Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Refresh Token for improved Session Security #927

Merged
merged 11 commits into from
Sep 11, 2023
Merged

Conversation

danny-avila
Copy link
Owner

@danny-avila danny-avila commented Sep 11, 2023

Copy/Paste of #622 with some minor tweaks. All credit goes to @bsu3338 for this amazing update

⚠️ Breaking Change:

JWT_REFRESH_SECRET is needed in .env file

A warning is given if it's omitted, login is impossible without one. Can be generated with the following link: https://replit.com/@daavila/crypto#index.js


Original PR summary and comments

Please include a summary of the changes and the related issue. Please also include relevant motivation and context. List any dependencies that are required for this change.

While working on the OpenID strategy, I noticed much of the framework for refreshTokens were in place. This is an attempt to flesh it out. With this being important for security, I would appreciate any suggestions. I originally tried using the refreshToken array in the User model, but ended up moving towards a separate collection for sessions.

Each refreshToken entry in the Session should have a direct one-to-one connection to a user device/browser.
Normal/Access Tokens should have a short lifespan (15 minutes)
Refresh Tokens should get the previous lifespan of 7 days

Because a refreshToken gives access to the system these are the below steps used to secure the system:

  • refreshToken rotation on every refresh
  • removal of refreshTokens on logout and on rotation
  • refreshToken are HTTPOnly
  • server maintains a hash of the refreshToken to confirm any token presented is valid and not been compromised
  • refreshToken hashes also means that if the server is compromised (which is really bad), at least the attacker does not have the refreshTokens
  • Remove a refreshToken from the Session collection will force the user to relogin after access token expires.

Added node-cron package
to remove expired refreshTokens from users that never logged out.

Currently the refreshToken requires logging in after registration. I will investigate further on fixing this.

sequenceDiagram
    Client->>Server: Login request with credentials
    Server->>Passport: Use authentication strategy (e.g., 'local', 'google', etc.)
    Passport-->>Server: User object or false/error
    Note over Server: If valid user...
    Server->>Server: Generate access and refresh tokens
    Server->>Database: Store hashed refresh token
    Server-->>Client: Access token and refresh token
    Client->>Client: Store access token in HTTP Header and refresh token in HttpOnly cookie
    Client->>Server: Request with access token from HTTP Header
    Server-->>Client: Requested data
    Note over Client,Server: Access token expires
    Client->>Server: Request with expired access token
    Server-->>Client: Unauthorized
    Client->>Server: Request with refresh token from HttpOnly cookie
    Server->>Database: Retrieve hashed refresh token
    Server->>Server: Compare hash of provided refresh token with stored hash
    Note over Server: If hashes match...
    Server-->>Client: New access token and refresh token
    Client->>Server: Retry request with new access token
    Server-->>Client: Requested data
Loading

Type of change

Please delete options that are not relevant.

  • New feature (non-breaking change which adds functionality)
  • This change requires a documentation update
  • Documentation update

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration:

Tested by reviewing the session collection for a user object as login/refresh/logout events occured

Test Configuration:

Test one social login and local registration and login

Checklist:

  • My code follows the style guidelines of this project
  • I have performed a self-review of my code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes

For testing, Set the token expiration to 1 min and refrehToken to 5 min.

The refreshToken should renew it's expiration at each refresh, so as long as the user keeps using the system. They will be logged in. If they do not login during the life of the refreshToken then they will have to login. So it may be better in production to set token to 15 min and refreshToken to 1 day. If somebody does not use the system within a 24 hour period then they will be logged out.

To view all refreshToken hashes: db.sessions.find({});

Find your user id: db.users.find({ name: 'johnsmith' });

To view hashes for a specific user: db.sessions.find({ _id: ObjectId("64b0e8ce34b34ddbb2af50ef")});

Login check if refreshToken hash is stored.

Hit refresh on the page to see if it is updated.

Login from a separate device or browser, should see two refreshToken hashes

Logout of one device and one refreshToken hash should be remaining

To view expired tokens: db.sessions.find({ expiration: { $lt: new Date() } })

If a user never logs out, then the cron job should clean up the database.

Deleting the refreshToken hash will force the user to log back in after access token is expired

Logout one user from one session:

db.sessions.deleteOne({
user: ObjectId("64aa52ff91a9039fbaae7886"),
refreshTokenHash: '40a4a695a9331e194d7beeaafc318152356633be4ae4088236f0752a0cec7860'
})

Logout one user from all sessions: db.sessions.deleteMany({user: ObjectId("64aa52ff91a9039fbaae7886")} );

Logout all users: db.sessions.deleteMany({} );

I found a bug in that if a user never refreshes the page after the access token expires then the page just quits working. If the user refreshed, then all is good again. I am going to try to refresh on 401s with an interceptor. It is either that or refresh on timers. Let me know if there is a better way, but that is the direction I am going.

@danny-avila danny-avila mentioned this pull request Sep 11, 2023
10 tasks
@danny-avila danny-avila merged commit 33f087d into main Sep 11, 2023
@danny-avila danny-avila deleted the refresh-token branch September 11, 2023 17:10
bsu3338 added a commit to bsu3338/LibreChat that referenced this pull request Sep 22, 2023
commit 5d4b168df5dbc338b885e64844c9a6c24e4855d7
Author: Danny Avila <[email protected]>
Date:   Fri Sep 22 07:28:52 2023 -0400

    docs: update render.md to include meilisearch guide (#982)

commit 33b0154602f714f5071a00ad1b60c4b531f9c9f3
Author: Raí <[email protected]>
Date:   Fri Sep 22 08:25:49 2023 -0300

    docs: Utilize Meilisearch Using LibreChat in Render (#972)

    * Create Use_meilisearch_in_render.md

    * Create user_meilisearch_in_render.md

    * Update user_meilisearch_in_render.md

    * Delete docs/user_meilisearch_in_render.md

    * Create meilisearch_in_render.md

    * Delete docs/install/Use_meilisearch_in_render.md

    * Update meilisearch_in_render.md

    * Update meilisearch_in_render.md

    * Update meilisearch_in_render.md

    * Update meilisearch_in_render.md

    * Update meilisearch_in_render.md

    * Update meilisearch_in_render.md

    * Create use_meilisearch_in_render.md

    * Delete docs/install/meilisearch_in_render.md

    * Update use_meilisearch_in_render.md

    * Rename use_meilisearch_in_render.md to meilisearch_in_render.md

    * Update mkdocs.yml

    * Update mkdocs.yml

    ---------

    Co-authored-by: Danny Avila <[email protected]>

commit d87754c43decdc5aabf9c19fc63b2f0e72ac2df7
Author: Danny Avila <[email protected]>
Date:   Fri Sep 22 07:11:36 2023 -0400

    feat: gpt-3.5-turbo-instruct support, refactor: try fetching models if OpenRouter is set (#981)

    * refactor: try fetching if OpenRouter api key is set

    * feat: gpt-3.5-turbo-instruct support

    * fix: use new assignment in getTokenizer

commit 1a77fb4fd52a188644a8bfea11bd1807f1c3c361
Author: Danny Avila <[email protected]>
Date:   Fri Sep 22 05:49:18 2023 -0400

    fix(LoginForm.tsx): max length old value to new (#980)

commit 1be6c4830aaeb31c625325279c94f353d071dde5
Author: Danny Avila <[email protected]>
Date:   Fri Sep 22 05:34:07 2023 -0400

    chore: bump langchain (#979)

commit 1d3e336e1c06c2a8797368846ea3287fe4d6e749
Author: Danny Avila <[email protected]>
Date:   Wed Sep 20 18:45:56 2023 -0400

    feat: Add Option to Disable Titling, Config Titling Model, and Title Prompt Improvements (#977)

    * feat: add option to disable titling as well as decide what model to use for OpenAI titling
    refactor: truncate conversation text so it caps around 200 tokens for titling requests, optimize some of the title prompts

    * feat: disable bing titling with TITLE_CONVO as well

commit d13a7b1a74c53b3e9f1fb3514de8c9736944f810
Author: jordantgh <[email protected]>
Date:   Wed Sep 20 22:13:51 2023 +0100

    Fix setOptions() to properly handle modelOptions (#975)

    For #974

    - Adds an else to the check for this.modelOptions
    - Allows the modelOptions to be updated when the model is already
      initialized

commit 8580f1c3d35ac0237292e58c4e06c911b55c30fa
Author: Danny Avila <[email protected]>
Date:   Mon Sep 18 17:23:32 2023 -0400

    ✨ v0.5.9 (#970)

    * ✨ v0.5.9

    * chore: bump data-provider

commit 1378eb5097b666a4add27923e47be73919957e5b
Author: Danny Avila <[email protected]>
Date:   Mon Sep 18 16:57:12 2023 -0400

    fix: Allow Latin-based Special Characters in Username (#969)

