARED_GLOBAL: false,
+      },
+    }).save();
+
+    await updateAccessPermissions(SystemRoles.USER, {
+      [PermissionTypes.PROMPTS]: {
+        CREATE: true,
+        USE: true,
+        SHARED_GLOBAL: false,
+      },
+    });
+
+    const updatedRole = await Role.findOne({ name: SystemRoles.USER }).lean();
+    expect(updatedRole[PermissionTypes.PROMPTS]).toEqual({
+      CREATE: true,
+      USE: true,
+      SHARED_GLOBAL: false,
+    });
+  });
+
+  it('should handle non-existent roles', async () => {
+    await updateAccessPermissions('NON_EXISTENT_ROLE', {
+      [PermissionTypes.PROMPTS]: {
+        CREATE: true,
+      },
+    });
+
+    const role = await Role.findOne({ name: 'NON_EXISTENT_ROLE' });
+    expect(role).toBeNull();
+  });
+
+  it('should update only specified permissions', async () => {
+    await new Role({
+      name: SystemRoles.USER,
+      [PermissionTypes.PROMPTS]: {
+        CREATE: true,
+        USE: true,
+        SHARED_GLOBAL: false,
+      },
+    }).save();
+
+    await updateAccessPermissions(SystemRoles.USER, {
+      [PermissionTypes.PROMPTS]: {
+        SHARED_GLOBAL: true,
+      },
+    });
+
+    const updatedRole = await Role.findOne({ name: SystemRoles.USER }).lean();
+    expect(updatedRole[PermissionTypes.PROMPTS]).toEqual({
+      CREATE: true,
+      USE: true,
+      SHARED_GLOBAL: true,
+    });
+  });
+
+  it('should handle partial updates', async () => {
+    await new Role({
+      name: SystemRoles.USER,
+      [PermissionTypes.PROMPTS]: {
+        CREATE: true,
+        USE: true,
+        SHARED_GLOBAL: false,
+      },
+    }).save();
+
+    await updateAccessPermissions(SystemRoles.USER, {
+      [PermissionTypes.PROMPTS]: {
+        USE: false,
+      },
+    });
+
+    const updatedRole = await Role.findOne({ name: SystemRoles.USER }).lean();
+    expect(updatedRole[PermissionTypes.PROMPTS]).toEqual({
+      CREATE: true,
+      USE: false,
+      SHARED_GLOBAL: false,
+    });
+  });
+
+  it('should update multiple permission types at once', async () => {
+    await new Role({
+      name: SystemRoles.USER,
+      [PermissionTypes.PROMPTS]: {
+        CREATE: true,
+        USE: true,
+        SHARED_GLOBAL: false,
+      },
+      [PermissionTypes.BOOKMARKS]: {
+        USE: true,
+      },
+    }).save();
+
+    await updateAccessPermissions(SystemRoles.USER, {
+      [PermissionTypes.PROMPTS]: { USE: false, SHARED_GLOBAL: true },
+      [PermissionTypes.BOOKMARKS]: { USE: false },
+    });
+
+    const updatedRole = await Role.findOne({ name: SystemRoles.USER }).lean();
+    expect(updatedRole[PermissionTypes.PROMPTS]).toEqual({
+      CREATE: true,
+      USE: false,
+      SHARED_GLOBAL: true,
+    });
+    expect(updatedRole[PermissionTypes.BOOKMARKS]).toEqual({
+      USE: false,
+    });
+  });
+
+  it('should handle updates for a single permission type', async () => {
+    await new Role({
+      name: SystemRoles.USER,
+      [PermissionTypes.PROMPTS]: {
+        CREATE: true,
+        USE: true,
+        SHARED_GLOBAL: false,
+      },
+    }).save();
+
+    await updateAccessPermissions(SystemRoles.USER, {
+      [PermissionTypes.PROMPTS]: { USE: false, SHARED_GLOBAL: true },
+    });
+
+    const updatedRole = await Role.findOne({ name: SystemRoles.USER }).lean();
+    expect(updatedRole[PermissionTypes.PROMPTS]).toEqual({
+      CREATE: true,
+      USE: false,
+      SHARED_GLOBAL: true,
+    });
+  });
+});

api/models/Session.js

@@ -1,6 +1,6 @@
-const crypto = require('crypto');
 const mongoose = require('mongoose');
 const signPayload = require('~/server/services/signPayload');
+const { hashToken } = require('~/server/utils/crypto');
 const { logger } = require('~/config');
 
 const { REFRESH_TOKEN_EXPIRY } = process.env ?? {};
@@ -39,8 +39,7 @@ sessionSchema.methods.generateRefreshToken = async function () {
       expirationTime: Math.floor((expiresIn - Date.now()) / 1000),
     });
 
-    const hash = crypto.createHash('sha256');
-    this.refreshTokenHash = hash.update(refreshToken).digest('hex');
+    this.refreshTokenHash = await hashToken(refreshToken);
 
     await this.save();
 

api/models/Share.js

@@ -1,117 +1,252 @@
-const crypto = require('crypto');
-const { getMessages } = require('./Message');
+const { nanoid } = require('nanoid');
+const { Constants } = require('librechat-data-provider');
 const SharedLink = require('./schema/shareSchema');
+const { getMessages } = require('./Message');
 const logger = require('~/config/winston');
 
-module.exports = {
-  SharedLink,
-  getSharedMessages: async (shareId) => {
-    try {
-      const share = await SharedLink.findOne({ shareId })
-        .populate({
-          path: 'messages',
-          select: '-_id -__v -user',
-        })
-        .select('-_id -__v -user')
-        .lean();
+/**
+ * Anonymizes a conversation ID
+ * @returns {string} The anonymized conversation ID
+ */
+function anonymizeConvoId() {
+  return `convo_${nanoid()}`;
+}
 
-      if (!share || !share.conversationId || !share.isPublic) {
-        return null;
-      }
+/**
+ * Anonymizes an assistant ID
+ * @returns {string} The anonymized assistant ID
+ */
+function anonymizeAssistantId() {
+  return `a_${nanoid()}`;
+}
 
-      return share;
-    } catch (error) {
-      logger.error('[getShare] Error getting share link', error);
-      throw new Error('Error getting share link');
+/**
+ * Anonymizes a message ID
+ * @param {string} id - The original message ID
+ * @returns {string} The anonymized message ID
+ */
+function anonymizeMessageId(id) {
+  return id === Constants.NO_PARENT ? id : `msg_${nanoid()}`;
+}
+
+/**
+ * Anonymizes a conversation object
+ * @param {object} conversation - The conversation object
+ * @returns {object} The anonymized conversation object
+ */
+function anonymizeConvo(conversation) {
+  const newConvo = { ...conversation };
+  if (newConvo.assistant_id) {
+    newConvo.assistant_id = anonymizeAssistantId();
+  }
+  return newConvo;
+}
+
+/**
+ * Anonymizes messages in a conversation
+ * @param {TMessage[]} messages - The original messages
+ * @param {string} newConvoId - The new conversation ID
+ * @returns {TMessage[]} The anonymized messages
+ */
+function anonymizeMessages(messages, newConvoId) {
+  const idMap = new Map();
+  return messages.map((message) => {
+    const newMessageId = anonymizeMessageId(message.messageId);
+    idMap.set(message.messageId, newMessageId);
+
+    const anonymizedMessage = Object.assign(message, {
+      messageId: newMessageId,
+      parentMessageId:
+        idMap.get(message.parentMessageId) || anonymizeMessageId(message.parentMessageId),
+      conversationId: newConvoId,
+    });
+
+    if (anonymizedMessage.model && anonymizedMessage.model.startsWith('asst_')) {
+      anonymizedMessage.model = anonymizeAssistantId();
     }
-  },
 
-  getSharedLinks: async (user, pageNumber = 1, pageSize = 25, isPublic = true) => {
-    const query = { user, isPublic };
-    try {
-      const totalConvos = (await SharedLink.countDocuments(query)) || 1;
-      const totalPages = Math.ceil(totalConvos / pageSize);
-      const shares = await SharedLink.find(query)
+    return anonymizedMessage;
+  });
+}
+
+/**
+ * Retrieves shared messages for a given share ID
+ * @param {string} shareId - The share ID
+ * @returns {Promise<object|null>} The shared conversation data or null if not found
+ */
+async function getSharedMessages(shareId) {
+  try {
+    const share = await SharedLink.findOne({ shareId })
+      .populate({
+        path: 'messages',
+        select: '-_id -__v -user',
+      })
+      .select('-_id -__v -user')
+      .lean();
+
+    if (!share || !share.conversationId || !share.isPublic) {
+      return null;
+    }
+
+    const newConvoId = anonymizeConvoId();
+    return Object.assign(share, {
+      conversationId: newConvoId,
+      messages: anonymizeMessages(share.messages, newConvoId),
+    });
+  } catch (error) {
+    logger.error('[getShare] Error getting share link', error);
+    throw new Error('Error getting share link');
+  }
+}
+
+/**
+ * Retrieves shared links for a user
+ * @param {string} user - The user ID
+ * @param {number} [pageNumber=1] - The page number
+ * @param {number} [pageSize=25] - The page size
+ * @param {boolean} [isPublic=true] - Whether to retrieve public links only
+ * @returns {Promise<object>} The shared links and pagination data
+ */
+async function getSharedLinks(user, pageNumber = 1, pageSize = 25, isPublic = true) {
+  const query = { user, isPublic };
+  try {
+    const [totalConvos, sharedLinks] = await Promise.all([
+      SharedLink.countDocuments(query),
+      SharedLink.find(query)
         .sort({ updatedAt: -1 })
         .skip((pageNumber - 1) * pageSize)
         .limit(pageSize)
         .select('-_id -__v -user')
-        .lean();
+        .lean(),
+    ]);
 
-      return { sharedLinks: shares, pages: totalPages, pageNumber, pageSize };
-    } catch (error) {
-      logger.error('[getShareByPage] Error getting shares', error);
-      throw new Error('Error getting shares');
-    }
-  },
+    const totalPages = Math.ceil((totalConvos || 1) / pageSize);
 
-  createSharedLink: async (user, { conversationId, ...shareData }) => {
-    try {
-      const share = await SharedLink.findOne({ conversationId }).select('-_id -__v -user').lean();
-      if (share) {
-        return share;
-      }
+    return {
+      sharedLinks,
+      pages: totalPages,
+      pageNumber,
+      pageSize,
+    };
+  } catch (error) {
+    logger.error('[getShareByPage] Error getting shares', error);
+    throw new Error('Error getting shares');
+  }
+}
 
-      const shareId = crypto.randomUUID();
-      const messages = await getMessages({ conversationId });
-      const update = { ...shareData, shareId, messages, user };
-      return await SharedLink.findOneAndUpdate({ conversationId: conversationId, user }, update, {
-        new: true,
-        upsert: true,
+/**
+ * Creates a new shared link
+ * @param {string} user - The user ID
+ * @param {object} shareData - The share data
+ * @param {string} shareData.conversationId - The conversation ID
+ * @returns {Promise<object>} The created shared link
+ */
+async function createSharedLink(user, { conversationId, ...shareData }) {
+  try {
+    const share = await SharedLink.findOne({ conversationId }).select('-_id -__v -user').lean();
+    if (share) {
+      const newConvoId = anonymizeConvoId();
+      const sharedConvo = anonymizeConvo(share);
+      return Object.assign(sharedConvo, {
+        conversationId: newConvoId,
+        messages: anonymizeMessages(share.messages, newConvoId),
       });
-    } catch (error) {
-      logger.error('[createSharedLink] Error creating shared link', error);
-      throw new Error('Error creating shared link');
     }
-  },
 
-  updateSharedLink: async (user, { conversationId, ...shareData }) => {
-    try {
-      const share = await SharedLink.findOne({ conversationId }).select('-_id -__v -user').lean();
-      if (!share) {
-        return { message: 'Share not found' };
-      }
+    const shareId = nanoid();
+    const messages = await getMessages({ conversationId });
+    const update = { ...shareData, shareId, messages, user };
+    const newShare = await SharedLink.findOneAndUpdate({ conversationId, user }, update, {
+      new: true,
+      upsert: true,
+    }).lean();
 
-      // update messages to the latest
-      const messages = await getMessages({ conversationId });
-      const update = { ...shareData, messages, user };
-      return await SharedLink.findOneAndUpdate({ conversationId: conversationId, user }, update, {
-        new: true,
-        upsert: false,
-      });
-    } catch (error) {
-      logger.error('[updateSharedLink] Error updating shared link', error);
-      throw new Error('Error updating shared link');
-    }
-  },
+    const newConvoId = anonymizeConvoId();
+    const sharedConvo = anonymizeConvo(newShare);
+    return Object.assign(sharedConvo, {
+      conversationId: newConvoId,
+      messages: anonymizeMessages(newShare.messages, newConvoId),
+    });
+  } catch (error) {
+    logger.error('[createSharedLink] Error creating shared link', error);
+    throw new Error('Error creating shared link');
+  }
+}
 
-  deleteSharedLink: async (user, { shareId }) => {
-    try {
-      const share = await SharedLink.findOne({ shareId, user });
-      if (!share) {
-        return { message: 'Share not found' };
-      }
-      return await SharedLink.findOneAndDelete({ shareId, user });
-    } catch (error) {
-      logger.error('[deleteSharedLink] Error deleting shared link', error);
-      throw new Error('Error deleting shared link');
+/**
+ * Updates an existing shared link
+ * @param {string} user - The user ID
+ * @param {object} shareData - The share data to update
+ * @param {string} shareData.conversationId - The conversation ID
+ * @returns {Promise<object>} The updated shared link
+ */
+async function updateSharedLink(user, { conversationId, ...shareData }) {
+  try {
+    const share = await SharedLink.findOne({ conversationId }).select('-_id -__v -user').lean();
+    if (!share) {
+      return { message: 'Share not found' };
     }
-  },
-  /**
-   * Deletes all shared links for a specific user.
-   * @param {string} user - The user ID.
-   * @returns {Promise<{ message: string, deletedCount?: number }>} A result object indicating success or error message.
-   */
-  deleteAllSharedLinks: async (user) => {
-    try {
-      const result = await SharedLink.deleteMany({ user });
-      return {
-        message: 'All shared links have been deleted successfully',
-        deletedCount: result.deletedCount,
-      };
-    } catch (error) {
-      logger.error('[deleteAllSharedLinks] Error deleting shared links', error);
-      throw new Error('Error deleting shared links');
-    }
-  },
+
+    const messages = await getMessages({ conversationId });
+    const update = { ...shareData, messages, user };
+    const updatedShare = await SharedLink.findOneAndUpdate({ conversationId, user }, update, {
+      new: true,
+      upsert: false,
+    }).lean();
+
+    const newConvoId = anonymizeConvoId();
+    const sharedConvo = anonymizeConvo(updatedShare);
+    return Object.assign(sharedConvo, {
+      conversationId: newConvoId,
+      messages: anonymizeMessages(updatedShare.messages, newConvoId),
+    });
+  } catch (error) {
+    logger.error('[updateSharedLink] Error updating shared link', error);
+    throw new Error('Error updating shared link');
+  }
+}
+
+/**
+ * Deletes a shared link
+ * @param {string} user - The user ID
+ * @param {object} params - The deletion parameters
+ * @param {string} params.shareId - The share ID to delete
+ * @returns {Promise<object>} The result of the deletion
+ */
+async function deleteSharedLink(user, { shareId }) {
+  try {
+    const result = await SharedLink.findOneAndDelete({ shareId, user });
+    return result ? { message: 'Share deleted successfully' } : { message: 'Share not found' };
+  } catch (error) {
+    logger.error('[deleteSharedLink] Error deleting shared link', error);
+    throw new Error('Error deleting shared link');
+  }
+}
+
+/**
+ * Deletes all shared links for a specific user
+ * @param {string} user - The user ID
+ * @returns {Promise<object>} The result of the deletion
+ */
+async function deleteAllSharedLinks(user) {
+  try {
+    const result = await SharedLink.deleteMany({ user });
+    return {
+      message: 'All shared links have been deleted successfully',
+      deletedCount: result.deletedCount,
+    };
+  } catch (error) {
+    logger.error('[deleteAllSharedLinks] Error deleting shared links', error);
+    throw new Error('Error deleting shared links');
+  }
+}
+
+module.exports = {
+  SharedLink,
+  getSharedLinks,
+  createSharedLink,
+  updateSharedLink,
+  deleteSharedLink,
+  getSharedMessages,
+  deleteAllSharedLinks,
 };

api/models/Token.js

@@ -0,0 +1,117 @@
+const tokenSchema = require('./schema/tokenSchema');
+const mongoose = require('mongoose');
+const { logger } = require('~/config');
+
+/**
+ * Token model.
+ * @type {mongoose.Model}
+ */
+const Token = mongoose.model('Token', tokenSchema);
+
+/**
+ * Creates a new Token instance.
+ * @param {Object} tokenData - The data for the new Token.
+ * @param {mongoose.Types.ObjectId} tokenData.userId - The user's ID. It is required.
+ * @param {String} tokenData.email - The user's email.
+ * @param {String} tokenData.token - The token. It is required.
+ * @param {Number} tokenData.expiresIn - The number of seconds until the token expires.
+ * @returns {Promise<mongoose.Document>} The new Token instance.
+ * @throws Will throw an error if token creation fails.
+ */
+async function createToken(tokenData) {
+  try {
+    const currentTime = new Date();
+    const expiresAt = new Date(currentTime.getTime() + tokenData.expiresIn * 1000);
+
+    const newTokenData = {
+      ...tokenData,
+      createdAt: currentTime,
+      expiresAt,
+    };
+
+    const newToken = new Token(newTokenData);
+    return await newToken.save();
+  } catch (error) {
+    logger.debug('An error occurred while creating token:', error);
+    throw error;
+  }
+}
+
+/**
+ * Finds a Token document that matches the provided query.
+ * @param {Object} query - The query to match against.
+ * @param {mongoose.Types.ObjectId|String} query.userId - The ID of the user.
+ * @param {String} query.token - The token value.
+ * @param {String} query.email - The email of the user.
+ * @returns {Promise<Object|null>} The matched Token document, or null if not found.
+ * @throws Will throw an error if the find operation fails.
+ */
+async function findToken(query) {
+  try {
+    const conditions = [];
+
+    if (query.userId) {
+      conditions.push({ userId: query.userId });
+    }
+    if (query.token) {
+      conditions.push({ token: query.token });
+    }
+    if (query.email) {
+      conditions.push({ email: query.email });
+    }
+
+    const token = await Token.findOne({
+      $and: conditions,
+    }).lean();
+
+    return token;
+  } catch (error) {
+    logger.debug('An error occurred while finding token:', error);
+    throw error;
+  }
+}
+
+/**
+ * Updates a Token document that matches the provided query.
+ * @param {Object} query - The query to match against.
+ * @param {mongoose.Types.ObjectId|String} query.userId - The ID of the user.
+ * @param {String} query.token - The token value.
+ * @param {Object} updateData - The data to update the Token with.
+ * @returns {Promise<mongoose.Document|null>} The updated Token document, or null if not found.
+ * @throws Will throw an error if the update operation fails.
+ */
+async function updateToken(query, updateData) {
+  try {
+    return await Token.findOneAndUpdate(query, updateData, { new: true });
+  } catch (error) {
+    logger.debug('An error occurred while updating token:', error);
+    throw error;
+  }
+}
+
+/**
+ * Deletes all Token documents that match the provided token, user ID, or email.
+ * @param {Object} query - The query to match against.
+ * @param {mongoose.Types.ObjectId|String} query.userId - The ID of the user.
+ * @param {String} query.token - The token value.
+ * @param {String} query.email - The email of the user.
+ * @returns {Promise<Object>} The result of the delete operation.
+ * @throws Will throw an error if the delete operation fails.
+ */
+async function deleteTokens(query) {
+  try {
+    return await Token.deleteMany({
+      $or: [{ userId: query.userId }, { token: query.token }, { email: query.email }],
+    });
+  } catch (error) {
+    logger.debug('An error occurred while deleting tokens:', error);
+    throw error;
+  }
+}
+
+module.exports = {
+  createToken,
+  findToken,
+  updateToken,
+  deleteTokens,
+};

api/models/Transaction.js

@@ -1,12 +1,12 @@
 const mongoose = require('mongoose');
-const { isEnabled } = require('../server/utils/handleText');
+const { isEnabled } = require('~/server/utils/handleText');
 const transactionSchema = require('./schema/transaction');
-const { getMultiplier } = require('./tx');
+const { getMultiplier, getCacheMultiplier } = require('./tx');
 const { logger } = require('~/config');
 const Balance = require('./Balance');
 const cancelRate = 1.15;
 
