fix: input validation DoS and L1 cache correctness

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
Co-authored-by: shenald-dev <245350826+shenald-dev@users.noreply.github.com>

Author: shenald-dev

src/index.js

@@ -56,7 +56,7 @@ const ERROR_PAYLOAD_TOO_LARGE = Buffer.from(JSON.stringify({ error: 'Payload too
 
 // API endpoints
 function isValidModel(model) {
-  return typeof model === 'string' && model.trim() !== '';
+  return typeof model === 'string' && model.length > 0 && model.length < 1000 && model.trim() !== '';
 }
 
 function isValidMessagesArray(messages) {
@@ -154,8 +154,8 @@ app.use((err, req, res, next) => {
 });
 
 const computationCache = new Map();
-let lastIterations = null;
-let lastResult = null;
+let lastIterations = undefined;
+let lastResult = undefined;
 
 /**
  * Performs a heavy mathematical computation.

tests/api_robustness.test.js

@@ -53,3 +53,15 @@ test('JSON error handler safely skips without crashing if headers are already se
   // The fact that it gets here without an UncaughtException (ERR_HTTP_HEADERS_SENT) means it passed
   assert.ok(true);
 });
+
+test('POST /v1/chat/completions handles extremely large model names gracefully', async () => {
+  const largeModel = 'a'.repeat(10000);
+  const res = await request(app)
+    .post('/v1/chat/completions')
+    .send({
+      model: largeModel,
+      messages: [{ role: 'user', content: 'test' }]
+    });
+  assert.strictEqual(res.status, 400);
+  assert.strictEqual(res.body.error, 'Missing or invalid model');
+});

tests/heavy_computation.test.js

@@ -61,3 +61,8 @@ test('heavyComputation implements LRU eviction', () => {
   // but we can at least assert that it didn't crash.
   assert.ok(time1 < 1.0, 'Refreshed item 1 should be near-instant');
 });
+
+test('heavyComputation handles null correctly', () => {
+  const result = heavyComputation(null);
+  assert.strictEqual(result, 0);
+});