https://github.com/danny-avila/LibreChat/issues/2812

.env.example

@@ -390,6 +390,14 @@ GITHUB_CLIENT_ID=
 GITHUB_CLIENT_SECRET=
 GITHUB_CALLBACK_URL=/oauth/github/callback
 
+# GitHub Enterprise
+GITHUB_ENTERPRISE_BASE_URL=
+GITHUB_ENTERPRISE_CLIENT_ID=
+GITHUB_ENTERPRISE_CLIENT_SECRET=
+GITHUB_ENTERPRISE_CALLBACK_URL=/oauth/github-enterprise/callback
+# optional
+GITHUB_ENTERPRISE_USER_AGENT=
+
 # Google
 GOOGLE_CLIENT_ID=
 GOOGLE_CLIENT_SECRET=

api/models/schema/userSchema.js

@@ -22,6 +22,7 @@ const { SystemRoles } = require('librechat-data-provider');
  * @property {string} [openidId] - Optional OpenID ID for the user
  * @property {string} [ldapId] - Optional LDAP ID for the user
  * @property {string} [githubId] - Optional GitHub ID for the user
+ * @property {string} [githubEnterpriseId] - Optional GitHub Enterprise ID for the user
  * @property {string} [discordId] - Optional Discord ID for the user
  * @property {string} [appleId] - Optional Apple ID for the user
  * @property {Array} [plugins=[]] - List of plugins used by the user
@@ -107,6 +108,11 @@ const userSchema = mongoose.Schema(
       unique: true,
       sparse: true,
     },
+    githubEnterpriseId: {
+      type: String,
+      unique: true,
+      sparse: true,
+    },
     discordId: {
       type: String,
       unique: true,

api/server/routes/config.js

@@ -45,6 +45,11 @@ router.get('/', async function (req, res) {
       facebookLoginEnabled:
         !!process.env.FACEBOOK_CLIENT_ID && !!process.env.FACEBOOK_CLIENT_SECRET,
       githubLoginEnabled: !!process.env.GITHUB_CLIENT_ID && !!process.env.GITHUB_CLIENT_SECRET,
+      githubEnterpriseLoginEnabled:
+          !!process.env.GITHUB_ENTERPRISE_BASE_URL &&
+          !!process.env.GITHUB_ENTERPRISE_CLIENT_ID &&
+          !!process.env.GITHUB_ENTERPRISE_CLIENT_SECRET &&
+          !!process.env.GITHUB_ENTERPRISE_CALLBACK_URL,
       googleLoginEnabled: !!process.env.GOOGLE_CLIENT_ID && !!process.env.GOOGLE_CLIENT_SECRET,
       appleLoginEnabled:
           !!process.env.APPLE_CLIENT_ID &&

api/server/routes/oauth.js

@@ -1,4 +1,4 @@
-// file deepcode ignore NoRateLimitingForLogin: Rate limiting is handled by the `loginLimiter` middleware
+// routes/oauth.js
 const express = require('express');
 const passport = require('passport');
 const { loginLimiter, checkBan, checkDomainAllowed } = require('~/server/middleware');
@@ -122,6 +122,28 @@ router.get(
   oauthHandler,
 );
 
+/**
+ * GitHub Enterprise Routes
+ */
+router.get(
+  '/github-enterprise',
+  passport.authenticate('githubEnterprise', {
+    scope: ['user:email', 'read:user'],
+    session: false,
+  }),
+);
+
+router.get(
+  '/github-enterprise/callback',
+  passport.authenticate('githubEnterprise', {
+    failureRedirect: `${domains.client}/oauth/error`,
+    failureMessage: true,
+    session: false,
+    scope: ['user:email', 'read:user'],
+  }),
+  oauthHandler,
+);
+
 /**
  * Discord Routes
  */

api/server/socialLogins.js

@@ -7,6 +7,7 @@ const {
   setupOpenId,
   googleLogin,
   githubLogin,
+  githubEnterpriseLogin,
   discordLogin,
   facebookLogin,
   appleLogin,
@@ -28,6 +29,9 @@ const configureSocialLogins = (app) => {
   if (process.env.GITHUB_CLIENT_ID && process.env.GITHUB_CLIENT_SECRET) {
     passport.use(githubLogin());
   }
+  if (process.env.GHE_CLIENT_ID && process.env.GHE_CLIENT_SECRET) {
+    passport.use( githubEnterpriseLogin());
+  }
   if (process.env.DISCORD_CLIENT_ID && process.env.DISCORD_CLIENT_SECRET) {
     passport.use(discordLogin());
   }
@@ -64,4 +68,4 @@ const configureSocialLogins = (app) => {
   }
 };
 
-module.exports = configureSocialLogins;
+module.exports = configureSocialLogins;

api/strategies/githubEnterpriseStrategy.js

@@ -0,0 +1,31 @@
+const GitHubStrategy = require('passport-github2').Strategy;
+const socialLogin = require('./socialLogin');
+
+const getProfileDetails = ({ profile }) => ({
+  email: profile.emails[0].value,
+  id: profile.id,
+  avatarUrl: profile.photos[0].value,
+  username: profile.username,
+  name: profile.displayName,
+  emailVerified: profile.emails[0].verified,
+});
+
+const githubEnterpriseLogin = socialLogin('githubEnterprise', getProfileDetails);
+
+module.exports = () =>
+  new GitHubStrategy(
+    {
+      name: 'githubEnterprise',
+      clientID: process.env.GITHUB_ENTERPRISE_CLIENT_ID,
+      clientSecret: process.env.GITHUB_ENTERPRISE_CLIENT_SECRET,
+      callbackURL: `${process.env.DOMAIN_SERVER}${process.env.GITHUB_ENTERPRISE_CALLBACK_URL}`,
+      authorizationURL: `${process.env.GITHUB_ENTERPRISE_BASE_URL}/login/oauth/authorize`,
+      tokenURL: `${process.env.GITHUB_ENTERPRISE_BASE_URL}/login/oauth/access_token`,
+      userProfileURL: `${process.env.GITHUB_ENTERPRISE_BASE_URL}/api/v3/user`,
+      userEmailURL: `${process.env.GITHUB_ENTERPRISE_BASE_URL}/api/v3/user/emails`,
+      userAgent: process.env.GITHUB_ENTERPRISE_USER_AGENT || 'passport-github',
+      scope: ['user:email', 'read:user'],
+      proxy: false,
+    },
+    githubEnterpriseLogin,
+  );

api/strategies/index.js

@@ -2,6 +2,7 @@ const appleLogin = require('./appleStrategy');
 const passportLogin = require('./localStrategy');
 const googleLogin = require('./googleStrategy');
 const githubLogin = require('./githubStrategy');
+const githubEnterpriseLogin = require('./githubEnterpriseStrategy');
 const discordLogin = require('./discordStrategy');
 const facebookLogin = require('./facebookStrategy');
 const setupOpenId = require('./openidStrategy');
@@ -13,9 +14,10 @@ module.exports = {
   passportLogin,
   googleLogin,
   githubLogin,
+  githubEnterpriseLogin,
   discordLogin,
   jwtLogin,
   facebookLogin,
   setupOpenId,
   ldapLogin,
-};
+};

client/src/components/Auth/SocialLoginRender.tsx

@@ -51,6 +51,17 @@ function SocialLoginRender({
         id="github"
       />
     ),
+    githubEnterprise: startupConfig.githubEnterpriseLoginEnabled && (
+      <SocialButton
+        key="github-enterprise"
+        enabled={startupConfig.githubEnterpriseLoginEnabled}
+        serverDomain={startupConfig.serverDomain}
+        oauthPath="github-enterprise"
+        Icon={GithubIcon}
+        label={localize('com_auth_github_enterprise_login')}
+        id="github-enterprise"
+      />
+    ),
     google: startupConfig.googleLoginEnabled && (
       <SocialButton
         key="google"

client/src/localization/languages/Eng.ts

@@ -471,6 +471,7 @@ export default {
   com_auth_google_login: 'Continue with Google',
   com_auth_facebook_login: 'Continue with Facebook',
   com_auth_github_login: 'Continue with Github',
+  com_auth_github_enterprise_login: 'Continue with Github Enterprise',
   com_auth_discord_login: 'Continue with Discord',
   com_auth_apple_login: 'Sign in with Apple',
   com_auth_email: 'Email',

librechat.example.yaml

@@ -69,7 +69,7 @@ interface:
 
 # Example Registration Object Structure (optional)
 registration:
-  socialLogins: ['github', 'google', 'discord', 'openid', 'facebook', 'apple']
+  socialLogins: ['github', 'githubEnterprise', 'google', 'discord', 'openid', 'facebook', 'apple']
   # allowedDomains:
   # - "gmail.com"
 

packages/data-provider/src/config.ts

@@ -477,6 +477,7 @@ export type TStartupConfig = {
   discordLoginEnabled: boolean;
   facebookLoginEnabled: boolean;
   githubLoginEnabled: boolean;
+  githubEnterpriseLoginEnabled: boolean;
   googleLoginEnabled: boolean;
   openidLoginEnabled: boolean;
   appleLoginEnabled: boolean;