librechat-data-provider 0.8.301 → 0.8.400

package/src/config.spec.ts

@@ -0,0 +1,315 @@
+import type { TEndpointsConfig } from './types';
+import { EModelEndpoint, isDocumentSupportedProvider } from './schemas';
+import { getEndpointFileConfig, mergeFileConfig } from './file-config';
+import { resolveEndpointType } from './config';
+
+const endpointsConfig: TEndpointsConfig = {
+  [EModelEndpoint.openAI]: { userProvide: false, order: 0 },
+  [EModelEndpoint.agents]: { userProvide: false, order: 1 },
+  [EModelEndpoint.anthropic]: { userProvide: false, order: 6 },
+  [EModelEndpoint.bedrock]: { userProvide: false, order: 7 },
+  Moonshot: { type: EModelEndpoint.custom, userProvide: false, order: 9999 },
+  'Some Endpoint': { type: EModelEndpoint.custom, userProvide: false, order: 9999 },
+  Gemini: { type: EModelEndpoint.custom, userProvide: false, order: 9999 },
+};
+
+describe('resolveEndpointType', () => {
+  describe('non-agents endpoints', () => {
+    it('returns the config type for a custom endpoint', () => {
+      expect(resolveEndpointType(endpointsConfig, 'Moonshot')).toBe(EModelEndpoint.custom);
+    });
+
+    it('returns the config type for a custom endpoint with spaces', () => {
+      expect(resolveEndpointType(endpointsConfig, 'Some Endpoint')).toBe(EModelEndpoint.custom);
+    });
+
+    it('returns the endpoint itself for a standard endpoint without a type field', () => {
+      expect(resolveEndpointType(endpointsConfig, EModelEndpoint.openAI)).toBe(
+        EModelEndpoint.openAI,
+      );
+    });
+
+    it('returns the endpoint itself for anthropic', () => {
+      expect(resolveEndpointType(endpointsConfig, EModelEndpoint.anthropic)).toBe(
+        EModelEndpoint.anthropic,
+      );
+    });
+
+    it('ignores agentProvider when endpoint is not agents', () => {
+      expect(resolveEndpointType(endpointsConfig, EModelEndpoint.openAI, 'Moonshot')).toBe(
+        EModelEndpoint.openAI,
+      );
+    });
+  });
+
+  describe('agents endpoint with provider', () => {
+    it('resolves to custom for a custom agent provider', () => {
+      expect(resolveEndpointType(endpointsConfig, EModelEndpoint.agents, 'Moonshot')).toBe(
+        EModelEndpoint.custom,
+      );
+    });
+
+    it('resolves to custom for a custom agent provider with spaces', () => {
+      expect(resolveEndpointType(endpointsConfig, EModelEndpoint.agents, 'Some Endpoint')).toBe(
+        EModelEndpoint.custom,
+      );
+    });
+
+    it('returns the provider itself for a standard agent provider (no type field)', () => {
+      expect(
+        resolveEndpointType(endpointsConfig, EModelEndpoint.agents, EModelEndpoint.openAI),
+      ).toBe(EModelEndpoint.openAI);
+    });
+
+    it('returns bedrock for a bedrock agent provider', () => {
+      expect(
+        resolveEndpointType(endpointsConfig, EModelEndpoint.agents, EModelEndpoint.bedrock),
+      ).toBe(EModelEndpoint.bedrock);
+    });
+
+    it('returns the provider name when provider is not in endpointsConfig', () => {
+      expect(resolveEndpointType(endpointsConfig, EModelEndpoint.agents, 'UnknownProvider')).toBe(
+        'UnknownProvider',
+      );
+    });
+  });
+
+  describe('agents endpoint without provider', () => {
+    it('falls back to agents when no provider', () => {
+      expect(resolveEndpointType(endpointsConfig, EModelEndpoint.agents)).toBe(
+        EModelEndpoint.agents,
+      );
+    });
+
+    it('falls back to agents when provider is null', () => {
+      expect(resolveEndpointType(endpointsConfig, EModelEndpoint.agents, null)).toBe(
+        EModelEndpoint.agents,
+      );
+    });
+
+    it('falls back to agents when provider is undefined', () => {
+      expect(resolveEndpointType(endpointsConfig, EModelEndpoint.agents, undefined)).toBe(
+        EModelEndpoint.agents,
+      );
+    });
+  });
+
+  describe('edge cases', () => {
