From e326bc8f497be54983a239ae11812408118ce226 Mon Sep 17 00:00:00 2001
From: Henry Heng <henryheng@flowiseai.com>
Date: Thu, 26 Jun 2025 16:14:04 +0100
Subject: [PATCH] Bugfix/Refactor createFileAttachment to streamline chatId
 validation (#4740)

Removed redundant chatId validation and path traversal checks, improving code clarity and maintainability. The chatId is now validated after the chatflowid check, ensuring proper error handling for invalid inputs.
---
 packages/server/src/utils/createAttachment.ts | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/packages/server/src/utils/createAttachment.ts b/packages/server/src/utils/createAttachment.ts
index 79a4e50a..3e5aeec9 100644
--- a/packages/server/src/utils/createAttachment.ts
+++ b/packages/server/src/utils/createAttachment.ts
@@ -30,17 +30,12 @@ export const createFileAttachment = async (req: Request) => {
     if (!chatflowid || !isValidUUID(chatflowid)) {
         throw new InternalFlowiseError(StatusCodes.BAD_REQUEST, 'Invalid chatflowId format - must be a valid UUID')
     }
-
-    const chatId = req.params.chatId
-    if (!chatId || !isValidUUID(chatId)) {
-        throw new InternalFlowiseError(StatusCodes.BAD_REQUEST, 'Invalid chatId format - must be a valid UUID')
-    }
-
-    // Check for path traversal attempts
-    if (isPathTraversal(chatflowid) || isPathTraversal(chatId)) {
+    if (isPathTraversal(chatflowid)) {
         throw new InternalFlowiseError(StatusCodes.BAD_REQUEST, 'Invalid path characters detected')
     }
 
+    const chatId = req.params.chatId
+
     // Validate chatflow exists and check API key
     const chatflow = await appServer.AppDataSource.getRepository(ChatFlow).findOneBy({
         id: chatflowid