librechat-data-provider 0.8.402 → 0.8.403

package/specs/request-interceptor.spec.ts

@@ -1,304 +0,0 @@
-/**
- * @jest-environment @happy-dom/jest-environment
- */
-import axios from 'axios';
-import { setTokenHeader } from '../src/headers-helpers';
-
-/**
- * The response interceptor in request.ts registers at import time when
- * `typeof window !== 'undefined'` (happy-dom provides window).
- *
- * We use axios's built-in request adapter mock to avoid real HTTP calls,
- * and verify the interceptor's behavior by observing whether a 401 triggers
- * a refresh POST or is immediately rejected.
- *
- * happy-dom is used instead of jsdom because it allows overriding
- * window.location via Object.defineProperty, which jsdom 26+ blocks.
- */
-
-const mockAdapter = jest.fn();
-let originalAdapter: typeof axios.defaults.adapter;
-let savedLocation: Location;
-
-beforeAll(async () => {
-  originalAdapter = axios.defaults.adapter;
-  axios.defaults.adapter = mockAdapter;
-
-  await import('../src/request');
-});
-
-beforeEach(() => {
-  mockAdapter.mockReset();
-  savedLocation = window.location;
-});
-
-afterAll(() => {
-  axios.defaults.adapter = originalAdapter;
-});
-
-afterEach(() => {
-  delete axios.defaults.headers.common['Authorization'];
-  Object.defineProperty(window, 'location', {
-    value: savedLocation,
-    writable: true,
-    configurable: true,
-  });
-});
-
-function setWindowLocation(overrides: Partial<Location>) {
-  Object.defineProperty(window, 'location', {
-    value: { ...window.location, ...overrides },
-    writable: true,
-    configurable: true,
-  });
-}
-
-describe('axios 401 interceptor — Authorization header guard', () => {
-  it('skips refresh and rejects when Authorization header is cleared', async () => {
-    expect.assertions(1);
-    setTokenHeader(undefined);
-
-    mockAdapter.mockRejectedValueOnce({
-      response: { status: 401 },
-      config: { url: '/api/messages', headers: {} },
-    });
-
-    try {
-      await axios.get('/api/messages');
-    } catch {
-      // expected rejection
-    }
-
-    expect(mockAdapter).toHaveBeenCalledTimes(1);
-  });
-
-  it('attempts refresh on shared link page even without Authorization header', async () => {
-    expect.assertions(2);
-    setTokenHeader(undefined);
-
-    setWindowLocation({
-      href: 'http://localhost/share/abc123',
-      pathname: '/share/abc123',
-      search: '',
-      hash: '',
-    } as Partial<Location>);
-
-    mockAdapter.mockRejectedValueOnce({
-      response: { status: 401 },
-      config: { url: '/api/share/abc123', headers: {} },
-    });
-
-    mockAdapter.mockResolvedValueOnce({
-      data: { token: 'new-token' },
-      status: 200,
-      headers: {},
-      config: {},
-    });
-
-    mockAdapter.mockResolvedValueOnce({
-      data: { sharedLink: {} },
-      status: 200,
-      headers: {},
-      config: {},
-    });
-
-    try {
-      await axios.get('/api/share/abc123');
-    } catch {
-      // may reject depending on exact flow
-    }
-
-    expect(mockAdapter.mock.calls.length).toBe(3);
-
-    const refreshCall = mockAdapter.mock.calls[1];
-    expect(refreshCall[0].url).toContain('api/auth/refresh');
-  });
-
-  it('does not bypass guard when share/ appears only in query params', async () => {
-    expect.assertions(1);
-    setTokenHeader(undefined);
-
-    setWindowLocation({
-      href: 'http://localhost/c/chat?ref=share/token',
-      pathname: '/c/chat',
-      search: '?ref=share/token',
-      hash: '',
-    } as Partial<Location>);
-
-    mockAdapter.mockRejectedValueOnce({
-      response: { status: 401 },
-      config: { url: '/api/messages', headers: {} },
-    });
-
-    try {
-      await axios.get('/api/messages');
-    } catch {
-      // expected rejection
-    }
-
-    expect(mockAdapter).toHaveBeenCalledTimes(1);
-  });
-
-  it('redirects to login with redirect_to when unauthenticated on share page and refresh fails', async () => {
-    expect.assertions(1);
-    setTokenHeader(undefined);
-
-    setWindowLocation({
-      href: 'http://localhost/share/abc123',
-      pathname: '/share/abc123',
-      search: '',
-      hash: '',
