192ca411f2
* wip telegram bot connector * encrypt bot token, reorg telegram bot modules, secure pairing codes * offload telegram chat to background worker, add @agent support with chart png rendering, reconnect ui * refactor telegram bot settings page into subcomponents * response.locals for mum, telemetry for connecting to telegram * simplify telegram command registration * improve telegram bot ux: rework switch/history/resume commands * add voice, photo, and TTS support to telegram bot with long message handling * lint * rename external_connectors to external_communication_connectors, add voice response mode, persist chat workspace/thread selection * lint * fix telegram bot connect/disconnect bugs, kill telegram bot on multiuser mode enable * add english translations * fix qr code in light mode * repatch migration * WIP checkpoint * pipeline overhaul for using response obj * format functions * fix comment block * remove conditional dumpENV + lint * remove .end() from sendStatus calls * patch broken streaming where streaming only first chunk * refactor * use Ephemeral handler now * show metrics and citations in real GUI * bugfixes * prevent MuM persistence, UI cleanup, styling for status * add new workspace flow in UI Add thread chat count fix 69 byte payload callback limit bug * handle pagination for workspaces, threads, and models * modularize commands and navigation * add /proof support for citation recall * handle backlog message spam * support abort of response streams * code cleanup * spam prevention * fix translations, update voice typing indicator, fix token bug * frontend refactor, update tips on /status and voice response improvements * collapse agent though blocks * support images * Fix mime issues with audio from other devices * fix config issue post server stop * persist image on agentic chats * 5189 i18n (#5245) * i18n translations connect #5189 * prune translations * fix errors * fix translation gaps --------- Co-authored-by: Timothy Carambat <rambat1010@gmail.com>
108 lines
3.0 KiB
JavaScript
108 lines
3.0 KiB
JavaScript
const { SystemSettings } = require("../../models/systemSettings");
|
|
const { userFromSession } = require("../http");
|
|
const ROLES = {
|
|
all: "<all>",
|
|
admin: "admin",
|
|
manager: "manager",
|
|
default: "default",
|
|
};
|
|
const DEFAULT_ROLES = [ROLES.admin, ROLES.admin];
|
|
|
|
/**
|
|
* Explicitly check that single user mode is enabled as well as that the
|
|
* requesting user has the appropriate role to modify or call the URL.
|
|
* @returns {function}
|
|
*/
|
|
async function isSingleUserMode(_request, response, next) {
|
|
const multiUserMode = await SystemSettings.isMultiUserMode();
|
|
if (multiUserMode) return response.sendStatus(401).end();
|
|
next();
|
|
return;
|
|
}
|
|
|
|
/**
|
|
* Explicitly check that multi user mode is enabled as well as that the
|
|
* requesting user has the appropriate role to modify or call the URL.
|
|
* @param {string[]} allowedRoles - The roles that are allowed to access the route
|
|
* @returns {function}
|
|
*/
|
|
function strictMultiUserRoleValid(allowedRoles = DEFAULT_ROLES) {
|
|
return async (request, response, next) => {
|
|
// If the access-control is allowable for all - skip validations and continue;
|
|
if (allowedRoles.includes(ROLES.all)) {
|
|
next();
|
|
return;
|
|
}
|
|
|
|
const multiUserMode =
|
|
response.locals?.multiUserMode ??
|
|
(await SystemSettings.isMultiUserMode());
|
|
if (!multiUserMode) return response.sendStatus(401).end();
|
|
|
|
const user =
|
|
response.locals?.user ?? (await userFromSession(request, response));
|
|
if (allowedRoles.includes(user?.role)) {
|
|
next();
|
|
return;
|
|
}
|
|
return response.sendStatus(401).end();
|
|
};
|
|
}
|
|
|
|
/**
|
|
* Apply role permission checks IF the current system is in multi-user mode.
|
|
* This is relevant for routes that are shared between MUM and single-user mode.
|
|
* @param {string[]} allowedRoles - The roles that are allowed to access the route
|
|
* @returns {function}
|
|
*/
|
|
function flexUserRoleValid(allowedRoles = DEFAULT_ROLES) {
|
|
return async (request, response, next) => {
|
|
// If the access-control is allowable for all - skip validations and continue;
|
|
// It does not matter if multi-user or not.
|
|
if (allowedRoles.includes(ROLES.all)) {
|
|
next();
|
|
return;
|
|
}
|
|
|
|
// Bypass if not in multi-user mode
|
|
const multiUserMode =
|
|
response.locals?.multiUserMode ??
|
|
(await SystemSettings.isMultiUserMode());
|
|
if (!multiUserMode) {
|
|
next();
|
|
return;
|
|
}
|
|
|
|
const user =
|
|
response.locals?.user ?? (await userFromSession(request, response));
|
|
if (allowedRoles.includes(user?.role)) {
|
|
next();
|
|
return;
|
|
}
|
|
return response.sendStatus(401).end();
|
|
};
|
|
}
|
|
|
|
// Middleware check on a public route if the instance is in a valid
|
|
// multi-user set up.
|
|
async function isMultiUserSetup(_request, response, next) {
|
|
const multiUserMode = await SystemSettings.isMultiUserMode();
|
|
if (!multiUserMode) {
|
|
response.status(403).json({
|
|
error: "Invalid request",
|
|
});
|
|
return;
|
|
}
|
|
|
|
next();
|
|
return;
|
|
}
|
|
|
|
module.exports = {
|
|
ROLES,
|
|
isSingleUserMode,
|
|
strictMultiUserRoleValid,
|
|
flexUserRoleValid,
|
|
isMultiUserSetup,
|
|
};
|