diff --git a/packages/server/src/services/apikey/index.ts b/packages/server/src/services/apikey/index.ts index 8f7bb4021..a63d315a5 100644 --- a/packages/server/src/services/apikey/index.ts +++ b/packages/server/src/services/apikey/index.ts @@ -97,6 +97,7 @@ const deleteApiKey = async (id: string, workspaceId?: string) => { const importKeys = async (body: any) => { try { const jsonFile = body.jsonFile + const workspaceId = body.workspaceId const splitDataURI = jsonFile.split(',') if (splitDataURI[0] !== 'data:application/json;base64') { throw new InternalFlowiseError(StatusCodes.INTERNAL_SERVER_ERROR, `Invalid dataURI`) @@ -105,11 +106,46 @@ const importKeys = async (body: any) => { const plain = bf.toString('utf8') const keys = JSON.parse(plain) + // Validate schema of imported keys + if (!Array.isArray(keys)) { + throw new InternalFlowiseError(StatusCodes.BAD_REQUEST, `Invalid format: Expected an array of API keys`) + } + + const requiredFields = ['keyName', 'apiKey', 'apiSecret', 'createdAt', 'id'] + for (let i = 0; i < keys.length; i++) { + const key = keys[i] + if (typeof key !== 'object' || key === null) { + throw new InternalFlowiseError(StatusCodes.BAD_REQUEST, `Invalid format: Key at index ${i} is not an object`) + } + + for (const field of requiredFields) { + if (!(field in key)) { + throw new InternalFlowiseError( + StatusCodes.BAD_REQUEST, + `Invalid format: Key at index ${i} is missing required field '${field}'` + ) + } + if (typeof key[field] !== 'string') { + throw new InternalFlowiseError( + StatusCodes.BAD_REQUEST, + `Invalid format: Key at index ${i} field '${field}' must be a string` + ) + } + if (key[field].trim() === '') { + throw new InternalFlowiseError( + StatusCodes.BAD_REQUEST, + `Invalid format: Key at index ${i} field '${field}' cannot be empty` + ) + } + } + } + const appServer = getRunningExpressApp() - const allApiKeys = await appServer.AppDataSource.getRepository(ApiKey).find() + const allApiKeys = await appServer.AppDataSource.getRepository(ApiKey).findBy(getWorkspaceSearchOptions(workspaceId)) if (body.importMode === 'replaceAll') { await appServer.AppDataSource.getRepository(ApiKey).delete({ - id: Not(IsNull()) + id: Not(IsNull()), + workspaceId: workspaceId }) } if (body.importMode === 'errorIfExist') { @@ -127,12 +163,13 @@ const importKeys = async (body: any) => { if (keyNameExists) { const keyIndex = allApiKeys.findIndex((k) => k.keyName === key.keyName) switch (body.importMode) { - case 'overwriteIfExist': { + case 'overwriteIfExist': + case 'replaceAll': { const currentKey = allApiKeys[keyIndex] currentKey.id = uuidv4() currentKey.apiKey = key.apiKey currentKey.apiSecret = key.apiSecret - currentKey.workspaceId = body.workspaceId + currentKey.workspaceId = workspaceId await appServer.AppDataSource.getRepository(ApiKey).save(currentKey) break } @@ -154,12 +191,12 @@ const importKeys = async (body: any) => { newKey.apiKey = key.apiKey newKey.apiSecret = key.apiSecret newKey.keyName = key.keyName - newKey.workspaceId = body.workspaceId + newKey.workspaceId = workspaceId const newKeyEntity = appServer.AppDataSource.getRepository(ApiKey).create(newKey) await appServer.AppDataSource.getRepository(ApiKey).save(newKeyEntity) } } - return await getAllApiKeysFromDB(body.workspaceId) + return await getAllApiKeysFromDB(workspaceId) } catch (error) { throw new InternalFlowiseError(StatusCodes.INTERNAL_SERVER_ERROR, `Error: apikeyService.importKeys - ${getErrorMessage(error)}`) } diff --git a/packages/server/src/services/chat-messages/index.ts b/packages/server/src/services/chat-messages/index.ts index 5be032d80..b2b2c00a3 100644 --- a/packages/server/src/services/chat-messages/index.ts +++ b/packages/server/src/services/chat-messages/index.ts @@ -201,16 +201,6 @@ const abortChatMessage = async (chatId: string, chatflowid: string) => { } } -async function getAllMessages(): Promise { - const appServer = getRunningExpressApp() - return await appServer.AppDataSource.getRepository(ChatMessage).find() -} - -async function getAllMessagesFeedback(): Promise { - const appServer = getRunningExpressApp() - return await appServer.AppDataSource.getRepository(ChatMessageFeedback).find() -} - async function getMessagesByChatflowIds(chatflowIds: string[]): Promise { const appServer = getRunningExpressApp() return await appServer.AppDataSource.getRepository(ChatMessage).find({ where: { chatflowid: In(chatflowIds) } }) @@ -228,8 +218,6 @@ export default { removeAllChatMessages, removeChatMessagesByMessageIds, abortChatMessage, - getAllMessages, - getAllMessagesFeedback, getMessagesByChatflowIds, getMessagesFeedbackByChatflowIds } diff --git a/packages/server/src/services/documentstore/index.ts b/packages/server/src/services/documentstore/index.ts index 42b0e039a..e9e203d29 100644 --- a/packages/server/src/services/documentstore/index.ts +++ b/packages/server/src/services/documentstore/index.ts @@ -90,19 +90,6 @@ const getAllDocumentStores = async (workspaceId?: string) => { } } -const getAllDocumentFileChunks = async () => { - try { - const appServer = getRunningExpressApp() - const entities = await appServer.AppDataSource.getRepository(DocumentStoreFileChunk).find() - return entities - } catch (error) { - throw new InternalFlowiseError( - StatusCodes.INTERNAL_SERVER_ERROR, - `Error: documentStoreServices.getAllDocumentFileChunks - ${getErrorMessage(error)}` - ) - } -} - const getAllDocumentFileChunksByDocumentStoreIds = async (documentStoreIds: string[]) => { const appServer = getRunningExpressApp() return await appServer.AppDataSource.getRepository(DocumentStoreFileChunk).find({ where: { storeId: In(documentStoreIds) } }) @@ -2258,7 +2245,6 @@ export default { createDocumentStore, deleteLoaderFromDocumentStore, getAllDocumentStores, - getAllDocumentFileChunks, getAllDocumentFileChunksByDocumentStoreIds, getDocumentStoreById, getUsedChatflowNames, diff --git a/packages/server/src/utils/validateKey.ts b/packages/server/src/utils/validateKey.ts index 494a82e9b..2eb539de9 100644 --- a/packages/server/src/utils/validateKey.ts +++ b/packages/server/src/utils/validateKey.ts @@ -19,6 +19,7 @@ export const validateChatflowAPIKey = async (req: Request, chatflow: ChatFlow) = if (suppliedKey) { const keys = await apikeyService.getAllApiKeys() const apiSecret = keys.find((key: any) => key.id === chatFlowApiKeyId)?.apiSecret + if (!apiSecret) return false if (!compareKeys(apiSecret, suppliedKey)) return false return true } diff --git a/packages/ui/src/views/apikey/index.jsx b/packages/ui/src/views/apikey/index.jsx index 09bbd6300..9cd40397d 100644 --- a/packages/ui/src/views/apikey/index.jsx +++ b/packages/ui/src/views/apikey/index.jsx @@ -424,7 +424,7 @@ const APIKey = () => { Key Name API Key Usage - Created + Updated