Fix: fixed a potential vulnerability in /api/chat/get_file endpoint.

[Soulter]

I have fixed a potential vulnerability in the /api/chat/get_file endpoint that could allow unauthorized access to files by ensuring the request has a jwt token.

Fixes #1675

Motivation

The previous implementation did not enforce proper authentication for the /api/chat/get_file endpoint, which could allow unauthorized users to access sensitive files. This posed a security risk and needed to be addressed.

Modifications

1. All requests to the /api/chat/get_file endpoint must now include a valid JWT token.
2. Added validation logic to verify the filename parameter in the route, preventing potential misuse or path traversal.

Check

• 😊 我的 Commit Message 符合良好的规范
• 👀 我的更改经过良好的测试
• 🤓 我确保没有引入新依赖库，或者引入了新依赖库的同时将其添加到了 requirements.txt 和 pyproject.toml 文件相应位置。
• 😮 我的更改没有引入恶意代码

好的，这是将 pull request 总结翻译成中文的结果：

Sourcery 总结

使用 JWT 认证和路径遍历检查来保护 /api/chat/get_file 端点，并改进前端媒体处理，以使用具有适当生命周期管理的缓存 blob URL。

新特性：

• 在 ChatPage.vue 中通过新的 getMediaFile 方法缓存并提供媒体文件作为 blob URL

Bug 修复：

• /api/chat/get_file 需要有效的 JWT，并将其从未经身份验证的端点列表中删除
• 通过验证 /api/chat/get_file 端点中的 filename 参数来防止路径遍历

增强功能：

• 重构媒体暂存以单独存储文件名并按需生成 blob URL
• 引入 mediaCache 和 cleanupMediaCache 来管理 blob URL 缓存和撤销

Original summary in English

Summary by Sourcery

Secure the /api/chat/get_file endpoint with JWT authentication and path traversal checks, and revamp the frontend media handling to use cached blob URLs with proper lifecycle management.

New Features:

• Cache and serve media files as blob URLs in ChatPage.vue via a new getMediaFile method

Bug Fixes:

• Require a valid JWT for /api/chat/get_file and remove it from the unauthenticated endpoints list
• Prevent path traversal by validating the filename parameter in the /api/chat/get_file endpoint

Enhancements:

• Refactor media staging to store filenames separately and generate blob URLs on-demand
• Introduce mediaCache and cleanupMediaCache to manage blob URL caching and revocation

[sourcery-ai]

## 审查者指南

此PR通过强制执行JWT认证、清理请求的文件名以防止路径遍历，并重构前端聊天组件以通过安全blob URL获取和缓存媒体文件，从而保护了`/api/chat/get_file`端点。