    * fix: username validation

    * fix: add data-testid to fix e2e workflow

commit b48c618f326015b5e4469be471dd9cf453f1ddfa
Author: Marco Beretta <[email protected]>
Date:   Mon Sep 18 21:40:20 2023 +0200

    feat: auto detect language (#947)

    * added auto-detect language

    * fix(TranslationSelect) now saving the selected language between sessions

    * fix(LangSelector.spec)

    * fix(conflict)

    * fix(Swedish) sv-SE

commit 2419af87481beb1d8c4e93772043fde5845ae08b
Author: Marco Beretta <[email protected]>
Date:   Mon Sep 18 21:21:39 2023 +0200

    feat: icons for chat identification (#879)

    * Added endpoint picture

    * plugin icon fix & new minimalist icon

    * changed from BingAIMinimalIcon to BingAIMinimalistIcon

    * fix(Conversation) reduced the space between the icon and the title

    * refactor(getIcon & getMinimalIcon)

    * moved IconProps in ~/common

    * refactor(getIcon & getMinimalistIcon) from switch/case to map

    * fix(getIcon.tsx) renamed to Icon

    * renamed all from Minimalist to Minimal

commit 6358383001d4528e047a44c6ed6beceb451b6ee5
Author: Danny Avila <[email protected]>
Date:   Mon Sep 18 15:19:50 2023 -0400

    feat(db & e2e): Enhance DB Schemas/Controllers and Improve E2E Tests (#966)

    * feat: add global teardown to remove test data and add registration/log-out to auth flow

    * refactor(models/Conversation): index user field and add JSDoc to deleteConvos

    * refactor: add user index to message schema and ensure user is saved to each Message

    * refactor: add user to each saveMessage call

    * fix: handle case where title is null in zod schema

    * feat(e2e): ensure messages are deleted on cleanUp

    * fix: set last convo for all endpoints on conversation update

    * fix: enable registration for CI env

commit fd70e2173218b5fea61bd9a064c1aa6b2c94549a
Author: Danny Avila <[email protected]>
Date:   Mon Sep 18 12:55:51 2023 -0400

    feat: OpenRouter Support & Improve Model Fetching ⇆ (#936)

    * chore(ChatGPTClient.js): add support for OpenRouter API
    chore(OpenAIClient.js): add support for OpenRouter API

    * chore: comment out token debugging

    * chore: add back streamResult assignment

    * chore: remove double condition/assignment from merging

    * refactor(routes/endpoints): -> controller/services logic

    * feat: add openrouter model fetching

    * chore: remove unused endpointsConfig in cleanupPreset function

    * refactor: separate models concern from endpointsConfig

    * refactor(data-provider): add TModels type and make TEndpointsConfig adaptible to new endpoint keys

    * refactor: complete models endpoint service in data-provider

    * refactor: onMutate for refreshToken and login, invalidate models query

    * feat: complete models endpoint logic for frontend

    * chore: remove requireJwtAuth from /api/endpoints and /api/models as not implemented yet

    * fix: endpoint will not be overwritten and instead use active value

    * feat: openrouter support for plugins

    * chore(EndpointOptionsDialog): remove unused recoil value

    * refactor(schemas/parseConvo): add handling of secondaryModels to use first of defined secondary models, which includes last selected one as first, or default to the convo's secondary model value

    * refactor: remove hooks from store and move to hooks
    refactor(switchToConversation): make switchToConversation use latest recoil state, which is necessary to get the most up-to-date models list, replace wrapper function
    refactor(getDefaultConversation): factor out logic into 3 pieces to reduce complexity.

    * fix: backend tests

    * feat: optimistic update by calling newConvo when models are fetched

    * feat: openrouter support for titling convos

    * feat: cache models fetch

    * chore: add missing dep to AuthContext useEffect

    * chore: fix useTimeout types

    * chore: delete old getDefaultConvo file

    * chore: remove newConvo logic from Root, remove console log from api models caching

    * chore: ensure bun is used for building in b:client script

    * fix: default endpoint will not default to null on a completely fresh login (no localStorage/cookies)

    * chore: add openrouter docs to free_ai_apis.md and .env.example

    * chore: remove openrouter console logs

    * feat: add debugging env variable for Plugins

commit ccb46164c0f466df2a9d9b7ae1643c54a8789fe1
Author: Marcus Nätteldal <[email protected]>
Date:   Fri Sep 15 01:46:06 2023 +0200

    🇸🇪: Swedish Translation (#940)

    * Language translation: swedish translation

    * fix: remove unwanted row in Sv translation

    remove com_nav_language

    ---------

    Co-authored-by: Marcus Nätteldal <[email protected]>

commit 9491b753c34ac90e634d8adda141e8bf9051be9b
Author: Danny Avila <[email protected]>
Date:   Thu Sep 14 19:40:21 2023 -0400

    fix: Match OpenAI Token Counting Strategy 🪙 (#945)

    * wip token fix

    * fix: complete token count refactor to match OpenAI example

    * chore: add back sendPayload method (accidentally deleted)

    * chore: revise JSDoc for getTokenCountForMessage

commit b3afd562b96a3828f05d1e0a183e12c27bf52d24
Author: Danny Avila <[email protected]>
Date:   Thu Sep 14 15:12:22 2023 -0400

    chore: Remove Unused Dependencies 🧹 (#939)

    * chore: cleanup client depend 🧹

    * chore: replace joi with zod and remove unused user validator

    * chore: move dep from root to api, cleanup other unused api deps

    * chore: remove unused dev dep

    * chore: update bun lockfile

    * fix: bun scripts

    * chore: add bun flag to update script

    * chore: remove legacy webpack + babel dev deps

    * chore: add back dev deps needed for frontend unit testing

    * fix(validators): make schemas as expected and more robust with a full test suite of edge cases

    * chore: remove axios from root package, remove path from api, update bun

commit 7f5b0b5310f748b015a81f520fab7c1b2e0d8e19
Author: Fuegovic <[email protected]>
Date:   Thu Sep 14 12:43:25 2023 -0400

    Update huggingface.md (#942)

    fix the link to the mongodb doc

commit 81bda112d337efe94f4f03ff85af357e4781b679
Author: Danny Avila <[email protected]>
Date:   Wed Sep 13 15:23:29 2023 -0400

    fix(Anthropic): only pass properties defined by API reference in payload (#938)

commit e4843c468007d7e05d0c7e84cd506888646af349
Author: Francisco Aguilera <[email protected]>
Date:   Wed Sep 13 11:51:53 2023 -0400

    feat: CodeBrew Plugin (#931)

    * Added CodeBrew Plugin.

    * fix: CodeBrew import in index.js

    ---------

    Co-authored-by: Danny Avila <[email protected]>

commit d003d7b16ed6d6bc7ea92ae968923cb98317b4cb
Author: Danny Avila <[email protected]>
Date:   Wed Sep 13 11:49:34 2023 -0400

    fix(ci): initialize ban env vars in jestSetup (#937)

commit 9f5296c1a44bcf7c24671e11ddb66eb99813c6e2
Author: Marco Beretta <[email protected]>
Date:   Wed Sep 13 17:02:22 2023 +0200

    refactor(.env.example) (#880)

    * refactor(.env.example)

    * Update .env.example

commit 7b2cedf5ff197b93ce25ef8e1e195e0d2ec83267
Author: Danny Avila <[email protected]>
Date:   Wed Sep 13 10:57:07 2023 -0400

    feat: Message Rate Limiters, Violation Logging, & Ban System 🔨 (#903)

    * refactor: require Auth middleware in route index files

    * feat: concurrent message limiter

    * feat: complete concurrent message limiter with caching

    * refactor: SSE response methods separated from handleText

    * fix(abortMiddleware): fix req and res order to standard, use endpointOption in req.body

    * chore: minor name changes

    * refactor: add isUUID condition to saveMessage

    * fix(concurrentLimiter): logic correctly handles the max number of concurrent messages and res closing/finalization

    * chore: bump keyv and remove console.log from Message

    * fix(concurrentLimiter): ensure messages are only saved in later message children

    * refactor(concurrentLimiter): use KeyvFile instead, could make other stores configurable in the future

    * feat: add denyRequest function for error responses

    * feat(utils): add isStringTruthy function

    Introduce the isStringTruthy function to the utilities module to check if a string value is a case-insensitive match for 'true'

    * feat: add optional message rate limiters by IP and userId

    * feat: add optional message rate limiters by IP and userId to edit route

    * refactor: rename isStringTruthy to isTrue for brevity

    * refactor(getError): use map to make code cleaner

    * refactor: use memory for concurrent rate limiter to prevent clearing on startup/exit, add multiple log files, fix error message for concurrent violation