-// Method to calculate and set the tokenValue for a transaction
+/** Method to calculate and set the tokenValue for a transaction */
 transactionSchema.methods.calculateTokenValue = function () {
   if (!this.valueKey || !this.tokenType) {
     this.tokenValue = this.rawAmount;
@@ -21,15 +21,17 @@ transactionSchema.methods.calculateTokenValue = function () {
   }
 };
 
-// Static method to create a transaction and update the balance
-transactionSchema.statics.create = async function (transactionData) {
+/**
+ * Static method to create a transaction and update the balance
+ * @param {txData} txData - Transaction data.
+ */
+transactionSchema.statics.create = async function (txData) {
   const Transaction = this;
 
-  const transaction = new Transaction(transactionData);
-  transaction.endpointTokenConfig = transactionData.endpointTokenConfig;
+  const transaction = new Transaction(txData);
+  transaction.endpointTokenConfig = txData.endpointTokenConfig;
   transaction.calculateTokenValue();
 
-  // Save the transaction
   await transaction.save();
 
   if (!isEnabled(process.env.CHECK_BALANCE)) {
@@ -57,6 +59,109 @@ transactionSchema.statics.create = async function (transactionData) {
   };
 };
 
+/**
+ * Static method to create a structured transaction and update the balance
+ * @param {txData} txData - Transaction data.
+ */
+transactionSchema.statics.createStructured = async function (txData) {
+  const Transaction = this;
+
+  const transaction = new Transaction({
+    ...txData,
+    endpointTokenConfig: txData.endpointTokenConfig,
+  });
+
+  transaction.calculateStructuredTokenValue();
+
+  await transaction.save();
+
+  if (!isEnabled(process.env.CHECK_BALANCE)) {
+    return;
+  }
+
+  let balance = await Balance.findOne({ user: transaction.user }).lean();
+  let incrementValue = transaction.tokenValue;
+
+  if (balance && balance?.tokenCredits + incrementValue < 0) {
+    incrementValue = -balance.tokenCredits;
+  }
+
+  balance = await Balance.findOneAndUpdate(
+    { user: transaction.user },
+    { $inc: { tokenCredits: incrementValue } },
+    { upsert: true, new: true },
+  ).lean();
+
+  return {
+    rate: transaction.rate,
+    user: transaction.user.toString(),
+    balance: balance.tokenCredits,
+    [transaction.tokenType]: incrementValue,
+  };
+};
+
+/** Method to calculate token value for structured tokens */
+transactionSchema.methods.calculateStructuredTokenValue = function () {
+  if (!this.tokenType) {
+    this.tokenValue = this.rawAmount;
+    return;
+  }
+
+  const { model, endpointTokenConfig } = this;
+
+  if (this.tokenType === 'prompt') {
+    const inputMultiplier = getMultiplier({ tokenType: 'prompt', model, endpointTokenConfig });
+    const writeMultiplier =
+      getCacheMultiplier({ cacheType: 'write', model, endpointTokenConfig }) ?? inputMultiplier;
+    const readMultiplier =
+      getCacheMultiplier({ cacheType: 'read', model, endpointTokenConfig }) ?? inputMultiplier;
+
+    this.rateDetail = {
+      input: inputMultiplier,
+      write: writeMultiplier,
+      read: readMultiplier,
+    };
+
+    const totalPromptTokens =
+      Math.abs(this.inputTokens || 0) +
+      Math.abs(this.writeTokens || 0) +
+      Math.abs(this.readTokens || 0);
+
+    if (totalPromptTokens > 0) {
+      this.rate =
+        (Math.abs(inputMultiplier * (this.inputTokens || 0)) +
+          Math.abs(writeMultiplier * (this.writeTokens || 0)) +
+          Math.abs(readMultiplier * (this.readTokens || 0))) /
+        totalPromptTokens;
+    } else {
+      this.rate = Math.abs(inputMultiplier); // Default to input rate if no tokens
+    }
+
+    this.tokenValue = -(
+      Math.abs(this.inputTokens || 0) * inputMultiplier +
+      Math.abs(this.writeTokens || 0) * writeMultiplier +
+      Math.abs(this.readTokens || 0) * readMultiplier
+    );
+
+    this.rawAmount = -totalPromptTokens;
+  } else if (this.tokenType === 'completion') {
+    const multiplier = getMultiplier({ tokenType: this.tokenType, model, endpointTokenConfig });
+    this.rate = Math.abs(multiplier);
+    this.tokenValue = -Math.abs(this.rawAmount) * multiplier;
+    this.rawAmount = -Math.abs(this.rawAmount);
+  }
+
+  if (this.context && this.tokenType === 'completion' && this.context === 'incomplete') {
+    this.tokenValue = Math.ceil(this.tokenValue * cancelRate);
+    this.rate *= cancelRate;
+    if (this.rateDetail) {
+      this.rateDetail = Object.fromEntries(
+        Object.entries(this.rateDetail).map(([k, v]) => [k, v * cancelRate]),
+      );
+    }
+  }
+};
+
 const Transaction = mongoose.model('Transaction', transactionSchema);
 
 /**

api/models/Transaction.spec.js

@@ -0,0 +1,348 @@
+const mongoose = require('mongoose');
+const { MongoMemoryServer } = require('mongodb-memory-server');
+const Balance = require('./Balance');
+const { spendTokens, spendStructuredTokens } = require('./spendTokens');
+const { getMultiplier, getCacheMultiplier } = require('./tx');
+
+let mongoServer;
+
+beforeAll(async () => {
+  mongoServer = await MongoMemoryServer.create();
+  const mongoUri = mongoServer.getUri();
+  await mongoose.connect(mongoUri);
+});
+
+afterAll(async () => {
+  await mongoose.disconnect();
+  await mongoServer.stop();
+});
+
+beforeEach(async () => {
+  await mongoose.connection.dropDatabase();
+});
+
+describe('Regular Token Spending Tests', () => {
+  test('Balance should decrease when spending tokens with spendTokens', async () => {
+    // Arrange
+    const userId = new mongoose.Types.ObjectId();
+    const initialBalance = 10000000; // $10.00
+    await Balance.create({ user: userId, tokenCredits: initialBalance });
+
+    const model = 'gpt-3.5-turbo';
+    const txData = {
+      user: userId,
+      conversationId: 'test-conversation-id',
+      model,
+      context: 'test',
+      endpointTokenConfig: null,
+    };
+
+    const tokenUsage = {
+      promptTokens: 100,
+      completionTokens: 50,
+    };
+
+    // Act
+    process.env.CHECK_BALANCE = 'true';
+    await spendTokens(txData, tokenUsage);
+
+    // Assert
+    console.log('Initial Balance:', initialBalance);
+
+    const updatedBalance = await Balance.findOne({ user: userId });
+    console.log('Updated Balance:', updatedBalance.tokenCredits);
+
+    const promptMultiplier = getMultiplier({ model, tokenType: 'prompt' });
+    const completionMultiplier = getMultiplier({ model, tokenType: 'completion' });
+
+    const expectedPromptCost = tokenUsage.promptTokens * promptMultiplier;
+    const expectedCompletionCost = tokenUsage.completionTokens * completionMultiplier;
+    const expectedTotalCost = expectedPromptCost + expectedCompletionCost;
+    const expectedBalance = initialBalance - expectedTotalCost;
+
+    expect(updatedBalance.tokenCredits).toBeLessThan(initialBalance);
+    expect(updatedBalance.tokenCredits).toBeCloseTo(expectedBalance, 0);
+
+    console.log('Expected Total Cost:', expectedTotalCost);
+    console.log('Actual Balance Decrease:', initialBalance - updatedBalance.tokenCredits);
+  });
+
+  test('spendTokens should handle zero completion tokens', async () => {
+    // Arrange
+    const userId = new mongoose.Types.ObjectId();
+    const initialBalance = 10000000; // $10.00
+    await Balance.create({ user: userId, tokenCredits: initialBalance });
+
+    const model = 'gpt-3.5-turbo';
+    const txData = {
+      user: userId,
+      conversationId: 'test-conversation-id',
+      model,
+      context: 'test',
+      endpointTokenConfig: null,
+    };
+
+    const tokenUsage = {
+      promptTokens: 100,
+      completionTokens: 0,
+    };
+
+    // Act
+    process.env.CHECK_BALANCE = 'true';
+    await spendTokens(txData, tokenUsage);
+
+    // Assert
+    const updatedBalance = await Balance.findOne({ user: userId });
+
+    const promptMultiplier = getMultiplier({ model, tokenType: 'prompt' });
+    const expectedCost = tokenUsage.promptTokens * promptMultiplier;
+    expect(updatedBalance.tokenCredits).toBeCloseTo(initialBalance - expectedCost, 0);
+
+    console.log('Initial Balance:', initialBalance);
+    console.log('Updated Balance:', updatedBalance.tokenCredits);
+    console.log('Expected Cost:', expectedCost);
+  });
+
+  test('spendTokens should handle undefined token counts', async () => {
+    const userId = new mongoose.Types.ObjectId();
+    const initialBalance = 10000000; // $10.00
+    await Balance.create({ user: userId, tokenCredits: initialBalance });
+
+    const model = 'gpt-3.5-turbo';
+    const txData = {
+      user: userId,
+      conversationId: 'test-conversation-id',
+      model,
+      context: 'test',
+      endpointTokenConfig: null,
+    };
+
+    const tokenUsage = {};
+
+    const result = await spendTokens(txData, tokenUsage);
+
+    expect(result).toBeUndefined();
+  });
+
+  test('spendTokens should handle only prompt tokens', async () => {
+    const userId = new mongoose.Types.ObjectId();
+    const initialBalance = 10000000; // $10.00
+    await Balance.create({ user: userId, tokenCredits: initialBalance });
+
+    const model = 'gpt-3.5-turbo';
+    const txData = {
+      user: userId,
+      conversationId: 'test-conversation-id',
+      model,
+      context: 'test',
+      endpointTokenConfig: null,
+    };
+
+    const tokenUsage = { promptTokens: 100 };
+
+    await spendTokens(txData, tokenUsage);
+
+    const updatedBalance = await Balance.findOne({ user: userId });
+
+    const promptMultiplier = getMultiplier({ model, tokenType: 'prompt' });
+    const expectedCost = 100 * promptMultiplier;
+    expect(updatedBalance.tokenCredits).toBeCloseTo(initialBalance - expectedCost, 0);
+  });
+});
+
+describe('Structured Token Spending Tests', () => {
+  test('Balance should decrease and rawAmount should be set when spending a large number of structured tokens', async () => {
+    // Arrange
+    const userId = new mongoose.Types.ObjectId();
+    const initialBalance = 17613154.55; // $17.61
+    await Balance.create({ user: userId, tokenCredits: initialBalance });
+
+    const model = 'claude-3-5-sonnet';
+    const txData = {
+      user: userId,
+      conversationId: 'c23a18da-706c-470a-ac28-ec87ed065199',
+      model,
+      context: 'message',
+      endpointTokenConfig: null, // We'll use the default rates
+    };
+
+    const tokenUsage = {
+      promptTokens: {
+        input: 11,
+        write: 140522,
+        read: 0,
+      },
+      completionTokens: 5,
+    };
+
+    // Get the actual multipliers
+    const promptMultiplier = getMultiplier({ model, tokenType: 'prompt' });
+    const completionMultiplier = getMultiplier({ model, tokenType: 'completion' });
+    const writeMultiplier = getCacheMultiplier({ model, cacheType: 'write' });
+    const readMultiplier = getCacheMultiplier({ model, cacheType: 'read' });
+
+    console.log('Multipliers:', {
+      promptMultiplier,
+      completionMultiplier,
+      writeMultiplier,
+      readMultiplier,
+    });
+
+    // Act
+    process.env.CHECK_BALANCE = 'true';
+    const result = await spendStructuredTokens(txData, tokenUsage);
+
+    // Assert
+    console.log('Initial Balance:', initialBalance);
+    console.log('Updated Balance:', result.completion.balance);
+    console.log('Transaction Result:', result);
+
+    const expectedPromptCost =
+      tokenUsage.promptTokens.input * promptMultiplier +
+      tokenUsage.promptTokens.write * writeMultiplier +
+      tokenUsage.promptTokens.read * readMultiplier;
+    const expectedCompletionCost = tokenUsage.completionTokens * completionMultiplier;
+    const expectedTotalCost = expectedPromptCost + expectedCompletionCost;
+    const expectedBalance = initialBalance - expectedTotalCost;
+
+    console.log('Expected Cost:', expectedTotalCost);
+    console.log('Expected Balance:', expectedBalance);
+
+    expect(result.completion.balance).toBeLessThan(initialBalance);
+
+    // Allow for a small difference (e.g., 100 token credits, which is $0.0001)
+    const allowedDifference = 100;
+    expect(Math.abs(result.completion.balance - expectedBalance)).toBeLessThan(allowedDifference);
+
+    // Check if the decrease is approximately as expected
+    const balanceDecrease = initialBalance - result.completion.balance;
+    expect(balanceDecrease).toBeCloseTo(expectedTotalCost, 0);
+
+    // Check token values
+    const expectedPromptTokenValue = -(
+      tokenUsage.promptTokens.input * promptMultiplier +
+      tokenUsage.promptTokens.write * writeMultiplier +
+      tokenUsage.promptTokens.read * readMultiplier
+    );
+    const expectedCompletionTokenValue = -tokenUsage.completionTokens * completionMultiplier;
+
+    expect(result.prompt.prompt).toBeCloseTo(expectedPromptTokenValue, 1);
+    expect(result.completion.completion).toBe(expectedCompletionTokenValue);
+
+    console.log('Expected prompt tokenValue:', expectedPromptTokenValue);
+    console.log('Actual prompt tokenValue:', result.prompt.prompt);
+    console.log('Expected completion tokenValue:', expectedCompletionTokenValue);
+    console.log('Actual completion tokenValue:', result.completion.completion);
+  });
+
+  test('should handle zero completion tokens in structured spending', async () => {
+    const userId = new mongoose.Types.ObjectId();
+    const initialBalance = 17613154.55;
+    await Balance.create({ user: userId, tokenCredits: initialBalance });
+
+    const model = 'claude-3-5-sonnet';
+    const txData = {
+      user: userId,
+      conversationId: 'test-convo',
+      model,
+      context: 'message',
+    };
+
+    const tokenUsage = {
+      promptTokens: {
+        input: 10,
+        write: 100,
+        read: 5,
+      },
+      completionTokens: 0,
+    };
+
+    process.env.CHECK_BALANCE = 'true';
+    const result = await spendStructuredTokens(txData, tokenUsage);
+
+    expect(result.prompt).toBeDefined();
+    expect(result.completion).toBeUndefined();
+    expect(result.prompt.prompt).toBeLessThan(0);
+  });
+
+  test('should handle only prompt tokens in structured spending', async () => {
+    const userId = new mongoose.Types.ObjectId();
+    const initialBalance = 17613154.55;
+    await Balance.create({ user: userId, tokenCredits: initialBalance });
+
+    const model = 'claude-3-5-sonnet';
+    const txData = {
+      user: userId,
+      conversationId: 'test-convo',
+      model,
+      context: 'message',
+    };
+
+    const tokenUsage = {
+      promptTokens: {
+        input: 10,
+        write: 100,
+        read: 5,
+      },
+    };
+
+    process.env.CHECK_BALANCE = 'true';
+    const result = await spendStructuredTokens(txData, tokenUsage);
+
+    expect(result.prompt).toBeDefined();
+    expect(result.completion).toBeUndefined();
+    expect(result.prompt.prompt).toBeLessThan(0);
+  });
+
+  test('should handle undefined token counts in structured spending', async () => {
+    const userId = new mongoose.Types.ObjectId();
+    const initialBalance = 17613154.55;
+    await Balance.create({ user: userId, tokenCredits: initialBalance });
+
+    const model = 'claude-3-5-sonnet';
+    const txData = {
+      user: userId,
+      conversationId: 'test-convo',
+      model,
+      context: 'message',
+    };
+
+    const tokenUsage = {};
+
+    process.env.CHECK_BALANCE = 'true';
+    const result = await spendStructuredTokens(txData, tokenUsage);
+
+    expect(result).toEqual({
+      prompt: undefined,
+      completion: undefined,
+    });
+  });
+
+  test('should handle incomplete context for completion tokens', async () => {
+    const userId = new mongoose.Types.ObjectId();
+    const initialBalance = 17613154.55;
+    await Balance.create({ user: userId, tokenCredits: initialBalance });
+
+    const model = 'claude-3-5-sonnet';
+    const txData = {
+      user: userId,
+      conversationId: 'test-convo',
+      model,
+      context: 'incomplete',
+    };
+
+    const tokenUsage = {
+      promptTokens: {
+        input: 10,
+        write: 100,
+        read: 5,
+      },
+      completionTokens: 50,
+    };
+
+    process.env.CHECK_BALANCE = 'true';
+    const result = await spendStructuredTokens(txData, tokenUsage);
+
+    expect(result.completion.completion).toBeCloseTo(-50 * 15 * 1.15, 0); // Assuming multiplier is 15 and cancelRate is 1.15
+  });
+});

api/models/index.js

@@ -1,11 +1,3 @@
-const {
-  getMessages,
-  saveMessage,
-  recordMessage,
-  updateMessage,
-  deleteMessagesSince,
-  deleteMessages,
-} = require('./Message');
 const {
   comparePassword,
   deleteUserById,
@@ -16,8 +8,6 @@ const {
   countUsers,
   findUser,
 } = require('./userMethods');
-const { getConvoTitle, getConvo, saveConvo, deleteConvos } = require('./Conversation');
-const { getPreset, getPresets, savePreset, deletePresets } = require('./Preset');
 const {
   findFileById,
   createFile,
@@ -27,26 +17,40 @@ const {
   getFiles,
   updateFileUsage,
 } = require('./File');
-const Key = require('./Key');
-const User = require('./User');
+const {
+  getMessages,
+  saveMessage,
+  recordMessage,
+  updateMessage,
+  deleteMessagesSince,
+  deleteMessages,
+} = require('./Message');
+const { getConvoTitle, getConvo, saveConvo, deleteConvos } = require('./Conversation');
+const { getPreset, getPresets, savePreset, deletePresets } = require('./Preset');
+const { createToken, findToken, updateToken, deleteTokens } = require('./Token');
 const Session = require('./Session');
 const Balance = require('./Balance');
+const User = require('./User');
+const Key = require('./Key');
 
 module.exports = {
-  User,
-  Key,
-  Session,
-  Balance,
-
   comparePassword,
   deleteUserById,
   generateToken,
   getUserById,
-  countUsers,
-  createUser,
   updateUser,
+  createUser,
+  countUsers,
   findUser,
 
+  findFileById,
+  createFile,
+  updateFile,
+  deleteFile,
+  deleteFiles,
+  getFiles,
+  updateFileUsage,
+
   getMessages,
   saveMessage,
   recordMessage,
@@ -64,11 +68,13 @@ module.exports = {
   savePreset,
   deletePresets,
 
