Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2025-09-22 06:00:56 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

🔐 fix: Enhance Message & Image Access Security (#3363)

Browse source 
* chore: slight refactor

* fix: prevent message updates unless explicitly owned

* refactor: rethrow errors, update deleteMessagesSince (not used), add basic tests

* fix: Add path normalization and validation to image request middleware

* fix: image validation path security
This commit is contained in:
Danny Avila 2024-07-17 09:51:03 -04:00 committed by GitHub
parent 0a1d38e318
commit d5d188eebf
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
17 changed files with 595 additions and 229 deletions
Download patch file Download diff file Expand all files Collapse all files

6
api/server/controllers/AskController.js
View file

@ -55,7 +55,7 @@ const AskController = async (req, res, next, initializeClient, addTitle) => {
const { onProgress: progressCallback, getPartialText } = createOnProgress({
onProgress: throttle(
({ text: partialText }) => {
saveMessage({
saveMessage(req, {
messageId: responseMessageId,
sender,
conversationId,
@ -144,11 +144,11 @@ const AskController = async (req, res, next, initializeClient, addTitle) => {
});
res.end();
await saveMessage({ ...response, user });
await saveMessage(req, { ...response, user });
}
if (!client.skipSaveUserMessage) {
await saveMessage(userMessage);
await saveMessage(req, userMessage);
}
if (addTitle && parentMessageId === Constants.NO_PARENT && newConvo) {