anything-llm/server/utils/middleware/validatedRequest.js

const { SystemSettings } = require("../../models/systemSettings");
const { User } = require("../../models/user");
const { decodeJWT } = require("../http");

async function validatedRequest(request, response, next) {
  const multiUserMode = await SystemSettings.isMultiUserMode();
  response.locals.multiUserMode = multiUserMode;
  if (multiUserMode)
    return await validateMultiUserRequest(request, response, next);

  // When in development passthrough auth token for ease of development.
  // Or if the user simply did not set an Auth token or JWT Secret
  if (
    process.env.NODE_ENV === "development" ||
    !process.env.AUTH_TOKEN ||
    !process.env.JWT_SECRET
  ) {
    next();
    return;
  }

  if (!process.env.AUTH_TOKEN) {
    response.status(401).json({
      error: "You need to set an AUTH_TOKEN environment variable.",
    });
    return;
  }

  const auth = request.header("Authorization");
  const token = auth ? auth.split(" ")[1] : null;

  if (!token) {
    response.status(401).json({
      error: "No auth token found.",
    });
    return;
  }

  const bcrypt = require("bcrypt");
  const { p } = decodeJWT(token);
  if (!bcrypt.compareSync(p, bcrypt.hashSync(process.env.AUTH_TOKEN, 10))) {
    response.status(401).json({
      error: "Invalid auth token found.",
    });
    return;
  }

  next();
}

async function validateMultiUserRequest(request, response, next) {
  const auth = request.header("Authorization");
  const token = auth ? auth.split(" ")[1] : null;

  if (!token) {
    response.status(401).json({
      error: "No auth token found.",
    });
    return;
  }

  const valid = decodeJWT(token);
  if (!valid || !valid.id) {
    response.status(401).json({
      error: "Invalid auth token.",
    });
    return;
  }

  const user = await User.get({ id: valid.id });
  if (!user) {
    response.status(401).json({
      error: "Invalid auth for user.",
    });
    return;
  }

  if (user.suspended) {
    response.status(401).json({
      error: "User is suspended from system",
    });
    return;
  }

  response.locals.user = user;
  next();
}

module.exports = {
  validatedRequest,
};
[FEATURE] Enable the ability to have multi user instances (#158) * multi user wip * WIP MUM features * invitation mgmt * suspend or unsuspend users * workspace mangement * manage chats * manage chats * add Support for admin system settings for users to delete workspaces and limit chats per user * fix issue ith system var update app to lazy load invite page * cleanup and bug fixes * wrong method * update readme * update readme * update readme * bump version to 0.1.0 2023-07-25 19:37:04 +02:00			`const { SystemSettings } = require("../../models/systemSettings");`
			`const { User } = require("../../models/user");`
12 auth implementation (#13) * Add Auth protection for cloud-based or private instances * skip check on local dev 2023-06-09 20:27:27 +02:00			`const { decodeJWT } = require("../http");`

[FEATURE] Enable the ability to have multi user instances (#158) * multi user wip * WIP MUM features * invitation mgmt * suspend or unsuspend users * workspace mangement * manage chats * manage chats * add Support for admin system settings for users to delete workspaces and limit chats per user * fix issue ith system var update app to lazy load invite page * cleanup and bug fixes * wrong method * update readme * update readme * update readme * bump version to 0.1.0 2023-07-25 19:37:04 +02:00			`async function validatedRequest(request, response, next) {`
			`const multiUserMode = await SystemSettings.isMultiUserMode();`
			`response.locals.multiUserMode = multiUserMode;`
			`if (multiUserMode)`
			`return await validateMultiUserRequest(request, response, next);`

inital commit ⚡ 2023-06-04 04:28:07 +02:00			`// When in development passthrough auth token for ease of development.`
12 auth implementation (#13) * Add Auth protection for cloud-based or private instances * skip check on local dev 2023-06-09 20:27:27 +02:00			`// Or if the user simply did not set an Auth token or JWT Secret`
			`if (`
			`process.env.NODE_ENV === "development" \|\|`
			`!process.env.AUTH_TOKEN \|\|`
			`!process.env.JWT_SECRET`
			`) {`
inital commit ⚡ 2023-06-04 04:28:07 +02:00			`next();`
			`return;`
			`}`