-  findFileById,
-  createFile,
-  updateFile,
-  deleteFile,
-  deleteFiles,
-  getFiles,
-  updateFileUsage,
+  createToken,
+  findToken,
+  updateToken,
+  deleteTokens,
+
+  User,
+  Key,
+  Session,
+  Balance,
 };

api/models/inviteUser.js

@@ -0,0 +1,70 @@
+const crypto = require('crypto');
+const bcrypt = require('bcryptjs');
+const mongoose = require('mongoose');
+const { createToken, findToken } = require('./Token');
+const logger = require('~/config/winston');
+
+/**
+ * @module inviteUser
+ * @description This module provides functions to create and get user invites
+ */
+
+/**
+ * @function createInvite
+ * @description This function creates a new user invite
+ * @param {string} email - The email of the user to invite
+ * @returns {Promise<Object>} A promise that resolves to the saved invite document
+ * @throws {Error} If there is an error creating the invite
+ */
+const createInvite = async (email) => {
+  try {
+    let token = crypto.randomBytes(32).toString('hex');
+    const hash = bcrypt.hashSync(token, 10);
+    const encodedToken = encodeURIComponent(token);
+
+    const fakeUserId = new mongoose.Types.ObjectId();
+
+    await createToken({
+      userId: fakeUserId,
+      email,
+      token: hash,
+      createdAt: Date.now(),
+      expiresIn: 604800,
+    });
+
+    return encodedToken;
+  } catch (error) {
+    logger.error('[createInvite] Error creating invite', error);
+    return { message: 'Error creating invite' };
+  }
+};
+
+/**
+ * @function getInvite
+ * @description This function retrieves a user invite
+ * @param {string} encodedToken - The token of the invite to retrieve
+ * @param {string} email - The email of the user to validate
+ * @returns {Promise<Object>} A promise that resolves to the retrieved invite document
+ * @throws {Error} If there is an error retrieving the invite, if the invite does not exist, or if the email does not match
+ */
+const getInvite = async (encodedToken, email) => {
+  try {
+    const token = decodeURIComponent(encodedToken);
+    const hash = bcrypt.hashSync(token, 10);
+    const invite = await findToken({ token: hash, email });
+
+    if (!invite) {
+      throw new Error('Invite not found or email does not match');
+    }
+
+    return invite;
+  } catch (error) {
+    logger.error('[getInvite] Error getting invite', error);
+    return { error: true, message: error.message };
+  }
+};
+
+module.exports = {
+  createInvite,
+  getInvite,
+};

api/models/schema/conversationTagSchema.js

@@ -0,0 +1,31 @@
+const mongoose = require('mongoose');
+
+const conversationTagSchema = mongoose.Schema(
+  {
+    tag: {
+      type: String,
+      index: true,
+    },
+    user: {
+      type: String,
+      index: true,
+    },
+    description: {
+      type: String,
+      index: true,
+    },
+    count: {
+      type: Number,
+      default: 0,
+    },
+    position: {
+      type: Number,
+      default: 0,
+    },
+  },
+  { timestamps: true },
+);
+
+conversationTagSchema.index({ tag: 1, user: 1 }, { unique: true });
+
+module.exports = mongoose.model('ConversationTag', conversationTagSchema);

api/models/schema/convoSchema.js

@@ -42,6 +42,11 @@ const convoSchema = mongoose.Schema(
     invocationId: {
       type: Number,
     },
+    tags: {
+      type: [String],
+      default: [],
+      meiliIndex: true,
+    },
   },
   { timestamps: true },
 );
@@ -56,6 +61,7 @@ if (process.env.MEILI_HOST && process.env.MEILI_MASTER_KEY) {
 }
 
 convoSchema.index({ createdAt: 1, updatedAt: 1 });
+convoSchema.index({ conversationId: 1, user: 1 }, { unique: true });
 
 const Conversation = mongoose.models.Conversation || mongoose.model('Conversation', convoSchema);
 

api/models/schema/defaults.js

@@ -74,6 +74,10 @@ const conversationPreset = {
   resendImages: {
     type: Boolean,
   },
+  /* Anthropic only */
+  promptCache: {
+    type: Boolean,
+  },
   // files
   resendFiles: {
     type: Boolean,
@@ -103,6 +107,10 @@ const conversationPreset = {
   spec: {
     type: String,
   },
+  tags: {
+    type: [String],
+    default: [],
+  },
   tools: { type: [{ type: String }], default: undefined },
   maxContextTokens: {
     type: Number,

api/models/schema/messageSchema.js

@@ -129,7 +129,9 @@ if (process.env.MEILI_HOST && process.env.MEILI_MASTER_KEY) {
 }
 
 messageSchema.index({ createdAt: 1 });
+messageSchema.index({ messageId: 1, user: 1 }, { unique: true });
 
+/** @type {mongoose.Model<TMessage>} */
 const Message = mongoose.models.Message || mongoose.model('Message', messageSchema);
 
 module.exports = Message;

api/models/schema/roleSchema.js

@@ -8,6 +8,12 @@ const roleSchema = new mongoose.Schema({
     unique: true,
     index: true,
   },
+  [PermissionTypes.BOOKMARKS]: {
+    [Permissions.USE]: {
+      type: Boolean,
+      default: true,
+    },
+  },
   [PermissionTypes.PROMPTS]: {
     [Permissions.SHARED_GLOBAL]: {
       type: Boolean,

api/models/schema/tokenSchema.js

@@ -18,8 +18,13 @@ const tokenSchema = new Schema({
     type: Date,
     required: true,
     default: Date.now,
-    expires: 900,
+  },
+  expiresAt: {
+    type: Date,
+    required: true,
   },
 });
 
-module.exports = mongoose.model('Token', tokenSchema);
+tokenSchema.index({ expiresAt: 1 }, { expireAfterSeconds: 0 });
+
+module.exports = tokenSchema;

api/models/schema/transaction.js

@@ -30,6 +30,9 @@ const transactionSchema = mongoose.Schema(
     rate: Number,
     rawAmount: Number,
     tokenValue: Number,
+    inputTokens: { type: Number },
+    writeTokens: { type: Number },
+    readTokens: { type: Number },
   },
   {
     timestamps: true,

api/models/spendTokens.js

@@ -11,7 +11,7 @@ const { logger } = require('~/config');
  * @param {String} txData.conversationId - The ID of the conversation.
  * @param {String} txData.model - The model name.
  * @param {String} txData.context - The context in which the transaction is made.
- * @param {String} [txData.endpointTokenConfig] - The current endpoint token config.
+ * @param {EndpointTokenConfig} [txData.endpointTokenConfig] - The current endpoint token config.
  * @param {String} [txData.valueKey] - The value key (optional).
  * @param {Object} tokenUsage - The number of tokens used.
  * @param {Number} tokenUsage.promptTokens - The number of prompt tokens used.
@@ -32,38 +32,109 @@ const spendTokens = async (txData, tokenUsage) => {
   );
   let prompt, completion;
   try {
-    if (promptTokens >= 0) {
+    if (promptTokens !== undefined) {
       prompt = await Transaction.create({
         ...txData,
         tokenType: 'prompt',
-        rawAmount: -promptTokens,
+        rawAmount: -Math.max(promptTokens, 0),
       });
     }
 
-    if (!completionTokens && isNaN(completionTokens)) {
-      logger.debug('[spendTokens] !completionTokens', { prompt, completion });
-      return;
+    if (completionTokens !== undefined) {
+      completion = await Transaction.create({
+        ...txData,
+        tokenType: 'completion',
+        rawAmount: -Math.max(completionTokens, 0),
+      });
     }
 
-    completion = await Transaction.create({
-      ...txData,
-      tokenType: 'completion',
-      rawAmount: -completionTokens,
-    });
-
-    prompt &&
-      completion &&
+    if (prompt || completion) {
       logger.debug('[spendTokens] Transaction data record against balance:', {
         user: txData.user,
-        prompt: prompt.prompt,
-        promptRate: prompt.rate,
-        completion: completion.completion,
-        completionRate: completion.rate,
-        balance: completion.balance,
+        prompt: prompt?.prompt,
+        promptRate: prompt?.rate,
+        completion: completion?.completion,
+        completionRate: completion?.rate,
+        balance: completion?.balance ?? prompt?.balance,
       });
+    } else {
+      logger.debug('[spendTokens] No transactions incurred against balance');
+    }
   } catch (err) {
     logger.error('[spendTokens]', err);
   }
 };
 
-module.exports = spendTokens;
+/**
+ * Creates transactions to record the spending of structured tokens.
+ *
+ * @function
+ * @async
+ * @param {Object} txData - Transaction data.
+ * @param {mongoose.Schema.Types.ObjectId} txData.user - The user ID.
+ * @param {String} txData.conversationId - The ID of the conversation.
+ * @param {String} txData.model - The model name.
+ * @param {String} txData.context - The context in which the transaction is made.
+ * @param {EndpointTokenConfig} [txData.endpointTokenConfig] - The current endpoint token config.
+ * @param {String} [txData.valueKey] - The value key (optional).
+ * @param {Object} tokenUsage - The number of tokens used.
+ * @param {Object} tokenUsage.promptTokens - The number of prompt tokens used.
+ * @param {Number} tokenUsage.promptTokens.input - The number of input tokens.
+ * @param {Number} tokenUsage.promptTokens.write - The number of write tokens.
+ * @param {Number} tokenUsage.promptTokens.read - The number of read tokens.
+ * @param {Number} tokenUsage.completionTokens - The number of completion tokens used.
+ * @returns {Promise<void>} - Returns nothing.
+ * @throws {Error} - Throws an error if there's an issue creating the transactions.
+ */
+const spendStructuredTokens = async (txData, tokenUsage) => {
+  const { promptTokens, completionTokens } = tokenUsage;
+  logger.debug(
+    `[spendStructuredTokens] conversationId: ${txData.conversationId}${
+      txData?.context ? ` | Context: ${txData?.context}` : ''
+    } | Token usage: `,
+    {
+      promptTokens,
+      completionTokens,
+    },
+  );
+  let prompt, completion;
+  try {
+    if (promptTokens) {
+      const { input = 0, write = 0, read = 0 } = promptTokens;
+      prompt = await Transaction.createStructured({
+        ...txData,
+        tokenType: 'prompt',
+        inputTokens: -input,
+        writeTokens: -write,
+        readTokens: -read,
+      });
+    }
+
+    if (completionTokens) {
+      completion = await Transaction.create({
+        ...txData,
+        tokenType: 'completion',
+        rawAmount: -completionTokens,
+      });
+    }
+
+    if (prompt || completion) {
+      logger.debug('[spendStructuredTokens] Transaction data record against balance:', {
+        user: txData.user,
+        prompt: prompt?.prompt,
+        promptRate: prompt?.rate,
+        completion: completion?.completion,
+        completionRate: completion?.rate,
+        balance: completion?.balance ?? prompt?.balance,
+      });
+    } else {
+      logger.debug('[spendStructuredTokens] No transactions incurred against balance');
+    }
+  } catch (err) {
+    logger.error('[spendStructuredTokens]', err);
+  }
+
+  return { prompt, completion };
+};
+
+module.exports = { spendTokens, spendStructuredTokens };

api/models/spendTokens.spec.js

@@ -0,0 +1,197 @@
+const mongoose = require('mongoose');
+
+jest.mock('./Transaction', () => ({
+  Transaction: {
+    create: jest.fn(),
+    createStructured: jest.fn(),
+  },
+}));
+
+jest.mock('./Balance', () => ({
+  findOne: jest.fn(),
+  findOneAndUpdate: jest.fn(),
+}));
+
+jest.mock('~/config', () => ({
+  logger: {
+    debug: jest.fn(),
+    error: jest.fn(),
+  },
+}));
+
+// Import after mocking
+const { spendTokens, spendStructuredTokens } = require('./spendTokens');
+const { Transaction } = require('./Transaction');
+const Balance = require('./Balance');
+describe('spendTokens', () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+    process.env.CHECK_BALANCE = 'true';
+  });
+
+  it('should create transactions for both prompt and completion tokens', async () => {
+    const txData = {
+      user: new mongoose.Types.ObjectId(),
+      conversationId: 'test-convo',
+      model: 'gpt-3.5-turbo',
+      context: 'test',
+    };
+    const tokenUsage = {
+      promptTokens: 100,
+      completionTokens: 50,
+    };
+
+    Transaction.create.mockResolvedValueOnce({ tokenType: 'prompt', rawAmount: -100 });
+    Transaction.create.mockResolvedValueOnce({ tokenType: 'completion', rawAmount: -50 });
+    Balance.findOne.mockResolvedValue({ tokenCredits: 10000 });
+    Balance.findOneAndUpdate.mockResolvedValue({ tokenCredits: 9850 });
+
+    await spendTokens(txData, tokenUsage);
+
+    expect(Transaction.create).toHaveBeenCalledTimes(2);
+    expect(Transaction.create).toHaveBeenCalledWith(
+      expect.objectContaining({
+        tokenType: 'prompt',
+        rawAmount: -100,
+      }),
+    );
+    expect(Transaction.create).toHaveBeenCalledWith(
+      expect.objectContaining({
+        tokenType: 'completion',
+        rawAmount: -50,
+      }),
+    );
+  });
+
+  it('should handle zero completion tokens', async () => {
+    const txData = {
+      user: new mongoose.Types.ObjectId(),
+      conversationId: 'test-convo',
+      model: 'gpt-3.5-turbo',
+      context: 'test',
+    };
+    const tokenUsage = {
+      promptTokens: 100,
+      completionTokens: 0,
+    };
+
+    Transaction.create.mockResolvedValueOnce({ tokenType: 'prompt', rawAmount: -100 });
+    Transaction.create.mockResolvedValueOnce({ tokenType: 'completion', rawAmount: -0 });
+    Balance.findOne.mockResolvedValue({ tokenCredits: 10000 });
+    Balance.findOneAndUpdate.mockResolvedValue({ tokenCredits: 9850 });
+
+    await spendTokens(txData, tokenUsage);
+
+    expect(Transaction.create).toHaveBeenCalledTimes(2);
+    expect(Transaction.create).toHaveBeenCalledWith(
+      expect.objectContaining({
+        tokenType: 'prompt',
+        rawAmount: -100,
+      }),
+    );
+    expect(Transaction.create).toHaveBeenCalledWith(
+      expect.objectContaining({
+        tokenType: 'completion',
+        rawAmount: -0, // Changed from 0 to -0
+      }),
+    );
+  });
+
+  it('should handle undefined token counts', async () => {
+    const txData = {
+      user: new mongoose.Types.ObjectId(),
+      conversationId: 'test-convo',
+      model: 'gpt-3.5-turbo',
+      context: 'test',
+    };
+    const tokenUsage = {};
+
+    await spendTokens(txData, tokenUsage);
+
+    expect(Transaction.create).not.toHaveBeenCalled();
+  });
+
+  it('should not update balance when CHECK_BALANCE is false', async () => {
+    process.env.CHECK_BALANCE = 'false';
+    const txData = {
+      user: new mongoose.Types.ObjectId(),
+      conversationId: 'test-convo',
+      model: 'gpt-3.5-turbo',
+      context: 'test',
+    };
+    const tokenUsage = {
+      promptTokens: 100,
+      completionTokens: 50,
+    };
+
+    Transaction.create.mockResolvedValueOnce({ tokenType: 'prompt', rawAmount: -100 });
+    Transaction.create.mockResolvedValueOnce({ tokenType: 'completion', rawAmount: -50 });
+
+    await spendTokens(txData, tokenUsage);
+
+    expect(Transaction.create).toHaveBeenCalledTimes(2);
+    expect(Balance.findOne).not.toHaveBeenCalled();
+    expect(Balance.findOneAndUpdate).not.toHaveBeenCalled();
+  });
+
+  it('should create structured transactions for both prompt and completion tokens', async () => {
+    const txData = {
+      user: new mongoose.Types.ObjectId(),
+      conversationId: 'test-convo',
+      model: 'claude-3-5-sonnet',
+      context: 'test',
+    };
+    const tokenUsage = {
+      promptTokens: {
+        input: 10,
+        write: 100,
+        read: 5,
+      },
+      completionTokens: 50,
+    };
+
+    Transaction.createStructured.mockResolvedValueOnce({
+      rate: 3.75,
+      user: txData.user.toString(),
+      balance: 9570,
+      prompt: -430,
+    });
+    Transaction.create.mockResolvedValueOnce({
+      rate: 15,
+      user: txData.user.toString(),
+      balance: 8820,
+      completion: -750,
+    });
+
+    const result = await spendStructuredTokens(txData, tokenUsage);
+
+    expect(Transaction.createStructured).toHaveBeenCalledWith(
+      expect.objectContaining({
+        tokenType: 'prompt',
+        inputTokens: -10,
+        writeTokens: -100,
+        readTokens: -5,
+      }),
+    );
+    expect(Transaction.create).toHaveBeenCalledWith(
+      expect.objectContaining({
+        tokenType: 'completion',
+        rawAmount: -50,
+      }),
+    );
+    expect(result).toEqual({
+      prompt: expect.objectContaining({
+        rate: 3.75,
+        user: txData.user.toString(),
+        balance: 9570,
+        prompt: -430,
+      }),
+      completion: expect.objectContaining({
+        rate: 15,
+        user: txData.user.toString(),
+        balance: 8820,
+        completion: -750,
+      }),
+    });
+  });
+});

api/models/tx.js

@@ -1,36 +1,86 @@
 const { matchModelName } = require('../utils');
 const defaultRate = 6;
 
+/** AWS Bedrock pricing */
+const bedrockValues = {
+  'anthropic.claude-3-haiku-20240307-v1:0': { prompt: 0.25, completion: 1.25 },
+  'anthropic.claude-3-sonnet-20240229-v1:0': { prompt: 3.0, completion: 15.0 },
+  'anthropic.claude-3-opus-20240229-v1:0': { prompt: 15.0, completion: 75.0 },
+  'anthropic.claude-3-5-sonnet-20240620-v1:0': { prompt: 3.0, completion: 15.0 },
+  'anthropic.claude-v2:1': { prompt: 8.0, completion: 24.0 },
+  'anthropic.claude-instant-v1': { prompt: 0.8, completion: 2.4 },
+  'meta.llama2-13b-chat-v1': { prompt: 0.75, completion: 1.0 },
+  'meta.llama2-70b-chat-v1': { prompt: 1.95, completion: 2.56 },
+  'meta.llama3-8b-instruct-v1:0': { prompt: 0.3, completion: 0.6 },
+  'meta.llama3-70b-instruct-v1:0': { prompt: 2.65, completion: 3.5 },
+  'meta.llama3-1-8b-instruct-v1:0': { prompt: 0.3, completion: 0.6 },
+  'meta.llama3-1-70b-instruct-v1:0': { prompt: 2.65, completion: 3.5 },
+  'meta.llama3-1-405b-instruct-v1:0': { prompt: 5.32, completion: 16.0 },
+  'mistral.mistral-7b-instruct-v0:2': { prompt: 0.15, completion: 0.2 },
+  'mistral.mistral-small-2402-v1:0': { prompt: 0.15, completion: 0.2 },
+  'mistral.mixtral-8x7b-instruct-v0:1': { prompt: 0.45, completion: 0.7 },
+  'mistral.mistral-large-2402-v1:0': { prompt: 4.0, completion: 12.0 },
+  'mistral.mistral-large-2407-v1:0': { prompt: 3.0, completion: 9.0 },
+  'cohere.command-text-v14': { prompt: 1.5, completion: 2.0 },
+  'cohere.command-light-text-v14': { prompt: 0.3, completion: 0.6 },
+  'cohere.command-r-v1:0': { prompt: 0.5, completion: 1.5 },
+  'cohere.command-r-plus-v1:0': { prompt: 3.0, completion: 15.0 },
+  'ai21.j2-mid-v1': { prompt: 12.5, completion: 12.5 },
+  'ai21.j2-ultra-v1': { prompt: 18.8, completion: 18.8 },
+  'amazon.titan-text-lite-v1': { prompt: 0.15, completion: 0.2 },
+  'amazon.titan-text-express-v1': { prompt: 0.2, completion: 0.6 },
+};
+
+for (const [key, value] of Object.entries(bedrockValues)) {
+  bedrockValues[`bedrock/${key}`] = value;
+}
+
 /**
  * Mapping of model token sizes to their respective multipliers for prompt and completion.
  * The rates are 1 USD per 1M tokens.
  * @type {Object.<string, {prompt: number, completion: number}>}
  */
-const tokenValues = {
-  '8k': { prompt: 30, completion: 60 },
-  '32k': { prompt: 60, completion: 120 },
-  '4k': { prompt: 1.5, completion: 2 },
-  '16k': { prompt: 3, completion: 4 },
-  'gpt-3.5-turbo-1106': { prompt: 1, completion: 2 },
-  'gpt-4o': { prompt: 5, completion: 15 },
-  'gpt-4-1106': { prompt: 10, completion: 30 },
-  'gpt-3.5-turbo-0125': { prompt: 0.5, completion: 1.5 },
-  'claude-3-opus': { prompt: 15, completion: 75 },
-  'claude-3-sonnet': { prompt: 3, completion: 15 },
-  'claude-3-5-sonnet': { prompt: 3, completion: 15 },
-  'claude-3-haiku': { prompt: 0.25, completion: 1.25 },
-  'claude-2.1': { prompt: 8, completion: 24 },
-  'claude-2': { prompt: 8, completion: 24 },
-  'claude-': { prompt: 0.8, completion: 2.4 },
-  'command-r-plus': { prompt: 3, completion: 15 },
-  'command-r': { prompt: 0.5, completion: 1.5 },
-  /* cohere doesn't have rates for the older command models,
+const tokenValues = Object.assign(
+  {
+    '8k': { prompt: 30, completion: 60 },
+    '32k': { prompt: 60, completion: 120 },
+    '4k': { prompt: 1.5, completion: 2 },
+    '16k': { prompt: 3, completion: 4 },
+    'gpt-3.5-turbo-1106': { prompt: 1, completion: 2 },
+    'gpt-4o-2024-08-06': { prompt: 2.5, completion: 10 },
+    'gpt-4o-mini': { prompt: 0.15, completion: 0.6 },
+    'gpt-4o': { prompt: 5, completion: 15 },
+    'gpt-4-1106': { prompt: 10, completion: 30 },
+    'gpt-3.5-turbo-0125': { prompt: 0.5, completion: 1.5 },
+    'claude-3-opus': { prompt: 15, completion: 75 },
+    'claude-3-sonnet': { prompt: 3, completion: 15 },
+    'claude-3-5-sonnet': { prompt: 3, completion: 15 },
+    'claude-3.5-sonnet': { prompt: 3, completion: 15 },
+    'claude-3-haiku': { prompt: 0.25, completion: 1.25 },
+    'claude-2.1': { prompt: 8, completion: 24 },
+    'claude-2': { prompt: 8, completion: 24 },
+    'claude-': { prompt: 0.8, completion: 2.4 },
+    'command-r-plus': { prompt: 3, completion: 15 },
+    'command-r': { prompt: 0.5, completion: 1.5 },
+    /* cohere doesn't have rates for the older command models,
   so this was from https://artificialanalysis.ai/models/command-light/providers */
-  command: { prompt: 0.38, completion: 0.38 },
-  // 'gemini-1.5': { prompt: 7, completion: 21 }, // May 2nd, 2024 pricing
-  // 'gemini': { prompt: 0.5, completion: 1.5 }, // May 2nd, 2024 pricing
-  'gemini-1.5': { prompt: 0, completion: 0 }, // currently free
-  gemini: { prompt: 0, completion: 0 }, // currently free
+    command: { prompt: 0.38, completion: 0.38 },
+    'gemini-1.5': { prompt: 7, completion: 21 }, // May 2nd, 2024 pricing
+    gemini: { prompt: 0.5, completion: 1.5 }, // May 2nd, 2024 pricing
+  },
+  bedrockValues,
+);
+
+/**
+ * Mapping of model token sizes to their respective multipliers for cached input, read and write.
+ * See Anthropic's documentation on this: https://docs.anthropic.com/en/docs/build-with-claude/prompt-caching#pricing
+ * The rates are 1 USD per 1M tokens.
+ * @type {Object.<string, {write: number, read: number }>}
+ */
+const cacheTokenValues = {
+  'claude-3.5-sonnet': { write: 3.75, read: 0.3 },
+  'claude-3-5-sonnet': { write: 3.75, read: 0.3 },
+  'claude-3-haiku': { write: 0.3, read: 0.03 },
 };
 
