Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2025-12-17 00:40:14 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

🛡️ fix: Enhance File Upload Security & Error Handling (#4705)

Browse source 
* fix: sanitize filename in multer storage callback

* fix: ensure temporary image upload file is deleted after processing

* fix: prevent cleanup flag from being set to false before actually deleted

* refactor: user avatar, typing, use 'file' for formData instead of 'input', add disk storage, use localization

* fix: update Avatar component to include image dimensions in formData and refactor editor reference type

* fix: refactor avatar upload handling to use fs for file reading and enhance file validation

* fix: ensure temporary image upload file is deleted after processing

* fix: refactor avatar upload routes and handlers for agents and assistants, improve file handling and validation

* fix: improve audio file validation and cleanup

* fix: add filename sanitization utility and integrate it into multer storage configuration

* fix: update group project ID check for null and refactor delete prompt group response type

* fix: invalid access control for deleting prompt groups

* fix: add error handling and logging to checkBan middleware

* fix: catch conversation parsing errors

* chore: revert unnecessary height and width parameters from avatar upload

* chore: update librechat-data-provider version to 0.7.55

* style: ensure KaTeX can spread across visible space
This commit is contained in:
Danny Avila 2024-11-12 16:41:04 -05:00 committed by GitHub
parent 3c94ff2c04
commit d012da0065
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
33 changed files with 373 additions and 186 deletions
Download patch file Download diff file Expand all files Collapse all files

8
api/server/routes/files/multer.js
View file

@ -3,6 +3,7 @@ const path = require('path');
const crypto = require('crypto');
const multer = require('multer');
const { fileConfig: defaultFileConfig, mergeFileConfig } = require('librechat-data-provider');
const { sanitizeFilename } = require('~/server/utils/handleText');
const { getCustomConfig } = require('~/server/services/Config');
const storage = multer.diskStorage({
@ -16,7 +17,8 @@ const storage = multer.diskStorage({
filename: function (req, file, cb) {
req.file_id = crypto.randomUUID();
file.originalname = decodeURIComponent(file.originalname);
cb(null, `${file.originalname}`);
const sanitizedFilename = sanitizeFilename(file.originalname);
cb(null, sanitizedFilename);
},
});
@ -45,6 +47,10 @@ const createFileFilter = (customFileConfig) => {
return cb(new Error('No file provided'), false);
}
if (req.originalUrl.endsWith('/speech/stt') && file.mimetype.startsWith('audio/')) {
return cb(null, true);
}
const endpoint = req.body.endpoint;
const supportedTypes =
customFileConfig?.endpoints?.[endpoint]?.supportedMimeTypes ??