			`if (!process.env.AUTH_TOKEN) {`
Create manager role and limit default role (#351) * added manager role to options * block default role from editing workspace settings on workspace and text input box * block default user from accessing settings at all * create manager route * let pass through if in single user mode * fix permissions for manager and admin roles in settings * fix settings button for single user and remove unneeded console.logs * rename routes and paths for clarity * admin, manager, default roles complete * remove unneeded comments * consistency changes * manage permissions for mum modes * update sidebar for single-user mode * update comment on middleware Modify permission setting for admins * update render conditional * Add role usage hint to each role --------- Co-authored-by: timothycarambat <rambat1010@gmail.com> 2023-11-13 23:51:16 +01:00			`response.status(401).json({`
Implement Chroma Support (#1) 2023-06-08 06:31:35 +02:00			`error: "You need to set an AUTH_TOKEN environment variable.",`
inital commit ⚡ 2023-06-04 04:28:07 +02:00			`});`
			`return;`
			`}`

Implement Chroma Support (#1) 2023-06-08 06:31:35 +02:00			`const auth = request.header("Authorization");`
			`const token = auth ? auth.split(" ")[1] : null;`
inital commit ⚡ 2023-06-04 04:28:07 +02:00
			`if (!token) {`
Create manager role and limit default role (#351) * added manager role to options * block default role from editing workspace settings on workspace and text input box * block default user from accessing settings at all * create manager route * let pass through if in single user mode * fix permissions for manager and admin roles in settings * fix settings button for single user and remove unneeded console.logs * rename routes and paths for clarity * admin, manager, default roles complete * remove unneeded comments * consistency changes * manage permissions for mum modes * update sidebar for single-user mode * update comment on middleware Modify permission setting for admins * update render conditional * Add role usage hint to each role --------- Co-authored-by: timothycarambat <rambat1010@gmail.com> 2023-11-13 23:51:16 +01:00			`response.status(401).json({`
Implement Chroma Support (#1) 2023-06-08 06:31:35 +02:00			`error: "No auth token found.",`
inital commit ⚡ 2023-06-04 04:28:07 +02:00			`});`
			`return;`
			`}`

Change pwd check to O(1) check to prevent timing attacks - single user mode (#575) Change pwd check to O(1) check to prevent timing attacks 2024-01-11 19:54:55 +01:00			`const bcrypt = require("bcrypt");`
12 auth implementation (#13) * Add Auth protection for cloud-based or private instances * skip check on local dev 2023-06-09 20:27:27 +02:00			`const { p } = decodeJWT(token);`
Change pwd check to O(1) check to prevent timing attacks - single user mode (#575) Change pwd check to O(1) check to prevent timing attacks 2024-01-11 19:54:55 +01:00			`if (!bcrypt.compareSync(p, bcrypt.hashSync(process.env.AUTH_TOKEN, 10))) {`
Create manager role and limit default role (#351) * added manager role to options * block default role from editing workspace settings on workspace and text input box * block default user from accessing settings at all * create manager route * let pass through if in single user mode * fix permissions for manager and admin roles in settings * fix settings button for single user and remove unneeded console.logs * rename routes and paths for clarity * admin, manager, default roles complete * remove unneeded comments * consistency changes * manage permissions for mum modes * update sidebar for single-user mode * update comment on middleware Modify permission setting for admins * update render conditional * Add role usage hint to each role --------- Co-authored-by: timothycarambat <rambat1010@gmail.com> 2023-11-13 23:51:16 +01:00			`response.status(401).json({`
Implement Chroma Support (#1) 2023-06-08 06:31:35 +02:00			`error: "Invalid auth token found.",`
inital commit ⚡ 2023-06-04 04:28:07 +02:00			`});`
			`return;`
			`}`

