🔍 refactor: OpenID Fetch Handling and Logging #7790

danny-avila · 2025-06-08T19:00:35Z

Summary

I enhanced the OpenID authentication strategy with advanced debug logging, improved proxy and header handling, and migrated its fetch logic to use undici for reliability and standards compliance.

Refactored the OpenID strategy to use undici as the fetch implementation, ensuring correct proxy support and detailed debug logging of requests and responses.
Introduced a new global fetch handler with masked logging for requests, responses, headers, and bodies, and robust handling for non-standard WWW-Authenticate headers.
Added helper functions safeStringify and logHeaders to mask and safely serialize sensitive data, reused across logging operations.
Enhanced memory viewer layout with conditional justification using the cn utility for improved UX and style management.

Other changes

I also exported the files module in the utils index to improve TypeScript module usability and coverage. Finally, I developed a comprehensive test suite covering multer file storage, filename generation, filtering logic, cryptographic UUIDs, edge case handling, and integration with real file configuration.

Exported the files module from utils/index.ts to fix missing export and support downstream usage.
Added node-fetch as an explicit dependency to support OpenID image downloads for compatibility across the codebase.
Created a thorough Jest test suite for multer: testing storage paths, sanitized/unique filenames, file filters, edge case errors (including CVEs), UUID cryptography, and integration with live config endpoints.
Verified file system error handling for directory creation and filename sanitization edge cases to mitigate vulnerabilities and DoS attacks.

Relevant docs (also includes Memories changes): LibreChat-AI/librechat.ai#322

Change Type

Bug fix (non-breaking change which fixes an issue)
New feature (non-breaking change which adds functionality)
Documentation update
Breaking change (requires Node.js with undici, and changes some fetch internals)

Testing

The test suite for multer was run locally and via the CI pipeline using Jest and covers:

Storage destination creation and path integrity checks.
Filename generation (sanitization, truncation, Unicode, URI encoding, uniqueness, and error edge cases).
JSON file filtering (mimetype and extension checks) and rejection of invalid types.
Real-world config and endpoint type validation using actual data-provider utility methods.
Cryptographic UUID testing for formatting, security, and unique generation.
Error handling for file system permission issues, malformed requests, and vulnerabilities such as CVE-2024-28870.

Test Configuration:

Node.js ^20.19.0
Jest
Manual tests with OpenID authentication and debug logging enabled to verify logging and proxy effects

Checklist

My code adheres to this project's style guidelines
I have performed a self-review of my own code
I have commented in any complex areas of my code
I have made pertinent documentation changes
My changes do not introduce new warnings
I have written tests demonstrating that my changes are effective or that my feature works
Local unit tests pass with my changes
Any changes dependent on mine have been merged and published in downstream modules.

- Added detailed logging for OpenID requests and responses when debug mode is enabled. - Introduced helper functions for safely logging sensitive data and headers. - Updated OpenID strategy to handle non-standard WWW-Authenticate headers in responses. - Refactored proxy configuration handling for improved clarity and logging.

- Updated the MemoryViewer component to conditionally apply justification styles based on memory data and access permissions. - Introduced utility function `cn` for cleaner class name management in the component.

- Introduced a new test suite for multer configuration, covering storage destination and filename generation. - Implemented tests for file filtering, ensuring only valid JSON files are accepted. - Added error handling tests for edge cases and vulnerabilities, including handling empty field names and malformed filenames. - Integrated real configuration testing with actual fileConfig and custom endpoints. - Enhanced UUID generation tests to ensure uniqueness and cryptographic security.

…omFetch function

* feat: Enhance OpenID Strategy with Debug Logging and Header Management - Added detailed logging for OpenID requests and responses when debug mode is enabled. - Introduced helper functions for safely logging sensitive data and headers. - Updated OpenID strategy to handle non-standard WWW-Authenticate headers in responses. - Refactored proxy configuration handling for improved clarity and logging. * refactor: MemoryViewer Layout with Conditional Justification - Updated the MemoryViewer component to conditionally apply justification styles based on memory data and access permissions. - Introduced utility function `cn` for cleaner class name management in the component. * refactor: Update OpenID Strategy to use Global Fetch * refactor: Add undici for customFetch request handling in OpenID strategy * fix: Export 'files' module in utils index * chore: Add node-fetch dependency for openid image download * ci: Add comprehensive tests for multer configuration and file handling - Introduced a new test suite for multer configuration, covering storage destination and filename generation. - Implemented tests for file filtering, ensuring only valid JSON files are accepted. - Added error handling tests for edge cases and vulnerabilities, including handling empty field names and malformed filenames. - Integrated real configuration testing with actual fileConfig and custom endpoints. - Enhanced UUID generation tests to ensure uniqueness and cryptographic security. * chore: Improve proxy configuration logging in customFetch function * fix: Improve logging for non-standard WWW-Authenticate header in customFetch function

danny-avila marked this pull request as draft June 8, 2025 19:00

danny-avila changed the base branch from main to dev June 8, 2025 19:00

danny-avila added 6 commits June 8, 2025 16:22

refactor: MemoryViewer Layout with Conditional Justification

0124cbb

- Updated the MemoryViewer component to conditionally apply justification styles based on memory data and access permissions. - Introduced utility function `cn` for cleaner class name management in the component.

refactor: Update OpenID Strategy to use Global Fetch

d8429eb

refactor: Add undici for customFetch request handling in OpenID strategy

477d328

fix: Export 'files' module in utils index

fc2a258

chore: Add node-fetch dependency for openid image download

ecfa851

danny-avila changed the title ~~Fix/www header openid strictness~~ 🔍 refactor: OpenID Fetch Handling and Logging Jun 9, 2025

danny-avila added 2 commits June 9, 2025 11:19

chore: Improve proxy configuration logging in customFetch function

03d3482

fix: Improve logging for non-standard WWW-Authenticate header in cust…

aea4faf

…omFetch function

danny-avila marked this pull request as ready for review June 9, 2025 15:24

danny-avila merged commit 2725224 into dev Jun 9, 2025
6 of 7 checks passed

danny-avila deleted the fix/www-header-openid-strictness branch June 9, 2025 15:27

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

🔍 refactor: OpenID Fetch Handling and Logging #7790

🔍 refactor: OpenID Fetch Handling and Logging #7790

Uh oh!

danny-avila commented Jun 8, 2025 •

edited

Loading

Uh oh!

Uh oh!

Uh oh!

Uh oh!

🔍 refactor: OpenID Fetch Handling and Logging #7790

🔍 refactor: OpenID Fetch Handling and Logging #7790

Uh oh!

Conversation

danny-avila commented Jun 8, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary

Other changes

Change Type

Testing

Checklist

Uh oh!

Uh oh!

Uh oh!

danny-avila commented Jun 8, 2025 •

edited

Loading