centersl/librechat.ai
1
0
Fork 0
mirror of https://github.com/LibreChat-AI/librechat.ai.git synced 2026-03-27 10:48:32 +07:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
librechat.ai/content/docs/features/mod_system.mdx
Marco Beretta 4656b0116a feat: Migrate to Fumadocs, overhaul UI, and improve docs navigation (#500) 
* feat: enhance accessibility and improve component structure across various files

* feat: enhance components with TypeScript typings and improve documentation

- Added TypeScript interface for Screenshot component props.
- Updated button component documentation for clarity.
- Removed unnecessary console log in ContainerScroll component.
- Added descriptive comments for FloatingDock and utility functions.
- Improved CSP headers in next.config.mjs for security.
- Cleaned up package.json by removing unused dependencies.
- Refactored _app.tsx to use AppProps for type safety.
- Updated meta configuration by removing hidden display property.
- Added API documentation comments for GitHub stats and subscription endpoints.
- Enhanced error handling in subscription API.
- Updated Tailwind CSS configuration with detailed comments.
- Cleaned up style.css by organizing and refining styles.
- Updated tsconfig.json to include TypeScript files for API routes.
- Added comments to Subscriber model and dbConnect utility for clarity.

* feat: add aria-labels to HeroLinks for improved accessibility

* feat: replace Twitter icon with X and add new X icon component

* chore: update code structure for better readability and maintenance

* chore: update .gitignore to include additional AI assistant files and Claude Flow generated files

* feat: replace sidebar emojis with Lucide icons, fix duplicate titles, and clean up codebase

- Add icon resolver (lib/icons.tsx) with 73 Lucide React icons mapped to string IDs
- Wire icon resolver into Fumadocs loader for automatic sidebar icon rendering
- Update all 19 meta.json files to use icon field instead of emoji prefixes
- Add icon frontmatter to all 162 MDX documentation pages
- Deduplicate adjacent sidebar icons (e.g. Search/ListFilter, Brain/Bookmark)
- Remove duplicate H1 headings from 154 MDX files (DocsTitle renders frontmatter)
- Add frontmatter to 33 files that were missing it
- Shorten overly long titles (agents, mcp, url_query)
- Rewrite /docs/local cards from old Nextra syntax to Fumadocs Card components
- Remove all emojis from Get Started and Features index pages
- Collapse sidebar folders by default (defaultOpenLevel: 0)
- Delete temporary debugging scripts, test specs, and screenshot artifacts
- Fix eslint errors in mdx-components, nextra-shims, tailwind config, and error page
- Update .gitignore to exclude test/debug artifacts

* feat: enhance accessibility and improve UI components

- Added aria-hidden attributes to social media icons in FooterMenu for better accessibility.
- Updated FooterMenu to use <footer> element for semantic HTML.
- Improved Carousel component by adding aria-labels to navigation buttons for better screen reader support.
- Modified OptionTable to use a unique key for each row to prevent rendering issues.
- Enhanced CredentialsGeneratorBox with aria-labels for input fields and buttons to improve accessibility.
- Updated documentation to remove unnecessary links and improve clarity in various sections.
- Fixed iframe attributes in documentation for better compatibility and accessibility.
- Adjusted CSS variable for muted foreground color to improve contrast.
- Updated package.json and pnpm-lock.yaml for dependency management and optimization.

* feat: update FileComponent and FolderComponent to include new props for enhanced functionality

* Add new AI provider icons and update documentation

- Introduced new SVG icons for AI providers: TogetherAI, TrueFoundry, VLLM, Vultr, and XAI.
- Updated existing AI endpoint documentation to reflect new icon names and improve clarity.
- Replaced generic \Plug\ icons with specific provider icons for Anyscale, APIpie, Cloudflare, Cohere, Databricks, DeepSeek, Fireworks, Groq, Helicone, HuggingFace, LiteLLM, Mistral, MLX, Moonshot, NeuroChain, Ollama, OpenRouter, Perplexity, Portkey, ShuttleAI, and TrueFoundry.
- Enhanced the icon resolution logic to include new icons in the icon registry.

* feat: add DocsHub and QuickStartHub components for enhanced documentation navigation

* feat: implement FeaturesHub component for enhanced feature navigation and update ViewOptions for improved links

* feat: add fresh-build script for streamlined project setup and development

* fix: update ESLint configuration and improve type handling in components

- Added 'next.config.mjs' to ESLint ignore list.
- Refactored version assignment in ChangelogPage for better type safety.
- Removed unnecessary type casting in Author components for cleaner code.
- Simplified BlogHeader component by removing redundant type assertions.
- Added eslint-disable comments for unused variables in CardCompat and Nextra shims.

* fix: update ViewOptions link for LibreChat to remove unnecessary submit parameter

* feat: enhance HomePage layout and improve GitHub star display

- Integrated HomeLayout component for better page structure.
- Updated HeroSection to improve the presentation of GitHub stars with a new layout and styling.
- Adjusted link attributes for better accessibility and user experience.

* refactor: simplify title for Model Context Protocol (MCP) documentation

- Changed the title from "Model Context Protocol (MCP)" to "MCP" for brevity.
- Updated the description to clarify how LibreChat utilizes MCP for integration with external tools and services.

* feat: enhance navigation styling and update HomeLayout props

- Added a new background style for the navigation bar with a blur effect.
- Updated HomeLayout component to include a transparent navigation mode for improved visual integration.

* refactor: deprecate plugins in favor of agents and update related documentation

- Removed references to plugins across various files, including the FeaturesHub and documentation.
- Updated navigation redirects to point to agents instead of plugins.
- Deleted the plugins documentation file to streamline content and reduce confusion.