    * feat: check if errorMessage is object, stringify if so

    * chore: send object to denyRequest which will stringify it

    * feat: log excessive requests

    * fix(getError): correctly pluralize messages

    * refactor(limiters): make type consistent between logs and errorMessage

    * refactor(cache): move files out of lib/db into separate cache dir
    >> feat: add getLogStores function so Keyv instance is not redundantly created on every violation
    feat: separate violation logging to own function with logViolation

    * fix: cache/index.js export, properly record userViolations

    * refactor(messageLimiters): use new logging method, add logging to registrations

    * refactor(logViolation): make userLogs an array of logs per user

    * feat: add logging to login limiter

    * refactor: pass req as first param to logViolation and record offending IP

    * refactor: rename isTrue helper fn to isEnabled

    * feat: add simple non_browser check and log violation

    * fix: open handles in unit tests, remove KeyvMongo as not used and properly mock global fetch

    * chore: adjust nodemon ignore paths to properly ignore logs

    * feat: add math helper function for safe use of eval

    * refactor(api/convos): use middleware at top of file to avoid redundancy

    * feat: add delete all static method for Sessions

    * fix: redirect to login on refresh if user is not found, or the session is not found but hasn't expired (ban case)

    * refactor(getLogStores): adjust return type

    * feat: add ban violation and check ban logic
    refactor(logViolation): pass both req and res objects

    * feat: add removePorts helper function

    * refactor: rename getError to getMessageError and add getLoginError for displaying different login errors

    * fix(AuthContext): fix type issue and remove unused code

    * refactor(bans): ban by ip and user id, send response based on origin

    * chore: add frontend ban messages

    * refactor(routes/oauth): add ban check to handler, also consolidate logic to avoid redundancy

    * feat: add ban check to AI messaging routes

    * feat: add ban check to login/registration

    * fix(ci/api): mock KeyvMongo to avoid tests hanging

    * docs: update .env.example
    > refactor(banViolation): calculate interval rate crossover, early return if duration is invalid
    ci(banViolation): add tests to ensure users are only banned when expected

    * docs: improve wording for mod system

    * feat: add configurable env variables for violation scores

    * chore: add jsdoc for uaParser.js

    * chore: improve ban text log

    * chore: update bun test scripts

    * refactor(math.js): add fallback values

    * fix(KeyvMongo/banLogs): refactor keyv instances to top of files to avoid memory leaks, refactor ban logic to use getLogStores instead
    refactor(getLogStores): get a single log store by type

    * fix(ci): refactor tests due to banLogs changes, also make sure to clear and revoke sessions even if ban duration is 0

    * fix(banViolation.js): getLogStores import

    * feat: handle 500 code error at login

    * fix(middleware): handle case where user.id is _id and not just id

    * ci: add ban secrets for backend unit tests

    * refactor: logout user upon ban

    * chore: log session delete message only if deletedCount > 0

    * refactor: change default ban duration (2h) and make logic more clear in JSDOC

    * fix: login and registration limiters will now return rate limiting error

    * fix: userId not parsable as non ObjectId string

    * feat: add useTimeout hook to properly clear timeouts when invoking functions within them
    refactor(AuthContext): cleanup code by using new hook and defining types in ~/common

    * fix: login error message for rate limits

    * docs: add info for automated mod system and rate limiters, update other docs accordingly

    * chore: bump data-provider version

commit db803cd640159e4aa5c09c165015dab04284f6c0
Author: Danny Avila <[email protected]>
Date:   Tue Sep 12 11:46:50 2023 -0400

    fix: module resolution (#935)

commit 4d89adfc57793827719cf3ce3b6c7649605bf851
Author: Danny Avila <[email protected]>
Date:   Tue Sep 12 11:41:15 2023 -0400

    fix(Anthropic): Correct Payload & Increase Default Token Size 🔧 (#933)

    * fix: don't pass unnecessary fields to anthropic payload

    * fix: increase maxOutputTokens range

    * chore: remove debugging mode

commit dee5888280d665b80626151b5ecc324c0717f404
Author: Danny Avila <[email protected]>
Date:   Mon Sep 11 16:30:20 2023 -0400

    docs: fix online mongodb link in render.md

commit 33f087d38f2c8e5022d6ae7bfaecb65861f65afb
Author: Danny Avila <[email protected]>
Date:   Mon Sep 11 13:10:46 2023 -0400

    feat: Refresh Token for improved Session Security (#927)

    * feat(api): refresh token logic

    * feat(client): refresh token logic

    * feat(data-provider): refresh token logic

    * fix: SSE uses esm

    * chore: add default refresh token expiry to AuthService, add message about env var not set when generating a token

    * chore: update scripts to more compatible bun methods, ran bun install again

    * chore: update env.example and playwright workflow with JWT_REFRESH_SECRET

    * chore: update breaking changes docs

    * chore: add timeout to url visit

    * chore: add default SESSION_EXPIRY in generateToken logic, add act script for testing github actions

    * fix(e2e): refresh automatically in development environment to pass e2e tests

commit 75be9a3279222f7056a6ae6f4757739cedcd999b
Author: Danny Avila <[email protected]>
Date:   Sun Sep 10 16:04:08 2023 -0400

    feat: bun support 🥟 (#907)

    * feat: bun 🥟

    * check if playwright/linux workflow is fixed

    * fix: backend issues exposed by bun

    * feat: update scripts for bun

commit a9215ed9ce53d29fe3cd3f0b2e607303b93fb0aa
Author: Danny Avila <[email protected]>
Date:   Sun Sep 10 03:32:29 2023 -0400

    fix(Es): duplicate key (#906)

commit 00b9138aa89bc368f6d93a54c20f2ad630c0a9d5
Author: Danny Avila <[email protected]>
Date:   Sun Sep 10 03:19:19 2023 -0400

    fix(vite): hide source map from client (#905)

    * fix(vite): hide source map from client

    * refactor(client/package.json): change dev to development for uniformity with api

commit 3410a8033db7c966663286d547b892c347673ddf
Author: Marco Beretta <[email protected]>
Date:   Sun Sep 10 09:05:53 2023 +0200

    docs: Update free_ai_apis.md (#902)

commit cb462974d0de6745b976c6ffa1ab5eba69a7cc1b
Author: Raí <[email protected]>
Date:   Sun Sep 10 04:04:55 2023 -0300

    🌐: Updated Language Spanish to new functions (#898)

    * Update Br.tsx

    * Update Br.tsx

    * Update Es.tsx

    * Update Es.tsx

    * Update Br.tsx

    * Update Es.tsx

commit c18e122d1d82ecae1027c7a15db12e182a4f6328
Author: forestsource <[email protected]>
Date:   Sun Sep 10 15:51:46 2023 +0900

    🌐: Japanese translation (#895)

commit a22b59f1095550f4568b0c7b684dc4919060a8b9
Author: Danny Avila <[email protected]>
Date:   Thu Sep 7 20:33:13 2023 -0400

    fix(abortMiddleware): fix aborted messages not saving (#894)

commit b28469882583f1924114ac305eeea0402ccadfc9
Author: Nolan <[email protected]>
Date:   Thu Sep 7 04:19:03 2023 -0700

    fix: devcontainer image and networking (#891)

commit 7fa01da30ef998ab36d1881755f2cdce08bd405b
Author: Daniel Avila <[email protected]>
Date:   Thu Sep 7 07:00:53 2023 -0400

    refactor(Markdown.tsx): add isEdited as a condition whether or not to render html as well as perform expensive validation

commit 327a69dba3520208dd893c85a7bd92c9bad6a120
Author: Daniel Avila <[email protected]>
Date:   Thu Sep 7 06:37:04 2023 -0400

    feat(Message): add and handle isEdited property when edited/continued as this can include user input

commit cc260105ec6fe3a97b1db089805e5824fc8f5ba2
Author: Daniel Avila <[email protected]>
Date:   Wed Sep 6 18:37:58 2023 -0400

    feat: stricter iframe validation

commit 9a68c107eba9de5b0da6717debf3a746112a7db4
Author: Raí <[email protected]>
Date:   Wed Sep 6 17:27:42 2023 -0300

    🌐: Updated Language portuguese to new functions (#888)