 /**
@@ -54,6 +104,10 @@ const getValueKey = (model, endpoint) => {
     return 'gpt-3.5-turbo-1106';
   } else if (modelName.includes('gpt-3.5')) {
     return '4k';
+  } else if (modelName.includes('gpt-4o-2024-08-06')) {
+    return 'gpt-4o-2024-08-06';
+  } else if (modelName.includes('gpt-4o-mini')) {
+    return 'gpt-4o-mini';
   } else if (modelName.includes('gpt-4o')) {
     return 'gpt-4o';
   } else if (modelName.includes('gpt-4-vision')) {
@@ -81,7 +135,7 @@ const getValueKey = (model, endpoint) => {
  *
  * @param {Object} params - The parameters for the function.
  * @param {string} [params.valueKey] - The key corresponding to the model name.
- * @param {string} [params.tokenType] - The type of token (e.g., 'prompt' or 'completion').
+ * @param {'prompt' | 'completion'} [params.tokenType] - The type of token (e.g., 'prompt' or 'completion').
  * @param {string} [params.model] - The model name to derive the value key from if not provided.
  * @param {string} [params.endpoint] - The endpoint name to derive the value key from if not provided.
  * @param {EndpointTokenConfig} [params.endpointTokenConfig] - The token configuration for the endpoint.
@@ -106,7 +160,41 @@ const getMultiplier = ({ valueKey, tokenType, model, endpoint, endpointTokenConf
   }
 
   // If we got this far, and values[tokenType] is undefined somehow, return a rough average of default multipliers
-  return tokenValues[valueKey][tokenType] ?? defaultRate;
+  return tokenValues[valueKey]?.[tokenType] ?? defaultRate;
 };
 
-module.exports = { tokenValues, getValueKey, getMultiplier, defaultRate };
+/**
+ * Retrieves the cache multiplier for a given value key and token type. If no value key is provided,
+ * it attempts to derive it from the model name.
+ *
+ * @param {Object} params - The parameters for the function.
+ * @param {string} [params.valueKey] - The key corresponding to the model name.
+ * @param {'write' | 'read'} [params.cacheType] - The type of token (e.g., 'write' or 'read').
+ * @param {string} [params.model] - The model name to derive the value key from if not provided.
+ * @param {string} [params.endpoint] - The endpoint name to derive the value key from if not provided.
+ * @param {EndpointTokenConfig} [params.endpointTokenConfig] - The token configuration for the endpoint.
+ * @returns {number | null} The multiplier for the given parameters, or `null` if not found.
+ */
+const getCacheMultiplier = ({ valueKey, cacheType, model, endpoint, endpointTokenConfig }) => {
+  if (endpointTokenConfig) {
+    return endpointTokenConfig?.[model]?.[cacheType] ?? null;
+  }
+
+  if (valueKey && cacheType) {
+    return cacheTokenValues[valueKey]?.[cacheType] ?? null;
+  }
+
+  if (!cacheType || !model) {
+    return null;
+  }
+
+  valueKey = getValueKey(model, endpoint);
+  if (!valueKey) {
+    return null;
+  }
+
+  // If we got this far, and values[cacheType] is undefined somehow, return a rough average of default multipliers
+  return cacheTokenValues[valueKey]?.[cacheType] ?? null;
+};
+
+module.exports = { tokenValues, getValueKey, getMultiplier, getCacheMultiplier, defaultRate };

api/models/tx.spec.js

@@ -1,4 +1,10 @@
-const { getValueKey, getMultiplier, defaultRate, tokenValues } = require('./tx');
+const {
+  defaultRate,
+  tokenValues,
+  getValueKey,
+  getMultiplier,
+  getCacheMultiplier,
+} = require('./tx');
 
 describe('getValueKey', () => {
   it('should return "16k" for model name containing "gpt-3.5-turbo-16k"', () => {
@@ -49,12 +55,40 @@ describe('getValueKey', () => {
     expect(getValueKey('gpt-4o-0125')).toBe('gpt-4o');
   });
 
+  it('should return "gpt-4o-mini" for model type of "gpt-4o-mini"', () => {
+    expect(getValueKey('gpt-4o-mini-2024-07-18')).toBe('gpt-4o-mini');
+    expect(getValueKey('openai/gpt-4o-mini')).toBe('gpt-4o-mini');
+    expect(getValueKey('gpt-4o-mini-0718')).toBe('gpt-4o-mini');
+    expect(getValueKey('gpt-4o-2024-08-06-0718')).not.toBe('gpt-4o');
+  });
+
+  it('should return "gpt-4o-2024-08-06" for model type of "gpt-4o-2024-08-06"', () => {
+    expect(getValueKey('gpt-4o-2024-08-06-2024-07-18')).toBe('gpt-4o-2024-08-06');
+    expect(getValueKey('openai/gpt-4o-2024-08-06')).toBe('gpt-4o-2024-08-06');
+    expect(getValueKey('gpt-4o-2024-08-06-0718')).toBe('gpt-4o-2024-08-06');
+    expect(getValueKey('gpt-4o-2024-08-06-0718')).not.toBe('gpt-4o');
+  });
+
+  it('should return "gpt-4o" for model type of "chatgpt-4o"', () => {
+    expect(getValueKey('chatgpt-4o-latest')).toBe('gpt-4o');
+    expect(getValueKey('openai/chatgpt-4o-latest')).toBe('gpt-4o');
+    expect(getValueKey('chatgpt-4o-latest-0916')).toBe('gpt-4o');
+    expect(getValueKey('chatgpt-4o-latest-0718')).toBe('gpt-4o');
+  });
+
   it('should return "claude-3-5-sonnet" for model type of "claude-3-5-sonnet-"', () => {
     expect(getValueKey('claude-3-5-sonnet-20240620')).toBe('claude-3-5-sonnet');
     expect(getValueKey('anthropic/claude-3-5-sonnet')).toBe('claude-3-5-sonnet');
     expect(getValueKey('claude-3-5-sonnet-turbo')).toBe('claude-3-5-sonnet');
     expect(getValueKey('claude-3-5-sonnet-0125')).toBe('claude-3-5-sonnet');
   });
+
+  it('should return "claude-3.5-sonnet" for model type of "claude-3.5-sonnet-"', () => {
+    expect(getValueKey('claude-3.5-sonnet-20240620')).toBe('claude-3.5-sonnet');
+    expect(getValueKey('anthropic/claude-3.5-sonnet')).toBe('claude-3.5-sonnet');
+    expect(getValueKey('claude-3.5-sonnet-turbo')).toBe('claude-3.5-sonnet');
+    expect(getValueKey('claude-3.5-sonnet-0125')).toBe('claude-3.5-sonnet');
+  });
 });
 
 describe('getMultiplier', () => {
@@ -109,6 +143,30 @@ describe('getMultiplier', () => {
     );
   });
 
+  it('should return the correct multiplier for gpt-4o-mini', () => {
+    const valueKey = getValueKey('gpt-4o-mini-2024-07-18');
+    expect(getMultiplier({ valueKey, tokenType: 'prompt' })).toBe(
+      tokenValues['gpt-4o-mini'].prompt,
+    );
+    expect(getMultiplier({ valueKey, tokenType: 'completion' })).toBe(
+      tokenValues['gpt-4o-mini'].completion,
+    );
+    expect(getMultiplier({ valueKey, tokenType: 'completion' })).not.toBe(
+      tokenValues['gpt-4-1106'].completion,
+    );
+  });
+
+  it('should return the correct multiplier for chatgpt-4o-latest', () => {
+    const valueKey = getValueKey('chatgpt-4o-latest');
+    expect(getMultiplier({ valueKey, tokenType: 'prompt' })).toBe(tokenValues['gpt-4o'].prompt);
+    expect(getMultiplier({ valueKey, tokenType: 'completion' })).toBe(
+      tokenValues['gpt-4o'].completion,
+    );
+    expect(getMultiplier({ valueKey, tokenType: 'completion' })).not.toBe(
+      tokenValues['gpt-4o-mini'].completion,
+    );
+  });
+
   it('should derive the valueKey from the model if not provided for new models', () => {
     expect(
       getMultiplier({ tokenType: 'prompt', model: 'gpt-3.5-turbo-1106-some-other-info' }),
@@ -133,3 +191,141 @@ describe('getMultiplier', () => {
     );
   });
 });
+
+describe('AWS Bedrock Model Tests', () => {
+  const awsModels = [
+    'anthropic.claude-3-haiku-20240307-v1:0',
+    'anthropic.claude-3-sonnet-20240229-v1:0',
+    'anthropic.claude-3-opus-20240229-v1:0',
+    'anthropic.claude-3-5-sonnet-20240620-v1:0',
+    'anthropic.claude-v2:1',
+    'anthropic.claude-instant-v1',
+    'meta.llama2-13b-chat-v1',
+    'meta.llama2-70b-chat-v1',
+    'meta.llama3-8b-instruct-v1:0',
+    'meta.llama3-70b-instruct-v1:0',
+    'meta.llama3-1-8b-instruct-v1:0',
+    'meta.llama3-1-70b-instruct-v1:0',
+    'meta.llama3-1-405b-instruct-v1:0',
+    'mistral.mistral-7b-instruct-v0:2',
+    'mistral.mistral-small-2402-v1:0',
+    'mistral.mixtral-8x7b-instruct-v0:1',
+    'mistral.mistral-large-2402-v1:0',
+    'mistral.mistral-large-2407-v1:0',
+    'cohere.command-text-v14',
+    'cohere.command-light-text-v14',
+    'cohere.command-r-v1:0',
+    'cohere.command-r-plus-v1:0',
+    'ai21.j2-mid-v1',
+    'ai21.j2-ultra-v1',
+    'amazon.titan-text-lite-v1',
+    'amazon.titan-text-express-v1',
+  ];
+
+  it('should return the correct prompt multipliers for all models', () => {
+    const results = awsModels.map((model) => {
+      const multiplier = getMultiplier({ valueKey: model, tokenType: 'prompt' });
+      return multiplier === tokenValues[model].prompt;
+    });
+    expect(results.every(Boolean)).toBe(true);
+  });
+
+  it('should return the correct completion multipliers for all models', () => {
+    const results = awsModels.map((model) => {
+      const multiplier = getMultiplier({ valueKey: model, tokenType: 'completion' });
+      return multiplier === tokenValues[model].completion;
+    });
+    expect(results.every(Boolean)).toBe(true);
+  });
+
+  it('should return the correct prompt multipliers for all models with Bedrock prefix', () => {
+    const results = awsModels.map((model) => {
+      const modelName = `bedrock/${model}`;
+      const multiplier = getMultiplier({ valueKey: modelName, tokenType: 'prompt' });
+      return multiplier === tokenValues[model].prompt;
+    });
+    expect(results.every(Boolean)).toBe(true);
+  });
+
+  it('should return the correct completion multipliers for all models with Bedrock prefix', () => {
+    const results = awsModels.map((model) => {
+      const modelName = `bedrock/${model}`;
+      const multiplier = getMultiplier({ valueKey: modelName, tokenType: 'completion' });
+      return multiplier === tokenValues[model].completion;
+    });
+    expect(results.every(Boolean)).toBe(true);
+  });
+});
+
+describe('getCacheMultiplier', () => {
+  it('should return the correct cache multiplier for a given valueKey and cacheType', () => {
+    expect(getCacheMultiplier({ valueKey: 'claude-3-5-sonnet', cacheType: 'write' })).toBe(3.75);
+    expect(getCacheMultiplier({ valueKey: 'claude-3-5-sonnet', cacheType: 'read' })).toBe(0.3);
+    expect(getCacheMultiplier({ valueKey: 'claude-3-haiku', cacheType: 'write' })).toBe(0.3);
+    expect(getCacheMultiplier({ valueKey: 'claude-3-haiku', cacheType: 'read' })).toBe(0.03);
+  });
+
+  it('should return null if cacheType is provided but not found in cacheTokenValues', () => {
+    expect(
+      getCacheMultiplier({ valueKey: 'claude-3-5-sonnet', cacheType: 'unknownType' }),
+    ).toBeNull();
+  });
+
+  it('should derive the valueKey from the model if not provided', () => {
+    expect(getCacheMultiplier({ cacheType: 'write', model: 'claude-3-5-sonnet-20240620' })).toBe(
+      3.75,
+    );
+    expect(getCacheMultiplier({ cacheType: 'read', model: 'claude-3-haiku-20240307' })).toBe(0.03);
+  });
+
+  it('should return null if only model or cacheType is missing', () => {
+    expect(getCacheMultiplier({ cacheType: 'write' })).toBeNull();
+    expect(getCacheMultiplier({ model: 'claude-3-5-sonnet' })).toBeNull();
+  });
+
+  it('should return null if derived valueKey does not match any known patterns', () => {
+    expect(getCacheMultiplier({ cacheType: 'write', model: 'gpt-4-some-other-info' })).toBeNull();
+  });
+
+  it('should handle endpointTokenConfig if provided', () => {
+    const endpointTokenConfig = {
+      'custom-model': {
+        write: 5,
+        read: 1,
+      },
+    };
+    expect(
+      getCacheMultiplier({ model: 'custom-model', cacheType: 'write', endpointTokenConfig }),
+    ).toBe(5);
+    expect(
+      getCacheMultiplier({ model: 'custom-model', cacheType: 'read', endpointTokenConfig }),
+    ).toBe(1);
+  });
+
+  it('should return null if model is not found in endpointTokenConfig', () => {
+    const endpointTokenConfig = {
+      'custom-model': {
+        write: 5,
+        read: 1,
+      },
+    };
+    expect(
+      getCacheMultiplier({ model: 'unknown-model', cacheType: 'write', endpointTokenConfig }),
+    ).toBeNull();
+  });
+
+  it('should handle models with "bedrock/" prefix', () => {
+    expect(
+      getCacheMultiplier({
+        model: 'bedrock/anthropic.claude-3-5-sonnet-20240620-v1:0',
+        cacheType: 'write',
+      }),
+    ).toBe(3.75);
+    expect(
+      getCacheMultiplier({
+        model: 'bedrock/anthropic.claude-3-haiku-20240307-v1:0',
+        cacheType: 'read',
+      }),
+    ).toBe(0.03);
+  });
+});

api/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@librechat/backend",
-  "version": "0.7.4-rc1",
+  "version": "v0.7.5-rc1",
   "description": "",
   "scripts": {
     "start": "echo 'please run this from the root directory'",
@@ -12,6 +12,7 @@
     "list-balances": "node ./list-balances.js",
     "user-stats": "node ./user-stats.js",
     "create-user": "node ./create-user.js",
+    "invite-user": "node ./invite-user.js",
     "ban-user": "node ./ban-user.js",
     "delete-user": "node ./delete-user.js"
   },
@@ -45,6 +46,7 @@
     "bcryptjs": "^2.4.3",
     "cheerio": "^1.0.0-rc.12",
     "cohere-ai": "^7.9.1",
+    "compression": "^1.7.4",
     "connect-redis": "^7.1.0",
     "cookie": "^0.5.0",
     "cors": "^2.8.5",
@@ -72,6 +74,7 @@
     "module-alias": "^2.2.3",
     "mongoose": "^7.1.1",
     "multer": "^1.4.5-lts.1",
+    "nanoid": "^3.3.7",
     "nodejs-gpt": "^1.37.4",
     "nodemailer": "^6.9.4",
     "ollama": "^0.5.0",
@@ -98,7 +101,8 @@
     "zod": "^3.22.4"
   },
   "devDependencies": {
-    "jest": "^29.5.0",
+    "jest": "^29.7.0",
+    "mongodb-memory-server": "^10.0.0",
     "nodemon": "^3.0.1",
     "supertest": "^6.3.3"
   }

api/server/controllers/AskController.js

@@ -1,7 +1,8 @@
 const throttle = require('lodash/throttle');
-const { getResponseSender, Constants, EModelEndpoint } = require('librechat-data-provider');
+const { getResponseSender, Constants, CacheKeys, Time } = require('librechat-data-provider');
 const { createAbortController, handleAbortError } = require('~/server/middleware');
 const { sendMessage, createOnProgress } = require('~/server/utils');
+const { getLogStores } = require('~/cache');
 const { saveMessage } = require('~/models');
 const { logger } = require('~/config');
 
@@ -51,11 +52,13 @@ const AskController = async (req, res, next, initializeClient, addTitle) => {
 
   try {
     const { client } = await initializeClient({ req, res, endpointOption });
-    const unfinished = endpointOption.endpoint === EModelEndpoint.google ? false : true;
+    const messageCache = getLogStores(CacheKeys.MESSAGES);
     const { onProgress: progressCallback, getPartialText } = createOnProgress({
       onProgress: throttle(
         ({ text: partialText }) => {
-          saveMessage({
+          /*
+              const unfinished = endpointOption.endpoint === EModelEndpoint.google ? false : true;
+          messageCache.set(responseMessageId, {
             messageId: responseMessageId,
             sender,
             conversationId,
@@ -65,7 +68,10 @@ const AskController = async (req, res, next, initializeClient, addTitle) => {
             unfinished,
             error: false,
             user,
-          });
+          }, Time.FIVE_MINUTES);
+          */
+
+          messageCache.set(responseMessageId, partialText, Time.FIVE_MINUTES);
         },
         3000,
         { trailing: false },
@@ -144,11 +150,17 @@ const AskController = async (req, res, next, initializeClient, addTitle) => {
       });
       res.end();
 
