mosaic/stack
1
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 2 Wiki Activity

fix(chat): skip CSRF for guest endpoint
All checks were successful
ci/woodpecker/push/ci Pipeline was successful
Details

Browse Source
This commit is contained in:
Jason Woltje
2026-03-03 12:36:01 -06:00
parent d1c9a747b9
commit 5207d8c0c9
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
apps/api/src/chat-proxy/chat-proxy.controller.ts
View File

@@ -1,6 +1,7 @@
import { Body, Controller, HttpException, Logger, Post, Req, Res, UseGuards } from "@nestjs/common"; import { Body, Controller, HttpException, Logger, Post, Req, Res, UseGuards } from "@nestjs/common";
import type { Response } from "express"; import type { Response } from "express";
import { AuthGuard } from "../auth/guards/auth.guard"; import { AuthGuard } from "../auth/guards/auth.guard";
import { SkipCsrf } from "../common/decorators/skip-csrf.decorator";
import type { MaybeAuthenticatedRequest } from "../auth/types/better-auth-request.interface"; import type { MaybeAuthenticatedRequest } from "../auth/types/better-auth-request.interface";
import { ChatStreamDto } from "./chat-proxy.dto"; import { ChatStreamDto } from "./chat-proxy.dto";
import { ChatProxyService } from "./chat-proxy.service"; import { ChatProxyService } from "./chat-proxy.service";
@@ -14,6 +15,7 @@ export class ChatProxyController {
// POST /api/chat/guest // POST /api/chat/guest
// Guest chat endpoint - no authentication required // Guest chat endpoint - no authentication required
// Uses a shared LLM configuration for unauthenticated users // Uses a shared LLM configuration for unauthenticated users
@SkipCsrf()
@Post("guest") @Post("guest")
async guestChat( async guestChat(
@Body() body: ChatStreamDto, @Body() body: ChatStreamDto,