    * Update Br.tsx

    * Update Br.tsx

commit fcd6b8f3a9f1088908af84978febba80de6465f3
Author: Danny Avila <[email protected]>
Date:   Wed Sep 6 13:58:38 2023 -0400

    docs: update with more real details, fix linking

commit ea8003c58bfc49baf2604ecccdb630b17cf7c841
Author: Danny Avila <[email protected]>
Date:   Wed Sep 6 13:11:18 2023 -0400

    chore: move files out of root to declutter

commit 36b8d2d5e7e2b3c3b728fcb005d0a12c2eb4e15f
Author: Marco Beretta <[email protected]>
Date:   Wed Sep 6 18:56:03 2023 +0200

    italian translation (#886)

commit cf36865dd63f46d9c35a5f777ceb412ae4de702e
Author: Danny Avila <[email protected]>
Date:   Wed Sep 6 11:35:30 2023 -0400

    chore: bump data-provider (#885)

commit c72bb5a6d39231d36d12c6aff931d64c815ad1d0
Author: Danny Avila <[email protected]>
Date:   Wed Sep 6 11:23:47 2023 -0400

    fix: add zod to all workspaces as is used individually by each

commit 94330446f555fb8c5d92252f0ca73c6fea6d71db
Author: Danny Avila <[email protected]>
Date:   Wed Sep 6 11:12:17 2023 -0400

    chore: bump packages, fix langchain peer dep issue

commit 4ca43fb53da72256c79e69f8cd414bd1ee75bdf7
Author: Danny Avila <[email protected]>
Date:   Wed Sep 6 10:46:27 2023 -0400

    refactor: Encrypt & Expire User Provided Keys, feat: Rate Limiting (#874)

    * docs: make_your_own.md formatting fix for mkdocs

    * feat: add express-mongo-sanitize
    feat: add login/registration rate limiting

    * chore: remove unnecessary console log

    * wip: remove token handling from localStorage to encrypted DB solution

    * refactor: minor change to UserService

    * fix mongo query and add keys route to server

    * fix backend controllers and simplify schema/crud

    * refactor: rename token to key to separate from access/refresh tokens, setTokenDialog -> setKeyDialog

    * refactor(schemas): TEndpointOption token -> key

    * refactor(api): use new encrypted key retrieval system

    * fix(SetKeyDialog): fix key prop error

    * fix(abortMiddleware): pass random UUID if messageId is not generated yet for proper error display on frontend

    * fix(getUserKey): wrong prop passed in arg, adds error handling

    * fix: prevent message without conversationId from saving to DB, prevents branching on the frontend to a new top-level branch

    * refactor: change wording of multiple display messages

    * refactor(checkExpiry -> checkUserKeyExpiry): move to UserService file

    * fix: type imports from common

    * refactor(SubmitButton): convert to TS

    * refactor(key.ts): change localStorage map key name

    * refactor: add new custom tailwind classes to better match openAI colors

    * chore: remove unnecessary warning and catch ScreenShot error

    * refactor: move userKey frontend logic to hooks and remove use of localStorage and instead query the DB

    * refactor: invalidate correct query key, memoize userKey hook, conditionally render SetKeyDialog to avoid unnecessary calls, refactor SubmitButton props and useEffect for showing 'provide key first'

    * fix(SetKeyDialog): use enum-like object for expiry values
    feat(Dropdown): add optionsClassName to dynamically change dropdown options container classes

    * fix: handle edge case where user had provided a key but the server changes to env variable for keys

    * refactor(OpenAI/titleConvo): move titling to client to retain authorized credentials in message lifecycle for titling

    * fix(azure): handle user_provided keys correctly for azure

    * feat: send user Id to OpenAI to differentiate users in completion requests

    * refactor(OpenAI/titleConvo): adding tokens helps minimize LLM from using the language in title response

    * feat: add delete endpoint for keys

    * chore: remove throttling of title

    * feat: add 'Data controls' to Settings, add 'Revoke' keys feature in Key Dialog and Data controls

    * refactor: reorganize PluginsClient files in langchain format

    * feat: use langchain for titling convos

    * chore: cleanup titling convo, with fallback to original method, escape braces, use only snippet for language detection

    * refactor: move helper functions to appropriate langchain folders for reusability

    * fix: userProvidesKey handling for gptPlugins

    * fix: frontend handling of plugins key

    * chore: cleanup logging and ts-ignore SSE

    * fix: forwardRef misuse in DangerButton

    * fix(GoogleConfig/FileUpload): localize errors and simplify validation with zod

    * fix: cleanup google logging and fix user provided key handling

    * chore: remove titling from google

    * chore: removing logging from browser endpoint

    * wip: fix menu flicker

    * feat: useLocalStorage hook

    * feat: add Tooltip for UI

    * refactor(EndpointMenu): utilize Tooltip and useLocalStorage, remove old 'New Chat' slide-over

    * fix(e2e): use testId for endpoint menu trigger

    * chore: final touches to EndpointMenu before future refactor to declutter component

    * refactor(localization): change select endpoint to open menu and add translations

    * chore: add final prop to error message response

    * ci: minor edits to facilitate testing

    * ci: new e2e test which tests for new key setting/revoking features

commit 64f1557852dbc80589cb60b762b1fb3f4f5b04ea
Author: Dominic H <[email protected]>
Date:   Wed Sep 6 16:20:33 2023 +0200

    docs: fix various broken docker_compose_install.md links in docs (#882)

    * docs: fix broken docker_compose_install.md link in mac install docs

    * docs: fix all other broken docker_compose_install.md links

commit 731f6a449d6fdec8286a26270f6ef87e1d15311d
Author: Nolan <[email protected]>
Date:   Mon Sep 4 13:32:11 2023 -0700

    docs: fix docker install guide broken link (#877)

commit e499a21671f2f97de9818df0ee88f2a71e832d8d
Author: Raí <[email protected]>
Date:   Mon Sep 4 10:34:57 2023 -0300

    🌐: Translate delete conversation button in Es and Br (#876)

    * Update Br.tsx

    * Update Es.tsx

    * Update Br.tsx

    * Update Es.tsx

    * Update Br.tsx

    * Update Es.tsx

    * Update Es.tsx

    * Update Es.tsx

    * Update Br.tsx

    ---------

    Co-authored-by: Danny Avila <[email protected]>

commit ac8b89849575d4028281b63c3cc26c6e09d76c89
Author: Marco Beretta <[email protected]>
Date:   Mon Sep 4 15:23:26 2023 +0200

    feat: Add More Translation Text & Minor UI Fixes (#861)

    * config token translation

    * more translation and fix

    * fix conflict

    * fix(DialogTemplate) bug with the spec.tsx, localize hooks need to be in a recoil root

    * small clean up

    * fix(NewTopic) in endpoint

    * fix(RecoilRoot)

    * test(DialogTemplate.spec) used data-testid

    * fix(DialogTemplate)

    * some cleanup

    ---------

    Co-authored-by: Danny Avila <[email protected]>

commit 28230d9305e696f0200f1d3e4da3160dbf877374
Author: Marco Beretta <[email protected]>
Date:   Sun Sep 3 02:44:26 2023 +0200

    feat: delete button confirm (#875)

    * base for confirm delete

    * more like OpenAI

commit 2b54e3f9fe0ac5bd72ebc1124a0d1d235f0a5685
Author: Fuegovic <[email protected]>
Date:   Fri Sep 1 14:20:51 2023 -0400

    update: install script (#858)

commit 1cd0fd9d5aa8ae43576aa07cacf18697f6a3cc59
Author: Fuegovic <[email protected]>
Date:   Fri Sep 1 08:12:35 2023 -0400

    doc: Hugging Face Deployment (#867)

    * docs: update ToC

    * docs: update ToC

    * update huggingface.md

    * update render.md

    * update huggingface.md

    * update mongodb.md

    * update huggingface.md

    * update README.md

commit aeeb3d30500d9f027aed686d42cc229a618f9210
Author: Mu Yuan <[email protected]>
Date:   Thu Aug 31 07:21:27 2023 +0800

    Update Zh.tsx (#862)

    * Update Zh.tsx

    Changed the translation of several words to make it more relevant to Chinese usage habits.

