Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2025-12-17 00:40:14 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

🛣️ fix: Add validation middleware to message route definitions (#3365)

Browse source
This commit is contained in:
Danny Avila 2024-07-17 10:27:07 -04:00 committed by GitHub
parent 73dbf3eb20
commit 1c282d1517
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 6 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

12
api/server/routes/messages.js
View file

@ -5,15 +5,15 @@ const { requireJwtAuth, validateMessageReq } = require('~/server/middleware');
const { countTokens } = require('~/server/utils'); const { countTokens } = require('~/server/utils');
router.use(requireJwtAuth); router.use(requireJwtAuth);
router.use(validateMessageReq);
router.get('/:conversationId', async (req, res) => { /* Note: It's necessary to add `validateMessageReq` within route definition for correct params */
router.get('/:conversationId', validateMessageReq, async (req, res) => {
const { conversationId } = req.params; const { conversationId } = req.params;
res.status(200).send(await getMessages({ conversationId }, '-_id -__v -user')); res.status(200).send(await getMessages({ conversationId }, '-_id -__v -user'));
}); });
// CREATE // CREATE
router.post('/:conversationId', async (req, res) => { router.post('/:conversationId', validateMessageReq, async (req, res) => {
const message = req.body; const message = req.body;
const savedMessage = await saveMessage(req, { ...message, user: req.user.id }); const savedMessage = await saveMessage(req, { ...message, user: req.user.id });
await saveConvo(req.user.id, savedMessage); await saveConvo(req.user.id, savedMessage);
@ -21,13 +21,13 @@ router.post('/:conversationId', async (req, res) => {
}); });
// READ // READ
router.get('/:conversationId/:messageId', async (req, res) => { router.get('/:conversationId/:messageId', validateMessageReq, async (req, res) => {
const { conversationId, messageId } = req.params; const { conversationId, messageId } = req.params;
res.status(200).send(await getMessages({ conversationId, messageId }, '-_id -__v -user')); res.status(200).send(await getMessages({ conversationId, messageId }, '-_id -__v -user'));
}); });
// UPDATE // UPDATE
router.put('/:conversationId/:messageId', async (req, res) => { router.put('/:conversationId/:messageId', validateMessageReq, async (req, res) => {
const { messageId, model } = req.params; const { messageId, model } = req.params;
const { text } = req.body; const { text } = req.body;
const tokenCount = await countTokens(text, model); const tokenCount = await countTokens(text, model);
@ -36,7 +36,7 @@ router.put('/:conversationId/:messageId', async (req, res) => {
}); });
// DELETE // DELETE
router.delete('/:conversationId/:messageId', async (req, res) => { router.delete('/:conversationId/:messageId', validateMessageReq, async (req, res) => {
const { messageId } = req.params; const { messageId } = req.params;
await deleteMessages({ messageId }); await deleteMessages({ messageId });
res.status(204).send(); res.status(204).send();