pre-validate sessionID type for embed chats

server/models/embedChats.js

@@ -15,7 +15,7 @@ const EmbedChats = {
           embed_id: Number(embedId),
           response: JSON.stringify(response),
           connection_information: JSON.stringify(connection_information),
-          session_id: sessionId,
+          session_id: String(sessionId),
         },
       });
       return { chat, message: null };
@@ -36,8 +36,8 @@ const EmbedChats = {
     try {
       const chats = await prisma.embed_chats.findMany({
         where: {
-          embed_id: embedId,
-          session_id: sessionId,
+          embed_id: Number(embedId),
+          session_id: String(sessionId),
           include: true,
         },
         ...(limit !== null ? { take: limit } : {}),
@@ -56,8 +56,8 @@ const EmbedChats = {
     try {
       await prisma.embed_chats.updateMany({
         where: {
-          embed_id: embedId,
-          session_id: sessionId,
+          embed_id: Number(embedId),
+          session_id: String(sessionId),
         },
         data: {
           include: false,

server/utils/middleware/embedMiddleware.js

@@ -1,4 +1,4 @@
-const { v4: uuidv4 } = require("uuid");
+const { v4: uuidv4, validate } = require("uuid");
 const { VALID_CHAT_MODE } = require("../chats/stream");
 const { EmbedChats } = require("../../models/embedChats");
 const { EmbedConfig } = require("../../models/embedConfig");
@@ -78,6 +78,17 @@ async function canRespond(request, response, next) {
     }
 
     const { sessionId, message } = reqBody(request);
+    if (typeof sessionId !== "string" || !validate(String(sessionId))) {
+      response.status(404).json({
+        id: uuidv4(),
+        type: "abort",
+        textResponse: null,
+        sources: [],
+        close: true,
+        error: "Invalid session ID.",
+      });
+      return;
+    }
 
     if (!message?.length || !VALID_CHAT_MODE.includes(embed.chat_mode)) {
       response.status(400).json({