+    it('returns undefined for null endpoint', () => {
+      expect(resolveEndpointType(endpointsConfig, null)).toBeUndefined();
+    });
+
+    it('returns undefined for undefined endpoint', () => {
+      expect(resolveEndpointType(endpointsConfig, undefined)).toBeUndefined();
+    });
+
+    it('handles null endpointsConfig', () => {
+      expect(resolveEndpointType(null, EModelEndpoint.agents, 'Moonshot')).toBe('Moonshot');
+    });
+
+    it('handles undefined endpointsConfig', () => {
+      expect(resolveEndpointType(undefined, 'Moonshot')).toBe('Moonshot');
+    });
+  });
+});
+
+describe('resolveEndpointType + getEndpointFileConfig integration', () => {
+  const fileConfig = mergeFileConfig({
+    endpoints: {
+      Moonshot: { fileLimit: 5 },
+      [EModelEndpoint.agents]: { fileLimit: 20 },
+      default: { fileLimit: 10 },
+    },
+  });
+
+  it('agent with Moonshot provider uses Moonshot-specific config', () => {
+    const endpointType = resolveEndpointType(endpointsConfig, EModelEndpoint.agents, 'Moonshot');
+    const config = getEndpointFileConfig({
+      fileConfig,
+      endpointType,
+      endpoint: 'Moonshot',
+    });
+    expect(config.fileLimit).toBe(5);
+  });
+
+  it('agent with provider not in fileConfig falls back through custom → agents', () => {
+    const endpointType = resolveEndpointType(endpointsConfig, EModelEndpoint.agents, 'Gemini');
+    const config = getEndpointFileConfig({
+      fileConfig,
+      endpointType,
+      endpoint: 'Gemini',
+    });
+    expect(config.fileLimit).toBe(20);
+  });
+
+  it('agent without provider falls back to agents config', () => {
+    const endpointType = resolveEndpointType(endpointsConfig, EModelEndpoint.agents);
+    const config = getEndpointFileConfig({
+      fileConfig,
+      endpointType,
+      endpoint: EModelEndpoint.agents,
+    });
+    expect(config.fileLimit).toBe(20);
+  });
+
+  it('custom fallback is used when present and provider has no specific config', () => {
+    const fileConfigWithCustom = mergeFileConfig({
+      endpoints: {
+        custom: { fileLimit: 15 },
+        [EModelEndpoint.agents]: { fileLimit: 20 },
+        default: { fileLimit: 10 },
+      },
+    });
+    const endpointType = resolveEndpointType(endpointsConfig, EModelEndpoint.agents, 'Gemini');
+    const config = getEndpointFileConfig({
+      fileConfig: fileConfigWithCustom,
+      endpointType,
+      endpoint: 'Gemini',
+    });
+    expect(config.fileLimit).toBe(15);
+  });
+
+  it('non-agents custom endpoint uses its specific config directly', () => {
+    const endpointType = resolveEndpointType(endpointsConfig, 'Moonshot');
+    const config = getEndpointFileConfig({
+      fileConfig,
+      endpointType,
+      endpoint: 'Moonshot',
+    });
+    expect(config.fileLimit).toBe(5);
+  });
+
+  it('non-agents standard endpoint falls back to default when no specific config', () => {
+    const endpointType = resolveEndpointType(endpointsConfig, EModelEndpoint.openAI);
+    const config = getEndpointFileConfig({
+      fileConfig,
+      endpointType,
+      endpoint: EModelEndpoint.openAI,
+    });
+    expect(config.fileLimit).toBe(10);
+  });
+});
+
+describe('resolveEndpointType + isDocumentSupportedProvider (upload menu)', () => {
+  it('agent with custom provider shows "Upload to Provider" (custom is document-supported)', () => {
+    const endpointType = resolveEndpointType(endpointsConfig, EModelEndpoint.agents, 'Moonshot');
+    expect(isDocumentSupportedProvider(endpointType)).toBe(true);
+  });
+
+  it('agent with custom provider with spaces shows "Upload to Provider"', () => {
+    const endpointType = resolveEndpointType(
+      endpointsConfig,
+      EModelEndpoint.agents,
+      'Some Endpoint',
+    );
+    expect(isDocumentSupportedProvider(endpointType)).toBe(true);
+  });
+