-    } as Partial<Location>);
-
-    mockAdapter.mockRejectedValueOnce({
-      response: { status: 401 },
-      config: { url: '/api/share/abc123', headers: {} },
-    });
-
-    mockAdapter.mockResolvedValueOnce({
-      data: { token: '' },
-      status: 200,
-      headers: {},
-      config: {},
-    });
-
-    try {
-      await axios.get('/api/share/abc123');
-    } catch {
-      // expected rejection
-    }
-
-    expect(window.location.href).toBe('/login?redirect_to=%2Fshare%2Fabc123');
-  });
-
-  it('redirects to login with redirect_to when authenticated and refresh returns no token on share page', async () => {
-    expect.assertions(1);
-    setTokenHeader('some-token');
-
-    setWindowLocation({
-      href: 'http://localhost/share/abc123',
-      pathname: '/share/abc123',
-      search: '',
-      hash: '',
-    } as Partial<Location>);
-
-    mockAdapter.mockRejectedValueOnce({
-      response: { status: 401 },
-      config: { url: '/api/share/abc123', headers: {} },
-    });
-
-    mockAdapter.mockResolvedValueOnce({
-      data: { token: '' },
-      status: 200,
-      headers: {},
-      config: {},
-    });
-
-    try {
-      await axios.get('/api/share/abc123');
-    } catch {
-      // expected rejection
-    }
-
-    expect(window.location.href).toBe('/login?redirect_to=%2Fshare%2Fabc123');
-  });
-
-  it('redirects to login with redirect_to when refresh returns no token on regular page', async () => {
-    expect.assertions(1);
-    setTokenHeader('some-token');
-
-    setWindowLocation({
-      href: 'http://localhost/c/some-conversation',
-      pathname: '/c/some-conversation',
-      search: '',
-      hash: '',
-    } as Partial<Location>);
-
-    mockAdapter.mockRejectedValueOnce({
-      response: { status: 401 },
-      config: { url: '/api/messages', headers: {} },
-    });
-
-    mockAdapter.mockResolvedValueOnce({
-      data: { token: '' },
-      status: 200,
-      headers: {},
-      config: {},
-    });
-
-    try {
-      await axios.get('/api/messages');
-    } catch {
-      // expected rejection
-    }
-
-    expect(window.location.href).toBe('/login?redirect_to=%2Fc%2Fsome-conversation');
-  });
-
-  it('redirects to plain /login without redirect_to when already on a login path', async () => {
-    expect.assertions(1);
-    setTokenHeader('some-token');
-
-    setWindowLocation({
-      href: 'http://localhost/login/2fa',
-      pathname: '/login/2fa',
-      search: '',
-      hash: '',
-    } as Partial<Location>);
-
-    mockAdapter.mockRejectedValueOnce({
-      response: { status: 401 },
-      config: { url: '/api/messages', headers: {} },
-    });
-
-    mockAdapter.mockResolvedValueOnce({
-      data: { token: '' },
-      status: 200,
-      headers: {},
-      config: {},
-    });
-
-    try {
-      await axios.get('/api/messages');
-    } catch {
-      // expected rejection
-    }
-
-    expect(window.location.href).toBe('/login');
-  });
-
-  it('attempts refresh when Authorization header is present', async () => {
-    expect.assertions(2);
-    setTokenHeader('valid-token');
-
-    mockAdapter.mockRejectedValueOnce({
-      response: { status: 401 },
-      config: { url: '/api/messages', headers: {}, _retry: false },
-    });
-
-    mockAdapter.mockResolvedValueOnce({
-      data: { token: 'new-token' },
-      status: 200,
-      headers: {},
-      config: {},
-    });
-
-    mockAdapter.mockResolvedValueOnce({
-      data: { messages: [] },
-      status: 200,
-      headers: {},
-      config: {},
-    });
-
-    try {
-      await axios.get('/api/messages');
-    } catch {
-      // may reject depending on exact flow
-    }
-
-    expect(mockAdapter.mock.calls.length).toBe(3);
-
-    const refreshCall = mockAdapter.mock.calls[1];
-    expect(refreshCall[0].url).toContain('api/auth/refresh');
-  });
-});

package/specs/utils.spec.ts

@@ -1,196 +0,0 @@
-import { extractEnvVariable, isSensitiveEnvVar } from '../src/utils';
-
-describe('Environment Variable Extraction', () => {
-  const originalEnv = process.env;
-
-  beforeEach(() => {
-    process.env = {
-      ...originalEnv,
