Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2025-12-24 12:20:14 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
LibreChat/api/server/routes/convos.js
Danny Avila 972402e029
🛡️ : Security Enhancements (#1681) 
* fix: sanitize HTTP params and do not send whole error objects backs

* fix: prevent path traversal

* fix: send custom error message for tokenizer route

* chore: handle info exposure vector

* chore(oauth): skip check due to false positive as oauth routes are rate-limited

* chore(app): disable `x-powered-by`

* chore: disable false positives or flagging of hardcoded secrets when they are fake values

* chore: add path traversal safety check
2024-01-30 14:34:02 -05:00

67 lines
1.8 KiB
JavaScript
Raw Blame History

const express = require('express');
const { getConvosByPage, deleteConvos } = require('~/models/Conversation');
const requireJwtAuth = require('~/server/middleware/requireJwtAuth');
const { getConvo, saveConvo } = require('~/models');
const { logger } = require('~/config');
const router = express.Router();
router.use(requireJwtAuth);
router.get('/', async (req, res) => {
let pageNumber = req.query.pageNumber || 1;
pageNumber = parseInt(pageNumber, 10);
if (isNaN(pageNumber) || pageNumber < 1) {
return res.status(400).json({ error: 'Invalid page number' });
}
res.status(200).send(await getConvosByPage(req.user.id, pageNumber));
});
router.get('/:conversationId', async (req, res) => {
const { conversationId } = req.params;
const convo = await getConvo(req.user.id, conversationId);
if (convo) {
res.status(200).json(convo);
} else {
res.status(404).end();
}
});
router.post('/clear', async (req, res) => {
let filter = {};
const { conversationId, source } = req.body.arg;
if (conversationId) {
filter = { conversationId };
}
// for debugging deletion source
// logger.debug('source:', source);
if (source === 'button' && !conversationId) {
return res.status(200).send('No conversationId provided');
}
try {
const dbResponse = await deleteConvos(req.user.id, filter);
res.status(201).json(dbResponse);
} catch (error) {
logger.error('Error clearing conversations', error);
res.status(500).send('Error clearing conversations');
}
});
router.post('/update', async (req, res) => {
const update = req.body.arg;
try {
const dbResponse = await saveConvo(req.user.id, update);
res.status(201).json(dbResponse);
} catch (error) {
logger.error('Error updating conversation', error);
res.status(500).send('Error updating conversation');
}
});
module.exports = router;
Reference in a new issue View git blame Copy permalink