+  it('agent without provider falls back to agents (not document-supported)', () => {
+    const endpointType = resolveEndpointType(endpointsConfig, EModelEndpoint.agents);
+    expect(isDocumentSupportedProvider(endpointType)).toBe(false);
+  });
+
+  it('agent with openAI provider is document-supported', () => {
+    const endpointType = resolveEndpointType(
+      endpointsConfig,
+      EModelEndpoint.agents,
+      EModelEndpoint.openAI,
+    );
+    expect(isDocumentSupportedProvider(endpointType)).toBe(true);
+  });
+
+  it('agent with anthropic provider is document-supported', () => {
+    const endpointType = resolveEndpointType(
+      endpointsConfig,
+      EModelEndpoint.agents,
+      EModelEndpoint.anthropic,
+    );
+    expect(isDocumentSupportedProvider(endpointType)).toBe(true);
+  });
+
+  it('agent with bedrock provider is document-supported', () => {
+    const endpointType = resolveEndpointType(
+      endpointsConfig,
+      EModelEndpoint.agents,
+      EModelEndpoint.bedrock,
+    );
+    expect(isDocumentSupportedProvider(endpointType)).toBe(true);
+  });
+
+  it('direct custom endpoint (not agents) is document-supported', () => {
+    const endpointType = resolveEndpointType(endpointsConfig, 'Moonshot');
+    expect(isDocumentSupportedProvider(endpointType)).toBe(true);
+  });
+
+  it('direct standard endpoint is document-supported', () => {
+    const endpointType = resolveEndpointType(endpointsConfig, EModelEndpoint.openAI);
+    expect(isDocumentSupportedProvider(endpointType)).toBe(true);
+  });
+
+  it('agent with unknown provider not in endpointsConfig is not document-supported', () => {
+    const endpointType = resolveEndpointType(
+      endpointsConfig,
+      EModelEndpoint.agents,
+      'UnknownProvider',
+    );
+    expect(isDocumentSupportedProvider(endpointType)).toBe(false);
+  });
+
+  it('same custom endpoint shows same result whether used directly or through agents', () => {
+    const directType = resolveEndpointType(endpointsConfig, 'Moonshot');
+    const agentType = resolveEndpointType(endpointsConfig, EModelEndpoint.agents, 'Moonshot');
+    expect(isDocumentSupportedProvider(directType)).toBe(isDocumentSupportedProvider(agentType));
+  });
+});
+
+describe('any custom endpoint is document-supported regardless of name', () => {
+  const arbitraryNames = [
+    'My LLM Gateway',
+    'company-internal-api',
+    'LiteLLM Proxy',
+    'test_endpoint_123',
+    'AI Studio',
+    'ACME Corp',
+    'localhost:8080',
+  ];
+
+  const configWithArbitraryEndpoints: TEndpointsConfig = {
+    [EModelEndpoint.agents]: { userProvide: false, order: 1 },
+    ...Object.fromEntries(
+      arbitraryNames.map((name) => [
+        name,
+        { type: EModelEndpoint.custom, userProvide: false, order: 9999 },
+      ]),
+    ),
+  };
+
+  it.each(arbitraryNames)('direct custom endpoint "%s" is document-supported', (name) => {
+    const endpointType = resolveEndpointType(configWithArbitraryEndpoints, name);
+    expect(endpointType).toBe(EModelEndpoint.custom);
+    expect(isDocumentSupportedProvider(endpointType)).toBe(true);
+  });
+
+  it.each(arbitraryNames)('agent with custom provider "%s" is document-supported', (name) => {
+    const endpointType = resolveEndpointType(
+      configWithArbitraryEndpoints,
+      EModelEndpoint.agents,
+      name,
+    );
+    expect(endpointType).toBe(EModelEndpoint.custom);
+    expect(isDocumentSupportedProvider(endpointType)).toBe(true);
+  });
+
+  it.each(arbitraryNames)(
+    '"%s" resolves the same whether used directly or through an agent',
+    (name) => {
+      const directType = resolveEndpointType(configWithArbitraryEndpoints, name);
+      const agentType = resolveEndpointType(
+        configWithArbitraryEndpoints,
+        EModelEndpoint.agents,
+        name,
+      );
+      expect(directType).toBe(agentType);
+    },
+  );
+});

