fix: code reviews

0xi4o · 0xi4o · commit e61fd42deb88 · 2026-02-19T14:31:36.000+05:30
diff --git a/packages/components/src/utils.ts b/packages/components/src/utils.ts
@@ -1202,8 +1202,9 @@ export const mapMimeTypeToExt = (mimeType: string) => {
  * MIME types allowed for full file upload (chatflow config).
  * Server validates stored allowedUploadFileTypes against this list to prevent
  * malicious clients from allowing executables or other dangerous types.
+ * Uses a Set for O(1) lookups and to make the unique allowed set explicit.
  */
-export const ALLOWED_UPLOAD_MIME_TYPES: readonly string[] = [
+export const ALLOWED_UPLOAD_MIME_TYPES: ReadonlySet<string> = new Set([
     'text/css',
     'text/csv',
     'text/html',
@@ -1218,7 +1219,7 @@ export const ALLOWED_UPLOAD_MIME_TYPES: readonly string[] = [
     'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
     'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
     'application/vnd.openxmlformats-officedocument.presentationml.presentation'
-]
+])
 
 /**
  * Returns true if the MIME type is allowed for file upload config.
@@ -1230,7 +1231,7 @@ export const isAllowedUploadMimeType = (mime: string): boolean => {
     if (!mime || typeof mime !== 'string') return false
     const trimmed = mime.trim()
     if (!trimmed) return false
-    return ALLOWED_UPLOAD_MIME_TYPES.includes(trimmed) && mapMimeTypeToExt(trimmed) !== ''
+    return ALLOWED_UPLOAD_MIME_TYPES.has(trimmed) && mapMimeTypeToExt(trimmed) !== ''
 }
 
 // remove invalid markdown image pattern: ![<some-string>](<some-string>)
diff --git a/packages/server/src/services/chatflows/index.ts b/packages/server/src/services/chatflows/index.ts
@@ -361,8 +361,10 @@ const updateChatflow = async (
                 parsed.fullFileUpload.allowedUploadFileTypes = sanitized
                 updateChatFlow.chatbotConfig = JSON.stringify(parsed)
             }
-        } catch {
-            // If parsing fails, leave chatbotConfig unchanged
+        } catch (error) {
+            const message = getErrorMessage(error)
+            logger.error(`[server]: Invalid chatbotConfig JSON in updateChatflow: ${message}`)
+            throw new InternalFlowiseError(StatusCodes.BAD_REQUEST, `Invalid chatbotConfig: ${message}`)
         }
     }
     const newDbChatflow = appServer.AppDataSource.getRepository(ChatFlow).merge(chatflow, updateChatFlow)

Original file line number	Diff line number	Diff line change
`@@ -361,8 +361,10 @@ const updateChatflow = async (`
`361`	`361`	`parsed.fullFileUpload.allowedUploadFileTypes = sanitized`
`362`	`362`	`updateChatFlow.chatbotConfig = JSON.stringify(parsed)`
`363`	`363`	`}`
`364`		`- } catch {`
`365`		`- // If parsing fails, leave chatbotConfig unchanged`
	`364`	`+ } catch (error) {`
	`365`	`+ const message = getErrorMessage(error)`
	`366`	+ logger.error(`[server]: Invalid chatbotConfig JSON in updateChatflow: ${message}`)
	`367`	+ throw new InternalFlowiseError(StatusCodes.BAD_REQUEST, `Invalid chatbotConfig: ${message}`)
`366`	`368`	`}`
`367`	`369`	`}`
`368`	`370`	`const newDbChatflow = appServer.AppDataSource.getRepository(ChatFlow).merge(chatflow, updateChatFlow)`