-      await saveMessage({ ...response, user });
+      await saveMessage(
+        req,
+        { ...response, user },
+        { context: 'api/server/controllers/AskController.js - response end' },
+      );
     }
 
     if (!client.skipSaveUserMessage) {
-      await saveMessage(userMessage);
+      await saveMessage(req, userMessage, {
+        context: 'api/server/controllers/AskController.js - don\'t skip saving user message',
+      });
     }
 
     if (addTitle && parentMessageId === Constants.NO_PARENT && newConvo) {

api/server/controllers/AuthController.js

@@ -1,4 +1,3 @@
-const crypto = require('crypto');
 const cookies = require('cookie');
 const jwt = require('jsonwebtoken');
 const {
@@ -7,6 +6,7 @@ const {
   setAuthTokens,
   requestPasswordReset,
 } = require('~/server/services/AuthService');
+const { hashToken } = require('~/server/utils/crypto');
 const { Session, getUserById } = require('~/models');
 const { logger } = require('~/config');
 
@@ -74,8 +74,7 @@ const refreshController = async (req, res) => {
     }
 
     // Hash the refresh token
-    const hash = crypto.createHash('sha256');
-    const hashedToken = hash.update(refreshToken).digest('hex');
+    const hashedToken = await hashToken(refreshToken);
 
     // Find the session with the hashed refresh token
     const session = await Session.findOne({ user: userId, refreshTokenHash: hashedToken });

api/server/controllers/Balance.js

@@ -1,4 +1,4 @@
-const Balance = require('../../models/Balance');
+const Balance = require('~/models/Balance');
 
 async function balanceController(req, res) {
   const { tokenCredits: balance = '' } =

api/server/controllers/EditController.js

@@ -1,7 +1,8 @@
 const throttle = require('lodash/throttle');
-const { getResponseSender, EModelEndpoint } = require('librechat-data-provider');
+const { getResponseSender, CacheKeys, Time } = require('librechat-data-provider');
 const { createAbortController, handleAbortError } = require('~/server/middleware');
 const { sendMessage, createOnProgress } = require('~/server/utils');
+const { getLogStores } = require('~/cache');
 const { saveMessage } = require('~/models');
 const { logger } = require('~/config');
 
@@ -51,12 +52,14 @@ const EditController = async (req, res, next, initializeClient) => {
     }
   };
 
-  const unfinished = endpointOption.endpoint === EModelEndpoint.google ? false : true;
+  const messageCache = getLogStores(CacheKeys.MESSAGES);
   const { onProgress: progressCallback, getPartialText } = createOnProgress({
     generation,
     onProgress: throttle(
       ({ text: partialText }) => {
-        saveMessage({
+        /*
+          const unfinished = endpointOption.endpoint === EModelEndpoint.google ? false : true;
+        {
           messageId: responseMessageId,
           sender,
           conversationId,
@@ -67,7 +70,8 @@ const EditController = async (req, res, next, initializeClient) => {
           isEdited: true,
           error: false,
           user,
-        });
+        } */
+        messageCache.set(responseMessageId, partialText, Time.FIVE_MINUTES);
       },
       3000,
       { trailing: false },
@@ -141,7 +145,11 @@ const EditController = async (req, res, next, initializeClient) => {
       });
       res.end();
 
-      await saveMessage({ ...response, user });
+      await saveMessage(
+        req,
+        { ...response, user },
+        { context: 'api/server/controllers/EditController.js - response end' },
+      );
     }
   } catch (error) {
     const partialText = getPartialText();

api/server/controllers/assistants/chatV1.js

@@ -120,21 +120,22 @@ const chatV1 = async (req, res) => {
           ? ' If using Azure OpenAI, files are only available in the region of the assistant\'s model at the time of upload.'
           : ''
       }`;
-      return sendResponse(res, messageData, errorMessage);
+      return sendResponse(req, res, messageData, errorMessage);
     } else if (error?.message?.includes('string too long')) {
       return sendResponse(
+        req,
         res,
         messageData,
         'Message too long. The Assistants API has a limit of 32,768 characters per message. Please shorten it and try again.',
       );
     } else if (error?.message?.includes(ViolationTypes.TOKEN_BALANCE)) {
-      return sendResponse(res, messageData, error.message);
+      return sendResponse(req, res, messageData, error.message);
     } else {
       logger.error('[/assistants/chat/]', error);
     }
 
     if (!openai || !thread_id || !run_id) {
-      return sendResponse(res, messageData, defaultErrorMessage);
+      return sendResponse(req, res, messageData, defaultErrorMessage);
     }
 
     await sleep(2000);
@@ -221,10 +222,10 @@ const chatV1 = async (req, res) => {
       };
     } catch (error) {
       logger.error('[/assistants/chat/] Error finalizing error process', error);
-      return sendResponse(res, messageData, 'The Assistant run failed');
+      return sendResponse(req, res, messageData, 'The Assistant run failed');
     }
 
-    return sendResponse(res, finalEvent);
+    return sendResponse(req, res, finalEvent);
   };
 
   try {
@@ -382,6 +383,9 @@ const chatV1 = async (req, res) => {
       return files;
     };
 
+    /** @type {Promise<Run>|undefined} */
+    let userMessagePromise;
+
     const initializeThread = async () => {
       /** @type {[ undefined | MongoFile[]]}*/
       const [processedFiles] = await Promise.all([addVisionPrompt(), getRequestFileIds()]);
@@ -438,7 +442,7 @@ const chatV1 = async (req, res) => {
       previousMessages.push(requestMessage);
 
       /* asynchronous */
-      saveUserMessage({ ...requestMessage, model });
+      userMessagePromise = saveUserMessage(req, { ...requestMessage, model });
 
       conversation = {
         conversationId,
@@ -582,7 +586,10 @@ const chatV1 = async (req, res) => {
     });
     res.end();
 
-    await saveAssistantMessage({ ...responseMessage, model });
+    if (userMessagePromise) {
+      await userMessagePromise;
+    }
+    await saveAssistantMessage(req, { ...responseMessage, model });
 
     if (parentMessageId === Constants.NO_PARENT && !_thread_id) {
       addTitle(req, {

api/server/controllers/assistants/chatV2.js

@@ -1,12 +1,12 @@
 const { v4 } = require('uuid');
 const {
+  Time,
   Constants,
   RunStatus,
   CacheKeys,
   ContentTypes,
   ToolCallTypes,
   EModelEndpoint,
-  ViolationTypes,
   retrievalMimeTypes,
   AssistantStreamEvents,
 } = require('librechat-data-provider');
@@ -14,12 +14,12 @@ const {
   initThread,
   recordUsage,
   saveUserMessage,
-  checkMessageGaps,
   addThreadMetadata,
   saveAssistantMessage,
 } = require('~/server/services/Threads');
-const { sendResponse, sendMessage, sleep, isEnabled, countTokens } = require('~/server/utils');
 const { runAssistant, createOnTextProgress } = require('~/server/services/AssistantService');
+const { sendMessage, sleep, isEnabled, countTokens } = require('~/server/utils');
+const { createErrorHandler } = require('~/server/controllers/assistants/errors');
 const validateAuthor = require('~/server/middleware/assistants/validateAuthor');
 const { createRun, StreamRunManager } = require('~/server/services/Runs');
 const { addTitle } = require('~/server/services/Endpoints/assistants');
@@ -44,7 +44,7 @@ const ten_minutes = 1000 * 60 * 10;
 const chatV2 = async (req, res) => {
   logger.debug('[/assistants/chat/] req.body', req.body);
 
-  /** @type {{ files: MongoFile[]}} */
+  /** @type {{files: MongoFile[]}} */
   const {
     text,
     model,
@@ -90,139 +90,20 @@ const chatV2 = async (req, res) => {
   /** @type {Run | undefined} - The completed run, undefined if incomplete */
   let completedRun;
 
-  const handleError = async (error) => {
-    const defaultErrorMessage =
-      'The Assistant run failed to initialize. Try sending a message in a new conversation.';
-    const messageData = {
-      thread_id,
-      assistant_id,
-      conversationId,
-      parentMessageId,
-      sender: 'System',
-      user: req.user.id,
-      shouldSaveMessage: false,
-      messageId: responseMessageId,
-      endpoint,
-    };
+  const getContext = () => ({
+    openai,
+    run_id,
+    endpoint,
+    cacheKey,
+    thread_id,
+    completedRun,
+    assistant_id,
+    conversationId,
+    parentMessageId,
+    responseMessageId,
+  });
 
-    if (error.message === 'Run cancelled') {
-      return res.end();
-    } else if (error.message === 'Request closed' && completedRun) {
-      return;
-    } else if (error.message === 'Request closed') {
-      logger.debug('[/assistants/chat/] Request aborted on close');
-    } else if (/Files.*are invalid/.test(error.message)) {
-      const errorMessage = `Files are invalid, or may not have uploaded yet.${
-        endpoint === EModelEndpoint.azureAssistants
-          ? ' If using Azure OpenAI, files are only available in the region of the assistant\'s model at the time of upload.'
-          : ''
-      }`;
-      return sendResponse(res, messageData, errorMessage);
-    } else if (error?.message?.includes('string too long')) {
-      return sendResponse(
-        res,
-        messageData,
-        'Message too long. The Assistants API has a limit of 32,768 characters per message. Please shorten it and try again.',
-      );
-    } else if (error?.message?.includes(ViolationTypes.TOKEN_BALANCE)) {
-      return sendResponse(res, messageData, error.message);
-    } else {
-      logger.error('[/assistants/chat/]', error);
-    }
-
-    if (!openai || !thread_id || !run_id) {
-      return sendResponse(res, messageData, defaultErrorMessage);
-    }
-
-    await sleep(2000);
-
-    try {
-      const status = await cache.get(cacheKey);
-      if (status === 'cancelled') {
-        logger.debug('[/assistants/chat/] Run already cancelled');
-        return res.end();
-      }
-      await cache.delete(cacheKey);
-      const cancelledRun = await openai.beta.threads.runs.cancel(thread_id, run_id);
-      logger.debug('[/assistants/chat/] Cancelled run:', cancelledRun);
-    } catch (error) {
-      logger.error('[/assistants/chat/] Error cancelling run', error);
-    }
-
-    await sleep(2000);
-
-    let run;
-    try {
-      run = await openai.beta.threads.runs.retrieve(thread_id, run_id);
-      await recordUsage({
-        ...run.usage,
-        model: run.model,
-        user: req.user.id,
-        conversationId,
-      });
-    } catch (error) {
-      logger.error('[/assistants/chat/] Error fetching or processing run', error);
-    }
-
-    let finalEvent;
-    try {
-      const runMessages = await checkMessageGaps({
-        openai,
-        run_id,
-        endpoint,
-        thread_id,
-        conversationId,
-        latestMessageId: responseMessageId,
-      });
-
-      const errorContentPart = {
-        text: {
-          value:
-            error?.message ?? 'There was an error processing your request. Please try again later.',
-        },
-        type: ContentTypes.ERROR,
-      };
-
-      if (!Array.isArray(runMessages[runMessages.length - 1]?.content)) {
-        runMessages[runMessages.length - 1].content = [errorContentPart];
-      } else {
-        const contentParts = runMessages[runMessages.length - 1].content;
-        for (let i = 0; i < contentParts.length; i++) {
-          const currentPart = contentParts[i];
-          /** @type {CodeToolCall | RetrievalToolCall | FunctionToolCall | undefined} */
-          const toolCall = currentPart?.[ContentTypes.TOOL_CALL];
-          if (
-            toolCall &&
-            toolCall?.function &&
-            !(toolCall?.function?.output || toolCall?.function?.output?.length)
-          ) {
-            contentParts[i] = {
-              ...currentPart,
-              [ContentTypes.TOOL_CALL]: {
-                ...toolCall,
-                function: {
-                  ...toolCall.function,
-                  output: 'error processing tool',
-                },
-              },
-            };
-          }
-        }
-        runMessages[runMessages.length - 1].content.push(errorContentPart);
-      }
-
-      finalEvent = {
-        final: true,
-        conversation: await getConvo(req.user.id, conversationId),
-        runMessages,
-      };
-    } catch (error) {
-      logger.error('[/assistants/chat/] Error finalizing error process', error);
-      return sendResponse(res, messageData, 'The Assistant run failed');
-    }
-
-    return sendResponse(res, finalEvent);
-  };
+  const handleError = createErrorHandler({ req, res, getContext });
 
   try {
     res.on('close', async () => {
@@ -365,6 +246,9 @@ const chatV2 = async (req, res) => {
       }
     };
 
+    /** @type {Promise<Run>|undefined} */
+    let userMessagePromise;
+
     const initializeThread = async () => {
       await getRequestFileIds();
 
@@ -407,7 +291,7 @@ const chatV2 = async (req, res) => {
       previousMessages.push(requestMessage);
 
       /* asynchronous */
-      saveUserMessage({ ...requestMessage, model });
+      userMessagePromise = saveUserMessage(req, { ...requestMessage, model });
 
       conversation = {
         conversationId,
@@ -489,6 +373,11 @@ const chatV2 = async (req, res) => {
         },
       };
 
+      /** @type {undefined | TAssistantEndpoint} */
+      const config = req.app.locals[endpoint] ?? {};
+      /** @type {undefined | TBaseEndpoint} */
+      const allConfig = req.app.locals.all;
+
       const streamRunManager = new StreamRunManager({
         req,
         res,
@@ -498,6 +387,7 @@ const chatV2 = async (req, res) => {
         attachedFileIds,
         parentMessageId: userMessageId,
         responseMessage: openai.responseMessage,
+        streamRate: allConfig?.streamRate ?? config.streamRate,
         // streamOptions: {
 
         // },
@@ -510,6 +400,16 @@ const chatV2 = async (req, res) => {
 
       response = streamRunManager;
       response.text = streamRunManager.intermediateText;
+
+      const messageCache = getLogStores(CacheKeys.MESSAGES);
+      messageCache.set(
+        responseMessageId,
+        {
+          complete: true,
+          text: response.text,
+        },
+        Time.FIVE_MINUTES,
+      );
     };
 
     await processRun();
@@ -552,7 +452,10 @@ const chatV2 = async (req, res) => {
     });
     res.end();
 
-    await saveAssistantMessage({ ...responseMessage, model });
+    if (userMessagePromise) {
+      await userMessagePromise;
+    }
+    await saveAssistantMessage(req, { ...responseMessage, model });
 
     if (parentMessageId === Constants.NO_PARENT && !_thread_id) {
       addTitle(req, {

api/server/controllers/assistants/errors.js

@@ -0,0 +1,193 @@
+// errorHandler.js
+const { sendResponse } = require('~/server/utils');
+const { logger } = require('~/config');
+const getLogStores = require('~/cache/getLogStores');
+const { CacheKeys, ViolationTypes, ContentTypes } = require('librechat-data-provider');
+const { getConvo } = require('~/models/Conversation');
+const { recordUsage, checkMessageGaps } = require('~/server/services/Threads');
+
+/**
+ * @typedef {Object} ErrorHandlerContext
+ * @property {OpenAIClient} openai - The OpenAI client
+ * @property {string} thread_id - The thread ID
+ * @property {string} run_id - The run ID
+ * @property {boolean} completedRun - Whether the run has completed
+ * @property {string} assistant_id - The assistant ID
+ * @property {string} conversationId - The conversation ID
+ * @property {string} parentMessageId - The parent message ID
+ * @property {string} responseMessageId - The response message ID
+ * @property {string} endpoint - The endpoint being used
+ * @property {string} cacheKey - The cache key for the current request
+ */
+
+/**
+ * @typedef {Object} ErrorHandlerDependencies
+ * @property {Express.Request} req - The Express request object
+ * @property {Express.Response} res - The Express response object
+ * @property {() => ErrorHandlerContext} getContext - Function to get the current context
+ * @property {string} [originPath] - The origin path for the error handler
+ */
+
+/**
+ * Creates an error handler function with the given dependencies
+ * @param {ErrorHandlerDependencies} dependencies - The dependencies for the error handler
+ * @returns {(error: Error) => Promise<void>} The error handler function
+ */
+const createErrorHandler = ({ req, res, getContext, originPath = '/assistants/chat/' }) => {
+  const cache = getLogStores(CacheKeys.ABORT_KEYS);
+
+  /**
+   * Handles errors that occur during the chat process
+   * @param {Error} error - The error that occurred
+   * @returns {Promise<void>}
+   */
+  return async (error) => {
+    const {
+      openai,
+      run_id,
+      endpoint,
+      cacheKey,
+      thread_id,
+      completedRun,
+      assistant_id,
+      conversationId,
+      parentMessageId,
+      responseMessageId,
+    } = getContext();
+
+    const defaultErrorMessage =
+      'The Assistant run failed to initialize. Try sending a message in a new conversation.';
+    const messageData = {
+      thread_id,
+      assistant_id,
+      conversationId,
+      parentMessageId,
+      sender: 'System',
+      user: req.user.id,
+      shouldSaveMessage: false,
+      messageId: responseMessageId,
+      endpoint,
+    };
+
+    if (error.message === 'Run cancelled') {
+      return res.end();
+    } else if (error.message === 'Request closed' && completedRun) {
+      return;
+    } else if (error.message === 'Request closed') {
+      logger.debug(`[${originPath}] Request aborted on close`);
+    } else if (/Files.*are invalid/.test(error.message)) {
+      const errorMessage = `Files are invalid, or may not have uploaded yet.${
+        endpoint === 'azureAssistants'
+          ? ' If using Azure OpenAI, files are only available in the region of the assistant\'s model at the time of upload.'
+          : ''
+      }`;
+      return sendResponse(req, res, messageData, errorMessage);
+    } else if (error?.message?.includes('string too long')) {
+      return sendResponse(
+        req,
+        res,
+        messageData,
+        'Message too long. The Assistants API has a limit of 32,768 characters per message. Please shorten it and try again.',
+      );
+    } else if (error?.message?.includes(ViolationTypes.TOKEN_BALANCE)) {
+      return sendResponse(req, res, messageData, error.message);
+    } else {
+      logger.error(`[${originPath}]`, error);
+    }
+
+    if (!openai || !thread_id || !run_id) {
+      return sendResponse(req, res, messageData, defaultErrorMessage);
+    }
+
+    await new Promise((resolve) => setTimeout(resolve, 2000));
+
+    try {
+      const status = await cache.get(cacheKey);
+      if (status === 'cancelled') {
+        logger.debug(`[${originPath}] Run already cancelled`);
+        return res.end();
+      }
+      await cache.delete(cacheKey);
+      const cancelledRun = await openai.beta.threads.runs.cancel(thread_id, run_id);
+      logger.debug(`[${originPath}] Cancelled run:`, cancelledRun);
+    } catch (error) {
+      logger.error(`[${originPath}] Error cancelling run`, error);
+    }
+
+    await new Promise((resolve) => setTimeout(resolve, 2000));
+
+    let run;
+    try {
+      run = await openai.beta.threads.runs.retrieve(thread_id, run_id);
+      await recordUsage({
+        ...run.usage,
+        model: run.model,
+        user: req.user.id,
+        conversationId,
+      });
+    } catch (error) {
+      logger.error(`[${originPath}] Error fetching or processing run`, error);
+    }
+
+    let finalEvent;
+    try {
+      const runMessages = await checkMessageGaps({
+        openai,
+        run_id,
+        endpoint,
+        thread_id,
+        conversationId,
+        latestMessageId: responseMessageId,
+      });
+
+      const errorContentPart = {
+        text: {
+          value:
+            error?.message ?? 'There was an error processing your request. Please try again later.',
+        },
+        type: ContentTypes.ERROR,
+      };
+
+      if (!Array.isArray(runMessages[runMessages.length - 1]?.content)) {
+        runMessages[runMessages.length - 1].content = [errorContentPart];
+      } else {
+        const contentParts = runMessages[runMessages.length - 1].content;
+        for (let i = 0; i < contentParts.length; i++) {
+          const currentPart = contentParts[i];
+          /** @type {CodeToolCall | RetrievalToolCall | FunctionToolCall | undefined} */
+          const toolCall = currentPart?.[ContentTypes.TOOL_CALL];
+          if (
+            toolCall &&
+            toolCall?.function &&
+            !(toolCall?.function?.output || toolCall?.function?.output?.length)
+          ) {
+            contentParts[i] = {
+              ...currentPart,
+              [ContentTypes.TOOL_CALL]: {
+                ...toolCall,
+                function: {
+                  ...toolCall.function,
+                  output: 'error processing tool',
+                },
+              },
+            };
+          }
+        }
+        runMessages[runMessages.length - 1].content.push(errorContentPart);
+      }
+
+      finalEvent = {
+        final: true,
+        conversation: await getConvo(req.user.id, conversationId),
+        runMessages,
+      };
+    } catch (error) {
+      logger.error(`[${originPath}] Error finalizing error process`, error);
+      return sendResponse(req, res, messageData, 'The Assistant run failed');
+    }
+
+    return sendResponse(req, res, finalEvent);
+  };
+};
+
+module.exports = { createErrorHandler };

api/server/index.js

@@ -4,6 +4,7 @@ require('module-alias')({ base: path.resolve(__dirname, '..') });
 const cors = require('cors');
 const axios = require('axios');
 const express = require('express');
+const compression = require('compression');
 const passport = require('passport');
 const mongoSanitize = require('express-mongo-sanitize');
 const { jwtLogin, passportLogin } = require('~/strategies');
@@ -15,10 +16,11 @@ const validateImageRequest = require('./middleware/validateImageRequest');
 const errorController = require('./controllers/ErrorController');
 const configureSocialLogins = require('./socialLogins');
 const AppService = require('./services/AppService');
+const staticCache = require('./utils/staticCache');
 const noIndex = require('./middleware/noIndex');
 const routes = require('./routes');
 