package/src/config.ts

@@ -1,7 +1,7 @@
 import { z } from 'zod';
 import type { ZodError } from 'zod';
 import type { TEndpointsConfig, TModelsConfig, TConfig } from './types';
-import { EModelEndpoint, eModelEndpointSchema } from './schemas';
+import { EModelEndpoint, eModelEndpointSchema, isAgentsEndpoint } from './schemas';
 import { specsConfigSchema, TSpecsConfig } from './models';
 import { fileConfigSchema } from './file-config';
 import { apiBaseUrl } from './api-endpoints';
@@ -1101,6 +1101,10 @@ export const alternateName = {
 };
 
 const sharedOpenAIModels = [
+  'gpt-5.4',
+  // TODO: gpt-5.4-thinking may have separate reasoning token pricing — verify before release
+  'gpt-5.4-thinking',
+  'gpt-5.4-pro',
   'gpt-5.1',
   'gpt-5.1-chat-latest',
   'gpt-5.1-codex',
@@ -1276,6 +1280,7 @@ export const visionModels = [
   'o4-mini',
   'o3',
   'o1',
+  'gpt-5',
   'gpt-4.1',
   'gpt-4.5',
   'llava',
@@ -1555,6 +1560,10 @@ export enum ErrorTypes {
    * No Base URL Provided.
    */
   NO_BASE_URL = 'no_base_url',
+  /**
+   * Base URL targets a restricted or invalid address (SSRF protection).
+   */
+  INVALID_BASE_URL = 'invalid_base_url',
   /**
    * Moderation error
    */
@@ -1731,9 +1740,9 @@ export enum TTSProviders {
 /** Enum for app-wide constants */
 export enum Constants {
   /** Key for the app's version. */
-  VERSION = 'v0.8.3-rc2',
+  VERSION = 'v0.8.4-rc1',
   /** Key for the Custom Config's version (librechat.yaml). */
-  CONFIG_VERSION = '1.3.5',
+  CONFIG_VERSION = '1.3.6',
   /** Standard value for the first message's `parentMessageId` value, to indicate no parent exists. */
   NO_PARENT = '00000000-0000-0000-0000-000000000000',
   /** Standard value to use whatever the submission prelim. `responseMessageId` is */
@@ -1921,6 +1930,38 @@ export function getEndpointField<
   return config[property];
 }
 
+/**
+ * Resolves the effective endpoint type:
+ * - Non-agents endpoint: config.type || endpoint
+ * - Agents + provider: config[provider].type || provider
+ * - Agents, no provider: EModelEndpoint.agents
+ *
+ * Returns `undefined` when endpoint is null/undefined.
+ */
+export function resolveEndpointType(
+  endpointsConfig: TEndpointsConfig | undefined | null,
+  endpoint: string | null | undefined,
+  agentProvider?: string | null,
+): EModelEndpoint | string | undefined {
+  if (!endpoint) {
+    return undefined;
+  }
+
+  if (!isAgentsEndpoint(endpoint)) {
+    return getEndpointField(endpointsConfig, endpoint, 'type') || endpoint;
+  }
+
+  if (agentProvider) {
+    const providerType = getEndpointField(endpointsConfig, agentProvider, 'type');
+    if (providerType) {
+      return providerType;
+    }
+    return agentProvider;
+  }
+
+  return EModelEndpoint.agents;
+}
+
 /** Resolves the `defaultParamsEndpoint` for a given endpoint from its custom params config */
 export function getDefaultParamsEndpoint(
   endpointsConfig: TEndpointsConfig | undefined | null,

package/src/data-service.ts

@@ -21,8 +21,8 @@ export function revokeAllUserKeys(): Promise<unknown> {
   return request.delete(endpoints.revokeAllUserKeys());
 }
 
-export function deleteUser(): Promise<s.TPreset> {
-  return request.delete(endpoints.deleteUser());
+export function deleteUser(payload?: t.TDeleteUserRequest): Promise<unknown> {
+  return request.deleteWithOptions(endpoints.deleteUser(), { data: payload });
 }
 
 export type FavoriteItem = {
@@ -970,8 +970,8 @@ export function updateFeedback(
 }
 
 // 2FA
-export function enableTwoFactor(): Promise<t.TEnable2FAResponse> {
-  return request.get(endpoints.enableTwoFactor());
+export function enableTwoFactor(payload?: t.TEnable2FARequest): Promise<t.TEnable2FAResponse> {
+  return request.post(endpoints.enableTwoFactor(), payload);
 }
 
 export function verifyTwoFactor(payload: t.TVerify2FARequest): Promise<t.TVerify2FAResponse> {
@@ -986,8 +986,10 @@ export function disableTwoFactor(payload?: t.TDisable2FARequest): Promise<t.TDis
   return request.post(endpoints.disableTwoFactor(), payload);
 }
 
