geckon01/anything-llm
1
0
Fork 0
mirror of https://github.com/Mintplex-Labs/anything-llm.git synced 2026-06-15 23:20:32 +03:00
Code Issues Packages Projects Releases Wiki Activity

Protected slash command check (#3524)

Browse Source 
* protected slash command check

* fix error handling on frontend

---------

Co-authored-by: timothycarambat <rambat1010@gmail.com>
This commit is contained in:
Sean Hatfield
2025-03-24 17:09:36 -07:00
committed by GitHub
parent 5785a705cf
commit f0b7919a8f
2 changed files with 42 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
frontend/src/models/system.js
View File

@@ -637,13 +637,15 @@ const System = {
headers: baseHeaders(),
body: JSON.stringify(presetData),
})
.then((res) => {
if (!res.ok) throw new Error("Could not create slash command preset.");
return res.json();
})
.then((res) => {
return { preset: res.preset, error: null };
.then(async (res) => {
const data = await res.json();
if (!res.ok)
throw new Error(
data.message || "Error creating slash command preset."
);
return data;
})
.then((res) => ({ preset: res.preset, error: null }))
.catch((e) => {
console.error(e);
return { preset: null, error: e.message };
@@ -656,15 +658,18 @@ const System = {
headers: baseHeaders(),
body: JSON.stringify(presetData),
})
.then((res) => {
if (!res.ok) throw new Error("Could not update slash command preset.");
return res.json();
})
.then((res) => {
return { preset: res.preset, error: null };
.then(async (res) => {
const data = await res.json();
if (!res.ok)
throw new Error(
data.message || "Could not update slash command preset."
);
return data;
})
.then((res) => ({ preset: res.preset, error: null }))
.catch((e) => {
return { preset: null, error: "Failed to update this command." };
console.error(e);
return { preset: null, error: e.message };
});
},

26
server/endpoints/system.js
View File

@@ -56,6 +56,7 @@ const {
} = require("../utils/middleware/chatHistoryViewable");
const { simpleSSOEnabled } = require("../utils/middleware/simpleSSOEnabled");
const { TemporaryAuthToken } = require("../models/temporaryAuthToken");
const { VALID_COMMANDS } = require("../utils/chats");
function systemEndpoints(app) {
if (!app) return;
@@ -1140,8 +1141,19 @@ function systemEndpoints(app) {
try {
const user = await userFromSession(request, response);
const { command, prompt, description } = reqBody(request);
const formattedCommand = SlashCommandPresets.formatCommand(
String(command)
);
if (Object.keys(VALID_COMMANDS).includes(formattedCommand)) {
return response.status(400).json({
message:
"Cannot create a preset with a command that matches a system command",
});
}
const presetData = {
command: SlashCommandPresets.formatCommand(String(command)),
command: formattedCommand,
prompt: String(prompt),
description: String(description),
};
@@ -1168,6 +1180,16 @@ function systemEndpoints(app) {
const user = await userFromSession(request, response);
const { slashCommandId } = request.params;
const { command, prompt, description } = reqBody(request);
const formattedCommand = SlashCommandPresets.formatCommand(
String(command)
);
if (Object.keys(VALID_COMMANDS).includes(formattedCommand)) {
return response.status(400).json({
message:
"Cannot update a preset to use a command that matches a system command",
});
}
// Valid user running owns the preset if user session is valid.
const ownsPreset = await SlashCommandPresets.get({
@@ -1178,7 +1200,7 @@ function systemEndpoints(app) {
return response.status(404).json({ message: "Preset not found" });
const updates = {
command: SlashCommandPresets.formatCommand(String(command)),
command: formattedCommand,
prompt: String(prompt),
description: String(description),
};