			`next();`
			`}`

[FEATURE] Enable the ability to have multi user instances (#158) * multi user wip * WIP MUM features * invitation mgmt * suspend or unsuspend users * workspace mangement * manage chats * manage chats * add Support for admin system settings for users to delete workspaces and limit chats per user * fix issue ith system var update app to lazy load invite page * cleanup and bug fixes * wrong method * update readme * update readme * update readme * bump version to 0.1.0 2023-07-25 19:37:04 +02:00			`async function validateMultiUserRequest(request, response, next) {`
			`const auth = request.header("Authorization");`
			`const token = auth ? auth.split(" ")[1] : null;`

			`if (!token) {`
Create manager role and limit default role (#351) * added manager role to options * block default role from editing workspace settings on workspace and text input box * block default user from accessing settings at all * create manager route * let pass through if in single user mode * fix permissions for manager and admin roles in settings * fix settings button for single user and remove unneeded console.logs * rename routes and paths for clarity * admin, manager, default roles complete * remove unneeded comments * consistency changes * manage permissions for mum modes * update sidebar for single-user mode * update comment on middleware Modify permission setting for admins * update render conditional * Add role usage hint to each role --------- Co-authored-by: timothycarambat <rambat1010@gmail.com> 2023-11-13 23:51:16 +01:00			`response.status(401).json({`
[FEATURE] Enable the ability to have multi user instances (#158) * multi user wip * WIP MUM features * invitation mgmt * suspend or unsuspend users * workspace mangement * manage chats * manage chats * add Support for admin system settings for users to delete workspaces and limit chats per user * fix issue ith system var update app to lazy load invite page * cleanup and bug fixes * wrong method * update readme * update readme * update readme * bump version to 0.1.0 2023-07-25 19:37:04 +02:00			`error: "No auth token found.",`
			`});`
			`return;`
			`}`

			`const valid = decodeJWT(token);`
			`if (!valid \|\| !valid.id) {`
Create manager role and limit default role (#351) * added manager role to options * block default role from editing workspace settings on workspace and text input box * block default user from accessing settings at all * create manager route * let pass through if in single user mode * fix permissions for manager and admin roles in settings * fix settings button for single user and remove unneeded console.logs * rename routes and paths for clarity * admin, manager, default roles complete * remove unneeded comments * consistency changes * manage permissions for mum modes * update sidebar for single-user mode * update comment on middleware Modify permission setting for admins * update render conditional * Add role usage hint to each role --------- Co-authored-by: timothycarambat <rambat1010@gmail.com> 2023-11-13 23:51:16 +01:00			`response.status(401).json({`
[FEATURE] Enable the ability to have multi user instances (#158) * multi user wip * WIP MUM features * invitation mgmt * suspend or unsuspend users * workspace mangement * manage chats * manage chats * add Support for admin system settings for users to delete workspaces and limit chats per user * fix issue ith system var update app to lazy load invite page * cleanup and bug fixes * wrong method * update readme * update readme * update readme * bump version to 0.1.0 2023-07-25 19:37:04 +02:00			`error: "Invalid auth token.",`
			`});`
			`return;`
			`}`

