Conversation
Refactor authentication and session management
- Introduced a delete button for each message that appears on hover. - Implemented a confirmation prompt before deleting a message. - Added event delegation for handling delete button clicks. - Enhanced the chat model selection dropdown with optgroups for better organization. - Adjusted styling for overlays and buttons for improved user experience. - Updated the message addition logic to include unique message IDs.
…update chatbot UI for message deletion
…dding loading animations; improve UI elements for better user experience
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| console.log(`Message with ID: ${messageId} successfully deleted from Chat ID: ${chatId}`); | ||
| res.json({ success: true, message: "Message deleted" }); | ||
| } catch (error) { | ||
| console.error(`Error deleting message with ID: ${messageId} from Chat ID: ${chatId}`, error); |
Check failure
Code scanning / CodeQL
Use of externally-controlled format string High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 11 months ago
To address the issue, we will modify the flagged line to use a safer approach by explicitly formatting the untrusted input using %s placeholders. This ensures that the untrusted values are treated as plain strings, regardless of their content. The fix will involve replacing the template literal with a format string and passing the untrusted values as separate arguments to console.error.
| @@ -583,3 +583,3 @@ | ||
| } catch (error) { | ||
| console.error(`Error deleting message with ID: ${messageId} from Chat ID: ${chatId}`, error); | ||
| console.error("Error deleting message with ID: %s from Chat ID: %s", messageId, chatId, error); | ||
| handleApiError(res, error, "deleting message"); |
| return res.status(500).json({ message: "Logout failed." }); | ||
| } | ||
| res.json({ message: "Logged out successfully." }); | ||
| router.post('/api/bot-chat', checkMessageLimit, async (req, res) => { |
Check failure
Code scanning / CodeQL
Missing rate limiting High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 11 months ago
To address the issue, we will add rate limiting to the /api/bot-chat route using the express-rate-limit package. This middleware will restrict the number of requests a client can make to the route within a specified time window. Specifically:
- Install the
express-rate-limitpackage if it is not already installed. - Configure a rate limiter with appropriate settings (e.g., a maximum of 100 requests per 15 minutes).
- Apply the rate limiter middleware to the
/api/bot-chatroute.
This fix ensures that the route is protected against abuse while maintaining its functionality.
| @@ -3,2 +3,3 @@ | ||
| import fetch from 'node-fetch'; | ||
| import rateLimit from "express-rate-limit"; | ||
| import { pool } from "./pool.js"; | ||
| @@ -588,3 +589,9 @@ | ||
|
|
||
| router.post('/api/bot-chat', checkMessageLimit, async (req, res) => { | ||
| const botChatRateLimiter = rateLimit({ | ||
| windowMs: 15 * 60 * 1000, // 15 minutes | ||
| max: 100, // Limit each IP to 100 requests per windowMs | ||
| message: "Too many requests to /api/bot-chat. Please try again later." | ||
| }); | ||
|
|
||
| router.post('/api/bot-chat', botChatRateLimiter, checkMessageLimit, async (req, res) => { | ||
| const { message, chatId } = req.body; |
| @@ -28,3 +28,4 @@ | ||
| "node-fetch": "^3.3.2", | ||
| "pg": "^8.13.1" | ||
| "pg": "^8.13.1", | ||
| "express-rate-limit": "^7.5.0" | ||
| }, |
| Package | Version | Security advisories |
| express-rate-limit (npm) | 7.5.0 | None |
| router.post('/api/chat/clear-history/:chatId', validateSessionAndRole("Any"), async (req, res) => { | ||
| const { chatId } = req.params; | ||
| if (!chatId) return res.status(400).json({ message: "Chat ID is required" }); | ||
|
|
||
| try { | ||
| await pool.query('DELETE FROM Ai_history WHERE id = $1', [chatId]); | ||
| res.json({ status: 200, message: "Chat history deleted", chatId }); | ||
| } catch (error) { | ||
| handleApiError(res, error, "deleting chat history"); | ||
| } | ||
| }); |
Check failure
Code scanning / CodeQL
Missing rate limiting High
Copilot Autofix
AI 11 months ago
Copilot could not generate an autofix suggestion
Copilot could not generate an autofix suggestion for this alert. Try pushing a new commit or if the problem persists contact support.
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
2 participants
No description provided.