-const { PORT, HOST, ALLOW_SOCIAL_LOGIN } = process.env ?? {};
+const { PORT, HOST, ALLOW_SOCIAL_LOGIN, DISABLE_COMPRESSION } = process.env ?? {};
 
 const port = Number(PORT) || 3080;
 const host = HOST || 'localhost';
@@ -37,30 +39,34 @@ const startServer = async () => {
 
   app.get('/health', (_req, res) => res.status(200).send('OK'));
 
-  // Middleware
+  /* Middleware */
   app.use(noIndex);
   app.use(errorController);
   app.use(express.json({ limit: '3mb' }));
   app.use(mongoSanitize());
   app.use(express.urlencoded({ extended: true, limit: '3mb' }));
-  app.use(express.static(app.locals.paths.dist));
-  app.use(express.static(app.locals.paths.fonts));
-  app.use(express.static(app.locals.paths.assets));
-  app.set('trust proxy', 1); // trust first proxy
+  app.use(staticCache(app.locals.paths.dist));
+  app.use(staticCache(app.locals.paths.fonts));
+  app.use(staticCache(app.locals.paths.assets));
+  app.set('trust proxy', 1); /* trust first proxy */
   app.use(cors());
 
+  if (!isEnabled(DISABLE_COMPRESSION)) {
+    app.use(compression());
+  }
+
   if (!ALLOW_SOCIAL_LOGIN) {
     console.warn(
       'Social logins are disabled. Set Environment Variable "ALLOW_SOCIAL_LOGIN" to true to enable them.',
     );
   }
 
-  // OAUTH
+  /* OAUTH */
   app.use(passport.initialize());
   passport.use(await jwtLogin());
   passport.use(passportLogin());
 
-  // LDAP Auth
+  /* LDAP Auth */
   if (process.env.LDAP_URL && process.env.LDAP_USER_SEARCH_BASE) {
     passport.use(ldapLogin);
   }
@@ -70,7 +76,7 @@ const startServer = async () => {
   }
 
   app.use('/oauth', routes.oauth);
-  // API Endpoints
+  /* API Endpoints */
   app.use('/api/auth', routes.auth);
   app.use('/api/keys', routes.keys);
   app.use('/api/user', routes.user);
@@ -94,6 +100,7 @@ const startServer = async () => {
   app.use('/api/share', routes.share);
   app.use('/api/roles', routes.roles);
 
+  app.use('/api/tags', routes.tags);
   app.use((req, res) => {
     res.sendFile(path.join(app.locals.paths.dist, 'index.html'));
   });

api/server/middleware/abortMiddleware.js

@@ -2,9 +2,9 @@ const { isAssistantsEndpoint } = require('librechat-data-provider');
 const { sendMessage, sendError, countTokens, isEnabled } = require('~/server/utils');
 const { truncateText, smartTruncateText } = require('~/app/clients/prompts');
 const clearPendingReq = require('~/cache/clearPendingReq');
+const { spendTokens } = require('~/models/spendTokens');
 const abortControllers = require('./abortControllers');
 const { saveMessage, getConvo } = require('~/models');
-const spendTokens = require('~/models/spendTokens');
 const { abortRun } = require('./abortRun');
 const { logger } = require('~/config');
 
@@ -30,7 +30,10 @@ async function abortMessage(req, res) {
     return res.status(204).send({ message: 'Request not found' });
   }
   const finalEvent = await abortController.abortCompletion();
-  logger.info('[abortMessage] Aborted request', { abortKey });
+  logger.debug(
+    `[abortMessage] ID: ${req.user.id} | ${req.user.email} | Aborted request: ` +
+      JSON.stringify({ abortKey }),
+  );
   abortControllers.delete(abortKey);
 
   if (res.headersSent && finalEvent) {
@@ -116,7 +119,11 @@ const createAbortController = (req, res, getAbortData, getReqData) => {
       { promptTokens, completionTokens },
     );
 
-    saveMessage({ ...responseMessage, user });
+    saveMessage(
+      req,
+      { ...responseMessage, user },
+      { context: 'api/server/middleware/abortMiddleware.js' },
+    );
 
     let conversation;
     if (userMessagePromise) {
@@ -190,7 +197,7 @@ const handleAbortError = async (res, req, error, data) => {
       }
     };
 
-    await sendError(res, options, callback);
+    await sendError(req, res, options, callback);
   };
 
   if (partialText && partialText.length > 5) {

api/server/middleware/assistants/validate.js

@@ -19,7 +19,8 @@ const validateAssistant = async (req, res, next) => {
   }
 
   const { supportedIds, excludedIds } = assistantsConfig;
-  const error = { message: 'Assistant not supported' };
+  const error = { message: 'validateAssistant: Assistant not supported' };
+
   if (supportedIds?.length && !supportedIds.includes(assistant_id)) {
     return await handleAbortError(res, req, error, {
       sender: 'System',

api/server/middleware/buildEndpointOption.js

@@ -1,4 +1,4 @@
-const { parseConvo, EModelEndpoint } = require('librechat-data-provider');
+const { parseCompactConvo, EModelEndpoint } = require('librechat-data-provider');
 const { getModelsConfig } = require('~/server/controllers/ModelController');
 const azureAssistants = require('~/server/services/Endpoints/azureAssistants');
 const assistants = require('~/server/services/Endpoints/assistants');
@@ -24,7 +24,7 @@ const buildFunction = {
 
 async function buildEndpointOption(req, res, next) {
   const { endpoint, endpointType } = req.body;
-  const parsedBody = parseConvo({ endpoint, endpointType, conversation: req.body });
+  const parsedBody = parseCompactConvo({ endpoint, endpointType, conversation: req.body });
 
   if (req.app.locals.modelSpecs?.list && req.app.locals.modelSpecs?.enforce) {
     /** @type {{ list: TModelSpec[] }}*/

api/server/middleware/checkInviteUser.js

@@ -0,0 +1,27 @@
+const { getInvite } = require('~/models/inviteUser');
+const { deleteTokens } = require('~/models/Token');
+
+async function checkInviteUser(req, res, next) {
+  const token = req.body.token;
+
+  if (!token || token === 'undefined') {
+    next();
+    return;
+  }
+
+  try {
+    const invite = await getInvite(token, req.body.email);
+
+    if (!invite || invite.error === true) {
+      return res.status(400).json({ message: 'Invalid invite token' });
+    }
+
+    await deleteTokens({ token: invite.token });
+    req.invite = invite;
+    next();
+  } catch (error) {
+    return res.status(429).json({ message: error.message });
+  }
+}
+
+module.exports = checkInviteUser;

api/server/middleware/concurrentLimiter.js

@@ -1,5 +1,7 @@
-const clearPendingReq = require('../../cache/clearPendingReq');
-const { logViolation, getLogStores } = require('../../cache');
+const { Time } = require('librechat-data-provider');
+const clearPendingReq = require('~/cache/clearPendingReq');
+const { logViolation, getLogStores } = require('~/cache');
+const { isEnabled } = require('~/server/utils');
 const denyRequest = require('./denyRequest');
 
 const {
@@ -7,7 +9,6 @@ const {
   CONCURRENT_MESSAGE_MAX = 1,
   CONCURRENT_VIOLATION_SCORE: score,
 } = process.env ?? {};
-const ttl = 1000 * 60 * 1;
 
 /**
  * Middleware to limit concurrent requests for a user.
@@ -38,7 +39,7 @@ const concurrentLimiter = async (req, res, next) => {
   const limit = Math.max(CONCURRENT_MESSAGE_MAX, 1);
   const type = 'concurrent';
 
-  const key = `${USE_REDIS ? namespace : ''}:${userId}`;
+  const key = `${isEnabled(USE_REDIS) ? namespace : ''}:${userId}`;
   const pendingRequests = +((await cache.get(key)) ?? 0);
 
   if (pendingRequests >= limit) {
@@ -51,7 +52,7 @@ const concurrentLimiter = async (req, res, next) => {
     await logViolation(req, res, type, errorMessage, score);
     return await denyRequest(req, res, errorMessage);
   } else {
-    await cache.set(key, pendingRequests + 1, ttl);
+    await cache.set(key, pendingRequests + 1, Time.ONE_MINUTE);
   }
 
   // Ensure the requests are removed from the store once the request is done

api/server/middleware/denyRequest.js

@@ -41,10 +41,14 @@ const denyRequest = async (req, res, errorMessage) => {
   const shouldSaveMessage = _convoId && parentMessageId && parentMessageId !== Constants.NO_PARENT;
 
   if (shouldSaveMessage) {
-    await saveMessage({ ...userMessage, user: req.user.id });
+    await saveMessage(
+      req,
+      { ...userMessage, user: req.user.id },
+      { context: `api/server/middleware/denyRequest.js - ${responseText}` },
+    );
   }
 
-  return await sendError(res, {
+  return await sendError(req, res, {
     sender: getResponseSender(req.body),
     messageId: crypto.randomUUID(),
     conversationId,

api/server/middleware/index.js

@@ -10,10 +10,12 @@ const requireLocalAuth = require('./requireLocalAuth');
 const canDeleteAccount = require('./canDeleteAccount');
 const requireLdapAuth = require('./requireLdapAuth');
 const abortMiddleware = require('./abortMiddleware');
+const checkInviteUser = require('./checkInviteUser');
 const requireJwtAuth = require('./requireJwtAuth');
 const validateModel = require('./validateModel');
 const moderateText = require('./moderateText');
 const setHeaders = require('./setHeaders');
+const validate = require('./validate');
 const limiters = require('./limiters');
 const uaParser = require('./uaParser');
 const checkBan = require('./checkBan');
@@ -22,6 +24,7 @@ const roles = require('./roles');
 
 module.exports = {
   ...abortMiddleware,
+  ...validate,
   ...limiters,
   ...roles,
   noIndex,
@@ -31,6 +34,7 @@ module.exports = {
   moderateText,
   validateModel,
   requireJwtAuth,
+  checkInviteUser,
   requireLdapAuth,
   requireLocalAuth,
   canDeleteAccount,

api/server/middleware/spec/validateImages.spec.js

@@ -0,0 +1,112 @@
+const jwt = require('jsonwebtoken');
+const validateImageRequest = require('~/server/middleware/validateImageRequest');
+
+describe('validateImageRequest middleware', () => {
+  let req, res, next;
+
+  beforeEach(() => {
+    req = {
+      app: { locals: { secureImageLinks: true } },
+      headers: {},
+      originalUrl: '',
+    };
+    res = {
+      status: jest.fn().mockReturnThis(),
+      send: jest.fn(),
+    };
+    next = jest.fn();
+    process.env.JWT_REFRESH_SECRET = 'test-secret';
+  });
+
+  afterEach(() => {
+    jest.clearAllMocks();
+  });
+
+  test('should call next() if secureImageLinks is false', () => {
+    req.app.locals.secureImageLinks = false;
+    validateImageRequest(req, res, next);
+    expect(next).toHaveBeenCalled();
+  });
+
+  test('should return 401 if refresh token is not provided', () => {
+    validateImageRequest(req, res, next);
+    expect(res.status).toHaveBeenCalledWith(401);
+    expect(res.send).toHaveBeenCalledWith('Unauthorized');
+  });
+
+  test('should return 403 if refresh token is invalid', () => {
+    req.headers.cookie = 'refreshToken=invalid-token';
+    validateImageRequest(req, res, next);
+    expect(res.status).toHaveBeenCalledWith(403);
+    expect(res.send).toHaveBeenCalledWith('Access Denied');
+  });
+
+  test('should return 403 if refresh token is expired', () => {
+    const expiredToken = jwt.sign(
+      { id: '123', exp: Math.floor(Date.now() / 1000) - 3600 },
+      process.env.JWT_REFRESH_SECRET,
+    );
+    req.headers.cookie = `refreshToken=${expiredToken}`;
+    validateImageRequest(req, res, next);
+    expect(res.status).toHaveBeenCalledWith(403);
+    expect(res.send).toHaveBeenCalledWith('Access Denied');
+  });
+
+  test('should call next() for valid image path', () => {
+    const validToken = jwt.sign(
+      { id: '123', exp: Math.floor(Date.now() / 1000) + 3600 },
+      process.env.JWT_REFRESH_SECRET,
+    );
+    req.headers.cookie = `refreshToken=${validToken}`;
+    req.originalUrl = '/images/123/example.jpg';
+    validateImageRequest(req, res, next);
+    expect(next).toHaveBeenCalled();
+  });
+
+  test('should return 403 for invalid image path', () => {
+    const validToken = jwt.sign(
+      { id: '123', exp: Math.floor(Date.now() / 1000) + 3600 },
+      process.env.JWT_REFRESH_SECRET,
+    );
+    req.headers.cookie = `refreshToken=${validToken}`;
+    req.originalUrl = '/images/456/example.jpg';
+    validateImageRequest(req, res, next);
+    expect(res.status).toHaveBeenCalledWith(403);
+    expect(res.send).toHaveBeenCalledWith('Access Denied');
+  });
+
+  // File traversal tests
+  test('should prevent file traversal attempts', () => {
+    const validToken = jwt.sign(
+      { id: '123', exp: Math.floor(Date.now() / 1000) + 3600 },
+      process.env.JWT_REFRESH_SECRET,
+    );
+    req.headers.cookie = `refreshToken=${validToken}`;
+
+    const traversalAttempts = [
+      '/images/123/../../../etc/passwd',
+      '/images/123/..%2F..%2F..%2Fetc%2Fpasswd',
+      '/images/123/image.jpg/../../../etc/passwd',
+      '/images/123/%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswd',
+    ];
+
+    traversalAttempts.forEach((attempt) => {
+      req.originalUrl = attempt;
+      validateImageRequest(req, res, next);
+      expect(res.status).toHaveBeenCalledWith(403);
+      expect(res.send).toHaveBeenCalledWith('Access Denied');
+      jest.clearAllMocks();
+    });
+  });
+
+  test('should handle URL encoded characters in valid paths', () => {
+    const validToken = jwt.sign(
+      { id: '123', exp: Math.floor(Date.now() / 1000) + 3600 },
+      process.env.JWT_REFRESH_SECRET,
+    );
+    req.headers.cookie = `refreshToken=${validToken}`;
+    req.originalUrl = '/images/123/image%20with%20spaces.jpg';
+    validateImageRequest(req, res, next);
+    expect(next).toHaveBeenCalled();
+  });
+});

api/server/middleware/validate/convoAccess.js

@@ -0,0 +1,73 @@
+const { Constants, ViolationTypes, Time } = require('librechat-data-provider');
+const { searchConversation } = require('~/models/Conversation');
+const denyRequest = require('~/server/middleware/denyRequest');
+const { logViolation, getLogStores } = require('~/cache');
+const { isEnabled } = require('~/server/utils');
+
+const { USE_REDIS, CONVO_ACCESS_VIOLATION_SCORE: score = 0 } = process.env ?? {};
+
+/**
+ * Middleware to validate user's authorization for a conversation.
+ *
+ * This middleware checks if a user has the right to access a specific conversation.
+ * If the user doesn't have access, an error is returned. If the conversation doesn't exist,
+ * a not found error is returned. If the access is valid, the middleware allows the request to proceed.
+ * If the `cache` store is not available, the middleware will skip its logic.
+ *
+ * @function
+ * @param {Express.Request} req - Express request object containing user information.
+ * @param {Express.Response} res - Express response object.
+ * @param {function} next - Express next middleware function.
+ * @throws {Error} Throws an error if the user doesn't have access to the conversation.
+ */
+const validateConvoAccess = async (req, res, next) => {
+  const namespace = ViolationTypes.CONVO_ACCESS;
+  const cache = getLogStores(namespace);
+
+  const conversationId = req.body.conversationId;
+
+  if (!conversationId || conversationId === Constants.NEW_CONVO) {
+    return next();
+  }
+
+  const userId = req.user?.id ?? req.user?._id ?? '';
+  const type = ViolationTypes.CONVO_ACCESS;
+  const key = `${isEnabled(USE_REDIS) ? namespace : ''}:${userId}:${conversationId}`;
+
+  try {
+    if (cache) {
+      const cachedAccess = await cache.get(key);
+      if (cachedAccess === 'authorized') {
+        return next();
+      }
+    }
+
+    const conversation = await searchConversation(conversationId);
+
+    if (!conversation) {
+      return next();
+    }
+
+    if (conversation.user !== userId) {
+      const errorMessage = {
+        type,
+        error: 'User not authorized for this conversation',
+      };
+
+      if (cache) {
+        await logViolation(req, res, type, errorMessage, score);
+      }
+      return await denyRequest(req, res, errorMessage);
+    }
+
+    if (cache) {
+      await cache.set(key, 'authorized', Time.TEN_MINUTES);
+    }
+    next();
+  } catch (error) {
+    console.error('Error validating conversation access:', error);
+    res.status(500).json({ error: 'Internal server error' });
+  }
+};
+
+module.exports = validateConvoAccess;

api/server/middleware/validate/index.js

@@ -0,0 +1,4 @@
+const validateConvoAccess = require('./convoAccess');
+module.exports = {
+  validateConvoAccess,
+};

api/server/middleware/validateImageRequest.js

@@ -31,10 +31,14 @@ function validateImageRequest(req, res, next) {
     return res.status(403).send('Access Denied');
   }
 
