Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2025-09-22 08:12:00 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
LibreChat/api/server/routes/messages.js
Danny Avila 972402e029
🛡️ : Security Enhancements (#1681) 
* fix: sanitize HTTP params and do not send whole error objects backs

* fix: prevent path traversal

* fix: send custom error message for tokenizer route

* chore: handle info exposure vector

* chore(oauth): skip check due to false positive as oauth routes are rate-limited

* chore(app): disable `x-powered-by`

* chore: disable false positives or flagging of hardcoded secrets when they are fake values

* chore: add path traversal safety check
2024-01-30 14:34:02 -05:00

49 lines
1.5 KiB
JavaScript
Raw Blame History

const express = require('express');
const router = express.Router();
const {
getMessages,
updateMessage,
saveConvo,
saveMessage,
deleteMessages,
} = require('../../models');
const { countTokens } = require('../utils');
const { requireJwtAuth, validateMessageReq } = require('../middleware/');
router.use(requireJwtAuth);
router.get('/:conversationId', validateMessageReq, async (req, res) => {
const { conversationId } = req.params;
res.status(200).send(await getMessages({ conversationId }));
});
// CREATE
router.post('/:conversationId', validateMessageReq, async (req, res) => {
const message = req.body;
const savedMessage = await saveMessage({ ...message, user: req.user.id });
await saveConvo(req.user.id, savedMessage);
res.status(201).send(savedMessage);
});
// READ
router.get('/:conversationId/:messageId', validateMessageReq, async (req, res) => {
const { conversationId, messageId } = req.params;
res.status(200).send(await getMessages({ conversationId, messageId }));
});
// UPDATE
router.put('/:conversationId/:messageId', validateMessageReq, async (req, res) => {
const { messageId, model } = req.params;
const { text } = req.body;
const tokenCount = await countTokens(text, model);
res.status(201).json(await updateMessage({ messageId, text, tokenCount }));
});
// DELETE
router.delete('/:conversationId/:messageId', validateMessageReq, async (req, res) => {
const { messageId } = req.params;
await deleteMessages({ messageId });
res.status(204).send();
});
module.exports = router;
Reference in a new issue View git blame Copy permalink