Skip to content

[stripe] hardcoded admin env vars #16

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Aug 21, 2025
Merged

[stripe] hardcoded admin env vars #16

merged 3 commits into from
Aug 21, 2025

Conversation

colinlin-stripe
Copy link

Pull Request Template

⚠️ Before Submitting a PR, Please Review:

  • Please ensure that you have thoroughly read and understood the Contributing Docs before submitting your Pull Request.

⚠️ Documentation Updates Notice:

  • Kindly note that documentation updates are managed in this repository: librechat.ai

Summary

Please provide a brief summary of your changes and the related issue. Include any motivation and context that is relevant to your changes. If there are any dependencies necessary for your changes, please list them here.

Change Type

Please delete any irrelevant options.

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update
  • Translation update

Testing

Please describe your test process and include instructions so that we can reproduce your test. If there are any important variables for your testing configuration, list them here.

Test Configuration:

Checklist

Please delete any irrelevant options.

  • My code adheres to this project's style guidelines
  • I have performed a self-review of my own code
  • I have commented in any complex areas of my code
  • I have made pertinent documentation changes
  • My changes do not introduce new warnings
  • I have written tests demonstrating that my changes are effective or that my feature works
  • Local unit tests pass with my changes
  • Any changes dependent on mine have been merged and published in downstream modules.
  • A pull request for updating the documentation has been submitted.

mattmueller-stripe
mattmueller-stripe reviewed Aug 18, 2025
View reviewed changes
api/server/stripe/hardcodedAdminUtils.js
/**
* Helper function to check if a user is a hardcoded admin (username-only)
* This function should be used consistently across authentication strategies
*
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: Maybe add something to comment like:

e.g. HARDCODED_ADMIN_USERNAMES=colinlin,mattmueller

mattmueller-stripe
mattmueller-stripe previously approved these changes Aug 18, 2025
View reviewed changes
api/server/stripe/hardcodedAdminUtils.js
}

if (isHardcodedAdmin(user)) {
user.role = SystemRoles.ADMIN;
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we log here as well? It seems like checkAdminAccess is logged, so might be double-logging in the normal case, but we also use this function directly below

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

kept user null check and changed isHardcodedAdmin to accept a username so no redundant null check logs

mattmueller-stripe
mattmueller-stripe reviewed Aug 18, 2025
View reviewed changes
@colinlin-stripe colinlin-stripe force-pushed the colinlin/hardcoded-admin branch from a1d7a40 to 25f2160 Compare August 20, 2025 15:51
@colinlin-stripe colinlin-stripe force-pushed the colinlin/hardcoded-admin branch from 25f2160 to 76e0c2a Compare August 20, 2025 18:17
@colinlin-stripe colinlin-stripe marked this pull request as ready for review August 20, 2025 20:09
@colinlin-stripe colinlin-stripe merged commit 2795702 into develop Aug 21, 2025
4 checks passed
@colinlin-stripe colinlin-stripe deleted the colinlin/hardcoded-admin branch August 21, 2025 19:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mattmueller-stripe mattmueller-stripe mattmueller-stripe approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@colinlin-stripe @mattmueller-stripe