MCPcopy Index your code
hub / github.com/simstudioai/sim / assertFileAccessForUpload

Function assertFileAccessForUpload

apps/sim/providers/file-attachments.server.ts:140–155  ·  view source on GitHub ↗

* Verifies the caller may read this file before its bytes are uploaded to a provider. Enforced * for every caller of uploadLargeFilesToProvider (not just the agent path), so a forged * storage key in a passthrough request cannot exfiltrate another user's file.

(
  file: UserFile,
  userId: string | undefined
)

Source from the content-addressed store, hash-verified

138 * storage key in a passthrough request cannot exfiltrate another user's file.
139 */
140async function assertFileAccessForUpload(
141 file: UserFile,
142 userId: string | undefined
143): Promise<void> {
144 if (!file.key) {
145 throw new Error(`File "${file.name}" has no storage key`)
146 }
147 if (!userId) {
148 throw new Error(`File "${file.name}" requires an authenticated user to upload`)
149 }
150 const context = (file.context as StorageContext) || inferContextFromKey(file.key)
151 const hasAccess = await verifyFileAccess(file.key, userId, undefined, context, false)
152 if (!hasAccess) {
153 throw new Error(`File "${file.name}" is not accessible`)
154 }
155}
156
157/**
158 * Groups large files needing a Files API upload by storage key so a file referenced across

Callers 1

Calls 2

inferContextFromKeyFunction · 0.90
verifyFileAccessFunction · 0.90

Tested by

no test coverage detected