feat: Enhance agent skills API with validation and limits

ctlaltlaltc · ctlaltlaltc · commit 83675db13498 · 2026-03-05T17:38:30.000+08:00
diff --git a/packages/global/core/agentSkills/api.d.ts b/packages/global/core/agentSkills/api.d.ts
@@ -81,9 +81,15 @@ export type GetSkillDetailResponse = {
 };
 
 // ==================== Import Skill ====================
+/**
+ * ImportSkillBody — optional metadata fields for multipart/form-data upload.
+ * The actual archive file (ZIP / TAR / TAR.GZ) must be sent as the `file` field
+ * in a multipart/form-data request; it is not represented in this type.
+ */
 export type ImportSkillBody = {
   name?: string; // required for multi-skill packages; optional for single-skill (falls back to SKILL.md)
   description?: string; // optional, fallback to SKILL.md or ''
+  avatar?: string; // optional skill icon/avatar URL or base64
 };
 
 export type ImportSkillResponse = string; // single skillId
diff --git a/packages/global/core/agentSkills/type.d.ts b/packages/global/core/agentSkills/type.d.ts
@@ -93,6 +93,7 @@ export type AgentSkillConfigType = {
     url: string;
     method: 'GET' | 'POST' | 'PUT' | 'DELETE';
     headers?: Record<string, string>;
+    /** Request timeout in seconds */
     timeout?: number;
   };
 
diff --git a/packages/service/core/agentSkills/archiveUtils.ts b/packages/service/core/agentSkills/archiveUtils.ts
@@ -15,15 +15,26 @@ export function getSupportedArchiveFormat(filename: string): ArchiveFormat | nul
 /**
  * Extract archive file (zip/tar/tar.gz) to a file map.
  * Path traversal entries are filtered out for security.
+ * Total uncompressed size is capped to prevent Zip Bomb OOM attacks.
  */
-export async function extractToFileMap(filePath: string): Promise<ArchiveFileMap> {
+export async function extractToFileMap(
+  filePath: string,
+  maxUncompressedBytes = 200 * 1024 * 1024
+): Promise<ArchiveFileMap> {
   const files = await decompress(filePath);
   const fileMap: ArchiveFileMap = {};
+  let totalSize = 0;
   for (const file of files) {
     if (file.type === 'directory') continue;
     const normalized = file.path.replace(/\\/g, '/').replace(/^\/+/, '');
     // Filter path traversal
     if (!normalized || normalized.includes('../')) continue;
+    totalSize += file.data.length;
+    if (totalSize > maxUncompressedBytes) {
+      throw new Error(
+        `Uncompressed archive exceeds maximum allowed size (${maxUncompressedBytes / 1024 / 1024}MB)`
+      );
+    }
     fileMap[normalized] = file.data;
   }
   return fileMap;
diff --git a/packages/service/core/agentSkills/controller.ts b/packages/service/core/agentSkills/controller.ts
@@ -157,9 +157,9 @@ export async function listSkills(
     query.teamId = teamId;
   }
 
-  // Category filter
+  // Category filter — use $in because category is an array field
   if (category) {
-    query.category = category;
+    query.category = { $in: [category] };
   }
 
   // Search key (text search on name and description)
diff --git a/packages/service/core/agentSkills/sandboxConfig.ts b/packages/service/core/agentSkills/sandboxConfig.ts
@@ -6,6 +6,12 @@
 
 import type { SandboxImageConfigType } from '@fastgpt/global/core/agentSkills/type';
 