-      TEST_API_KEY: 'test-api-key-value',
-      ANOTHER_VALUE: 'another-value',
-    };
-  });
-
-  afterEach(() => {
-    process.env = originalEnv;
-  });
-
-  describe('extractEnvVariable (original tests)', () => {
-    test('should return the value of the environment variable', () => {
-      process.env.TEST_VAR = 'test_value';
-      expect(extractEnvVariable('${TEST_VAR}')).toBe('test_value');
-    });
-
-    test('should return the original string if the envrionment variable is not defined correctly', () => {
-      process.env.TEST_VAR = 'test_value';
-      expect(extractEnvVariable('${ TEST_VAR }')).toBe('${ TEST_VAR }');
-    });
-
-    test('should return the original string if environment variable is not set', () => {
-      expect(extractEnvVariable('${NON_EXISTENT_VAR}')).toBe('${NON_EXISTENT_VAR}');
-    });
-
-    test('should return the original string if it does not contain an environment variable', () => {
-      expect(extractEnvVariable('some_string')).toBe('some_string');
-    });
-
-    test('should handle empty strings', () => {
-      expect(extractEnvVariable('')).toBe('');
-    });
-
-    test('should handle strings without variable format', () => {
-      expect(extractEnvVariable('no_var_here')).toBe('no_var_here');
-    });
-
-    /** No longer the expected behavior; keeping for reference */
-    test.skip('should not process multiple variable formats', () => {
-      process.env.FIRST_VAR = 'first';
-      process.env.SECOND_VAR = 'second';
-      expect(extractEnvVariable('${FIRST_VAR} and ${SECOND_VAR}')).toBe(
-        '${FIRST_VAR} and ${SECOND_VAR}',
-      );
-    });
-  });
-
-  describe('extractEnvVariable function', () => {
-    it('should extract environment variables from exact matches', () => {
-      expect(extractEnvVariable('${TEST_API_KEY}')).toBe('test-api-key-value');
-      expect(extractEnvVariable('${ANOTHER_VALUE}')).toBe('another-value');
-    });
-
-    it('should extract environment variables from strings with prefixes', () => {
-      expect(extractEnvVariable('prefix-${TEST_API_KEY}')).toBe('prefix-test-api-key-value');
-    });
-
-    it('should extract environment variables from strings with suffixes', () => {
-      expect(extractEnvVariable('${TEST_API_KEY}-suffix')).toBe('test-api-key-value-suffix');
-    });
-
-    it('should extract environment variables from strings with both prefixes and suffixes', () => {
-      expect(extractEnvVariable('prefix-${TEST_API_KEY}-suffix')).toBe(
-        'prefix-test-api-key-value-suffix',
-      );
-    });
-
-    it('should not match invalid patterns', () => {
-      expect(extractEnvVariable('$TEST_API_KEY')).toBe('$TEST_API_KEY');
-      expect(extractEnvVariable('{TEST_API_KEY}')).toBe('{TEST_API_KEY}');
-      expect(extractEnvVariable('TEST_API_KEY')).toBe('TEST_API_KEY');
-    });
-  });
-
-  describe('extractEnvVariable', () => {
-    it('should extract environment variable values', () => {
-      expect(extractEnvVariable('${TEST_API_KEY}')).toBe('test-api-key-value');
-      expect(extractEnvVariable('${ANOTHER_VALUE}')).toBe('another-value');
-    });
-
-    it('should return the original string if environment variable is not found', () => {
-      expect(extractEnvVariable('${NON_EXISTENT_VAR}')).toBe('${NON_EXISTENT_VAR}');
-    });
-
-    it('should return the original string if no environment variable pattern is found', () => {
-      expect(extractEnvVariable('plain-string')).toBe('plain-string');
-    });
-  });
-
-  describe('extractEnvVariable space trimming', () => {
-    beforeEach(() => {
-      process.env.HELLO = 'world';
-      process.env.USER = 'testuser';
-    });
-
-    it('should extract the value when string contains only an environment variable with surrounding whitespace', () => {
-      expect(extractEnvVariable('        ${HELLO}        ')).toBe('world');
-      expect(extractEnvVariable('  ${HELLO}  ')).toBe('world');
-      expect(extractEnvVariable('\t${HELLO}\n')).toBe('world');
-    });
-
-    it('should preserve content when variable is part of a larger string', () => {
-      expect(extractEnvVariable('Hello ${USER}!')).toBe('Hello testuser!');
