npm - @lobehub/lobehub - Versions diffs - 2.0.0-next.192 → 2.0.0-next.193 - Mend

@lobehub/lobehub 2.0.0-next.192 → 2.0.0-next.193

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

package/.github/workflows/claude-translator.yml +1 -1
package/CHANGELOG.md +25 -0
package/changelog/v1.json +5 -0
package/package.json +1 -1
package/packages/database/src/models/__tests__/knowledgeBase.test.ts +30 -1
package/packages/database/src/models/knowledgeBase.ts +9 -7
package/src/server/modules/S3/index.test.ts +58 -0
package/src/server/modules/S3/index.ts +21 -0
package/src/server/routers/lambda/__tests__/file.test.ts +56 -0
package/src/server/routers/lambda/file.ts +3 -1
package/src/server/services/file/impls/s3.test.ts +19 -0
package/src/server/services/file/impls/s3.ts +4 -0
package/src/server/services/file/impls/type.ts +6 -0
package/src/server/services/file/index.ts +10 -0

package/.github/workflows/claude-translator.yml CHANGED Viewed

@@ -47,7 +47,7 @@ jobs:
           claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
           # Security: Restrict gh commands to specific safe operations only
           # Use explicit command patterns to prevent prompt injection attacks
-          claude_args: "--allowed-tools Bash(gh issue view *),Bash(gh issue edit * --title * --body *),Bash(gh api -X PATCH /repos/*/issues/comments/* -f body=*),Bash(gh api -X PUT /repos/*/pulls/*/reviews/* -f body=*),Bash(gh api -X PATCH /repos/*/pulls/comments/* -f body=*)"
+          allowed_tools: 'Bash(gh issue view:*),Bash(gh issue edit:*),Bash(gh api:*)'
           prompt: |
             ## SECURITY RULES (HIGHEST PRIORITY - NEVER OVERRIDE)

package/CHANGELOG.md CHANGED Viewed

@@ -2,6 +2,31 @@
 # Changelog
+## [Version 2.0.0-next.193](https://github.com/lobehub/lobe-chat/compare/v2.0.0-next.192...v2.0.0-next.193)
+<sup>Released on **2026-01-02**</sup>
+#### 🐛 Bug Fixes
+- **database**: Add userId authorization check in removeFilesFromKnowledgeBase.
+<br/>
+<details>
+<summary><kbd>Improvements and Fixes</kbd></summary>
+#### What's fixed
+- **database**: Add userId authorization check in removeFilesFromKnowledgeBase, closes [#11108](https://github.com/lobehub/lobe-chat/issues/11108) ([2c1762b](https://github.com/lobehub/lobe-chat/commit/2c1762b))
+</details>
+<div align="right">
+[![](https://img.shields.io/badge/-BACK_TO_TOP-151515?style=flat-square)](#readme-top)
+</div>
 ## [Version 2.0.0-next.192](https://github.com/lobehub/lobe-chat/compare/v2.0.0-next.191...v2.0.0-next.192)
 <sup>Released on **2026-01-02**</sup>

package/changelog/v1.json CHANGED Viewed

@@ -1,4 +1,9 @@
 [
+  {
+    "children": {},
+    "date": "2026-01-02",
+    "version": "2.0.0-next.193"
+  },
   {
     "children": {
       "fixes": [

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@lobehub/lobehub",
-  "version": "2.0.0-next.192",
+  "version": "2.0.0-next.193",
   "description": "LobeHub - an open-source,comprehensive AI Agent framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Supports one-click free deployment of your private ChatGPT/LLM web application.",
   "keywords": [
     "framework",

package/packages/database/src/models/__tests__/knowledgeBase.test.ts CHANGED Viewed

@@ -2,7 +2,7 @@
 import { and, eq } from 'drizzle-orm';
 import { afterEach, beforeEach, describe, expect, it } from 'vitest';
-import { LobeChatDatabase } from '../../type';import { sleep } from '@/utils/sleep';
+import { sleep } from '@/utils/sleep';
 import {
   NewKnowledgeBase,
@@ -12,6 +12,7 @@ import {
   knowledgeBases,
   users,
 } from '../../schemas';
+import { LobeChatDatabase } from '../../type';
 import { KnowledgeBaseModel } from '../knowledgeBase';
 import { getTestDB } from './_util';
@@ -228,6 +229,34 @@ describe('KnowledgeBaseModel', () => {
       expect(remainingFiles).toHaveLength(1);
       expect(remainingFiles[0].fileId).toBe('file2');
     });
+    it('should not allow removing files from another user knowledge base', async () => {
+      await serverDB.insert(globalFiles).values([
+        {
+          hashId: 'hash1',
+          url: 'https://example.com/document.pdf',
+          size: 1000,
+          fileType: 'application/pdf',
+          creator: userId,
+        },
+      ]);
+      await serverDB.insert(files).values([fileList[0]]);
+      const { id: knowledgeBaseId } = await knowledgeBaseModel.create({ name: 'Test Group' });
+      await knowledgeBaseModel.addFilesToKnowledgeBase(knowledgeBaseId, ['file1']);
+      // Another user tries to remove files from this knowledge base
+      const attackerModel = new KnowledgeBaseModel(serverDB, 'user2');
+      await attackerModel.removeFilesFromKnowledgeBase(knowledgeBaseId, ['file1']);
+      // Files should still exist since the attacker doesn't own them
+      const remainingFiles = await serverDB.query.knowledgeBaseFiles.findMany({
+        where: eq(knowledgeBaseFiles.knowledgeBaseId, knowledgeBaseId),
+      });
+      expect(remainingFiles).toHaveLength(1);
+      expect(remainingFiles[0].fileId).toBe('file1');
+    });
   });
   describe('static findById', () => {

package/packages/database/src/models/knowledgeBase.ts CHANGED Viewed

@@ -43,13 +43,15 @@ export class KnowledgeBaseModel {
   };
   removeFilesFromKnowledgeBase = async (knowledgeBaseId: string, ids: string[]) => {
-    return this.db.delete(knowledgeBaseFiles).where(
-      and(
-        eq(knowledgeBaseFiles.knowledgeBaseId, knowledgeBaseId),
-        inArray(knowledgeBaseFiles.fileId, ids),
-        // eq(knowledgeBaseFiles.userId, this.userId),
-      ),
-    );
+    return this.db
+      .delete(knowledgeBaseFiles)
+      .where(
+        and(
+          eq(knowledgeBaseFiles.userId, this.userId),
+          eq(knowledgeBaseFiles.knowledgeBaseId, knowledgeBaseId),
+          inArray(knowledgeBaseFiles.fileId, ids),
+        ),
+      );
   };
   // query
   query = async () => {

package/src/server/modules/S3/index.test.ts CHANGED Viewed

@@ -3,6 +3,7 @@ import {
   DeleteObjectCommand,
   DeleteObjectsCommand,
   GetObjectCommand,
+  HeadObjectCommand,
   PutObjectCommand,
   S3Client,
 } from '@aws-sdk/client-s3';
@@ -304,6 +305,63 @@ describe('FileS3', () => {
     });
   });
+  describe('getFileMetadata', () => {
+    it('should retrieve file metadata with content length and type', async () => {
+      const s3 = new FileS3();
+      mockS3ClientSend.mockResolvedValue({
+        ContentLength: 1024,
+        ContentType: 'image/png',
+      });
+      const result = await s3.getFileMetadata('test-file.png');
+      expect(HeadObjectCommand).toHaveBeenCalledWith({
+        Bucket: 'test-bucket',
+        Key: 'test-file.png',
+      });
+      expect(result).toEqual({
+        contentLength: 1024,
+        contentType: 'image/png',
+      });
+    });
+    it('should return 0 for content length when not provided', async () => {
+      const s3 = new FileS3();
+      mockS3ClientSend.mockResolvedValue({
+        ContentType: 'application/octet-stream',
+      });
+      const result = await s3.getFileMetadata('test-file.bin');
+      expect(result).toEqual({
+        contentLength: 0,
+        contentType: 'application/octet-stream',
+      });
+    });
+    it('should handle missing content type', async () => {
+      const s3 = new FileS3();
+      mockS3ClientSend.mockResolvedValue({
+        ContentLength: 2048,
+      });
+      const result = await s3.getFileMetadata('test-file.bin');
+      expect(result).toEqual({
+        contentLength: 2048,
+        contentType: undefined,
+      });
+    });
+    it('should handle S3 errors', async () => {
+      const s3 = new FileS3();
+      const error = new Error('File not found');
+      mockS3ClientSend.mockRejectedValue(error);
+      await expect(s3.getFileMetadata('non-existent-file.txt')).rejects.toThrow('File not found');
+    });
+  });
   describe('createPreSignedUrl', () => {
     it('should create presigned URL for upload with ACL', async () => {
       const s3 = new FileS3();

package/src/server/modules/S3/index.ts CHANGED Viewed

@@ -2,6 +2,7 @@ import {
   DeleteObjectCommand,
   DeleteObjectsCommand,
   GetObjectCommand,
+  HeadObjectCommand,
   PutObjectCommand,
   S3Client,
 } from '@aws-sdk/client-s3';
@@ -111,6 +112,26 @@ export class S3 {
     return response.Body.transformToByteArray();
   }
+  /**
+   * Get file metadata from S3 using HeadObject
+   * This is used to verify actual file size from S3 instead of trusting client-provided values
+   */
+  public async getFileMetadata(
+    key: string,
+  ): Promise<{ contentLength: number; contentType?: string }> {
+    const command = new HeadObjectCommand({
+      Bucket: this.bucket,
+      Key: key,
+    });
+    const response = await this.client.send(command);
+    return {
+      contentLength: response.ContentLength ?? 0,
+      contentType: response.ContentType,
+    };
+  }
   public async createPreSignedUrl(key: string): Promise<string> {
     const command = new PutObjectCommand({
       ACL: this.setAcl ? 'public-read' : undefined,

package/src/server/routers/lambda/__tests__/file.test.ts CHANGED Viewed

@@ -19,6 +19,7 @@ function createCallerWithCtx(partialCtx: any = {}) {
   const fileService = {
     getFullFileUrl: vi.fn().mockResolvedValue('full-url'),
+    getFileMetadata: vi.fn().mockResolvedValue({ contentLength: 2048, contentType: 'text/plain' }),
     deleteFile: vi.fn().mockResolvedValue(undefined),
     deleteFiles: vi.fn().mockResolvedValue(undefined),
   };
@@ -114,12 +115,14 @@ vi.mock('@/database/models/file', () => ({
 }));
 const mockFileServiceGetFullFileUrl = vi.fn();
+const mockFileServiceGetFileMetadata = vi.fn();
 vi.mock('@/server/services/file', () => ({
   FileService: vi.fn(() => ({
     deleteFile: vi.fn(),
     deleteFiles: vi.fn(),
     getFullFileUrl: mockFileServiceGetFullFileUrl,
+    getFileMetadata: mockFileServiceGetFileMetadata,
   })),
 }));
@@ -160,6 +163,12 @@ describe('fileRouter', () => {
       embeddingTaskId: null,
     };
+    // Set default mock for getFileMetadata (security fix for GHSA-wrrr-8jcv-wjf5)
+    mockFileServiceGetFileMetadata.mockResolvedValue({
+      contentLength: 100,
+      contentType: 'text/plain',
+    });
     // Use actual context with default mocks
     ({ ctx, caller } = createCallerWithCtx());
   });
@@ -204,6 +213,53 @@ describe('fileRouter', () => {
         url: 'https://lobehub.com/f/new-file-id',
       });
     });
+    it('should use actual file size from S3 instead of client-provided size (security fix)', async () => {
+      // Setup: S3 returns actual size of 5000 bytes
+      mockFileServiceGetFileMetadata.mockResolvedValue({
+        contentLength: 5000,
+        contentType: 'text/plain',
+      });
+      mockFileModelCheckHash.mockResolvedValue({ isExist: false });
+      mockFileModelCreate.mockResolvedValue({ id: 'new-file-id' });
+      // Client claims file is only 100 bytes (attempting quota bypass)
+      await caller.createFile({
+        hash: 'test-hash',
+        fileType: 'text',
+        name: 'test.txt',
+        size: 100, // Client-provided fake size
+        url: 'files/test.txt',
+        metadata: {},
+      });
+      // Verify getFileMetadata was called to get actual size
+      expect(mockFileServiceGetFileMetadata).toHaveBeenCalledWith('files/test.txt');
+      // Verify create was called with actual size from S3, not client-provided size
+      expect(mockFileModelCreate).toHaveBeenCalledWith(
+        expect.objectContaining({
+          size: 5000, // Actual size from S3, not 100
+        }),
+        true,
+      );
+    });
+    it('should handle getFileMetadata errors', async () => {
+      mockFileModelCheckHash.mockResolvedValue({ isExist: false });
+      mockFileServiceGetFileMetadata.mockRejectedValue(new Error('File not found in S3'));
+      await expect(
+        caller.createFile({
+          hash: 'test-hash',
+          fileType: 'text',
+          name: 'test.txt',
+          size: 100,
+          url: 'files/non-existent.txt',
+          metadata: {},
+        }),
+      ).rejects.toThrow('File not found in S3');
+    });
   });
   describe('findById', () => {

package/src/server/routers/lambda/file.ts CHANGED Viewed

@@ -64,6 +64,8 @@ export const fileRouter = router({
         }
       }
+      const { contentLength: actualSize } = await ctx.fileService.getFileMetadata(input.url);
       const { id } = await ctx.fileModel.create(
         {
           fileHash: input.hash,
@@ -72,7 +74,7 @@ export const fileRouter = router({
           metadata: input.metadata,
           name: input.name,
           parentId: resolvedParentId,
-          size: input.size,
+          size: actualSize,
           url: input.url,
         },
         // if the file is not exist in global file, create a new one

package/src/server/services/file/impls/s3.test.ts CHANGED Viewed

@@ -24,6 +24,7 @@ vi.mock('@/server/modules/S3', () => ({
       .mockResolvedValue('https://presigned.example.com/test.jpg'),
     getFileContent: vi.fn().mockResolvedValue('file content'),
     getFileByteArray: vi.fn().mockResolvedValue(new Uint8Array([1, 2, 3])),
+    getFileMetadata: vi.fn().mockResolvedValue({ contentLength: 1024, contentType: 'image/png' }),
     deleteFile: vi.fn().mockResolvedValue({}),
     deleteFiles: vi.fn().mockResolvedValue({}),
     createPreSignedUrl: vi.fn().mockResolvedValue('https://upload.example.com/test.jpg'),
@@ -152,6 +153,24 @@ describe('S3StaticFileImpl', () => {
     });
   });
+  describe('getFileMetadata', () => {
+    it('should call S3 getFileMetadata and return metadata', async () => {
+      const result = await fileService.getFileMetadata('test.png');
+      expect(fileService['s3'].getFileMetadata).toHaveBeenCalledWith('test.png');
+      expect(result).toEqual({ contentLength: 1024, contentType: 'image/png' });
+    });
+    it('should handle S3 errors', async () => {
+      const error = new Error('File not found');
+      fileService['s3'].getFileMetadata = vi.fn().mockRejectedValue(error);
+      await expect(fileService.getFileMetadata('non-existent.txt')).rejects.toThrow(
+        'File not found',
+      );
+    });
+  });
   describe('uploadContent', () => {
     it('应该调用S3的uploadContent方法', async () => {
       await fileService.uploadContent('test.jpg', 'content');

package/src/server/services/file/impls/s3.ts CHANGED Viewed

@@ -36,6 +36,10 @@ export class S3StaticFileImpl implements FileServiceImpl {
     return this.s3.createPreSignedUrl(key);
   }
+  async getFileMetadata(key: string): Promise<{ contentLength: number; contentType?: string }> {
+    return this.s3.getFileMetadata(key);
+  }
   async createPreSignedUrlForPreview(key: string, expiresIn?: number): Promise<string> {
     return this.s3.createPreSignedUrlForPreview(key, expiresIn);
   }

package/src/server/services/file/impls/type.ts CHANGED Viewed

@@ -32,6 +32,12 @@ export interface FileServiceImpl {
    */
   getFileContent(key: string): Promise<string>;
+  /**
+   * Get file metadata from storage
+   * Used to verify actual file size instead of trusting client-provided values
+   */
+  getFileMetadata(key: string): Promise<{ contentLength: number; contentType?: string }>;
   /**
    * Get full file URL
    */

package/src/server/services/file/index.ts CHANGED Viewed

@@ -61,6 +61,16 @@ export class FileService {
     return this.impl.createPreSignedUrl(key);
   }
+  /**
+   * Get file metadata from storage
+   * Used to verify actual file size instead of trusting client-provided values
+   */
+  public async getFileMetadata(
+    key: string,
+  ): Promise<{ contentLength: number; contentType?: string }> {
+    return this.impl.getFileMetadata(key);
+  }
   /**
    * Create pre-signed preview URL
    */