+/** Parse an integer from an env-var string, returning defaultValue when the result is NaN. */
+function safeParseInt(value: string | undefined, defaultValue: number): number {
+  const n = parseInt(value ?? '', 10);
+  return isNaN(n) ? defaultValue : n;
+}
+
 export type SandboxProviderConfig = {
   provider: string;
   baseUrl: string;
@@ -45,9 +51,9 @@ export function getSandboxProviderConfig(): SandboxProviderConfig {
  */
 export function getSandboxDefaults(): SandboxDefaults {
   return {
-    timeout: parseInt(process.env.SANDBOX_DEFAULT_TIMEOUT || '600', 10), // 10 minutes, Automatic termination timeout (server-side TTL)
-    cleanupInterval: parseInt(process.env.SANDBOX_CLEANUP_INTERVAL || '3600000', 10),
-    inactiveThreshold: parseInt(process.env.SANDBOX_INACTIVE_THRESHOLD || '7200', 10),
+    timeout: safeParseInt(process.env.SANDBOX_DEFAULT_TIMEOUT, 600), // 10 minutes, Automatic termination timeout (server-side TTL)
+    cleanupInterval: safeParseInt(process.env.SANDBOX_CLEANUP_INTERVAL, 3600000),
+    inactiveThreshold: safeParseInt(process.env.SANDBOX_INACTIVE_THRESHOLD, 7200),
     defaultImage: {
       repository: process.env.SANDBOX_DEFAULT_IMAGE || 'node',
       tag: process.env.SANDBOX_DEFAULT_IMAGE_TAG || '18-alpine'
diff --git a/packages/service/core/agentSkills/schema.ts b/packages/service/core/agentSkills/schema.ts
@@ -82,11 +82,11 @@ try {
   AgentSkillsSchema.index({ source: 1, teamId: 1, deleteTime: 1, createTime: -1 });
   // Category index
   AgentSkillsSchema.index({ category: 1 });
-  // Removed unique index on name to allow duplicate skill names
-  // AgentSkillSchema.index(
-  //   { name: 1, teamId: 1, deleteTime: 1 },
-  //   { unique: true, partialFilterExpression: { deleteTime: null } }
-  // );
+  // Unique constraint: same team cannot have two live skills with the same name
+  AgentSkillsSchema.index(
+    { name: 1, teamId: 1, deleteTime: 1 },
+    { unique: true, partialFilterExpression: { deleteTime: null } }
+  );
 } catch (error) {
   console.log('AgentSkill index error:', error);
 }
diff --git a/packages/service/core/agentSkills/storage.ts b/packages/service/core/agentSkills/storage.ts
@@ -93,7 +93,10 @@ export async function uploadSkillPackage(
 /**
  * Download skill package from MinIO/S3 storage
  */
-export async function downloadSkillPackage(params: DownloadSkillPackageParams): Promise<Buffer> {
+export async function downloadSkillPackage(
+  params: DownloadSkillPackageParams,
+  maxBytes = 200 * 1024 * 1024
+): Promise<Buffer> {
   const { storageInfo } = params;
 
   const bucket = new S3PrivateBucket();
@@ -106,10 +109,16 @@ export async function downloadSkillPackage(params: DownloadSkillPackageParams):
     throw new Error(`Failed to download skill package: ${storageInfo.key}`);
   }
 
-  // Convert stream to buffer
+  // Convert stream to buffer with size limit to prevent OOM
   const chunks: Buffer[] = [];
+  let totalSize = 0;
   for await (const chunk of response.body) {
-    chunks.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk));
+    const buf = Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk);
+    totalSize += buf.length;
+    if (totalSize > maxBytes) {
+      throw new Error(`Skill package exceeds maximum allowed size (${maxBytes / 1024 / 1024}MB)`);
+    }
+    chunks.push(buf);
   }
 
   return Buffer.concat(chunks);
diff --git a/packages/service/core/agentSkills/versionController.ts b/packages/service/core/agentSkills/versionController.ts
@@ -46,13 +46,17 @@ export async function createVersion(
 }
 
 /**
- * Get the next version number for a skill
+ * Get the next version number for a skill.
+ * Should be called inside a transaction session to avoid version number races.
  */
-export async function getNextVersionNumber(skillId: string): Promise<number> {
+export async function getNextVersionNumber(
+  skillId: string,
+  session?: ClientSession
+): Promise<number> {
   const lastVersion = await MongoAgentSkillsVersion.findOne(
     { skillId, isDeleted: false },
     { version: 1 },
-    { sort: { version: -1 } }
+    { sort: { version: -1 }, session }
   ).lean();
 
   return (lastVersion?.version ?? -1) + 1;
@@ -140,7 +144,8 @@ export async function setActiveVersion(
 }
 
 /**
- * Soft delete a version
+ * Soft delete a version.
+ * Active versions cannot be deleted — deactivate or switch to another version first.
  */
 export async function deleteVersion(
   skillId: string,
@@ -157,18 +162,24 @@ export async function deleteVersion(
     throw new Error(`Version ${version} not found for skill ${skillId}`);
   }
 
-  // If this is the active version, we should not allow deletion
-  // or we should deactivate it first
-  const updateData: Record<string, any> = {
-    isDeleted: true,
-    isActive: false
-  };
+  // Refuse to delete the currently active version to prevent data orphaning
+  if (versionDoc.isActive) {
+    throw new Error(
+      `Cannot delete active version ${version}. Switch to another version before deleting.`
+    );
+  }
 
-  await MongoAgentSkillsVersion.updateOne({ skillId, version }, { $set: updateData }, { session });
+  await MongoAgentSkillsVersion.updateOne(
+    { skillId, version },
+    { $set: { isDeleted: true } },
+    { session }
+  );
 }
 