    * Update Zh.tsx

    Changed the translation of several words to make it more relevant to Chinese usage habits

commit 80e2e2675bef408fdb918250b151d6ad572a8067
Author: Raí <[email protected]>
Date:   Mon Aug 28 18:05:46 2023 -0300

    Translation of 'com_ui_pay_per_call:' to Spanish and Portuguese that were missing. (#857)

    * Update Br.tsx

    * Update Es.tsx

    * Update Br.tsx

    * Update Es.tsx

commit 3574d0b823585b1f4244e8c250ad184e4d136323
Author: Danny Avila <[email protected]>
Date:   Mon Aug 28 14:49:26 2023 -0400

    docs: make_your_own.md formatting fix for mkdocs (#855)

commit d672ac690d469cfabf272b96699902803bb827cb
Author: Danny Avila <[email protected]>
Date:   Mon Aug 28 14:24:10 2023 -0400

    Release v0.5.8 (#854)

    * chore: add 'api' image to tag release workflow

    * docs: update DO deployment docs to include instruction about latest stable release, as well as security best practices

    * Release v0.5.8

    * docs: Update digitalocean.md with firewall section images

    * docs: make_your_own.md formatting fix for mkdocs

commit d3e7627046362bfef9c2ee5fa1c5bf3f051d62a7
Author: Danny Avila <[email protected]>
Date:   Mon Aug 28 12:03:08 2023 -0400

    refactor(plugins): Improve OpenAPI handling, Show Multiple Plugins, & Other Improvements (#845)

    * feat(PluginsClient.js): add conversationId to options object in the constructor
    feat(PluginsClient.js): add support for Code Interpreter plugin
    feat(PluginsClient.js): add support for Code Interpreter plugin in the availableTools manifest
    feat(CodeInterpreter.js): add CodeInterpreterTools module
    feat(CodeInterpreter.js): add RunCommand class
    feat(CodeInterpreter.js): add ReadFile class
    feat(CodeInterpreter.js): add WriteFile class
    feat(handleTools.js): add support for loading Code Interpreter plugin

    * chore(api): update langchain dependency to version 0.0.123

    * fix(CodeInterpreter.js): add support for extracting environment from code
    fix(WriteFile.js): add support for extracting environment from data
    fix(extractionChain.js): add utility functions for creating extraction chain from Zod schema
    fix(handleTools.js): refactor getOpenAIKey function to handle user-provided API key
    fix(handleTools.js): pass model and openAIApiKey to CodeInterpreter constructor

    * fix(tools): rename CodeInterpreterTools to E2BTools
    fix(tools): rename code_interpreter pluginKey to e2b_code_interpreter

    * chore(PluginsClient.js): comment out unused import and function findMessageContent
    feat(PluginsClient.js): add support for CodeSherpa plugin
    feat(PluginsClient.js): add CodeSherpaTools to available tools
    feat(PluginsClient.js): update manifest.json to include CodeSherpa plugin
    feat(CodeSherpaTools.js): create RunCode and RunCommand classes for CodeSherpa plugin

    feat(E2BTools.js): Add E2BTools module for extracting environment from code and running commands, reading and writing files
    fix(codesherpa.js): Remove codesherpa module as it is no longer needed

    feat(handleTools.js): add support for CodeSherpaTools in loadTools function
    feat(loadToolSuite.js): create loadToolSuite utility function to load a suite of tools

    * feat(PluginsClient.js): add support for CodeSherpa v2 plugin
    feat(PluginsClient.js): add CodeSherpa v1 plugin to available tools
    feat(PluginsClient.js): add CodeSherpa v2 plugin to available tools
    feat(PluginsClient.js): update manifest.json for CodeSherpa v1 plugin
    feat(PluginsClient.js): update manifest.json for CodeSherpa v2 plugin
    feat(CodeSherpa.js): implement CodeSherpa plugin for interactive code and shell command execution
    feat(CodeSherpaTools.js): implement RunCode and RunCommand plugins for CodeSherpa v1
    feat(CodeSherpaTools.js): update RunCode and RunCommand plugins for CodeSherpa v2

    fix(handleTools.js): add CodeSherpa import statement
    fix(handleTools.js): change pluginKey from 'codesherpa' to 'codesherpa_tools'
    fix(handleTools.js): remove model and openAIApiKey from options object in e2b_code_interpreter tool
    fix(handleTools.js): remove openAIApiKey from options object in codesherpa_tools tool
    fix(loadToolSuite.js): remove model and openAIApiKey parameters from loadToolSuite function

    * feat(initializeFunctionsAgent.js): add prefix to agentArgs in initializeFunctionsAgent function

    The prefix is added to the agentArgs in the initializeFunctionsAgent function. This prefix is used to provide instructions to the agent when it receives any instructions from a webpage, plugin, or other tool. The agent will notify the user immediately and ask them if they wish to carry out or ignore the instructions.

    * feat(PluginsClient.js): add ChatTool to the list of tools if it meets the conditions
    feat(tools/index.js): import and export ChatTool
    feat(ChatTool.js): create ChatTool class with necessary properties and methods

    * fix(initializeFunctionsAgent.js): update PREFIX message to include sharing all output from the tool
    fix(E2BTools.js): update descriptions for RunCommand, ReadFile, and WriteFile plugins to provide more clarity and context

    * chore: rebuild package-lock after rebase

    * chore: remove deleted file from rebase

    * wip: refactor plugin message handling to mirror chat.openai.com, handle incoming stream for plugin use

    * wip: new plugin handling

    * wip: show multiple plugins handling

    * feat(plugins): save new plugins array

    * chore: bump langchain

    * feat(experimental): support streaming in between plugins

    * refactor(PluginsClient): factor out helper methods to avoid bloating the class, refactor(gptPlugins): use agent action for mapping the name of action

    * fix(handleTools): fix tests by adding condition to return original toolFunctions map

    * refactor(MessageContent): Allow the last index to be last in case it has text (may change with streaming)

    * feat(Plugins): add handleParsingErrors, useful when LLM does not invoke function params

    * chore: edit out experimental codesherpa integration

    * refactor(OpenAPIPlugin): rework tool to be 'function-first', as the spec functions are explicitly passed to agent model

    * refactor(initializeFunctionsAgent): improve error handling and system message

    * refactor(CodeSherpa, Wolfram): optimize token usage by delegating bulk of instructions to system message

    * style(Plugins): match official style with input/outputs

    * chore: remove unnecessary console logs used for testing

    * fix(abortMiddleware): render markdown when message is aborted

    * feat(plugins): add BrowserOp

    * refactor(OpenAPIPlugin): improve prompt handling

    * fix(useGenerations): hide edit button when message is submitting/streaming

    * refactor(loadSpecs): optimize OpenAPI spec loading by only loading requested specs instead of all of them

    * fix(loadSpecs): will retain original behavior when no tools are passed to the function

    * fix(MessageContent): ensure cursor only shows up for last message and last display index
    fix(Message): show legacy plugin and pass isLast to Content

    * chore: remove console.logs

    * docs: update docs based on breaking changes and new features
    refactor(structured/SD): use description_for_model for detailed prompting

    * docs(azure): make plugins section more clear

    * refactor(structured/SD): change default payload to SD-WebUI to prefer realism and config for SDXL

    * refactor(structured/SD): further improve system message prompt

    * docs: update breaking changes after rebase

    * refactor(MessageContent): factor out EditMessage, types, Container to separate files, rename Content -> Markdown

    * fix(CodeInterpreter): linting errors

    * chore: reduce browser console logs from message streams

    * chore: re-enable debug logs for plugins/langchain to help with user troubleshooting

    * chore(manifest.json): add [Experimental] tag to CodeInterpreter plugins, which are not intended as the end-all be-all implementation of this feature for Librechat

commit 66b8580487f462f16f23d75e839e3e3ca6ddc656
Author: Fuegovic <[email protected]>
Date:   Mon Aug 28 09:18:25 2023 -0400

    docs: third-party tools (#848)

    * docs: third-party tools

    * docs: third-party tools

    * Update third-party.md

    * Update third-party.md

    ---------

    Co-authored-by: Danny Avila <[email protected]>

commit 9791a78161cfc8e413c6cf7355d49a11314f53eb
Author: Marco Beretta <[email protected]>
Date:   Mon Aug 28 15:14:05 2023 +0200

    adjust the animation (#843)

commit 3797ec6082c6ada2cbaaf5c9521c53b6033afdf2
Author: Ronith <[email protected]>
Date:   Mon Aug 28 18:43:50 2023 +0530

    feat: Add Code Interpreter Plugin (#837)

    * feat: Add Code Interpreter Plugin

    Adds a Simple Code Interpreter Plugin.
    ## Features:
    - Runs code using local Python Environment

    ## Issues
    - Code execution is not sandboxed.

    * Add Docker Sandbox for Python Server

commit e2397076a206771c15e3a2de65d8acca582d302e
Author: Alex Zhang <[email protected]>
Date:   Mon Aug 28 00:55:34 2023 +0800

    🌐: Chinese Translation (#846)

commit 50c15c704fa59f99e3a770bf7302a977fe447a27
Author: Fuegovic <[email protected]>
Date:   Sat Aug 26 19:36:59 2023 -0400

    Language translation: Polish (#840)