-  if (req.path.includes(payload.id)) {
+  const fullPath = decodeURIComponent(req.originalUrl);
+  const pathPattern = new RegExp(`^/images/${payload.id}/[^/]+$`);
+
+  if (pathPattern.test(fullPath)) {
     logger.debug('[validateImageRequest] Image request validated');
     next();
   } else {
+    logger.warn('[validateImageRequest] Invalid image path');
     res.status(403).send('Access Denied');
   }
 }

api/server/middleware/validateRegistration.js

@@ -1,10 +1,16 @@
 const { isEnabled } = require('~/server/utils');
 
 function validateRegistration(req, res, next) {
+  if (req.invite) {
+    return next();
+  }
+
   if (isEnabled(process.env.ALLOW_REGISTRATION)) {
     next();
   } else {
-    res.status(403).send('Registration is not allowed.');
+    return res.status(403).json({
+      message: 'Registration is not allowed.',
+    });
   }
 }
 

api/server/routes/__tests__/config.spec.js

@@ -76,7 +76,9 @@ describe.skip('GET /', () => {
       openidLoginEnabled: true,
       openidLabel: 'Test OpenID',
       openidImageUrl: 'http://test-server.com',
-      ldapLoginEnabled: true,
+      ldap: {
+        enabled: true,
+      },
       serverDomain: 'http://test-server.com',
       emailLoginEnabled: 'true',
       registrationEnabled: 'true',

api/server/routes/__tests__/ldap.spec.js

@@ -0,0 +1,55 @@
+const request = require('supertest');
+const express = require('express');
+const { getLdapConfig } = require('~/server/services/Config/ldap');
+const { isEnabled } = require('~/server/utils');
+
+jest.mock('~/server/services/Config/ldap');
+jest.mock('~/server/utils');
+
+const app = express();
+
+// Mock the route handler
+app.get('/api/config', (req, res) => {
+  const ldapConfig = getLdapConfig();
+  res.json({ ldap: ldapConfig });
+});
+
+describe('LDAP Config Tests', () => {
+  afterEach(() => {
+    jest.resetAllMocks();
+  });
+
+  it('should return LDAP config with username property when LDAP_LOGIN_USES_USERNAME is enabled', async () => {
+    getLdapConfig.mockReturnValue({ enabled: true, username: true });
+    isEnabled.mockReturnValue(true);
+
+    const response = await request(app).get('/api/config');
+
+    expect(response.statusCode).toBe(200);
+    expect(response.body.ldap).toEqual({
+      enabled: true,
+      username: true,
+    });
+  });
+
+  it('should return LDAP config without username property when LDAP_LOGIN_USES_USERNAME is not enabled', async () => {
+    getLdapConfig.mockReturnValue({ enabled: true });
+    isEnabled.mockReturnValue(false);
+
+    const response = await request(app).get('/api/config');
+
+    expect(response.statusCode).toBe(200);
+    expect(response.body.ldap).toEqual({
+      enabled: true,
+    });
+  });
+
+  it('should not return LDAP config when LDAP is not enabled', async () => {
+    getLdapConfig.mockReturnValue(undefined);
+
+    const response = await request(app).get('/api/config');
+
+    expect(response.statusCode).toBe(200);
+    expect(response.body.ldap).toBeUndefined();
+  });
+});

api/server/routes/ask/askChatGPTBrowser.js

@@ -51,8 +51,8 @@ router.post('/', setHeaders, async (req, res) => {
   });
 
   if (!overrideParentMessageId) {
-    await saveMessage({ ...userMessage, user: req.user.id });
-    await saveConvo(req.user.id, {
+    await saveMessage(req, { ...userMessage, user: req.user.id });
+    await saveConvo(req, {
       ...userMessage,
       ...endpointOption,
       conversationId,
@@ -93,7 +93,7 @@ const ask = async ({
         const currentTimestamp = Date.now();
         if (currentTimestamp - lastSavedTimestamp > 500) {
           lastSavedTimestamp = currentTimestamp;
-          saveMessage({
+          saveMessage(req, {
             messageId: responseMessageId,
             sender: endpointOption?.jailbreak ? 'Sydney' : 'BingAI',
             conversationId,
@@ -159,7 +159,7 @@ const ask = async ({
       isCreatedByUser: false,
     };
 
-    await saveMessage({ ...responseMessage, user });
+    await saveMessage(req, { ...responseMessage, user });
     responseMessage.messageId = newResponseMessageId;
 
     // STEP2 update the conversation
@@ -183,7 +183,7 @@ const ask = async ({
       }
     }
 
-    await saveConvo(user, conversationUpdate);
+    await saveConvo(req, conversationUpdate);
     conversationId = newConversationId;
 
     // STEP3 update the user message
@@ -192,7 +192,7 @@ const ask = async ({
 
     // If response has parentMessageId, the fake userMessage.messageId should be updated to the real one.
     if (!overrideParentMessageId) {
-      await saveMessage({
+      await saveMessage(req, {
         ...userMessage,
         user,
         messageId: userMessageId,
@@ -213,7 +213,7 @@ const ask = async ({
     if (userParentMessageId == Constants.NO_PARENT) {
       // const title = await titleConvo({ endpoint: endpointOption?.endpoint, text, response: responseMessage });
       const title = await response.details.title;
-      await saveConvo(user, {
+      await saveConvo(req, {
         conversationId: conversationId,
         title,
       });
@@ -229,7 +229,7 @@ const ask = async ({
       isCreatedByUser: false,
       text: `${getPartialMessage() ?? ''}\n\nError message: "${error.message}"`,
     };
-    await saveMessage({ ...errorMessage, user });
+    await saveMessage(req, { ...errorMessage, user });
     handleError(res, errorMessage);
   }
 };

api/server/routes/ask/bingAI.js

@@ -70,8 +70,8 @@ router.post('/', setHeaders, async (req, res) => {
   });
 
   if (!overrideParentMessageId) {
-    await saveMessage({ ...userMessage, user: req.user.id });
-    await saveConvo(req.user.id, {
+    await saveMessage(req, { ...userMessage, user: req.user.id });
+    await saveConvo(req, {
       ...userMessage,
       ...endpointOption,
       conversationId,
@@ -118,7 +118,7 @@ const ask = async ({
       const currentTimestamp = Date.now();
       if (currentTimestamp - lastSavedTimestamp > 500) {
         lastSavedTimestamp = currentTimestamp;
-        saveMessage({
+        saveMessage(req, {
           messageId: responseMessageId,
           sender: model,
           conversationId,
@@ -197,7 +197,7 @@ const ask = async ({
       isCreatedByUser: false,
     };
 
-    await saveMessage({ ...responseMessage, user });
+    await saveMessage(req, { ...responseMessage, user });
     responseMessage.messageId = newResponseMessageId;
 
     let conversationUpdate = {
@@ -216,12 +216,12 @@ const ask = async ({
       conversationUpdate.invocationId = response.invocationId;
     }
 
-    await saveConvo(user, conversationUpdate);
+    await saveConvo(req, conversationUpdate);
     userMessage.messageId = newUserMessageId;
 
     // If response has parentMessageId, the fake userMessage.messageId should be updated to the real one.
     if (!overrideParentMessageId) {
-      await saveMessage({
+      await saveMessage(req, {
         ...userMessage,
         user,
         messageId: userMessageId,
@@ -245,7 +245,7 @@ const ask = async ({
         response: responseMessage,
       });
 
-      await saveConvo(user, {
+      await saveConvo(req, {
         conversationId: conversationId,
         title,
       });
@@ -266,7 +266,7 @@ const ask = async ({
         isCreatedByUser: false,
       };
 
-      saveMessage({ ...responseMessage, user });
+      saveMessage(req, { ...responseMessage, user });
 
       return {
         title: await getConvoTitle(user, conversationId),
@@ -288,7 +288,7 @@ const ask = async ({
         model,
         isCreatedByUser: false,
       };
-      await saveMessage({ ...errorMessage, user });
+      await saveMessage(req, { ...errorMessage, user });
       handleError(res, errorMessage);
     }
   }

api/server/routes/ask/gptPlugins.js

@@ -1,10 +1,11 @@
 const express = require('express');
 const throttle = require('lodash/throttle');
-const { getResponseSender, Constants } = require('librechat-data-provider');
+const { getResponseSender, Constants, CacheKeys, Time } = require('librechat-data-provider');
 const { initializeClient } = require('~/server/services/Endpoints/gptPlugins');
 const { sendMessage, createOnProgress } = require('~/server/utils');
 const { addTitle } = require('~/server/services/Endpoints/openAI');
-const { saveMessage } = require('~/models');
+const { saveMessage, updateMessage } = require('~/models');
+const { getLogStores } = require('~/cache');
 const {
   handleAbort,
   createAbortController,
@@ -71,7 +72,15 @@ router.post(
       }
     };
 
-    const throttledSaveMessage = throttle(saveMessage, 3000, { trailing: false });
+    const messageCache = getLogStores(CacheKeys.MESSAGES);
+    const throttledCacheSet = throttle(
+      (text) => {
+        messageCache.set(responseMessageId, text, Time.FIVE_MINUTES);
+      },
+      3000,
+      { trailing: false },
+    );
+
     let streaming = null;
     let timer = null;
 
@@ -85,18 +94,7 @@ router.post(
           clearTimeout(timer);
         }
 
-        throttledSaveMessage({
-          messageId: responseMessageId,
-          sender,
-          conversationId,
-          parentMessageId: overrideParentMessageId || userMessageId,
-          text: partialText,
-          model: endpointOption.modelOptions.model,
-          unfinished: true,
-          error: false,
-          plugins,
-          user,
-        });
+        throttledCacheSet(partialText);
 
         streaming = new Promise((resolve) => {
           timer = setTimeout(() => {
@@ -170,7 +168,11 @@ router.post(
 
       const onChainEnd = () => {
         if (!client.skipSaveUserMessage) {
-          saveMessage({ ...userMessage, user });
+          saveMessage(
+            req,
+            { ...userMessage, user },
+            { context: 'api/server/routes/ask/gptPlugins.js - onChainEnd' },
+          );
         }
         sendIntermediateMessage(res, {
           plugins,
@@ -207,9 +209,6 @@ router.post(
 
       logger.debug('[/ask/gptPlugins]', response);
 
-      response.plugins = plugins.map((p) => ({ ...p, loading: false }));
-      await saveMessage({ ...response, user });
-
       const { conversation = {} } = await client.responsePromise;
       conversation.title =
         conversation && !conversation.title ? null : conversation?.title || 'New Chat';
@@ -230,6 +229,15 @@ router.post(
           client,
         });
       }
+
+      response.plugins = plugins.map((p) => ({ ...p, loading: false }));
+      if (response.plugins?.length > 0) {
+        await updateMessage(
+          req,
+          { ...response, user },
+          { context: 'api/server/routes/ask/gptPlugins.js - save plugins used' },
+        );
+      }
     } catch (error) {
       const partialText = getPartialText();
       handleAbortError(res, req, error, {

api/server/routes/ask/index.js

@@ -12,9 +12,10 @@ const {
   uaParser,
   checkBan,
   requireJwtAuth,
-  concurrentLimiter,
   messageIpLimiter,
+  concurrentLimiter,
   messageUserLimiter,
+  validateConvoAccess,
 } = require('~/server/middleware');
 
 const { LIMIT_CONCURRENT_MESSAGES, LIMIT_MESSAGE_IP, LIMIT_MESSAGE_USER } = process.env ?? {};
@@ -37,6 +38,8 @@ if (isEnabled(LIMIT_MESSAGE_USER)) {
   router.use(messageUserLimiter);
 }
 
+router.use(validateConvoAccess);
+
 router.use([`/${EModelEndpoint.azureOpenAI}`, `/${EModelEndpoint.openAI}`], openAI);
 router.use(`/${EModelEndpoint.chatGPTBrowser}`, askChatGPTBrowser);
 router.use(`/${EModelEndpoint.gptPlugins}`, gptPlugins);

api/server/routes/assistants/actions.js

@@ -42,7 +42,7 @@ router.post('/:assistant_id', async (req, res) => {
       return res.status(400).json({ message: 'No functions provided' });
     }
 
-    let metadata = encryptMetadata(_metadata);
+    let metadata = await encryptMetadata(_metadata);
 
     let { domain } = metadata;
     domain = await domainParser(req, domain, true);

api/server/routes/assistants/chatV1.js

@@ -8,6 +8,7 @@ const {
   // validateEndpoint,
   buildEndpointOption,
 } = require('~/server/middleware');
+const validateConvoAccess = require('~/server/middleware/validate/convoAccess');
 const validateAssistant = require('~/server/middleware/assistants/validate');
 const chatController = require('~/server/controllers/assistants/chatV1');
 
@@ -21,6 +22,14 @@ router.post('/abort', handleAbort());
  * @param {express.Response} res - The response object, used to send back a response.
  * @returns {void}
  */
-router.post('/', validateModel, buildEndpointOption, validateAssistant, setHeaders, chatController);
+router.post(
+  '/',
+  validateModel,
+  buildEndpointOption,
+  validateAssistant,
+  validateConvoAccess,
+  setHeaders,
+  chatController,
+);
 
 module.exports = router;

api/server/routes/assistants/chatV2.js

@@ -8,6 +8,7 @@ const {
   // validateEndpoint,
   buildEndpointOption,
 } = require('~/server/middleware');
+const validateConvoAccess = require('~/server/middleware/validate/convoAccess');
 const validateAssistant = require('~/server/middleware/assistants/validate');
 const chatController = require('~/server/controllers/assistants/chatV2');
 
@@ -21,6 +22,14 @@ router.post('/abort', handleAbort());
  * @param {express.Response} res - The response object, used to send back a response.
  * @returns {void}
  */
-router.post('/', validateModel, buildEndpointOption, validateAssistant, setHeaders, chatController);
+router.post(
+  '/',
+  validateModel,
+  buildEndpointOption,
+  validateAssistant,
+  validateConvoAccess,
+  setHeaders,
+  chatController,
+);
 
 module.exports = router;

api/server/routes/assistants/index.js

@@ -1,13 +1,6 @@
 const express = require('express');
 const router = express.Router();
-const {
-  uaParser,
-  checkBan,
-  requireJwtAuth,
-  // concurrentLimiter,
-  // messageIpLimiter,
-  // messageUserLimiter,
-} = require('~/server/middleware');
+const { uaParser, checkBan, requireJwtAuth } = require('~/server/middleware');
 
 const v1 = require('./v1');
 const chatV1 = require('./chatV1');

api/server/routes/auth.js

@@ -11,6 +11,7 @@ const {
   checkBan,
   loginLimiter,
   requireJwtAuth,
+  checkInviteUser,
   registerLimiter,
   requireLdapAuth,
   requireLocalAuth,
@@ -32,7 +33,14 @@ router.post(
   loginController,
 );
 router.post('/refresh', refreshController);
-router.post('/register', registerLimiter, checkBan, validateRegistration, registrationController);
+router.post(
+  '/register',
+  registerLimiter,
+  checkBan,
+  checkInviteUser,
+  validateRegistration,
+  registrationController,
+);
 router.post(
   '/requestPasswordReset',
   resetPasswordLimiter,

api/server/routes/config.js

@@ -1,5 +1,6 @@
 const express = require('express');
 const { CacheKeys, defaultSocialLogins } = require('librechat-data-provider');
+const { getLdapConfig } = require('~/server/services/Config/ldap');
 const { getProjectByName } = require('~/models/Project');
 const { isEnabled } = require('~/server/utils');
 const { getLogStores } = require('~/cache');
@@ -33,7 +34,8 @@ router.get('/', async function (req, res) {
 
   const instanceProject = await getProjectByName('instance', '_id');
 
-  const ldapLoginEnabled = !!process.env.LDAP_URL && !!process.env.LDAP_USER_SEARCH_BASE;
+  const ldap = getLdapConfig();
+
   try {
     /** @type {TStartupConfig} */
     const payload = {
@@ -51,10 +53,9 @@ router.get('/', async function (req, res) {
         !!process.env.OPENID_SESSION_SECRET,
       openidLabel: process.env.OPENID_BUTTON_LABEL || 'Continue with OpenID',
       openidImageUrl: process.env.OPENID_IMAGE_URL,
-      ldapLoginEnabled,
       serverDomain: process.env.DOMAIN_SERVER || 'http://localhost:3080',
       emailLoginEnabled,
-      registrationEnabled: !ldapLoginEnabled && isEnabled(process.env.ALLOW_REGISTRATION),
+      registrationEnabled: !ldap?.enabled && isEnabled(process.env.ALLOW_REGISTRATION),
       socialLoginEnabled: isEnabled(process.env.ALLOW_SOCIAL_LOGIN),
       emailEnabled:
         (!!process.env.EMAIL_SERVICE || !!process.env.EMAIL_HOST) &&
@@ -76,6 +77,10 @@ router.get('/', async function (req, res) {
       instanceProjectId: instanceProject._id.toString(),
     };
 
+    if (ldap) {
+      payload.ldap = ldap;
+    }
+
     if (typeof process.env.CUSTOM_FOOTER === 'string') {
       payload.customFooter = process.env.CUSTOM_FOOTER;
     }

api/server/routes/convos.js

@@ -30,8 +30,14 @@ router.get('/', async (req, res) => {
     return res.status(400).json({ error: 'Invalid page size' });
   }
   const isArchived = req.query.isArchived === 'true';
+  let tags;
+  if (req.query.tags) {
+    tags = Array.isArray(req.query.tags) ? req.query.tags : [req.query.tags];
+  } else {
+    tags = undefined;
+  }
 
-  res.status(200).send(await getConvosByPage(req.user.id, pageNumber, pageSize, isArchived));
+  res.status(200).send(await getConvosByPage(req.user.id, pageNumber, pageSize, isArchived, tags));
 });
 
 router.get('/:conversationId', async (req, res) => {
@@ -104,7 +110,7 @@ router.post('/update', async (req, res) => {
   const update = req.body.arg;
 
   try {
-    const dbResponse = await saveConvo(req.user.id, update);
+    const dbResponse = await saveConvo(req, update, { context: 'POST /api/convos/update' });
     res.status(201).json(dbResponse);
   } catch (error) {
     logger.error('Error updating conversation', error);

api/server/routes/edit/gptPlugins.js

@@ -1,19 +1,20 @@
 const express = require('express');
 const throttle = require('lodash/throttle');
-const { getResponseSender } = require('librechat-data-provider');
+const { getResponseSender, CacheKeys, Time } = require('librechat-data-provider');
 const {
-  handleAbort,
-  createAbortController,
-  handleAbortError,
   setHeaders,
+  handleAbort,
+  moderateText,
   validateModel,
+  handleAbortError,
   validateEndpoint,
   buildEndpointOption,
-  moderateText,
+  createAbortController,
 } = require('~/server/middleware');
 const { sendMessage, createOnProgress, formatSteps, formatAction } = require('~/server/utils');
 const { initializeClient } = require('~/server/services/Endpoints/gptPlugins');
-const { saveMessage } = require('~/models');
+const { saveMessage, updateMessage } = require('~/models');
+const { getLogStores } = require('~/cache');
 const { validateTools } = require('~/app');
 const { logger } = require('~/config');
 
@@ -79,7 +80,15 @@ router.post(
       }
     };
 
-    const throttledSaveMessage = throttle(saveMessage, 3000, { trailing: false });
+    const messageCache = getLogStores(CacheKeys.MESSAGES);
+    const throttledCacheSet = throttle(
+      (text) => {
+        messageCache.set(responseMessageId, text, Time.FIVE_MINUTES);
+      },
+      3000,
+      { trailing: false },
+    );
+
     const {
       onProgress: progressCallback,
       sendIntermediateMessage,
@@ -90,19 +99,7 @@ router.post(
         if (plugin.loading === true) {
           plugin.loading = false;
         }
-
-        throttledSaveMessage({
-          messageId: responseMessageId,
-          sender,
-          conversationId,
-          parentMessageId: overrideParentMessageId || userMessageId,
-          text: partialText,
-          model: endpointOption.modelOptions.model,
-          unfinished: true,
-          isEdited: true,
-          error: false,
-          user,
-        });
+        throttledCacheSet(partialText);
       },
     });
 
@@ -110,7 +107,11 @@ router.post(
       let { intermediateSteps: steps } = data;
       plugin.outputs = steps && steps[0].action ? formatSteps(steps) : 'An error occurred.';
       plugin.loading = false;
-      saveMessage({ ...userMessage, user });
+      saveMessage(
+        req,
+        { ...userMessage, user },
+        { context: 'api/server/routes/ask/gptPlugins.js - onChainEnd' },
+      );
       sendIntermediateMessage(res, {
         plugin,
         parentMessageId: userMessage.messageId,
@@ -141,7 +142,11 @@ router.post(
         plugin.inputs.push(formattedAction);
         plugin.latest = formattedAction.plugin;
         if (!start && !client.skipSaveUserMessage) {
-          saveMessage({ ...userMessage, user });
+          saveMessage(
+            req,
+            { ...userMessage, user },
+            { context: 'api/server/routes/ask/gptPlugins.js - onAgentAction' },
+          );
         }
         sendIntermediateMessage(res, {
           plugin,
@@ -179,8 +184,6 @@ router.post(
       }
 
       logger.debug('[/edit/gptPlugins] CLIENT RESPONSE', response);
-      response.plugin = { ...plugin, loading: false };
-      await saveMessage({ ...response, user });
 
       const { conversation = {} } = await client.responsePromise;
       conversation.title =
@@ -194,6 +197,13 @@ router.post(
         responseMessage: response,
       });
       res.end();
+
+      response.plugin = { ...plugin, loading: false };
+      await updateMessage(
+        req,
+        { ...response, user },
+        { context: 'api/server/routes/edit/gptPlugins.js' },
+      );
     } catch (error) {
       const partialText = getPartialText();
       handleAbortError(res, req, error, {

api/server/routes/edit/index.js

@@ -13,6 +13,7 @@ const {
   messageIpLimiter,
   concurrentLimiter,
   messageUserLimiter,
+  validateConvoAccess,
 } = require('~/server/middleware');
 
 const { LIMIT_CONCURRENT_MESSAGES, LIMIT_MESSAGE_IP, LIMIT_MESSAGE_USER } = process.env ?? {};
@@ -35,6 +36,8 @@ if (isEnabled(LIMIT_MESSAGE_USER)) {
   router.use(messageUserLimiter);
 }
 
