From 4c32ad4fced2871f22fda8f611b74e6873ef47c8 Mon Sep 17 00:00:00 2001
From: Henry <hzj94@hotmail.com>
Date: Thu, 26 Jun 2025 15:55:27 +0100
Subject: [PATCH] Bugfix/Refactor createFileAttachment to streamline chatId
 validation

Removed redundant chatId validation and path traversal checks, improving code clarity and maintainability. The chatId is now validated after the chatflowid check, ensuring proper error handling for invalid inputs.
---
 packages/server/src/utils/createAttachment.ts | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/packages/server/src/utils/createAttachment.ts b/packages/server/src/utils/createAttachment.ts
index 79a4e50af..3e5aeec94 100644
--- a/packages/server/src/utils/createAttachment.ts
+++ b/packages/server/src/utils/createAttachment.ts
@@ -30,17 +30,12 @@ export const createFileAttachment = async (req: Request) => {
     if (!chatflowid || !isValidUUID(chatflowid)) {
         throw new InternalFlowiseError(StatusCodes.BAD_REQUEST, 'Invalid chatflowId format - must be a valid UUID')
     }
-
-    const chatId = req.params.chatId
-    if (!chatId || !isValidUUID(chatId)) {
-        throw new InternalFlowiseError(StatusCodes.BAD_REQUEST, 'Invalid chatId format - must be a valid UUID')
-    }
-
-    // Check for path traversal attempts
-    if (isPathTraversal(chatflowid) || isPathTraversal(chatId)) {
+    if (isPathTraversal(chatflowid)) {
         throw new InternalFlowiseError(StatusCodes.BAD_REQUEST, 'Invalid path characters detected')
     }
 
+    const chatId = req.params.chatId
+
     // Validate chatflow exists and check API key
     const chatflow = await appServer.AppDataSource.getRepository(ChatFlow).findOneBy({
         id: chatflowid