🕸️ refactor: Migrate from crypto to Web Crypto API

[mawburn]

Summary

Why Web Crypto API?

• Standardization: The Web Crypto API is a standardized API, ensuring consistent behavior across browsers and Node.js.
• Security: Designed with modern security practices, it helps avoid common cryptographic pitfalls.
• Asynchronous and Multithreaded: Uses Promises for non-blocking, asynchronous operations and leverages Node.js's internal thread pool for multithreading, enhancing performance and scalability.
  • Additionally, crypto calls are both very heavy on the processor and blocking calls. Slowing down the entire instance.
• Modern Algorithms: Supports modern cryptographic algorithms like AES-GCM, RSA-OAEP, and ECC.

References

• MDN Page
• NodeJS LTS

Node.js Support

• Introduced: Node.js v15.0.0 (experimental)
• Stabilized: Node.js v16.0.0

Change Type

Please delete any irrelevant options.

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)

Testing

Running in production for my major deploy of LibreChat.

Checklist

Please delete any irrelevant options.

• My code adheres to this project's style guidelines
• I have performed a self-review of my own code

Copilot Summary

This pull request introduces significant changes to the encryption and decryption methods in the codebase. The most important changes include migrating from Node's built-in crypto module to the webcrypto API, and introducing an asynchronous hashToken function. These changes affect multiple files and functions, including Session.js, AuthController.js, AuthService.js, ActionService.js, and crypto.js.

Migration from crypto to webcrypto:

• api/models/Session.js: Replaced the crypto module with the hashToken function from crypto.js to hash refresh tokens. [1] [2]
• api/server/controllers/AuthController.js: Replaced the crypto module with the hashToken function from crypto.js to hash refresh tokens. [1] [2] [3]
• api/server/services/AuthService.js: Replaced the crypto module with the hashToken function from crypto.js to hash refresh tokens. [1] [2] [3]
• api/strategies/openidStrategy.js: Replaced the crypto module with the hashToken function from crypto.js to hash OpenID user identifiers. [1] [2]

Introduction of asynchronous encryption and decryption:

• api/server/services/ActionService.js: Updated createActionTool, encryptMetadata, and decryptMetadata functions to be asynchronous and use the new encrypt and decrypt functions from crypto.js. [1] [2] [3]
• api/server/services/PluginService.js: Updated getUserPluginAuthValue and updateUserPluginAuth functions to use the new asynchronous encrypt and decrypt functions from crypto.js. [1] [2]
• api/server/services/UserService.js: Updated getUserKey, getUserKeyExpiry, and updateUserKey functions to use the new asynchronous encrypt and decrypt functions from crypto.js. [1] [2]
• api/server/utils/crypto.js: Replaced the crypto module with the webcrypto API and made all encryption and decryption functions asynchronous. Also introduced a new hashToken function.

[danny-avila]

This PR is causing an Unrecognized algorithm name error when providing user API keys from frontend.

#3551

Testing a fix, seeing why it only seems to be affecting that

EDIT: Resolved by #3556!

[mawburn]

@danny-avila Thanks! Sorry about that, I was out of town.