 /**
- * Restore a deleted version
+ * Restore a deleted version.
+ * The restored version is set back to isDeleted=false but remains inactive (isActive=false).
+ * Call setActiveVersion explicitly if you want to make it the active version.
  */
 export async function restoreVersion(
   skillId: string,
diff --git a/projects/app/src/pages/api/core/app/agent/skills/create.ts b/projects/app/src/pages/api/core/app/agent/skills/create.ts
@@ -58,6 +58,17 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
       });
     }
 
+    // Validate category enum values
+    const validCategories = Object.values(AgentSkillCategoryEnum) as string[];
+    if (category.length > 0 && category.some((c) => !validCategories.includes(c))) {
+      return jsonRes(res, { code: 400, error: 'Invalid category value' });
+    }
+
+    // Validate config size (max 50 KB)
+    if (config && JSON.stringify(config).length > 50_000) {
+      return jsonRes(res, { code: 400, error: 'Config exceeds maximum allowed size (50KB)' });
+    }
+
     // Check if skill name already exists
     const nameExists = await checkSkillNameExists(name.trim(), teamId);
     if (nameExists) {
@@ -125,7 +136,11 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
     jsonRes<CreateSkillResponse>(res, {
       data: skillId
     });
-  } catch (err) {
+  } catch (err: any) {
+    // E11000: unique index violation (concurrent duplicate name creation)
+    if (err.code === 11000 || err.codeName === 'DuplicateKey') {
+      return jsonRes(res, { code: 409, error: 'Skill name already exists' });
+    }
     jsonRes(res, {
       code: 500,
       error: err
diff --git a/projects/app/src/pages/api/core/app/agent/skills/delete.ts b/projects/app/src/pages/api/core/app/agent/skills/delete.ts
@@ -4,6 +4,7 @@ import { authUserPer } from '@fastgpt/service/support/permission/user/auth';
 import { mongoSessionRun } from '@fastgpt/service/common/mongo/sessionRun';
 import { deleteSkill, canModifySkill } from '@fastgpt/service/core/agentSkills/controller';
 import type { DeleteSkillQuery, DeleteSkillResponse } from '@fastgpt/global/core/agentSkills/api';
+import { isValidObjectId } from 'mongoose';
 
 export default async function handler(req: NextApiRequest, res: NextApiResponse) {
   try {
@@ -33,6 +34,10 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
       });
     }
 
+    if (!isValidObjectId(skillId)) {
+      return jsonRes(res, { code: 400, error: 'Invalid skill ID format' });
+    }
+
     // Check if user can delete this skill
     const canDelete = await canModifySkill(skillId, tmbId);
     if (!canDelete) {
diff --git a/projects/app/src/pages/api/core/app/agent/skills/detail.ts b/projects/app/src/pages/api/core/app/agent/skills/detail.ts
@@ -6,9 +6,15 @@ import type {
   GetSkillDetailQuery,
   GetSkillDetailResponse
 } from '@fastgpt/global/core/agentSkills/api';
+import { isValidObjectId } from 'mongoose';
 
 export default async function handler(req: NextApiRequest, res: NextApiResponse) {
   try {
+    // Only accept GET requests
+    if (req.method !== 'GET') {
+      return jsonRes(res, { code: 405, error: 'Method not allowed' });
+    }
+
     // Authenticate user
     const { teamId } = await authUserPer({
       req,
@@ -27,6 +33,10 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
       });
     }
 
+    if (!isValidObjectId(skillId)) {
+      return jsonRes(res, { code: 400, error: 'Invalid skill ID format' });
+    }
+
     // Get skill
     const skill = await getSkillById(skillId);
 
@@ -45,7 +55,9 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
       });
     }
 
-    // Format response
+    // Format response — only expose teamId/tmbId for personal skills belonging to the requester's team
+    const isOwnPersonalSkill = skill.source === 'personal' && skill.teamId?.toString() === teamId;
+
     const response: GetSkillDetailResponse = {
       _id: skill._id,
       source: skill.source,
@@ -55,8 +67,7 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
       category: skill.category,
       config: skill.config,
       avatar: skill.avatar,
-      teamId: skill.teamId,
-      tmbId: skill.tmbId,
+      ...(isOwnPersonalSkill && { teamId: skill.teamId, tmbId: skill.tmbId }),
       createTime: skill.createTime?.toISOString() || new Date().toISOString(),
       updateTime: skill.updateTime?.toISOString() || new Date().toISOString()
     };
diff --git a/projects/app/src/pages/api/core/app/agent/skills/edit.ts b/projects/app/src/pages/api/core/app/agent/skills/edit.ts
@@ -6,6 +6,7 @@ import { createEditDebugSandbox } from '@fastgpt/service/core/agentSkills/sandbo
 import type { CreateEditDebugSandboxBody } from '@fastgpt/global/core/agentSkills/api';
 import { SseResponseEventEnum } from '@fastgpt/global/core/workflow/runtime/constants';
 import type { SandboxStatusItemType } from '@fastgpt/global/core/chat/type';
+import { isValidObjectId } from 'mongoose';
 
