fix(chat): chat-upload path 存相对路径而非服务端绝对路径#455
Open
ncw1992120 wants to merge 1 commit into
Open
Conversation
…er path
After the workspace-aware chat-uploads change, the upload root became
absolute (the resolver normalizes via toAbsolutePath/normalize, and the
autoconfiguration rewrites baseDir to an absolute path). ChatController.upload
then set ChatUploadResponse.path to that absolute path — despite the inline
comment promising a relative path "to avoid exposing the server's absolute
path". The field is rendered into the LLM prompt ("附件: foo (path)") and
returned to the client, so this leaked the server filesystem layout into both
the prompt and the response, and broke portability if the deploy dir moves.
Extract toRelativeUploadPath(uploadRoot, convId, storedName) which makes the
path relative to the upload root's parent (preserving the trailing sub-dir
name, e.g. chat-uploads/{convId}/{storedName}) and normalizes separators to
'/'. Retrieval is unaffected: it goes through the basename-based
ChatUploadResolver and the /api/v1/chat/files/... URL, not this field.
Adds ChatControllerUploadPathTest (default root, absolute workspace-scoped
root, custom base-dir name) asserting the result is relative and leak-free.
Addresses the blocker item in mateaix#452.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
背景
PR #422 把 chat-uploads 目录改成工作空间/Agent 感知后,上传根目录恒为绝对路径(
ChatUploadLocationResolver用toAbsolutePath().normalize(),且ChatUploadAutoConfiguration把baseDir重写成绝对路径)。但
ChatController.upload仍然这样设置返回的path字段:注释承诺"相对路径避免暴露绝对路径",实际却存了绝对路径。该字段会:
ChatController的附件: foo (path)/图片附件:/视频附件:);MessageContentPart。后果:服务端绝对文件系统布局泄漏进 prompt 和响应;改部署目录后历史消息里的绝对路径失效(相对路径本可移植)。
改动
抽出静态助手
toRelativeUploadPath(uploadRoot, convId, storedName):uploadRoot的父目录做relativize,保留尾部子目录名(如chat-uploads/{convId}/{storedName});/,跨 OS 取值稳定。检索逻辑不受影响:读取走基于 basename 的
ChatUploadResolver与/api/v1/chat/files/...URL,不依赖该字段。测试
新增
ChatControllerUploadPathTest(3 用例):默认根、绝对的 workspace-scoped 根、自定义 base-dir 名——断言结果为相对路径且不含绝对前缀。沿用本仓库"直接测 ChatController 静态助手"的既有范式(见ChatControllerPersistStatusTest)。兼容性
path取值从data/chat-uploads/{convId}/{storedName}(feat(workspace): chat-uploads 上传目录工作空间/Agent 感知化 #422 前的相对形式,但 feat(workspace): chat-uploads 上传目录工作空间/Agent 感知化 #422 后变成了绝对)回到相对形式chat-uploads/{convId}/{storedName};该字段仅作信息展示(prompt 提示 + 客户端回显),非检索依赖,故无破坏性。/api/v1/chat/files/{convId}/{storedName}不变,前端无需改动。范围
仅处理 #452 的 🟡 blocker。其余 3 项 🟢 边角(tool 读写双作用域来源、首传落 default 根、缓存只覆盖一半热路径)留在 #452 作为 follow-up,保持本 PR 单一关注点。