#### ChatPage.vue 的更新类图

```mermaid
classDiagram
    class ChatPage {
        +stagedImagesName: String[]
        +stagedImagesUrl: String[]
        +mediaCache: Object
        +getMediaFile(filename: String): Promise~String~
        +cleanupMediaCache(): void
        +startListeningEvent(): void
        +getConversationMessages(cid: String): void
        +uploadImage(event: Event): void
        +removeImage(index: Number): void
        +sendMessage(): void
        +beforeUnmount(): void
    }

后端安全组件的更新类图

classDiagram
    class ChatRoutes {
        +get_file(self): QuartResponse
    }
    class Server {
        -allowed_endpoints: String[]
        #auth_middleware()
    }

Loading

文件级别变更

变更	详情	文件
在服务器中间件中要求JWT认证才能检索文件	从allowed_endpoints白名单中删除/api/chat/get_file 确保auth_middleware拒绝未经授权的get_file请求	server.py
验证和清理文件名以阻止get_file处理程序中的路径遍历	从传入的文件名中提取basename 拒绝包含“..”、“/”或“\”模式的文件名 仅使用清理后的文件名打开文件	routes/chat.py
重构前端以安全地获取、缓存和撤销媒体blob	添加了mediaCache、getMediaFile和cleanupMediaCache用于blob URL管理 切换暂存媒体以仅存储文件名 (stagedImagesName, stagedAudioUrl) 更新了消息渲染和发送逻辑以使用来自缓存的blob URL 用来自getMediaFile的对象URL替换直接的/api/chat/get_file src URL	ChatPage.vue

针对关联问题的评估

问题	目标	已解决	解释

可能关联的问题

• [Security] Unauthorized Path Traversal Vulnerability in /api/chat/get_file of AstrBotDevs/AstrBot #1675: 此PR向/api/chat/get_file端点添加了身份验证和文件名验证，直接修复了该问题中报告的路径遍历漏洞。

---

提示和命令

与 Sourcery 互动

• 触发新的审查： 在 pull request 上评论 @sourcery-ai review。
• 继续讨论： 直接回复 Sourcery 的审查评论。
• 从审查评论生成 GitHub issue： 通过回复审查评论，要求 Sourcery 从审查评论创建一个 issue。您也可以回复审查评论并使用 @sourcery-ai issue 从中创建一个 issue。
• 生成 pull request 标题： 在 pull request 标题中的任何位置写入 @sourcery-ai 以随时生成标题。您也可以在 pull request 上评论 @sourcery-ai title 以随时（重新）生成标题。
• 生成 pull request 摘要： 在 pull request 正文中的任何位置写入 @sourcery-ai summary 以随时在您想要的位置生成 PR 摘要。您也可以在 pull request 上评论 @sourcery-ai summary 以随时（重新）生成摘要。
• 生成审查者指南： 在 pull request 上评论 @sourcery-ai guide 以随时（重新）生成审查者指南。
• 解决所有 Sourcery 评论： 在 pull request 上评论 @sourcery-ai resolve 以解决所有 Sourcery 评论。如果您已经解决了所有评论并且不想再看到它们，这将非常有用。
• 驳回所有 Sourcery 审查： 在 pull request 上评论 @sourcery-ai dismiss 以驳回所有现有的 Sourcery 审查。如果您想重新开始新的审查，这将特别有用 - 不要忘记评论 @sourcery-ai review 以触发新的审查！

自定义您的体验

访问您的 dashboard 以：

• 启用或禁用审查功能，例如 Sourcery 生成的 pull request 摘要、审查者指南等。
• 更改审查语言。
• 添加、删除或编辑自定义审查说明。
• 调整其他审查设置。

获得帮助

• 联系我们的支持团队 提出问题或反馈。
• 访问我们的 documentation 获取详细指南和信息。
• 通过在 X/Twitter, LinkedIn 或 GitHub 上关注我们，与 Sourcery 团队保持联系。

```

Original review guide in English

Reviewer's Guide

This PR secures the /api/chat/get_file endpoint by enforcing JWT authentication, sanitizing the requested filename to prevent path traversal, and refactors the front-end chat component to fetch and cache media files via secure blob URLs.

Updated Class Diagram for ChatPage.vue

classDiagram
    class ChatPage {
        +stagedImagesName: String[]
        +stagedImagesUrl: String[]
        +mediaCache: Object
        +getMediaFile(filename: String): Promise~String~
        +cleanupMediaCache(): void
        +startListeningEvent(): void
        +getConversationMessages(cid: String): void
        +uploadImage(event: Event): void
        +removeImage(index: Number): void
        +sendMessage(): void
        +beforeUnmount(): void
    }

Loading

Updated Class Diagram for Backend Security Components

classDiagram
    class ChatRoutes {
        +get_file(self): QuartResponse
    }
    class Server {
        -allowed_endpoints: String[]
        #auth_middleware()
    }

Loading

File-Level Changes

Change	Details	Files
Require JWT auth for file retrieval in the server middleware	Removed /api/chat/get_file from the allowed_endpoints whitelist Ensured auth_middleware rejects unauthorized requests to get_file	server.py
Validate and sanitize filenames to block path-traversal in get_file handler	Extract basename from incoming filename Reject filenames containing “..”, “/”, or “\” patterns Open files using the sanitized filename only	routes/chat.py
Refactor front-end to fetch, cache and revoke media blobs securely	Added mediaCache, getMediaFile, and cleanupMediaCache for blob URL management Switched staged media to store only filenames (stagedImagesName, stagedAudioUrl) Updated message rendering and sending logic to use blob URLs from cache Replaced direct /api/chat/get_file src URLs with object URLs from getMediaFile	ChatPage.vue

Assessment against linked issues

Issue	Objective	Addressed	Explanation

Possibly linked issues

• [Security] Unauthorized Path Traversal Vulnerability in /api/chat/get_file of AstrBotDevs/AstrBot #1675: The PR adds authentication and filename validation to the /api/chat/get_file endpoint, directly fixing the path traversal vulnerability reported in the issue.

