quick allowedDomain fix

danny-avila · Feb 5, 2024 · a715f99 · a715f99
1 parent b151cd9
commit a715f99
Show file tree

Hide file tree

Showing 7 changed files with 56 additions and 104 deletions.
diff --git a/api/server/services/AuthService.js b/api/server/services/AuthService.js
@@ -1,7 +1,7 @@
 const crypto = require('crypto');
 const bcrypt = require('bcryptjs');
 const { registerSchema, errorsToString } = require('~/strategies/validators');
-const getCustomConfig = require('~/cache/getCustomConfig');
+const isDomainAllowed = require('./isDomainAllowed');
 const Token = require('~/models/schema/tokenSchema');
 const { sendEmail } = require('~/server/utils');
 const Session = require('~/models/Session');
@@ -13,27 +13,6 @@ const domains = {
   server: process.env.DOMAIN_SERVER,
 };
 
-async function isDomainAllowed(email) {
-  if (!email) {
-    return false;
-  }
-
-  const domain = email.split('@')[1];
-
-  if (!domain) {
-    return false;
-  }
-
-  const customConfig = await getCustomConfig();
-  if (!customConfig) {
-    return true;
-  } else if (!customConfig?.registration?.allowedDomains) {
-    return true;
-  }
-
-  return customConfig.registration.allowedDomains.includes(domain);
-}
-
 const isProduction = process.env.NODE_ENV === 'production';
 
 /**

diff --git a/api/server/services/isDomainAllowed.js b/api/server/services/isDomainAllowed.js
@@ -0,0 +1,24 @@
+const getCustomConfig = require('~/cache/getCustomConfig');
+
+async function isDomainAllowed(email) {
+  if (!email) {
+    return false;
+  }
+
+  const domain = email.split('@')[1];
+
+  if (!domain) {
+    return false;
+  }
+
+  const customConfig = await getCustomConfig();
+  if (!customConfig) {
+    return true;
+  } else if (!customConfig?.registration?.allowedDomains) {
+    return true;
+  }
+
+  return customConfig.registration.allowedDomains.includes(domain);
+}
+
+module.exports = isDomainAllowed;
diff --git a/api/strategies/discordStrategy.js b/api/strategies/discordStrategy.js
@@ -2,6 +2,7 @@ const { Strategy: DiscordStrategy } = require('passport-discord');
 const { createNewUser, handleExistingUser } = require('./process');
 const { logger } = require('~/config');
 const User = require('~/models/User');
+const isDomainAllowed = require('~/server/services/isDomainAllowed');
 
 const discordLogin = async (accessToken, refreshToken, profile, cb) => {
   try {
@@ -27,7 +28,13 @@ const discordLogin = async (accessToken, refreshToken, profile, cb) => {
       return cb(null, oldUser);
     }
 
-    if (ALLOW_SOCIAL_REGISTRATION) {
+    if (!(await isDomainAllowed(email))) {
+      const errorMessage = 'Registration from this domain is not allowed.';
+      logger.error(`[registerUser] [Registration not allowed] [Email: ${email}]`);
+      return { status: 403, message: errorMessage };
+    }
+
+    if (ALLOW_SOCIAL_REGISTRATION && isDomainAllowed(email)) {
       const newUser = await createNewUser({
         email,
         avatarUrl,

diff --git a/api/strategies/facebookStrategy.js b/api/strategies/facebookStrategy.js
@@ -2,6 +2,7 @@ const FacebookStrategy = require('passport-facebook').Strategy;
 const { createNewUser, handleExistingUser } = require('./process');
 const { logger } = require('~/config');
 const User = require('~/models/User');
+const isDomainAllowed = require('~/server/services/isDomainAllowed');
 
 const facebookLogin = async (accessToken, refreshToken, profile, cb) => {
   try {
@@ -17,7 +18,13 @@ const facebookLogin = async (accessToken, refreshToken, profile, cb) => {
       return cb(null, oldUser);
     }
 
-    if (ALLOW_SOCIAL_REGISTRATION) {
+    if (!(await isDomainAllowed(email))) {
+      const errorMessage = 'Registration from this domain is not allowed.';
+      logger.error(`[registerUser] [Registration not allowed] [Email: ${email}]`);
+      return { status: 403, message: errorMessage };
+    }
+
+    if (ALLOW_SOCIAL_REGISTRATION && isDomainAllowed(email)) {
       const newUser = await createNewUser({
         email,
         avatarUrl,

diff --git a/api/strategies/githubStrategy.js b/api/strategies/githubStrategy.js
@@ -2,6 +2,7 @@ const { Strategy: GitHubStrategy } = require('passport-github2');
 const { createNewUser, handleExistingUser } = require('./process');
 const { logger } = require('~/config');
 const User = require('~/models/User');
+const isDomainAllowed = require('~/server/services/isDomainAllowed');
 
 const githubLogin = async (accessToken, refreshToken, profile, cb) => {
   try {
@@ -17,7 +18,13 @@ const githubLogin = async (accessToken, refreshToken, profile, cb) => {
       return cb(null, oldUser);
     }
 
-    if (ALLOW_SOCIAL_REGISTRATION) {
+    if (!(await isDomainAllowed(email))) {
+      const errorMessage = 'Registration from this domain is not allowed.';
+      logger.error(`[registerUser] [Registration not allowed] [Email: ${email}]`);
+      return { status: 403, message: errorMessage };
+    }
+
+    if (ALLOW_SOCIAL_REGISTRATION && isDomainAllowed(email)) {
       const newUser = await createNewUser({
         email,
         avatarUrl,

diff --git a/api/strategies/googleStrategy.js b/api/strategies/googleStrategy.js
@@ -2,6 +2,7 @@ const { Strategy: GoogleStrategy } = require('passport-google-oauth20');
 const { createNewUser, handleExistingUser } = require('./process');
 const { logger } = require('~/config');
 const User = require('~/models/User');
+const isDomainAllowed = require('~/server/services/isDomainAllowed');
 
 const googleLogin = async (accessToken, refreshToken, profile, cb) => {
   try {
@@ -17,6 +18,12 @@ const googleLogin = async (accessToken, refreshToken, profile, cb) => {
       return cb(null, oldUser);
     }
 
+    if (!(await isDomainAllowed(email))) {
+      const errorMessage = 'Registration from this domain is not allowed.';
+      logger.error(`[registerUser] [Registration not allowed] [Email: ${email}]`);
+      return { status: 403, message: errorMessage };
+    }
+
     if (ALLOW_SOCIAL_REGISTRATION) {
       const newUser = await createNewUser({
         email,

diff --git a/librechat.example.yaml b/librechat.example.yaml