Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2025-12-18 01:10:14 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

🛡️ fix: Enhance File Upload Security & Error Handling (#4705)

Browse source 
* fix: sanitize filename in multer storage callback

* fix: ensure temporary image upload file is deleted after processing

* fix: prevent cleanup flag from being set to false before actually deleted

* refactor: user avatar, typing, use 'file' for formData instead of 'input', add disk storage, use localization

* fix: update Avatar component to include image dimensions in formData and refactor editor reference type

* fix: refactor avatar upload handling to use fs for file reading and enhance file validation

* fix: ensure temporary image upload file is deleted after processing

* fix: refactor avatar upload routes and handlers for agents and assistants, improve file handling and validation

* fix: improve audio file validation and cleanup

* fix: add filename sanitization utility and integrate it into multer storage configuration

* fix: update group project ID check for null and refactor delete prompt group response type

* fix: invalid access control for deleting prompt groups

* fix: add error handling and logging to checkBan middleware

* fix: catch conversation parsing errors

* chore: revert unnecessary height and width parameters from avatar upload

* chore: update librechat-data-provider version to 0.7.55

* style: ensure KaTeX can spread across visible space
This commit is contained in:
Danny Avila 2024-11-12 16:41:04 -05:00 committed by GitHub
parent 3c94ff2c04
commit d012da0065
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
33 changed files with 373 additions and 186 deletions
Download patch file Download diff file Expand all files Collapse all files

11
api/server/routes/files/index.js
View file

@ -1,5 +1,7 @@
const express = require('express');
const { uaParser, checkBan, requireJwtAuth, createFileLimiters } = require('~/server/middleware');
const { avatar: asstAvatarRouter } = require('~/server/routes/assistants/v1');
const { avatar: agentAvatarRouter } = require('~/server/routes/agents/v1');
const { createMulterInstance } = require('./multer');
const files = require('./files');
@ -13,18 +15,25 @@ const initialize = async () => {
router.use(checkBan);
router.use(uaParser);
const upload = await createMulterInstance();
router.post('/speech/stt', upload.single('audio'));
/* Important: speech route must be added before the upload limiters */
router.use('/speech', speech);
const upload = await createMulterInstance();
const { fileUploadIpLimiter, fileUploadUserLimiter } = createFileLimiters();
router.post('*', fileUploadIpLimiter, fileUploadUserLimiter);
router.post('/', upload.single('file'));
router.post('/images', upload.single('file'));
router.post('/images/avatar', upload.single('file'));
router.post('/images/agents/:agent_id/avatar', upload.single('file'));
router.post('/images/assistants/:assistant_id/avatar', upload.single('file'));
router.use('/', files);
router.use('/images', images);
router.use('/images/avatar', avatar);
router.use('/images/agents', agentAvatarRouter);
router.use('/images/assistants', asstAvatarRouter);
return router;
};