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

嘿 @Soulter - 我已经查看了你的更改 - 这里有一些反馈：

• 在 get_file 端点中，你手动剥离和验证文件名——考虑使用经过良好测试的助手函数，如 Werkzeug 的 secure_filename 或严格的允许文件名白名单，以简化和加强清理。
• 从 allowed_endpoints 中删除 /api/chat/get_file 会强制执行 JWT 身份验证——仔细检查你的中间件排序是否在文件处理程序之前实际运行 auth_middleware，并添加一个快速手动测试以进行未经身份验证的访问。
• 管理两个并行数组（stagedImagesName 和 stagedImagesUrl）使 UI 逻辑难以理解——考虑将它们统一为单个对象数组 { filename, url }，这样你就可以更干净地映射和撤销 blob URL。

以下是我在审查期间查看的内容

• 🟡 一般问题：发现 4 个问题
• 🟢 安全性：一切看起来都不错
• 🟢 测试：一切看起来都不错
• 🟢 复杂性：一切看起来都不错
• 🟢 文档：一切看起来都不错

---

Sourcery 对开源项目是免费的 - 如果你喜欢我们的评论，请考虑分享它们 ✨

• X
• Mastodon
• LinkedIn
• Facebook

<sub>帮助我变得更有用！请点击每个评论上的 👍 或 👎，我将使用反馈来改进你的评论。</sub>

Original comment in English

Hey @Soulter - I've reviewed your changes - here's some feedback:

• In the get_file endpoint you manually strip and validate filenames—consider using a well-tested helper like Werkzeug’s secure_filename or a strict whitelist of allowed filenames to simplify and harden sanitization.
• Removing /api/chat/get_file from allowed_endpoints enforces JWT auth—double-check that your middleware ordering actually runs auth_middleware before the file handler and add a quick manual test for unauthenticated access.
• Managing two parallel arrays (stagedImagesName and stagedImagesUrl) makes the UI logic hard to follow—consider unifying them into a single array of objects { filename, url } so you can map and revoke blob URLs more cleanly.

Here's what I looked at during the review

• 🟡 General issues: 4 issues found
• 🟢 Security: all looks good
• 🟢 Testing: all looks good
• 🟢 Complexity: all looks good
• 🟢 Documentation: all looks good

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

<sub>Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.</sub>

[sourcery-ai]

suggestion (performance): mediaCache 没有缓存驱逐机制，可能导致内存泄漏。

实施缓存驱逐策略或大小限制，以防止 mediaCache 增长导致无限制的内存使用。

建议的实现方式：

    data() {
        return {
            // ...其他数据属性
            mediaCache: new Map(), // 使用 Map 实现 LRU
            mediaCacheMaxSize: 50, // 设置最大缓存大小
        };
    },

    methods: {
        async getMediaFile(filename) {
            if (this.mediaCache.has(filename)) {
                // 将访问过的项目移动到末尾（最近使用）
                const value = this.mediaCache.get(filename);
                this.mediaCache.delete(filename);
                this.mediaCache.set(filename, value);
                return value;
            }

            try {
                const response = await axios.get('/api/chat/get_file', {
                    params: { filename },
                    responseType: 'blob'
                });

                const blobUrl = URL.createObjectURL(response.data);

                // 如果缓存已满，则驱逐最近最少使用的（第一个）条目
                if (this.mediaCache.size >= this.mediaCacheMaxSize) {
                    const firstKey = this.mediaCache.keys().next().value;
                    URL.revokeObjectURL(this.mediaCache.get(firstKey)); // 清理 blob
                    this.mediaCache.delete(firstKey);
                }

                this.mediaCache.set(filename, blobUrl);

• 更新任何假定 mediaCache 是普通对象的代码，以使用 Map。
• 确保 cleanupMediaCache() 迭代 Map 并在清除之前撤销所有 blob URL。

Original comment in English

suggestion (performance): No cache eviction for mediaCache may lead to memory leaks.

Implement a cache eviction policy or size limit to prevent unbounded memory usage as mediaCache grows.