* feat: update demo images for improved visual representation

---------

Co-authored-by: Danny Avila <danny@librechat.ai>
2026-02-18 10:44:38 -05:00

114 lines
6.5 KiB
Plaintext
Raw Permalink Blame History

---
title: Automated Moderation
icon: Shield
description: The Automated Moderation System uses a scoring mechanism to track user violations. As users commit actions like excessive logins, registrations, or messaging, they accumulate violation scores. Upon reaching a set threshold, the user and their IP are temporarily banned. This system ensures platform security by monitoring and penalizing rapid or suspicious activities.
---
## Automated Moderation System (optional)
The Automated Moderation System uses a scoring mechanism to track user violations. As users commit actions like excessive logins, registrations, or messaging, they accumulate violation scores. Upon reaching a set threshold, the user and their IP are temporarily banned. This system ensures platform security by monitoring and penalizing rapid or suspicious activities.
In production, you should have Cloudflare or some other DDoS protection in place to really protect the server from excessive requests, but these changes will largely protect you from the single or several bad actors targeting your deployed instance for proxying.
### Notes
- Uses Caching for basic security and violation logging (bans, concurrent messages, exceeding rate limits)
- In the near future, I will add **Redis** support for production instances, which can be easily injected into the current caching setup
- Exceeding any of the rate limiters (login/registration/messaging) is considered a violation, default score is 1
- Non-browser origin is a violation
- Default score for each violation is configurable
- Enabling any of the limiters and/or bans enables caching/logging
- Violation logs can be found in the data folder, which is created when logging begins: `librechat/data`
- **Only violations are logged**
- `violations.json` keeps track of the total count for each violation per user
- `logs.json` records each individual violation per user
- Ban logs are stored in MongoDB under the `logs` collection. They are transient as they only exist for the ban duration
- If you would like to remove a ban manually, you would have to remove them from the database manually and restart the server
- **Redis** support is also planned for this.
### Rate Limiter Types
#### Login and Registration Rate Limiting
Prevents brute force attacks and spam registrations by limiting how many login attempts or new account registrations can be made from a single IP address within a time window.
#### Message Rate Limiting
Controls how frequently users can send messages to prevent spam and abuse:
- **Concurrent Message Limiting**: Limits how many messages a user can send simultaneously (prevents users from opening multiple tabs to bypass limits)
- **Message Frequency Limiting**: Controls how often messages can be sent, configurable by both IP address and individual user
#### Import Conversation Rate Limiting
Prevents abuse of the conversation import feature by limiting how many conversations can be imported within a time window. This helps prevent:
- Mass data imports that could overwhelm the server
- Automated scripts attempting to flood the system with imported data
- Resource exhaustion from processing large numbers of imports
Default limits:
- IP-based: 100 imports per minute
- User-based: 50 imports per minute (disabled by default)
#### Conversation Forking Rate Limiting
Controls how often users can create forks (copies) of existing conversations. This prevents:
- Excessive database growth from mass conversation duplication
- Resource exhaustion from fork operations
- Abuse of the forking feature for spam or data harvesting
Default limits:
- IP-based: 30 forks per minute
- User-based: 7 forks per minute (disabled by default)
#### File Upload Rate Limiting
Configured through the librechat.yaml file, this controls how often users can upload files to prevent storage abuse and bandwidth exhaustion.
#### Text-to-Speech (TTS) Rate Limiting
Controls how often users can request text-to-speech conversions. This prevents:
- Excessive API usage costs
- Server resource exhaustion from audio generation
- Abuse of the TTS feature for data harvesting
Configured through the librechat.yaml file with customizable limits per IP and per user.
#### Speech-to-Text (STT) Rate Limiting
Controls how often users can submit audio for transcription. This prevents:
- Excessive API usage costs
- Server resource exhaustion from audio processing
- Abuse of the STT feature for unauthorized transcription services
Configured through the librechat.yaml file with customizable limits per IP and per user.
#### Password Reset Rate Limiting
Controls how often users can request password reset emails. This prevents:
- Email bombing attacks
- Abuse of the password reset system
- Excessive email service usage
#### Email Verification Rate Limiting
Controls how often users can request email verification messages. This prevents:
- Spam attacks through the verification system
- Email service abuse
- Resource exhaustion from verification requests
#### Tool Call Rate Limiting
Controls how often users can make tool/plugin calls. This prevents:
- Excessive API usage from integrated tools
- Abuse of external service integrations
- Resource exhaustion from tool processing
#### Conversation Access Rate Limiting
Controls how often users can access or attempt to access conversations. This prevents:
- Unauthorized access attempts
- Data scraping attacks
- Excessive database queries
### Rate Limiters
The project's current rate limiters are as follows (see below under setup for default values):
- Login and registration rate limiting
- `Optional:` Concurrent Message limiting (only X messages at a time per user)
- `Optional:` Message limiting (how often a user can send a message, configurable by IP and User)
- `Optional:` Import conversation limiting (how often a user can import conversations, configurable by IP and User)
- `Optional:` Conversation forking limiting (how often a user can fork conversations, configurable by IP and User)
- `Optional:` Text-to-Speech (TTS) limiting (configurable through [`librechat.yaml` config file](/docs/configuration/librechat_yaml/object_structure/config#ratelimits))
- `Optional:` Speech-to-Text (STT) limiting (configurable through [`librechat.yaml` config file](/docs/configuration/librechat_yaml/object_structure/config#ratelimits))
- `Optional:` File Upload limiting (configurable through [`librechat.yaml` config file](/docs/configuration/librechat_yaml/object_structure/config#ratelimits))
**For further details, refer to the configuration guide provided here: [Automated Moderation](/docs/configuration/mod_system)**
Reference in New Issue View Git Blame Copy Permalink