perf: password check;perf: image upload check;perf: sso login check (#3509)

* perf: password check

* perf: image upload check

* perf: sso login check

packages/service/common/file/image/controller.ts

@@ -1,43 +1,92 @@
 import { UploadImgProps } from '@fastgpt/global/common/file/api';
 import { imageBaseUrl } from '@fastgpt/global/common/file/image/constants';
 import { MongoImage } from './schema';
-import { ClientSession } from '../../../common/mongo';
+import { ClientSession, Types } from '../../../common/mongo';
 import { guessBase64ImageType } from '../utils';
 import { readFromSecondary } from '../../mongo/utils';
+import { addHours } from 'date-fns';
 
 export const maxImgSize = 1024 * 1024 * 12;
 const base64MimeRegex = /data:image\/([^\)]+);base64/;
 export async function uploadMongoImg({
-  type,
   base64Img,
   teamId,
-  expiredTime,
   metadata,
-  shareId
+  shareId,
+  forever = false
 }: UploadImgProps & {
   teamId: string;
+  forever?: Boolean;
 }) {
   if (base64Img.length > maxImgSize) {
     return Promise.reject('Image too large');
   }
 
   const [base64Mime, base64Data] = base64Img.split(',');
+  // Check if mime type is valid
+  if (!base64MimeRegex.test(base64Mime)) {
+    return Promise.reject('Invalid image mime type');
+  }
+
   const mime = `image/${base64Mime.match(base64MimeRegex)?.[1] ?? 'image/jpeg'}`;
   const binary = Buffer.from(base64Data, 'base64');
   const extension = mime.split('/')[1];
 
   const { _id } = await MongoImage.create({
-    type,
     teamId,
     binary,
-    expiredTime,
     metadata: Object.assign({ mime }, metadata),
-    shareId
+    shareId,
+    expiredTime: forever ? undefined : addHours(new Date(), 1)
   });
 
   return `${process.env.FE_DOMAIN || ''}${process.env.NEXT_PUBLIC_BASE_URL || ''}${imageBaseUrl}${String(_id)}.${extension}`;
 }
 
+const getIdFromPath = (path?: string) => {
+  if (!path) return;
+
+  const paths = path.split('/');
+  const name = paths[paths.length - 1];
+
+  if (!name) return;
+
+  const id = name.split('.')[0];
+  if (!id || !Types.ObjectId.isValid(id)) return;
+
+  return id;
+};
+// 删除旧的头像，新的头像去除过期时间
+export const refreshSourceAvatar = async (
+  path?: string,
+  oldPath?: string,
+  session?: ClientSession
+) => {
+  const newId = getIdFromPath(path);
+  const oldId = getIdFromPath(oldPath);
+
+  if (!newId) return;
+
+  await MongoImage.updateOne({ _id: newId }, { $unset: { expiredTime: 1 } }, { session });
+
+  if (oldId) {
+    await MongoImage.deleteOne({ _id: oldId }, { session });
+  }
+};
+export const removeImageByPath = (path?: string, session?: ClientSession) => {
+  if (!path) return;
+
+  const paths = path.split('/');
+  const name = paths[paths.length - 1];
+
+  if (!name) return;
+
+  const id = name.split('.')[0];
+  if (!id || !Types.ObjectId.isValid(id)) return;
+
+  return MongoImage.deleteOne({ _id: id }, { session });
+};
+
 export async function readMongoImg({ id }: { id: string }) {
   const formatId = id.replace(/\.[^/.]+$/, '');
 

packages/service/common/file/image/schema.ts

@@ -1,8 +1,7 @@
 import { TeamCollectionName } from '@fastgpt/global/support/user/team/constant';
-import { connectionMongo, getMongoModel, type Model } from '../../mongo';
+import { connectionMongo, getMongoModel } from '../../mongo';
 import { MongoImageSchemaType } from '@fastgpt/global/common/file/image/type.d';
-import { mongoImageTypeMap } from '@fastgpt/global/common/file/image/constants';
-const { Schema, model, models } = connectionMongo;
+const { Schema } = connectionMongo;
 
 const ImageSchema = new Schema({
   teamId: {
@@ -14,27 +13,15 @@ const ImageSchema = new Schema({
     type: Date,
     default: () => new Date()
   },
-  expiredTime: {
-    type: Date
-  },
-  binary: {
-    type: Buffer
-  },
-  type: {
-    type: String,
-    enum: Object.keys(mongoImageTypeMap),
-    required: true
-  },
-  metadata: {
-    type: Object
-  }
+  expiredTime: Date,
+  binary: Buffer,
+  metadata: Object
 });
 