Replace custom sqlite dbms with prisma (#239) * WIP converted all sqlite models into prisma calls * modify db setup and fix ApiKey model calls in admin.js * renaming function params to be consistent * converted adminEndpoints to utilize prisma orm * converted chatEndpoints to utilize prisma orm * converted inviteEndpoints to utilize prisma orm * converted systemEndpoints to utilize prisma orm * converted workspaceEndpoints to utilize prisma orm * converting sql queries to prisma calls * fixed default param bug for orderBy and limit * fixed typo for workspace chats * fixed order of deletion to account for sql relations * fix invite CRUD and workspace management CRUD * fixed CRUD for api keys * created prisma setup scripts/docs for understanding how to use prisma * prisma dependency change * removing unneeded console.logs * removing unneeded sql escape function * linting and creating migration script * migration from depreciated sqlite script update * removing unneeded migrations in prisma folder * create backup of old sqlite db and use transactions to ensure all operations complete successfully * adding migrations to gitignore * updated PRISMA.md docs for info on how to use sqlite migration script * comment changes * adding back migrations folder to repo * Reviewing SQL and prisma integraiton on fresh repo * update inline key replacement * ensure migration script executes and maps foreign_keys regardless of db ordering * run migration endpoint * support new prisma backend * bump version * change migration call --------- Co-authored-by: timothycarambat <rambat1010@gmail.com> 2023-09-28 23:00:03 +02:00			`const user = await User.get({ id: valid.id });`
[FEATURE] Enable the ability to have multi user instances (#158) * multi user wip * WIP MUM features * invitation mgmt * suspend or unsuspend users * workspace mangement * manage chats * manage chats * add Support for admin system settings for users to delete workspaces and limit chats per user * fix issue ith system var update app to lazy load invite page * cleanup and bug fixes * wrong method * update readme * update readme * update readme * bump version to 0.1.0 2023-07-25 19:37:04 +02:00			`if (!user) {`
Create manager role and limit default role (#351) * added manager role to options * block default role from editing workspace settings on workspace and text input box * block default user from accessing settings at all * create manager route * let pass through if in single user mode * fix permissions for manager and admin roles in settings * fix settings button for single user and remove unneeded console.logs * rename routes and paths for clarity * admin, manager, default roles complete * remove unneeded comments * consistency changes * manage permissions for mum modes * update sidebar for single-user mode * update comment on middleware Modify permission setting for admins * update render conditional * Add role usage hint to each role --------- Co-authored-by: timothycarambat <rambat1010@gmail.com> 2023-11-13 23:51:16 +01:00			`response.status(401).json({`
[FEATURE] Enable the ability to have multi user instances (#158) * multi user wip * WIP MUM features * invitation mgmt * suspend or unsuspend users * workspace mangement * manage chats * manage chats * add Support for admin system settings for users to delete workspaces and limit chats per user * fix issue ith system var update app to lazy load invite page * cleanup and bug fixes * wrong method * update readme * update readme * update readme * bump version to 0.1.0 2023-07-25 19:37:04 +02:00			`error: "Invalid auth for user.",`
			`});`
			`return;`
			`}`

Create manager role and limit default role (#351) * added manager role to options * block default role from editing workspace settings on workspace and text input box * block default user from accessing settings at all * create manager route * let pass through if in single user mode * fix permissions for manager and admin roles in settings * fix settings button for single user and remove unneeded console.logs * rename routes and paths for clarity * admin, manager, default roles complete * remove unneeded comments * consistency changes * manage permissions for mum modes * update sidebar for single-user mode * update comment on middleware Modify permission setting for admins * update render conditional * Add role usage hint to each role --------- Co-authored-by: timothycarambat <rambat1010@gmail.com> 2023-11-13 23:51:16 +01:00			`if (user.suspended) {`
			`response.status(401).json({`
			`error: "User is suspended from system",`
			`});`
			`return;`
			`}`

[FEATURE] Enable the ability to have multi user instances (#158) * multi user wip * WIP MUM features * invitation mgmt * suspend or unsuspend users * workspace mangement * manage chats * manage chats * add Support for admin system settings for users to delete workspaces and limit chats per user * fix issue ith system var update app to lazy load invite page * cleanup and bug fixes * wrong method * update readme * update readme * update readme * bump version to 0.1.0 2023-07-25 19:37:04 +02:00			`response.locals.user = user;`
			`next();`
			`}`

inital commit ⚡ 2023-06-04 04:28:07 +02:00			`module.exports = {`
			`validatedRequest,`
Implement Chroma Support (#1) 2023-06-08 06:31:35 +02:00			`};`