(req: Request)
| 27 | * @param {Request} req |
| 28 | */ |
| 29 | export const createFileAttachment = async (req: Request) => { |
| 30 | const appServer = getRunningExpressApp() |
| 31 | |
| 32 | const chatflowid = req.params.chatflowId |
| 33 | const chatId = req.params.chatId |
| 34 | |
| 35 | if (!chatflowid || !isValidUUID(chatflowid)) { |
| 36 | throw new InternalFlowiseError(StatusCodes.BAD_REQUEST, 'Invalid chatflowId format - must be a valid UUID') |
| 37 | } |
| 38 | if (isPathTraversal(chatflowid) || (chatId && isPathTraversal(chatId))) { |
| 39 | throw new InternalFlowiseError(StatusCodes.BAD_REQUEST, 'Invalid path characters detected') |
| 40 | } |
| 41 | |
| 42 | // Validate chatflow exists and check API key |
| 43 | const chatflow = await appServer.AppDataSource.getRepository(ChatFlow).findOneBy({ |
| 44 | id: chatflowid |
| 45 | }) |
| 46 | if (!chatflow) { |
| 47 | throw new InternalFlowiseError(StatusCodes.NOT_FOUND, `Chatflow ${chatflowid} not found`) |
| 48 | } |
| 49 | |
| 50 | let orgId = req.user?.activeOrganizationId || '' |
| 51 | let workspaceId = req.user?.activeWorkspaceId || '' |
| 52 | let subscriptionId = req.user?.activeOrganizationSubscriptionId || '' |
| 53 | |
| 54 | // This is one of the WHITELIST_URLS, API can be public and there might be no req.user |
| 55 | if (!orgId || !workspaceId) { |
| 56 | const chatflowWorkspaceId = chatflow.workspaceId |
| 57 | const workspace = await appServer.AppDataSource.getRepository(Workspace).findOneBy({ |
| 58 | id: chatflowWorkspaceId |
| 59 | }) |
| 60 | if (!workspace) { |
| 61 | throw new InternalFlowiseError(StatusCodes.NOT_FOUND, `Workspace ${chatflowWorkspaceId} not found`) |
| 62 | } |
| 63 | workspaceId = workspace.id |
| 64 | |
| 65 | const org = await appServer.AppDataSource.getRepository(Organization).findOneBy({ |
| 66 | id: workspace.organizationId |
| 67 | }) |
| 68 | if (!org) { |
| 69 | throw new InternalFlowiseError(StatusCodes.NOT_FOUND, `Organization ${workspace.organizationId} not found`) |
| 70 | } |
| 71 | |
| 72 | orgId = org.id |
| 73 | subscriptionId = org.subscriptionId as string |
| 74 | } |
| 75 | |
| 76 | // Parse chatbot configuration to get file upload settings |
| 77 | let pdfConfig = { |
| 78 | usage: 'perPage', |
| 79 | legacyBuild: false |
| 80 | } |
| 81 | let allowedFileTypes: string[] = [] |
| 82 | let fileUploadEnabled = false |
| 83 | |
| 84 | if (chatflow.chatbotConfig) { |
| 85 | try { |
| 86 | const chatbotConfig = JSON.parse(chatflow.chatbotConfig) |
no test coverage detected