 try {
   // tts expired（60 Minutes）
   ImageSchema.index({ expiredTime: 1 }, { expireAfterSeconds: 60 * 60 });
   ImageSchema.index({ type: 1 });
-  ImageSchema.index({ createTime: 1 });
   // delete related img
   ImageSchema.index({ teamId: 1, 'metadata.relatedId': 1 });
 } catch (error) {

packages/service/common/file/read/utils.ts

@@ -1,5 +1,4 @@
 import { uploadMongoImg } from '../image/controller';
-import { MongoImageTypeEnum } from '@fastgpt/global/common/file/image/constants';
 import FormData from 'form-data';
 
 import { WorkerNameEnum, runWorker } from '../../../worker/utils';
@@ -114,10 +113,9 @@ export const readRawContentByFileBuffer = async ({
   if (imageList) {
     await batchRun(imageList, async (item) => {
       const src = await uploadMongoImg({
-        type: MongoImageTypeEnum.collectionImage,
         base64Img: `data:${item.mime};base64,${item.base64}`,
         teamId,
-        expiredTime: addHours(new Date(), 1),
+        // expiredTime: addHours(new Date(), 1),
         metadata: {
           ...metadata,
           mime: item.mime

packages/service/common/middle/reqFrequencyLimit.ts

@@ -9,10 +9,10 @@ import { jsonRes } from '../response';
 // unit: times/s
 // how to use?
 // export default NextAPI(useQPSLimit(10), handler); // limit 10 times per second for a ip
-export function useReqFrequencyLimit(seconds: number, limit: number) {
+export function useReqFrequencyLimit(seconds: number, limit: number, force = false) {
   return async (req: ApiRequestProps, res: NextApiResponse) => {
     const ip = requestIp.getClientIp(req);
-    if (!ip || process.env.USE_IP_LIMIT !== 'true') {
+    if (!ip || (process.env.USE_IP_LIMIT !== 'true' && !force)) {
       return;
     }
     try {
@@ -25,7 +25,7 @@ export function useReqFrequencyLimit(seconds: number, limit: number) {
       res.status(429);
       jsonRes(res, {
         code: 429,
-        message: ERROR_ENUM.tooManyRequest
+        error: ERROR_ENUM.tooManyRequest
       });
     }
   };

packages/service/common/response/index.ts

@@ -33,6 +33,7 @@ export const jsonRes = <T = any>(
 
     addLog.error(`Api response error: ${url}`, ERROR_RESPONSE[errResponseKey]);
 
+    res.status(ERROR_RESPONSE[errResponseKey].code);
     return res.json(ERROR_RESPONSE[errResponseKey]);
   }
 

packages/service/support/permission/memberGroup/controllers.ts

@@ -97,8 +97,12 @@ export const authGroupMemberRole = async ({
       tmbId
     };
   }
-  const groupMember = await MongoGroupMemberModel.findOne({ groupId, tmbId });
-  const tmb = await getTmbInfoByTmbId({ tmbId });
+  const [groupMember, tmb] = await Promise.all([
+    MongoGroupMemberModel.findOne({ groupId, tmbId }),
+    getTmbInfoByTmbId({ tmbId })
+  ]);
+
+  // Team admin or role check
   if (tmb.permission.hasManagePer || (groupMember && role.includes(groupMember.role))) {
     return {
       ...result,

packages/service/support/user/team/controller.ts

@@ -17,6 +17,7 @@ import { mongoSessionRun } from '../../../common/mongo/sessionRun';
 import { DefaultGroupName } from '@fastgpt/global/support/user/team/group/constant';
 import { getAIApi, openaiBaseUrl } from '../../../core/ai/config';
 import { createRootOrg } from '../../permission/org/controllers';
+import { refreshSourceAvatar } from '../../../common/file/image/controller';
 
 async function getTeamMember(match: Record<string, any>): Promise<TeamTmbItemType> {
   const tmb = await MongoTeamMember.findOne(match).populate<{ team: TeamSchema }>('team').lean();
@@ -218,7 +219,8 @@ export async function updateTeam({
       return obj;
     })();
 
-    await MongoTeam.findByIdAndUpdate(
+    // This is where we get the old team
+    const team = await MongoTeam.findByIdAndUpdate(
       teamId,
       {
         $set: {
@@ -244,6 +246,8 @@ export async function updateTeam({
         },
         { session }
       );
+
+      await refreshSourceAvatar(avatar, team?.avatar, session);
     }
   });
 }