-      expect(extractEnvVariable('  Hello ${USER}!  ')).toBe('Hello testuser!');
-    });
-
-    it('should not handle multiple variables', () => {
-      expect(extractEnvVariable('${HELLO} ${USER}')).toBe('${HELLO} ${USER}');
-      expect(extractEnvVariable('  ${HELLO}   ${USER}  ')).toBe('${HELLO}   ${USER}');
-    });
-
-    it('should handle undefined variables', () => {
-      expect(extractEnvVariable('        ${UNDEFINED_VAR}        ')).toBe('${UNDEFINED_VAR}');
-    });
-
-    it('should handle mixed content correctly', () => {
-      expect(extractEnvVariable('Welcome, ${USER}!\nYour message: ${HELLO}')).toBe(
-        'Welcome, testuser!\nYour message: world',
-      );
-    });
-  });
-
-  describe('isSensitiveEnvVar', () => {
-    it('should flag infrastructure secrets', () => {
-      expect(isSensitiveEnvVar('JWT_SECRET')).toBe(true);
-      expect(isSensitiveEnvVar('JWT_REFRESH_SECRET')).toBe(true);
-      expect(isSensitiveEnvVar('CREDS_KEY')).toBe(true);
-      expect(isSensitiveEnvVar('CREDS_IV')).toBe(true);
-      expect(isSensitiveEnvVar('MEILI_MASTER_KEY')).toBe(true);
-      expect(isSensitiveEnvVar('MONGO_URI')).toBe(true);
-      expect(isSensitiveEnvVar('REDIS_URI')).toBe(true);
-      expect(isSensitiveEnvVar('REDIS_PASSWORD')).toBe(true);
-    });
-
-    it('should allow non-infrastructure vars through (including operator-configured secrets)', () => {
-      expect(isSensitiveEnvVar('OPENAI_API_KEY')).toBe(false);
-      expect(isSensitiveEnvVar('ANTHROPIC_API_KEY')).toBe(false);
-      expect(isSensitiveEnvVar('GOOGLE_KEY')).toBe(false);
-      expect(isSensitiveEnvVar('PROXY')).toBe(false);
-      expect(isSensitiveEnvVar('DEBUG_LOGGING')).toBe(false);
-      expect(isSensitiveEnvVar('DOMAIN_CLIENT')).toBe(false);
-      expect(isSensitiveEnvVar('APP_TITLE')).toBe(false);
-      expect(isSensitiveEnvVar('OPENID_CLIENT_SECRET')).toBe(false);
-      expect(isSensitiveEnvVar('DISCORD_CLIENT_SECRET')).toBe(false);
-      expect(isSensitiveEnvVar('MY_CUSTOM_SECRET')).toBe(false);
-    });
-  });
-
-  describe('extractEnvVariable sensitive var blocklist', () => {
-    beforeEach(() => {
-      process.env.JWT_SECRET = 'super-secret-jwt';
-      process.env.JWT_REFRESH_SECRET = 'super-secret-refresh';
-      process.env.CREDS_KEY = 'encryption-key';
-      process.env.CREDS_IV = 'encryption-iv';
-      process.env.MEILI_MASTER_KEY = 'meili-key';
-      process.env.MONGO_URI = 'mongodb://user:pass@host/db';
-      process.env.REDIS_URI = 'redis://:pass@host:6379';
-      process.env.REDIS_PASSWORD = 'redis-pass';
-      process.env.OPENAI_API_KEY = 'sk-legit-key';
-    });
-
-    it('should refuse to resolve sensitive vars (single-match path)', () => {
-      expect(extractEnvVariable('${JWT_SECRET}')).toBe('${JWT_SECRET}');
-      expect(extractEnvVariable('${JWT_REFRESH_SECRET}')).toBe('${JWT_REFRESH_SECRET}');
-      expect(extractEnvVariable('${CREDS_KEY}')).toBe('${CREDS_KEY}');
-      expect(extractEnvVariable('${CREDS_IV}')).toBe('${CREDS_IV}');
-      expect(extractEnvVariable('${MEILI_MASTER_KEY}')).toBe('${MEILI_MASTER_KEY}');
-      expect(extractEnvVariable('${MONGO_URI}')).toBe('${MONGO_URI}');
-      expect(extractEnvVariable('${REDIS_URI}')).toBe('${REDIS_URI}');
-      expect(extractEnvVariable('${REDIS_PASSWORD}')).toBe('${REDIS_PASSWORD}');
-    });
-
-    it('should refuse to resolve sensitive vars in composite strings (multi-match path)', () => {
-      expect(extractEnvVariable('key=${JWT_SECRET}&more')).toBe('key=${JWT_SECRET}&more');
-      expect(extractEnvVariable('db=${MONGO_URI}/extra')).toBe('db=${MONGO_URI}/extra');
-    });
-
-    it('should still resolve non-sensitive vars normally', () => {
-      expect(extractEnvVariable('${OPENAI_API_KEY}')).toBe('sk-legit-key');
-      expect(extractEnvVariable('Bearer ${OPENAI_API_KEY}')).toBe('Bearer sk-legit-key');
-    });
-
-    it('should resolve non-sensitive vars while blocking sensitive ones in the same string', () => {
-      expect(extractEnvVariable('key=${OPENAI_API_KEY}&secret=${JWT_SECRET}')).toBe(
-        'key=sk-legit-key&secret=${JWT_SECRET}',
-      );
-    });
-  });
-});