    * Language translation: Polish

    * Language translation: Polish

    * Revert changes in language-contributions.md

commit 29d3640546764fcf0852a54a4c72cf5aeb54247e
Author: Fuegovic <[email protected]>
Date:   Sat Aug 26 19:36:25 2023 -0400

    docs: updates (#841)

commit 39c626aa8e6c68bf22d060a014ec74285b160ef9
Author: Danny Avila <[email protected]>
Date:   Fri Aug 25 09:29:19 2023 -0400

    fix: isEdited edge case where latest Message is not saved due to aborting too quickly

commit ae5c06f3814806031bd960ddd329283020469d20
Author: Danny Avila <[email protected]>
Date:   Fri Aug 25 09:13:50 2023 -0400

    fix(chatGPTBrowser): render markdown formatting by setting isCreatedByUser, fix(useMessageHandler): avoid double appearance of cursor by setting latest message at initial response creation time

commit 9ef1686e18640525bec17051e38dc408a1c9283e
Author: Danny Avila <[email protected]>
Date:   Thu Aug 24 20:24:47 2023 -0400

    Update mkdocs.yml

commit 5bbe4115698f426325741763ce612dfc302f3e72
Author: Flynn <[email protected]>
Date:   Thu Aug 24 20:20:37 2023 -0400

    Add podman installation instructions. Update dockerfile to stub env (#819)

    * Added podman container installation docs. Updated dockerfile to stub env file if not present in source

    * Fix typos

commit 887fec99ca97eb1e0f0d264b941dc8ad4f3e1c47
Author: Marco Beretta <[email protected]>
Date:   Fri Aug 25 02:11:27 2023 +0200

    🌐: Russian Translation (#830)

commit 007d51ede1f9648458e93ebc7acdeefed59f9602
Author: Marco Beretta <[email protected]>
Date:   Fri Aug 25 02:10:48 2023 +0200

    feat: facebook login (#820)

    * Facebook strategy

    * Update user_auth_system.md

    * Update user_auth_system.md

commit a5690203129a15b544b1b935552277430b0090d5
Author: Marco Beretta <[email protected]>
Date:   Thu Aug 24 21:59:11 2023 +0200

    Fix Meilisearch error and refactor of the server index.js (#832)

    * fix meilisearch error at startup

    * limit the nesting

    * disable useless console log

    * fix(indexSync.js): removed redundant searchEnabled

    * refactor(index.js): moved configureSocialLogins to a new file

    * refactor(socialLogins.js): removed unnecessary conditional

commit 37347d46838f3a9868b44f88af6c1fd4aab72f77
Author: Danny Avila <[email protected]>
Date:   Wed Aug 23 16:14:17 2023 -0400

    fix(registration): Make Username optional (#831)

    * fix(User.js): update validation schema for username field, allow empty string as a valid value
    fix(validators.js): update validation schema for username field, allow empty string as a valid value
    fix(Registration.tsx, validators.js): update validation rules for name and username fields, change minimum length to 2 and maximum length to 80, assure they match and allow empty string as a valid value
    fix(Eng.tsx): update localization string for com_auth_username, indicate that it is optional

    * fix(User.js): update regex pattern for username validation to allow special characters @#$%&*()
    fix(validators.js): update regex pattern for username validation to allow special characters @#$%&*()

    * fix(Registration.spec.tsx): fix validation error message for username length requirement

commit d38e463d34c720db1295a4a2aa95e58d7986556c
Author: Danny Avila <[email protected]>
Date:   Wed Aug 23 13:44:40 2023 -0400

    fix(bingAI): markdown and error formatting for final stream response (#829)

    * fix(bingAI): markdown formatting for final stream response due to new strict payload validation on the frontend

    * fix: add missing prop to bing Error response

commit 7dc27b10f19bcd32bffcbf2858756facfd752c8c
Author: Danny Avila <[email protected]>
Date:   Tue Aug 22 18:44:59 2023 -0400

    feat: Edit AI Messages, Edit Messages in Place (#825)

    * refactor: replace lodash import with specific function import

    fix(api): esm imports to cjs

    * refactor(Messages.tsx): convert to TS, out-source scrollToDiv logic to a custom hook
    fix(ScreenshotContext.tsx): change Ref to RefObject in ScreenshotContextType
    feat(useScrollToRef.ts): add useScrollToRef hook for scrolling to a ref with throttle
    fix(Chat.tsx): update import path for Messages component
    fix(Search.tsx): update import path for Messages component

    * chore(types.ts): add TAskProps and TOptions types
    refactor(useMessageHandler.ts): use TAskFunction type for ask function signature

    * refactor(Message/Content): convert to TS, move Plugin component to Content dir

    * feat(MessageContent.tsx): add MessageContent component for displaying and editing message content
    feat(index.ts): export MessageContent component from Messages/Content directory

    * wip(Message.jsx): conversion and use of new component in progress

    * refactor: convert Message.jsx to TS and fix typing/imports based on changes

    * refactor: add typed props and refactor MultiMessage to TS, fix typing issues resulting from the conversion

    * edit message in progress

    * feat: complete edit AI message logic, refactor continue logic

    * feat(middleware): add validateMessageReq middleware
    feat(routes): add validation for message requests using validateMessageReq middleware
    feat(routes): add create, read, update, and delete routes for messages

    * feat: complete frontend logic for editing messages in place
    feat(messages.js): update route for updating a specific message
    - Change the route for updating a message to include the messageId in the URL
    - Update the request handler to use the messageId from the request parameters and the text from the request body
    - Call the updateMessage function with the updated parameters

    feat(MessageContent.tsx): add functionality to update a message
    - Import the useUpdateMessageMutation hook from the data provider
    - Destructure the conversationId, parentMessageId, and messageId from the message object
    - Create a mutation function using the useUpdateMessageMutation hook
    - Implement the updateMessage function to call the mutation function with the updated message parameters
    - Update the messages state to reflect the updated message text

    feat(api-endpoints.ts): update messages endpoint to include messageId
    - Update the messages endpoint to include the messageId as an optional parameter

    feat(data-service.ts): add updateMessage function
    - Implement the updateMessage function to make a PUT request to

    * fix(messages.js): make updateMessage function asynchronous and await its execution

    * style(EditIcon): make icon active for AI message

    * feat(gptPlugins/anthropic): add edit support

    * fix(validateMessageReq.js): handle case when conversationId is 'new' and return empty array
    feat(Message.tsx): pass message prop to SiblingSwitch component
    refactor(SiblingSwitch.tsx): convert to TS

    * fix(useMessageHandler.ts): remove message from currentMessages if isContinued is true
    feat(useMessageHandler.ts): add support for submission messages in setMessages
    fix(useServerStream.ts): remove unnecessary conditional in setMessages
    fix(useServerStream.ts): remove isContinued variable from submission

    * fix(continue): switch to continued message generation when continuing an earlier branch in conversation

    * fix(abortMiddleware.js): fix condition to check partialText length
    chore(abortMiddleware.js): add error logging when abortMessage fails

    * refactor(MessageHeader.tsx): convert to TS
    fix(Plugin.tsx): add default value for className prop in Plugin component

    * refactor(MultiMessage.tsx): remove commented out code
    docs(MultiMessage.tsx): update comment to clarify when siblingIdx is reset

    * fix(GenerationButtons): optimistic state for continue button

    * fix(MessageContent.tsx): add data-testid attribute to message text editor
    fix(messages.spec.ts): update waitForServerStream function to include edit endpoint check
    feat(messages.spec.ts): add test case for editing messages

    * fix(HoverButtons & Message & useGenerations): Refactor edit functionality and related conditions

    - Update enterEdit function signature and prop
    - Create and utilize hideEditButton variable
    - Enhance conditions for edit button visibility and active state
    - Update button event handlers
    - Introduce isEditableEndpoint in useGenerations and refine continueSupported condition.