Suggested implementation:

    data() {
        return {
            // ...other data properties
            mediaCache: new Map(), // Use Map for LRU
            mediaCacheMaxSize: 50, // Set a max cache size
        };
    },

    methods: {
        async getMediaFile(filename) {
            if (this.mediaCache.has(filename)) {
                // Move accessed item to the end (most recently used)
                const value = this.mediaCache.get(filename);
                this.mediaCache.delete(filename);
                this.mediaCache.set(filename, value);
                return value;
            }

            try {
                const response = await axios.get('/api/chat/get_file', {
                    params: { filename },
                    responseType: 'blob'
                });

                const blobUrl = URL.createObjectURL(response.data);

                // If cache is full, evict the least recently used (first) entry
                if (this.mediaCache.size >= this.mediaCacheMaxSize) {
                    const firstKey = this.mediaCache.keys().next().value;
                    URL.revokeObjectURL(this.mediaCache.get(firstKey)); // Cleanup blob
                    this.mediaCache.delete(firstKey);
                }

                this.mediaCache.set(filename, blobUrl);

• Update any code that assumes mediaCache is a plain object to work with a Map instead.
• Ensure that cleanupMediaCache() iterates over the Map and revokes all blob URLs before clearing.

[sourcery-ai]

suggestion (bug_risk): cleanupMediaCache 仅在组件卸载时调用，而不是在图像/音频移除时调用。

仅在卸载时撤销 blob URL 可能会导致用户在发送之前移除媒体时发生内存泄漏。请在从暂存区移除媒体时撤销 blob URL。

建议的实现方式：

        cleanupMediaCache() {
            Object.values(this.mediaCache).forEach(url => {
                if (url.startsWith('blob:')) {
                    URL.revokeObjectURL(url);
                }
            });
            this.mediaCache = {};
        },

        removeMediaFromCache(key) {
            const url = this.mediaCache[key];
            if (url && url.startsWith('blob:')) {
                URL.revokeObjectURL(url);
            }
            this.$delete(this.mediaCache, key);
        },

现在，无论何时从暂存区移除媒体（例如，当用户在发送之前移除图像/音频时），都必须使用 removeMediaFromCache(key)，而不是直接从 mediaCache 中删除。
找到代码中所有执行类似 delete this.mediaCache[key] 或 this.$delete(this.mediaCache, key) 的地方，并将它们替换为 this.removeMediaFromCache(key)。

Original comment in English

suggestion (bug_risk): cleanupMediaCache only called on component unmount, not on image/audio removal.

Revoking blob URLs only on unmount can cause memory leaks if users remove media before sending. Please revoke blob URLs when media is removed from staging.

Suggested implementation:

        cleanupMediaCache() {
            Object.values(this.mediaCache).forEach(url => {
                if (url.startsWith('blob:')) {
                    URL.revokeObjectURL(url);
                }
            });
            this.mediaCache = {};
        },

        removeMediaFromCache(key) {
            const url = this.mediaCache[key];
            if (url && url.startsWith('blob:')) {
                URL.revokeObjectURL(url);
            }
            this.$delete(this.mediaCache, key);
        },

You must now use removeMediaFromCache(key) instead of directly deleting from mediaCache wherever media is removed from staging (e.g., when a user removes an image/audio before sending).
Find all places in your code where you do something like delete this.mediaCache[key] or this.$delete(this.mediaCache, key) and replace them with this.removeMediaFromCache(key).

[sourcery-ai]

suggestion (performance): 从 stagedImagesUrl 中移除图像不会撤销 blob URL。

请在 removeImage 中对已移除图像的 URL 调用 URL.revokeObjectURL 以释放内存。

Suggested change

	removeImage(index) {
	this.stagedImagesName.splice(index, 1);
	this.stagedImagesUrl.splice(index, 1);
	},
	removeImage(index) {
	// 撤销 blob URL 以释放内存
	const url = this.stagedImagesUrl[index];
	if (url) {
	URL.revokeObjectURL(url);
	}
	this.stagedImagesName.splice(index, 1);
	this.stagedImagesUrl.splice(index, 1);
	},

Original comment in English

suggestion (performance): Removing images from stagedImagesUrl does not revoke blob URLs.

Please call URL.revokeObjectURL on the removed image's URL in removeImage to release memory.

Suggested change

	removeImage(index) {
	this.stagedImagesName.splice(index, 1);
	this.stagedImagesUrl.splice(index, 1);
	},
	removeImage(index) {
	// Revoke the blob URL to release memory
	const url = this.stagedImagesUrl[index];
	if (url) {
	URL.revokeObjectURL(url);
	}
	this.stagedImagesName.splice(index, 1);
	this.stagedImagesUrl.splice(index, 1);
	},

[Soulter]

这个似乎是没必要的，已经在 https://vscode.dev/github/Soulter/AstrBot/blob/feat/alkaid/dashboard/src/main.ts#L24-L30 实现