-export function regenerateBackupCodes(): Promise<t.TRegenerateBackupCodesResponse> {
-  return request.post(endpoints.regenerateBackupCodes());
+export function regenerateBackupCodes(
+  payload?: t.TRegenerateBackupCodesRequest,
+): Promise<t.TRegenerateBackupCodesResponse> {
+  return request.post(endpoints.regenerateBackupCodes(), payload);
 }
 
 export function verifyTwoFactorTemp(

package/src/file-config.spec.ts

@@ -1,15 +1,52 @@
 import type { FileConfig } from './types/files';
 import {
   fileConfig as baseFileConfig,
+  documentParserMimeTypes,
   getEndpointFileConfig,
-  mergeFileConfig,
   applicationMimeTypes,
   defaultOCRMimeTypes,
-  documentParserMimeTypes,
   supportedMimeTypes,
+  mergeFileConfig,
+  inferMimeType,
+  textMimeTypes,
 } from './file-config';
 import { EModelEndpoint } from './schemas';
 
+describe('inferMimeType', () => {
+  it('should normalize text/x-python-script to text/x-python', () => {
+    expect(inferMimeType('test.py', 'text/x-python-script')).toBe('text/x-python');
+  });
+
+  it('should return a type that matches textMimeTypes after normalization', () => {
+    const normalized = inferMimeType('test.py', 'text/x-python-script');
+    expect(textMimeTypes.test(normalized)).toBe(true);
+  });
+
+  it('should pass through standard browser types unchanged', () => {
+    expect(inferMimeType('test.py', 'text/x-python')).toBe('text/x-python');
+    expect(inferMimeType('doc.pdf', 'application/pdf')).toBe('application/pdf');
+  });
+
+  it('should infer from extension when browser type is empty', () => {
+    expect(inferMimeType('test.py', '')).toBe('text/x-python');
+    expect(inferMimeType('code.js', '')).toBe('text/javascript');
+    expect(inferMimeType('photo.heic', '')).toBe('image/heic');
+  });
+
+  it('should return empty string for unknown extension with no browser type', () => {
+    expect(inferMimeType('file.xyz', '')).toBe('');
+  });
+
+  it('should produce a type accepted by checkType after normalizing text/x-python-script', () => {
+    const normalized = inferMimeType('test.py', 'text/x-python-script');
+    expect(baseFileConfig.checkType(normalized)).toBe(true);
+  });
+
+  it('should reject raw text/x-python-script without normalization', () => {
+    expect(baseFileConfig.checkType('text/x-python-script')).toBe(false);
+  });
+});
+
 describe('applicationMimeTypes', () => {
   const odfTypes = [
     'application/vnd.oasis.opendocument.text',

package/src/file-config.ts

@@ -357,15 +357,21 @@ export const imageTypeMapping: { [key: string]: string } = {
   heif: 'image/heif',
 };
 
+/** Normalizes non-standard MIME types that browsers may report to their canonical forms */
+export const mimeTypeAliases: Readonly<Record<string, string>> = {
+  'text/x-python-script': 'text/x-python',
+};
+
 /**
- * Infers the MIME type from a file's extension when the browser doesn't recognize it
- * @param fileName - The name of the file including extension
- * @param currentType - The current MIME type reported by the browser (may be empty)
- * @returns The inferred MIME type if browser didn't provide one, otherwise the original type
+ * Infers the MIME type from a file's extension when the browser doesn't recognize it,
+ * and normalizes known non-standard MIME type aliases to their canonical forms.
+ * @param fileName - The file name including its extension
+ * @param currentType - The MIME type reported by the browser (may be empty string)
+ * @returns The normalized or inferred MIME type; empty string if unresolvable
  */
 export function inferMimeType(fileName: string, currentType: string): string {
   if (currentType) {
-    return currentType;
+    return mimeTypeAliases[currentType] ?? currentType;
   }
 
   const extension = fileName.split('.').pop()?.toLowerCase() ?? '';

package/src/mcp.ts

@@ -223,6 +223,23 @@ const omitServerManagedFields = <T extends z.ZodObject<z.ZodRawShape>>(schema: T
     oauth_headers: true,
   });
 