+router.use(validateConvoAccess);
+
 router.use([`/${EModelEndpoint.azureOpenAI}`, `/${EModelEndpoint.openAI}`], openAI);
 router.use(`/${EModelEndpoint.gptPlugins}`, gptPlugins);
 router.use(`/${EModelEndpoint.anthropic}`, anthropic);

api/server/routes/files/files.js

@@ -1,13 +1,18 @@
 const fs = require('fs').promises;
 const express = require('express');
-const { isUUID, checkOpenAIStorage } = require('librechat-data-provider');
+const {
+  isUUID,
+  checkOpenAIStorage,
+  FileSources,
+  EModelEndpoint,
+} = require('librechat-data-provider');
 const {
   filterFile,
   processFileUpload,
   processDeleteRequest,
 } = require('~/server/services/Files/process');
-const { initializeClient } = require('~/server/services/Endpoints/assistants');
 const { getStrategyFunctions } = require('~/server/services/Files/strategies');
+const { getOpenAIClient } = require('~/server/controllers/assistants/helpers');
 const { getFiles } = require('~/models/File');
 const { logger } = require('~/config');
 
@@ -113,7 +118,15 @@ router.get('/download/:userId/:file_id', async (req, res) => {
 
     if (checkOpenAIStorage(file.source)) {
       req.body = { model: file.model };
-      const { openai } = await initializeClient({ req, res });
+      const endpointMap = {
+        [FileSources.openai]: EModelEndpoint.assistants,
+        [FileSources.azure]: EModelEndpoint.azureAssistants,
+      };
+      const { openai } = await getOpenAIClient({
+        req,
+        res,
+        overrideEndpoint: endpointMap[file.source],
+      });
       logger.debug(`Downloading file ${file_id} from OpenAI`);
       passThrough = await getDownloadStream(file_id, openai);
       setHeaders();

api/server/routes/index.js

@@ -21,6 +21,7 @@ const staticRoute = require('./static');
 const share = require('./share');
 const categories = require('./categories');
 const roles = require('./roles');
+const tags = require('./tags');
 
 module.exports = {
   search,
@@ -46,4 +47,5 @@ module.exports = {
   share,
   categories,
   roles,
+  tags,
 };

api/server/routes/messages.js

@@ -1,49 +1,79 @@
 const express = require('express');
-const router = express.Router();
-const {
-  getMessages,
-  updateMessage,
-  saveConvo,
-  saveMessage,
-  deleteMessages,
-} = require('../../models');
-const { countTokens } = require('../utils');
-const { requireJwtAuth, validateMessageReq } = require('../middleware/');
+const { saveConvo, saveMessage, getMessages, updateMessage, deleteMessages } = require('~/models');
+const { requireJwtAuth, validateMessageReq } = require('~/server/middleware');
+const { countTokens } = require('~/server/utils');
+const { logger } = require('~/config');
 
+const router = express.Router();
 router.use(requireJwtAuth);
 
+/* Note: It's necessary to add `validateMessageReq` within route definition for correct params */
 router.get('/:conversationId', validateMessageReq, async (req, res) => {
-  const { conversationId } = req.params;
-  res.status(200).send(await getMessages({ conversationId }, '-_id -__v -user'));
+  try {
+    const { conversationId } = req.params;
+    const messages = await getMessages({ conversationId }, '-_id -__v -user');
+    res.status(200).json(messages);
+  } catch (error) {
+    logger.error('Error fetching messages:', error);
+    res.status(500).json({ error: 'Internal server error' });
+  }
 });
 
-// CREATE
 router.post('/:conversationId', validateMessageReq, async (req, res) => {
-  const message = req.body;
-  const savedMessage = await saveMessage({ ...message, user: req.user.id });
-  await saveConvo(req.user.id, savedMessage);
-  res.status(201).send(savedMessage);
+  try {
+    const message = req.body;
+    const savedMessage = await saveMessage(
+      req,
+      { ...message, user: req.user.id },
+      { context: 'POST /api/messages/:conversationId' },
+    );
+    if (!savedMessage) {
+      return res.status(400).json({ error: 'Message not saved' });
+    }
+    await saveConvo(req, savedMessage, { context: 'POST /api/messages/:conversationId' });
+    res.status(201).json(savedMessage);
+  } catch (error) {
+    logger.error('Error saving message:', error);
+    res.status(500).json({ error: 'Internal server error' });
+  }
 });
 
-// READ
 router.get('/:conversationId/:messageId', validateMessageReq, async (req, res) => {
-  const { conversationId, messageId } = req.params;
-  res.status(200).send(await getMessages({ conversationId, messageId }, '-_id -__v -user'));
+  try {
+    const { conversationId, messageId } = req.params;
+    const message = await getMessages({ conversationId, messageId }, '-_id -__v -user');
+    if (!message) {
+      return res.status(404).json({ error: 'Message not found' });
+    }
+    res.status(200).json(message);
+  } catch (error) {
+    logger.error('Error fetching message:', error);
+    res.status(500).json({ error: 'Internal server error' });
+  }
 });
 
-// UPDATE
 router.put('/:conversationId/:messageId', validateMessageReq, async (req, res) => {
-  const { messageId, model } = req.params;
-  const { text } = req.body;
-  const tokenCount = await countTokens(text, model);
-  res.status(201).json(await updateMessage({ messageId, text, tokenCount }));
+  try {
+    const { messageId, model } = req.params;
+    const { text } = req.body;
+    const tokenCount = await countTokens(text, model);
+    const result = await updateMessage(req, { messageId, text, tokenCount });
+    res.status(200).json(result);
+  } catch (error) {
+    logger.error('Error updating message:', error);
+    res.status(500).json({ error: 'Internal server error' });
+  }
 });
 
-// DELETE
 router.delete('/:conversationId/:messageId', validateMessageReq, async (req, res) => {
-  const { messageId } = req.params;
-  await deleteMessages({ messageId });
-  res.status(204).send();
+  try {
+    const { messageId } = req.params;
+    await deleteMessages({ messageId });
+    res.status(204).send();
+  } catch (error) {
+    logger.error('Error deleting message:', error);
+    res.status(500).json({ error: 'Internal server error' });
+  }
 });
 
 module.exports = router;

api/server/routes/static.js

@@ -1,7 +1,8 @@
 const express = require('express');
+const staticCache = require('../utils/staticCache');
 const paths = require('~/config/paths');
 
 const router = express.Router();
-router.use(express.static(paths.imageOutput));
+router.use(staticCache(paths.imageOutput));
 
 module.exports = router;

api/server/routes/tags.js

@@ -0,0 +1,116 @@
+const express = require('express');
+const { PermissionTypes, Permissions } = require('librechat-data-provider');
+const {
+  getConversationTags,
+  updateConversationTag,
+  createConversationTag,
+  deleteConversationTag,
+  updateTagsForConversation,
+} = require('~/models/ConversationTag');
+const { requireJwtAuth, generateCheckAccess } = require('~/server/middleware');
+const { logger } = require('~/config');
+
+const router = express.Router();
+
+const checkBookmarkAccess = generateCheckAccess(PermissionTypes.BOOKMARKS, [Permissions.USE]);
+
+router.use(requireJwtAuth);
+router.use(checkBookmarkAccess);
+
+/**
+ * GET /
+ * Retrieves all conversation tags for the authenticated user.
+ * @param {Object} req - Express request object
+ * @param {Object} res - Express response object
+ */
+router.get('/', async (req, res) => {
+  try {
+    const tags = await getConversationTags(req.user.id);
+    if (tags) {
+      res.status(200).json(tags);
+    } else {
+      res.status(404).end();
+    }
+  } catch (error) {
+    logger.error('Error getting conversation tags:', error);
+    res.status(500).json({ error: 'Internal server error' });
+  }
+});
+
+/**
+ * POST /
+ * Creates a new conversation tag for the authenticated user.
+ * @param {Object} req - Express request object
+ * @param {Object} res - Express response object
+ */
+router.post('/', async (req, res) => {
+  try {
+    const tag = await createConversationTag(req.user.id, req.body);
+    res.status(200).json(tag);
+  } catch (error) {
+    logger.error('Error creating conversation tag:', error);
+    res.status(500).json({ error: 'Internal server error' });
+  }
+});
+
+/**
+ * PUT /:tag
+ * Updates an existing conversation tag for the authenticated user.
+ * @param {Object} req - Express request object
+ * @param {Object} res - Express response object
+ */
+router.put('/:tag', async (req, res) => {
+  try {
+    const tag = await updateConversationTag(req.user.id, req.params.tag, req.body);
+    if (tag) {
+      res.status(200).json(tag);
+    } else {
+      res.status(404).json({ error: 'Tag not found' });
+    }
+  } catch (error) {
+    logger.error('Error updating conversation tag:', error);
+    res.status(500).json({ error: 'Internal server error' });
+  }
+});
+
+/**
+ * DELETE /:tag
+ * Deletes a conversation tag for the authenticated user.
+ * @param {Object} req - Express request object
+ * @param {Object} res - Express response object
+ */
+router.delete('/:tag', async (req, res) => {
+  try {
+    const tag = await deleteConversationTag(req.user.id, req.params.tag);
+    if (tag) {
+      res.status(200).json(tag);
+    } else {
+      res.status(404).json({ error: 'Tag not found' });
+    }
+  } catch (error) {
+    logger.error('Error deleting conversation tag:', error);
+    res.status(500).json({ error: 'Internal server error' });
+  }
+});
+
+/**
+ * PUT /convo/:conversationId
+ * Updates the tags for a conversation.
+ * @param {Object} req - Express request object
+ * @param {Object} res - Express response object
+ */
+router.put('/convo/:conversationId', async (req, res) => {
+  try {
+    const conversationTags = await updateTagsForConversation(
+      req.user.id,
+      req.params.conversationId,
+      req.body.tags,
+    );
+    res.status(200).json(conversationTags);
+  } catch (error) {
+    logger.error('Error updating conversation tags', error);
+    res.status(500).send('Error updating conversation tags');
+  }
+});
+
+module.exports = router;

api/server/services/ActionService.js

@@ -116,8 +116,8 @@ async function loadActionSets(searchParams) {
  * @param {ActionRequest} params.requestBuilder - The ActionRequest builder class to execute the API call.
  * @returns { { _call: (toolInput: Object) => unknown} } An object with `_call` method to execute the tool input.
  */
-function createActionTool({ action, requestBuilder }) {
-  action.metadata = decryptMetadata(action.metadata);
+async function createActionTool({ action, requestBuilder }) {
+  action.metadata = await decryptMetadata(action.metadata);
   const _call = async (toolInput) => {
     try {
       requestBuilder.setParams(toolInput);
@@ -153,23 +153,23 @@ function createActionTool({ action, requestBuilder }) {
  * @param {ActionMetadata} metadata - The action metadata to encrypt.
  * @returns {ActionMetadata} The updated action metadata with encrypted values.
  */
-function encryptMetadata(metadata) {
+async function encryptMetadata(metadata) {
   const encryptedMetadata = { ...metadata };
 
   // ServiceHttp
   if (metadata.auth && metadata.auth.type === AuthTypeEnum.ServiceHttp) {
     if (metadata.api_key) {
-      encryptedMetadata.api_key = encryptV2(metadata.api_key);
+      encryptedMetadata.api_key = await encryptV2(metadata.api_key);
     }
   }
 
   // OAuth
   else if (metadata.auth && metadata.auth.type === AuthTypeEnum.OAuth) {
     if (metadata.oauth_client_id) {
-      encryptedMetadata.oauth_client_id = encryptV2(metadata.oauth_client_id);
+      encryptedMetadata.oauth_client_id = await encryptV2(metadata.oauth_client_id);
     }
     if (metadata.oauth_client_secret) {
-      encryptedMetadata.oauth_client_secret = encryptV2(metadata.oauth_client_secret);
+      encryptedMetadata.oauth_client_secret = await encryptV2(metadata.oauth_client_secret);
     }
   }
 
@@ -182,23 +182,23 @@ function encryptMetadata(metadata) {
  * @param {ActionMetadata} metadata - The action metadata to decrypt.
  * @returns {ActionMetadata} The updated action metadata with decrypted values.
  */
-function decryptMetadata(metadata) {
+async function decryptMetadata(metadata) {
   const decryptedMetadata = { ...metadata };
 
   // ServiceHttp
   if (metadata.auth && metadata.auth.type === AuthTypeEnum.ServiceHttp) {
     if (metadata.api_key) {
-      decryptedMetadata.api_key = decryptV2(metadata.api_key);
+      decryptedMetadata.api_key = await decryptV2(metadata.api_key);
     }
   }
 
   // OAuth
   else if (metadata.auth && metadata.auth.type === AuthTypeEnum.OAuth) {
     if (metadata.oauth_client_id) {
-      decryptedMetadata.oauth_client_id = decryptV2(metadata.oauth_client_id);
+      decryptedMetadata.oauth_client_id = await decryptV2(metadata.oauth_client_id);
     }
     if (metadata.oauth_client_secret) {
-      decryptedMetadata.oauth_client_secret = decryptV2(metadata.oauth_client_secret);
+      decryptedMetadata.oauth_client_secret = await decryptV2(metadata.oauth_client_secret);
     }
   }
 

api/server/services/AppService.interface.spec.js

@@ -0,0 +1,87 @@
+jest.mock('~/models/Role', () => ({
+  initializeRoles: jest.fn(),
+  updateAccessPermissions: jest.fn(),
+  getRoleByName: jest.fn(),
+  updateRoleByName: jest.fn(),
+}));
+
+jest.mock('~/config', () => ({
+  logger: {
+    info: jest.fn(),
+    warn: jest.fn(),
+    error: jest.fn(),
+  },
+}));
+
+jest.mock('./Config/loadCustomConfig', () => jest.fn());
+jest.mock('./start/interface', () => ({
+  loadDefaultInterface: jest.fn(),
+}));
+jest.mock('./ToolService', () => ({
+  loadAndFormatTools: jest.fn().mockReturnValue({}),
+}));
+jest.mock('./start/checks', () => ({
+  checkVariables: jest.fn(),
+  checkHealth: jest.fn(),
+  checkConfig: jest.fn(),
+  checkAzureVariables: jest.fn(),
+}));
+
+const AppService = require('./AppService');
+const { loadDefaultInterface } = require('./start/interface');
+
+describe('AppService interface configuration', () => {
+  let app;
+  let mockLoadCustomConfig;
+
+  beforeEach(() => {
+    app = { locals: {} };
+    jest.resetModules();
+    jest.clearAllMocks();
+    mockLoadCustomConfig = require('./Config/loadCustomConfig');
+  });
+
+  it('should set prompts and bookmarks to true when loadDefaultInterface returns true for both', async () => {
+    mockLoadCustomConfig.mockResolvedValue({});
+    loadDefaultInterface.mockResolvedValue({ prompts: true, bookmarks: true });
+
+    await AppService(app);
+
+    expect(app.locals.interfaceConfig.prompts).toBe(true);
+    expect(app.locals.interfaceConfig.bookmarks).toBe(true);
+    expect(loadDefaultInterface).toHaveBeenCalled();
+  });
+
+  it('should set prompts and bookmarks to false when loadDefaultInterface returns false for both', async () => {
+    mockLoadCustomConfig.mockResolvedValue({ interface: { prompts: false, bookmarks: false } });
+    loadDefaultInterface.mockResolvedValue({ prompts: false, bookmarks: false });
+
+    await AppService(app);
+
+    expect(app.locals.interfaceConfig.prompts).toBe(false);
+    expect(app.locals.interfaceConfig.bookmarks).toBe(false);
+    expect(loadDefaultInterface).toHaveBeenCalled();
+  });
+
+  it('should not set prompts and bookmarks when loadDefaultInterface returns undefined for both', async () => {
+    mockLoadCustomConfig.mockResolvedValue({});
+    loadDefaultInterface.mockResolvedValue({});
+
+    await AppService(app);
+
+    expect(app.locals.interfaceConfig.prompts).toBeUndefined();
+    expect(app.locals.interfaceConfig.bookmarks).toBeUndefined();
+    expect(loadDefaultInterface).toHaveBeenCalled();
+  });
+
+  it('should set prompts and bookmarks to different values when loadDefaultInterface returns different values', async () => {
+    mockLoadCustomConfig.mockResolvedValue({ interface: { prompts: true, bookmarks: false } });
+    loadDefaultInterface.mockResolvedValue({ prompts: true, bookmarks: false });
+
+    await AppService(app);
+
+    expect(app.locals.interfaceConfig.prompts).toBe(true);
+    expect(app.locals.interfaceConfig.bookmarks).toBe(false);
+    expect(loadDefaultInterface).toHaveBeenCalled();
+  });
+});

api/server/services/AppService.js

@@ -45,7 +45,7 @@ const AppService = async (app) => {
 
   const socialLogins =
     config?.registration?.socialLogins ?? configDefaults?.registration?.socialLogins;
-  const interfaceConfig = loadDefaultInterface(config, configDefaults);
+  const interfaceConfig = await loadDefaultInterface(config, configDefaults);
 
   const defaultLocals = {
     paths,
@@ -67,17 +67,18 @@ const AppService = async (app) => {
   handleRateLimits(config?.rateLimits);
 
   const endpointLocals = {};
+  const endpoints = config?.endpoints;
 
-  if (config?.endpoints?.[EModelEndpoint.azureOpenAI]) {
+  if (endpoints?.[EModelEndpoint.azureOpenAI]) {
     endpointLocals[EModelEndpoint.azureOpenAI] = azureConfigSetup(config);
     checkAzureVariables();
   }
 
-  if (config?.endpoints?.[EModelEndpoint.azureOpenAI]?.assistants) {
+  if (endpoints?.[EModelEndpoint.azureOpenAI]?.assistants) {
     endpointLocals[EModelEndpoint.azureAssistants] = azureAssistantsDefaults();
   }
 
-  if (config?.endpoints?.[EModelEndpoint.azureAssistants]) {
+  if (endpoints?.[EModelEndpoint.azureAssistants]) {
     endpointLocals[EModelEndpoint.azureAssistants] = assistantsConfigSetup(
       config,
       EModelEndpoint.azureAssistants,
@@ -85,7 +86,7 @@ const AppService = async (app) => {
     );
   }
 
-  if (config?.endpoints?.[EModelEndpoint.assistants]) {
+  if (endpoints?.[EModelEndpoint.assistants]) {
     endpointLocals[EModelEndpoint.assistants] = assistantsConfigSetup(
       config,
       EModelEndpoint.assistants,
@@ -93,6 +94,19 @@ const AppService = async (app) => {
     );
   }
 
+  if (endpoints?.[EModelEndpoint.openAI]) {
+    endpointLocals[EModelEndpoint.openAI] = endpoints[EModelEndpoint.openAI];
+  }
+  if (endpoints?.[EModelEndpoint.google]) {
+    endpointLocals[EModelEndpoint.google] = endpoints[EModelEndpoint.google];
+  }
+  if (endpoints?.[EModelEndpoint.anthropic]) {
+    endpointLocals[EModelEndpoint.anthropic] = endpoints[EModelEndpoint.anthropic];
+  }
+  if (endpoints?.[EModelEndpoint.gptPlugins]) {
+    endpointLocals[EModelEndpoint.gptPlugins] = endpoints[EModelEndpoint.gptPlugins];
+  }
+
   app.locals = {
     ...defaultLocals,
     modelSpecs: config.modelSpecs,

api/server/services/AppService.spec.js

@@ -23,6 +23,7 @@ jest.mock('./Files/Firebase/initialize', () => ({
 }));
 jest.mock('~/models/Role', () => ({
   initializeRoles: jest.fn(),
+  updateAccessPermissions: jest.fn(),
 }));
 jest.mock('./ToolService', () => ({
   loadAndFormatTools: jest.fn().mockReturnValue({
@@ -97,8 +98,6 @@ describe('AppService', () => {
       socialLogins: ['testLogin'],
       fileStrategy: 'testStrategy',
       interfaceConfig: expect.objectContaining({
-        privacyPolicy: undefined,
-        termsOfService: undefined,
         endpointsMenu: true,
         modelSelect: true,
         parameters: true,