 /**
  * Create an edit-debug sandbox for a skill.
@@ -42,6 +43,12 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
       return;
     }
 
+    if (!isValidObjectId(skillId)) {
+      sseErrRes(res, new Error('Invalid skill ID format'));
+      res.end();
+      return;
+    }
+
     // Validate optional parameters
     if (image && !image.repository) {
       sseErrRes(res, new Error('image.repository is required when image is provided'));
@@ -77,7 +84,8 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
     res.end();
   } catch (err: any) {
     console.error('[API] Create edit-debug sandbox error:', err);
-    sseErrRes(res, err);
+    // Wrap to avoid leaking internal implementation details via SSE
+    sseErrRes(res, new Error('Failed to create sandbox'));
     res.end();
   }
 }
diff --git a/projects/app/src/pages/api/core/app/agent/skills/import.ts b/projects/app/src/pages/api/core/app/agent/skills/import.ts
@@ -27,9 +27,15 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
       return jsonRes(res, { code: 405, error: 'Method not allowed' });
     }
 
+    // Read env limit before multer so both use the same value
+    const maxSizeEnv = process.env.MAX_SKILL_ZIP_SIZE;
+    const maxArchiveSize = maxSizeEnv ? parseInt(maxSizeEnv, 10) : 50 * 1024 * 1024;
+    // Convert bytes to MB for multer (multer expects MB)
+    const maxArchiveSizeMB = Math.ceil(maxArchiveSize / 1024 / 1024);
+
     const result = await multer.resolveFormData<ImportSkillBody>({
       request: req,
-      maxFileSize: 10 // 10MB
+      maxFileSize: maxArchiveSizeMB
     });
 
     filepaths.push(result.fileMetadata.path);
@@ -38,7 +44,8 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
     // Support both JSON-wrapped body ({"data": "..."}) and plain multipart form fields
     const body: ImportSkillBody = {
       name: result.data.name ?? (req.body?.name as string | undefined),
-      description: result.data.description ?? (req.body?.description as string | undefined)
+      description: result.data.description ?? (req.body?.description as string | undefined),
+      avatar: result.data.avatar ?? (req.body?.avatar as string | undefined)
     };
 
     const format = getSupportedArchiveFormat(file.originalname ?? '');
@@ -55,9 +62,7 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
       authApiKey: true
     });
 
-    // Check archive size
-    const maxSizeEnv = process.env.MAX_SKILL_ZIP_SIZE;
-    const maxArchiveSize = maxSizeEnv ? parseInt(maxSizeEnv, 10) : 50 * 1024 * 1024;
+    // Check archive size (multer already enforces the limit, this is a secondary guard)
     const stats = await fs.stat(file.path);
     if (stats.size > maxArchiveSize) {
       return jsonRes(res, {
@@ -96,7 +101,8 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
         name: pkgName,
         description: pkgDescription,
         category: ['other'],
-        config: {}
+        config: {},
+        avatar: body.avatar
       }
     };
 
diff --git a/projects/app/src/pages/api/core/app/agent/skills/list.ts b/projects/app/src/pages/api/core/app/agent/skills/list.ts
diff --git a/projects/app/src/pages/api/core/app/agent/skills/save-deploy.ts b/projects/app/src/pages/api/core/app/agent/skills/save-deploy.ts
diff --git a/projects/app/src/pages/api/core/app/agent/skills/update.ts b/projects/app/src/pages/api/core/app/agent/skills/update.ts
diff --git a/test/cases/service/core/agentSkills/import.test.ts b/test/cases/service/core/agentSkills/import.test.ts

Original file line number	Diff line number	Diff line change
`@@ -157,9 +157,9 @@ export async function listSkills(`
`157`	`157`	`query.teamId = teamId;`
`158`	`158`	`}`
`159`	`159`
`160`		`- // Category filter`
	`160`	`+ // Category filter — use $in because category is an array field`
`161`	`161`	`if (category) {`
`162`		`- query.category = category;`
	`162`	`+ query.category = { $in: [category] };`
`163`	`163`	`}`
`164`	`164`
`165`	`165`	`// Search key (text search on name and description)`