    * fix(useGenerations.ts): fix condition for hideEditButton to include error and searchResult
    chore(data-provider): bump version to 0.1.6
    fix(types.ts): add status property to TError type

    * chore: bump @dqbd/tiktoken to 1.0.7

    * fix(abortMiddleware.js): add required isCreatedByUser property to the error response object

    * refactor(Message.tsx): remove unnecessary props from SiblingSwitch component, as setLatestMessage is firing on every switch already
    refactor(SiblingSwitch.tsx): remove unused imports and code

    * chore(BaseClient.js): move console.debug statements back inside if block

commit db77163f5d1e98a13dc8d05ee1907001840030c6
Author: Marco Beretta <[email protected]>
Date:   Tue Aug 22 14:15:14 2023 +0200

    docs: update chimeragpt (#826)

    * Update free_ai_apis.md

    * Update free_ai_apis.md

commit 4a4e803df3118effc2fb73b3d71766ac565c1e97
Author: Marco Beretta <[email protected]>
Date:   Mon Aug 21 20:15:18 2023 +0200

    style(Dialog): Improved Close Button ("X") position (#824)

commit 909b00c7521277e49e4cf7319cd237c27250bd28
Author: Daniel Avila <[email protected]>
Date:   Sun Aug 20 21:04:36 2023 -0400

    fix(HoverButtons): light/dark styling to match official site

commit 61dcb4d3073a74bc45020d4888d2120173b4eb22
Author: Naosuke Yokoe <[email protected]>
Date:   Sat Aug 19 20:11:31 2023 +0900

    feat: Azure Cognitive Search Plugin (#815)

    * feat(AzureCognitiveSearchPlugin)

    * feat(tools/AzureCognitiveSearch.js): Add a new plugin (not structured
      version)
    * feat(tools/structured/AzureCognitiveSearch.js): Add a new plugin (structured version)
    * feat(tools/manifest.json, tools/index.js, tools/util/handleTools.js):
      Add configurations for the plugin
    * feat(api/package.json, package-lock.json): Installed a new package for the
      plugin (@azure/search-documents)
    * feat(.env.example): Add new environment variables for the plugin

    Here is the link to the corresponding discussion page:
    https://github.com/danny-avila/LibreChat/discussions/567

    * docs(AzureCognitiveSearchPlugin)

    * docs(features/plugins/azure_cognitive_search.md): Add a new document
      for the plugin

    * (fix:.env.example)

    * reverted extra whitespaces removed by the editor

    * docs(mkdocs.yml)

    * Add the Azure Cognitive Search Plugin's documentation item to
    mkdocs.yml.

commit 3c7f67fa7674549ff877105f4bd5b532f17fef06
Author: Danny Avila <[email protected]>
Date:   Fri Aug 18 12:40:33 2023 -0400

    fix(abortMiddleware): handle early abort error where userMessage.conversationId is undefined. In this case, the userId will be used as the abortKey

commit c74c68a135064b9cb79d9666e535a1b862a8de4f
Author: Danny Avila <[email protected]>
Date:   Fri Aug 18 12:10:30 2023 -0400

    refactor(MessageHandler -> useServerStream): convert all relating files to TS and correct typings based on this change: properly refactor MessageHandler to a custom hook, where it's passed a submission object to instantiate the stream. This is the bare minimum groundwork for potentially having multiple streams running, which would be a big project to modularize a lot of the global state into maps/multiple streams, particular useful for having multiple views in place

commit 8b4d3c2c2170e91258176a2cdedc977b690395a5
Author: Danny Avila <[email protected]>
Date:   Fri Aug 18 12:04:29 2023 -0400

    refactor(routes): convert to TS

commit d612cfcb45f74da51ed4342264e35d42b77b7e8e
Author: Danny Avila <[email protected]>
Date:   Fri Aug 18 12:02:39 2023 -0400

    chore(Auth): reorder exports in Auth component
    fix(PluginAuthForm): handle case when pluginKey is null or undefined
    fix(PluginStoreDialog): handle case when getAvailablePluginFromKey is null or undefined
    fix(AuthContext): make authConfig optional in AuthContextProvider
    feat(hooks): add useServerStream hook
    fix(conversation): setSubmission to null instead of empty object
    fix(preset): specify type for presets atom
    fix(search): specify type for isSearchEnabled atom
    fix(submission): specify type for submission atom

commit c40b95f424ad7110aef13b10725a3e2a900cf42e
Author: Marco Beretta <[email protected]>
Date:   Fri Aug 18 16:11:00 2023 +0200

    feat: Disable Registration with social login (#813)

    * Google, Github and Discord

    * update .env.example with ALLOW_SOCIAL_REGISTRATION

    * fix some conflict

    * refactor strategy

    * Update user_auth_system.md

    * Update user_auth_system.md

commit 46ed5aaccd26d657e16c0e318d54c55821ec0016
Author: Patrick <[email protected]>
Date:   Fri Aug 18 09:38:24 2023 -0400

    Show the response scores from Bing. (#814)

commit 1dacfa49f06e2ca00e3765ede5c7db050fa34353
Author: Marco Beretta <[email protected]>
Date:   Thu Aug 17 20:32:31 2023 +0200

    update profile picture (#792)

commit afd43afb60b230a00ce5a5effab900130252f5cb
Author: Danny Avila <[email protected]>
Date:   Thu Aug 17 12:50:05 2023 -0400

    feat(GPT/Anthropic): Continue Regenerating & Generation Buttons (#808)

    * feat(useMessageHandler.js/ts): Refactor and add features to handle user messages, support multiple endpoints/models, generate placeholder responses, regeneration, and stopGeneration function

    fix(conversation.ts, buildTree.ts): Import TMessage type, handle null parentMessageId

    feat(schemas.ts): Update and add schemas for various AI services, add default values, optional fields, and endpoint-to-schema mapping, create parseConvo function

    chore(useMessageHandler.js, schemas.ts): Remove unused imports, variables, and chatGPT enum

    * wip: add generation buttons

    * refactor(cleanupPreset.ts): simplify cleanupPreset function
    refactor(getDefaultConversation.js): remove unused code and simplify getDefaultConversation function

    feat(utils): add getDefaultConversation function

    This commit adds a new utility function called `getDefaultConversation` to the `client/src/utils/getDefaultConversation.ts` file. This function is responsible for generating a default conversation object based on the provided parameters.

    The `getDefaultConversation` function takes in an object with the following properties:
    - `conversation`: The conversation object to be used as a base.
    - `endpointsConfig`: The configuration object containing information about the available endpoints.
    - `preset`: An optional preset object that can be used to override the default behavior.

    The function first tries to determine the target endpoint based on the preset object. If a valid endpoint is found, it is used as the target endpoint. If not, the function tries to retrieve the last conversation setup from the local storage and uses its endpoint if it is valid. If neither the preset nor the local storage contains a valid endpoint, the function falls back to a default endpoint.

    Once the target endpoint is determined,

    * fix(utils): remove console.error statement in buildDefaultConversation function
    fix(schemas): add default values for catch blocks in openAISchema, googleSchema, bingAISchema, anthropicSchema, chatGPTBrowserSchema, and gptPluginsSchema

    * fix: endpoint not changing on change of preset from other endpoint, wip: refactor

    * refactor: preset items to TSX

    * refactor: convert resetConvo to TS

    * refactor(getDefaultConversation.ts): move defaultEndpoints array to the top of the file for better readability
    refactor(getDefaultConversation.ts): extract getDefaultEndpoint function for better code organization and reusability

    * feat(svg): add ContinueIcon component
    feat(svg): add RegenerateIcon component
    feat(svg): add ContinueIcon and RegenerateIcon components to index.ts

    * feat(Button.tsx): add onClick and className props to Button component
    feat(GenerationButtons.tsx): add logic to display Regenerate or StopGenerating button based on isSubmitting and messages
    feat(Regenerate.tsx): create Regenerate component with RegenerateIcon and handleRegenerate function
    feat(StopGenerating.tsx): create StopGenerating component with StopGeneratingIcon and handleStopGenerating function

    * fix(TextChat.jsx): reorder imports and variables for better readability
    fix(TextChat.jsx): fix typo in condition for isNotAppendable variable
    fix(TextChat.jsx): remove unused handleStopGenerating function
    fix(ContinueIcon.tsx): remove unnecessary closing tags for polygon elements
    fix(useMessageHandler.ts): add missing type annotations for handleStopGenerating and handleRegenerate functions
    fix(useMessageHandler.ts): remove unused variables in return statement

    * fix(getDefaultConversation.ts): refactor code to use getLocalStorageItems function
    feat(getLocalStorageItems.ts): add utility function to retrieve items from local storage

    * fix(OpenAIClient.js): add support for streaming result in sendCompletion method
    feat(OpenAIClient.js): add finish_reason metadata to opts in sendCompletion method
    feat(Message.js): add finish_reason field to Message model
    feat(messageSchema.js): add finish_reason field to messageSchema
    feat(openAI.js): parse chatGptLabel and promptPrefix from req.body and pass rest of the modelOptions to endpointOption
    feat(openAI.js): add addMetadata function to store metadata in ask function
    feat(openAI.js): add metadata to response if available
    feat(schemas.ts): add finish_reason field to tMessageSchema

    * feat(types.ts): add TOnClick and TGenButtonProps types for button components
    feat(Continue.tsx): create Continue component for generating button
    feat(GenerationButtons.tsx): update GenerationButtons component to use Continue component
    feat(Regenerate.tsx): create Regenerate component for regenerating button
    feat(Stop.tsx): create Stop component for stop generating button

    * feat(MessageHandler.jsx): add MessageHandler component to handle messages and conversations
    fix(Root.jsx): fix import paths for Nav and MessageHandler components