+const envVarPattern = /\$\{[^}]+\}/;
+const isWsProtocol = (val: string): boolean => /^wss?:/i.test(val);
+const isHttpProtocol = (val: string): boolean => /^https?:/i.test(val);
+
+/**
+ * Builds a URL schema for user input that rejects ${VAR} env variable patterns
+ * and validates protocol constraints without resolving environment variables.
+ */
+const userUrlSchema = (protocolCheck: (val: string) => boolean, message: string) =>
+  z
+    .string()
+    .refine((val) => !envVarPattern.test(val), {
+      message: 'Environment variable references are not allowed in URLs',
+    })
+    .pipe(z.string().url())
+    .refine(protocolCheck, { message });
+
 /**
  * MCP Server configuration that comes from UI/API input only.
  * Omits server-managed fields like startup, timeout, customUserVars, etc.
@@ -232,11 +249,23 @@ const omitServerManagedFields = <T extends z.ZodObject<z.ZodRawShape>>(schema: T
  * Stdio allows arbitrary command execution and should only be configured
  * by administrators via the YAML config file (librechat.yaml).
  * Only remote transports (SSE, HTTP, WebSocket) are allowed via the API.
+ *
+ * SECURITY: URL fields use userUrlSchema instead of the admin schemas'
+ * extractEnvVariable transform to prevent env variable exfiltration
+ * through user-controlled URLs (e.g. http://attacker.com/?k=${JWT_SECRET}).
+ * Protocol checks use positive allowlists (http(s) / ws(s)) to block
+ * file://, ftp://, javascript:, and other non-network schemes.
  */
 export const MCPServerUserInputSchema = z.union([
-  omitServerManagedFields(WebSocketOptionsSchema),
-  omitServerManagedFields(SSEOptionsSchema),
-  omitServerManagedFields(StreamableHTTPOptionsSchema),
+  omitServerManagedFields(WebSocketOptionsSchema).extend({
+    url: userUrlSchema(isWsProtocol, 'WebSocket URL must use ws:// or wss://'),
+  }),
+  omitServerManagedFields(SSEOptionsSchema).extend({
+    url: userUrlSchema(isHttpProtocol, 'SSE URL must use http:// or https://'),
+  }),
+  omitServerManagedFields(StreamableHTTPOptionsSchema).extend({
+    url: userUrlSchema(isHttpProtocol, 'Streamable HTTP URL must use http:// or https://'),
+  }),
 ]);
 
 export type MCPServerUserInput = z.infer<typeof MCPServerUserInputSchema>;

package/src/request.ts

@@ -141,7 +141,7 @@ if (typeof window !== 'undefined') {
             return await axios(originalRequest);
           } else {
             processQueue(error, null);
-            window.location.href = endpoints.buildLoginRedirectUrl();
+            window.location.href = endpoints.apiBaseUrl() + endpoints.buildLoginRedirectUrl();
           }
         } catch (err) {
           processQueue(err as AxiosError, null);

package/src/types.ts

@@ -425,28 +425,29 @@ export type TLoginResponse = {
   tempToken?: string;
 };
 
+/** Shared payload for any operation that requires OTP or backup-code verification. */
+export type TOTPVerificationPayload = {
+  token?: string;
+  backupCode?: string;
+};
+
+export type TEnable2FARequest = TOTPVerificationPayload;
+
 export type TEnable2FAResponse = {
   otpauthUrl: string;
   backupCodes: string[];
   message?: string;
 };
 
-export type TVerify2FARequest = {
-  token?: string;
-  backupCode?: string;
-};
+export type TVerify2FARequest = TOTPVerificationPayload;
 
 export type TVerify2FAResponse = {
   message: string;
 };
 
-/**
- * For verifying 2FA during login with a temporary token.
- */
-export type TVerify2FATempRequest = {
+/** For verifying 2FA during login with a temporary token. */
+export type TVerify2FATempRequest = TOTPVerificationPayload & {
   tempToken: string;
-  token?: string;
-  backupCode?: string;
 };
 
 export type TVerify2FATempResponse = {
@@ -455,30 +456,22 @@ export type TVerify2FATempResponse = {
   message?: string;
 };
 
-/**
- * Request for disabling 2FA.
- */
-export type TDisable2FARequest = {
-  token?: string;
-  backupCode?: string;
-};
+export type TDisable2FARequest = TOTPVerificationPayload;
 
-/**
- * Response from disabling 2FA.
- */
 export type TDisable2FAResponse = {
   message: string;
 };
 
-/**
- * Response from regenerating backup codes.
- */
+export type TRegenerateBackupCodesRequest = TOTPVerificationPayload;
+
 export type TRegenerateBackupCodesResponse = {
-  message: string;
+  message?: string;
   backupCodes: string[];
-  backupCodesHash: string[];
+  backupCodesHash: TBackupCode[];
 };
 
+export type TDeleteUserRequest = TOTPVerificationPayload;
+
 export type TRequestPasswordReset = {
   email: string;
 };