kamp/anything-llm
1
0
Fork 0
mirror of https://github.com/Mintplex-Labs/anything-llm.git synced 2024-11-19 12:40:09 +01:00
Code Issues Packages Projects Releases Wiki Activity

pre-validate sessionID type for embed chats

Browse Source
This commit is contained in:
timothycarambat 2024-08-27 16:38:20 -07:00
parent 548da9ade3
commit 334fd9cdd0
2 changed files with 17 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
server/models/embedChats.js
View File

@ -15,7 +15,7 @@ const EmbedChats = {
embed_id: Number(embedId), embed_id: Number(embedId),
response: JSON.stringify(response), response: JSON.stringify(response),
connection_information: JSON.stringify(connection_information), connection_information: JSON.stringify(connection_information),
session_id: sessionId, session_id: String(sessionId),
}, },
}); });
return { chat, message: null }; return { chat, message: null };
@ -36,8 +36,8 @@ const EmbedChats = {
try { try {
const chats = await prisma.embed_chats.findMany({ const chats = await prisma.embed_chats.findMany({
where: { where: {
embed_id: embedId, embed_id: Number(embedId),
session_id: sessionId, session_id: String(sessionId),
include: true, include: true,
}, },
...(limit !== null ? { take: limit } : {}), ...(limit !== null ? { take: limit } : {}),
@ -56,8 +56,8 @@ const EmbedChats = {
try { try {
await prisma.embed_chats.updateMany({ await prisma.embed_chats.updateMany({
where: { where: {
embed_id: embedId, embed_id: Number(embedId),
session_id: sessionId, session_id: String(sessionId),
}, },
data: { data: {
include: false, include: false,

13
server/utils/middleware/embedMiddleware.js
View File

@ -1,4 +1,4 @@
const { v4: uuidv4 } = require("uuid"); const { v4: uuidv4, validate } = require("uuid");
const { VALID_CHAT_MODE } = require("../chats/stream"); const { VALID_CHAT_MODE } = require("../chats/stream");
const { EmbedChats } = require("../../models/embedChats"); const { EmbedChats } = require("../../models/embedChats");
const { EmbedConfig } = require("../../models/embedConfig"); const { EmbedConfig } = require("../../models/embedConfig");
@ -78,6 +78,17 @@ async function canRespond(request, response, next) {
} }
const { sessionId, message } = reqBody(request); const { sessionId, message } = reqBody(request);
if (typeof sessionId !== "string" || !validate(String(sessionId))) {
response.status(404).json({
id: uuidv4(),
type: "abort",
textResponse: null,
sources: [],
close: true,
error: "Invalid session ID.",
});
return;
}
if (!message?.length || !VALID_CHAT_MODE.includes(embed.chat_mode)) { if (!message?.length || !VALID_CHAT_MODE.includes(embed.chat_mode)) {
response.status(400).json({ response.status(400).json({