    * feat(useMessageHandler.ts): add support for generation parameter in ask function
    feat(useMessageHandler.ts): add support for isEdited parameter in ask function
    feat(useMessageHandler.ts): add support for continueGeneration function
    fix(createPayload.ts): replace endpoint URL when isEdited parameter is true

    * chore(client): set skipLibCheck to true in tsconfig.json

    * fix(useMessageHandler.ts): remove unused clientId variable
    fix(schemas.ts): make clientId field in tMessageSchema nullable and optional

    * wip: edit route for continue generation

    * refactor(api): move handlers to root of routes dir

    * fix(useMessageHandler.ts): initialize currentMessages to an empty array if messages is null
    fix(useMessageHandler.ts): update initialResponse text to use responseText variable
    fix(useMessageHandler.ts): update setMessages logic for isRegenerate case
    fix(MessageHandler.jsx): update setMessages logic for cancelHandler, createdHandler, and finalHandler

    * fix(schemas.ts): make createdAt and updatedAt fields optional and set default values using new Date().toISOString()
    fix(schemas.ts): change type annotation of TMessage from infer to input

    * refactor(useMessageHandler.ts): rename AskProps type to TAskProps
    refactor(useMessageHandler.ts): remove generation property from ask function arguments
    refactor(useMessageHandler.ts): use nullish coalescing operator (??) instead of logical OR (||)
    refactor(useMessageHandler.ts): pass the responseMessageId to message prop of submission

    * fix(BaseClient.js): use nullish coalescing operator (??) instead of logical OR (||) for default values

    * fix(BaseClient.js): fix responseMessageId assignment in handleStartMethods method
    feat(BaseClient.js): add support for isEdited flag in sendMessage method
    feat(BaseClient.js): add generation to responseMessage text in sendMessage method

    * fix(openAI.js): remove unused imports and commented out code
    feat(openAI.js): add support for generation parameter in request body
    fix(openAI.js): remove console.log statement
    fix(openAI.js): remove unused variables and parameters
    fix(openAI.js): update response text in case of error
    fix(openAI.js): handle error and abort message in case of error
    fix(handlers.js): add generation parameter to createOnProgress function
    fix(useMessageHandler.ts): update responseText variable to use generation parameter

    * refactor(api/middleware): move inside server dir

    * refactor: add endpoint specific, modular functions to build options and initialize clients, create server/utils, move middleware, separate utils into api general utils and server specific utils

    * fix(abortMiddleware.js): import getConvo and getConvoTitle functions from models
    feat(abortMiddleware.js): add abortAsk function to abortController to handle aborting of requests
    fix(openAI.js): import buildOptions and initializeClient functions from endpoints/openAI
    refactor(openAI.js): use getAbortData function to get data for abortAsk function

    * refactor: move endpoint specific logic to an endpoints dir

    * refactor(PluginService.js): fix import path for encrypt and decrypt functions in PluginService.js

    * feat(openAI): add new endpoint for adding a title to a conversation

    - Added a new file `addTitle.js` in the `api/server/routes/endpoints/openAI` directory.
    - The `addTitle.js` file exports a function `addTitle` that takes in request parameters and performs the following actions:
      - If the `parentMessageId` is `'00000000-0000-0000-0000-000000000000'` and `newConvo` is true, it proceeds with the following steps:
        - Calls the `titleConvo` function from the `titleConvo` module, passing in the necessary parameters.
        - Calls the `saveConvo` function from the `saveConvo` module, passing in the user ID and conversation details.
    - Updated the `index.js` file in the `api/server/routes/endpoints/openAI` directory to export the `addTitle` function.
    - This change adds

    * fix(abortMiddleware.js): remove console.log statement
    refactor(gptPlugins.js): update imports and function parameters
    feat(gptPlugins.js): add support for abortController and getAbortData
    refactor(openAI.js): update imports and function parameters
    feat(openAI.js): add support for abortController and getAbortData

    fix(openAI.js): refactor code to use modularized functions and middleware
    fix(buildOptions.js): refactor code to use destructuring and update variable names

    * refactor(askChatGPTBrowser.js, bingAI.js, google.js): remove duplicate code for setting response headers
    feat(askChatGPTBrowser.js, bingAI.js, google.js): add setHeaders middleware to set response headers

    * feat(middleware): validateEndpoint, refactor buildOption to only be concerned of endpointOption

    * fix(abortMiddleware.js): add 'finish_reason' property with value 'incomplete' to responseMessage object
    fix(abortMessage.js): remove console.log statement for aborted message
    fix(handlers.js): modify tokens assignment to handle empty generation string and trailing space

    * fix(BaseClient.js): import addSpaceIfNeeded function from server/utils
    fix(BaseClient.js): add space before generation in text property
    fix(index.js): remove getCitations and citeText exports
    feat(buildEndpointOption.js): add buildEndpointOption middleware
    fix(index.js): import buildEndpointOption middleware
    fix(anthropic.js): remove buildOptions function and use endpointOption from req.body
    fix(gptPlugins.js): remove buildOptions function and use endpointOption from req.body
    fix(openAI.js): remove buildOptions function and use endpointOption from req.body

    feat(utils): add citations.js and handleText.js modules
    fix(utils): fix import statements in index.js module

    * refactor(gptPlugins.js): use getResponseSender function from librechat-data-provider

    * feat(gptPlugins): complete 'continue generating'

    * wip: anthropic continue regen

    * feat(middleware): add validateRegistration middleware

    A new middleware function called `validateRegistration` has been added to the list of exported middleware functions in `index.js`. This middleware is responsible for validating registration data before allowing the registration process to proceed.

    * feat(Anthropic): complete continue regen

    * chore: add librechat-data-provider to api/package.json

    * fix(ci): backend-review will mock meilisearch, also installs data-provider as now needed

    * chore(ci): remove unneeded SEARCH env var

    * style(GenerationButtons): make text shorter for sake of space economy, even though this diverges from chat.openai.com

    * style(GenerationButtons/ScrollToBottom): adjust visibility/position based on screen size

    * chore(client): 'Editting' typo

    * feat(GenerationButtons.tsx): add support for endpoint prop in GenerationButtons component
    feat(OptionsBar.tsx): pass endpoint prop to GenerationButtons component
    feat(useGenerations.ts): create useGenerations hook to handle generation logic
    fix(schemas.ts): add searchResult field to tMessageSchema

    * refactor(HoverButtons): convert to TSX and utilize new useGenerations hook

    * fix(abortMiddleware): handle error with res headers set, or abortController not found, to ensure proper API error is sent to the client, chore(BaseClient): remove console log for onStart message meant for debugging

    * refactor(api): remove librechat-data-provider dep for now as it complicates deployed docker build stage, re-use code in CJS, located in server/endpoints/schemas

    * chore: remove console.l…
cnkang pushed a commit to cnkang/LibreChat that referenced this pull request Feb 6, 2024
* feat(api): refresh token logic

* feat(client): refresh token logic

* feat(data-provider): refresh token logic

* fix: SSE uses esm

* chore: add default refresh token expiry to AuthService, add message about env var not set when generating a token

* chore: update scripts to more compatible bun methods, ran bun install again

* chore: update env.example and playwright workflow with JWT_REFRESH_SECRET

* chore: update breaking changes docs

* chore: add timeout to url visit

* chore: add default SESSION_EXPIRY in generateToken logic, add act script for testing github actions

* fix(e2e): refresh automatically in development environment to pass e2e tests
jinzishuai pushed a commit to aitok-ai/LibreChat that referenced this pull request May 20, 2024
* feat(api): refresh token logic

* feat(client): refresh token logic

* feat(data-provider): refresh token logic

* fix: SSE uses esm

* chore: add default refresh token expiry to AuthService, add message about env var not set when generating a token

* chore: update scripts to more compatible bun methods, ran bun install again

* chore: update env.example and playwright workflow with JWT_REFRESH_SECRET

* chore: update breaking changes docs

* chore: add timeout to url visit

* chore: add default SESSION_EXPIRY in generateToken logic, add act script for testing github actions

* fix(e2e): refresh automatically in development environment to pass e2e tests
BertKiv pushed a commit to BertKiv/LibreChat that referenced this pull request Dec 10, 2024
* feat(api): refresh token logic

* feat(client): refresh token logic

* feat(data-provider): refresh token logic

* fix: SSE uses esm

* chore: add default refresh token expiry to AuthService, add message about env var not set when generating a token

* chore: update scripts to more compatible bun methods, ran bun install again

* chore: update env.example and playwright workflow with JWT_REFRESH_SECRET

* chore: update breaking changes docs

* chore: add timeout to url visit

* chore: add default SESSION_EXPIRY in generateToken logic, add act script for testing github actions

* fix(e2e): refresh automatically in development environment to pass e2e tests
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant