mirror of
https://github.com/danny-avila/LibreChat.git
synced 2026-07-11 08:43:48 +00:00
The chat-route middleware operates on `req.body.text`, but the remote agent API endpoints (`/api/agents/v1/chat/completions`, `/api/agents/v1/responses`) accept the same prompt content as a `messages` array or an `input` field. A caller using their API key could send a credential-shaped value through either route and bypass the configured PII filter even though they share the same agent and model backbone the middleware is meant to guard. Factored out `findPiiMatchInMessages`, a tolerant walker that handles both `content: string` and `content: ContentPart[]` user-message shapes against the same compiled, cached pattern list. Wired it into the OpenAI-compat controller after agent lookup and into the Responses controller right after `convertToInternalMessages`. Each returns the endpoint's native 400 error shape (`sendErrorResponse` / `sendResponsesErrorResponse`) with the `message_pii_filter_block` code when a user message matches. |
||
|---|---|---|
| .. | ||
| __tests__ | ||
| agents | ||
| assistants | ||
| auth | ||
| AuthController.js | ||
| AuthController.spec.js | ||
| Balance.js | ||
| Balance.spec.js | ||
| EndpointController.js | ||
| FavoritesController.js | ||
| FavoritesController.spec.js | ||
| mcp.js | ||
| ModelController.js | ||
| PermissionsController.js | ||
| PluginController.js | ||
| PluginController.spec.js | ||
| SkillStatesController.js | ||
| tools.js | ||
| TwoFactorController.js | ||
| UserController.js | ||
| UserController.spec.js | ||