Skip to content

fix(server): harden tools and chatmessage route contracts#6429

Open
sahil2448 wants to merge 2 commits into
FlowiseAI:mainfrom
sahil2448:fix/api-route-contracts-tools-chatmessages
Open

fix(server): harden tools and chatmessage route contracts#6429
sahil2448 wants to merge 2 commits into
FlowiseAI:mainfrom
sahil2448:fix/api-route-contracts-tools-chatmessages

Conversation

@sahil2448
Copy link
Copy Markdown
Contributor

@sahil2448 sahil2448 commented May 24, 2026

Summary

fixes : #6428

This PR removes ambiguous / route variants for handlers that require :id, and aligns route definitions with current controller expectations.
Even though normal frontend flows were already working, these route definitions were still inconsistent and could cause avoidable 412 errors for future integrations or refactors.

What changed

  • Updated tools routes to require :id for id-based handlers:
    • GET /tools/:id (removed / variant for get-by-id)
    • PUT /tools/:id (removed / variant for update)
    • DELETE /tools/:id (removed / variant for delete)
  • Updated chatmessage routes similarly:
    • GET /chatmessage/:id (removed / variant)
    • DELETE /chatmessage/:id (removed / variant)
  • Normalized abort route to PUT /chatmessage/abort/:chatflowid/:chatid

Files changed

  • packages/server/src/routes/tools/index.ts
  • packages/server/src/routes/chat-messages/index.ts

Why this matters

Controllers for these handlers already require req.params.id.
Previous route setup accepted both / and /:id, which made the API contract ambiguous.
Calling / for id-required handlers could hit controller logic and fail with 412 (id not provided) instead of being clearly non-matching at the route layer.
This change makes behavior predictable and safer for future clients and tests.

Compatibility and risk

  • Low risk, backend-only route-contract hardening.
  • No change to controller/service business logic.
  • Existing frontend usage remains compatible because UI already calls /:id endpoints.

Validation

  • Verified current frontend API callers still target /:id:
    • packages/ui/src/api/tools.js
    • packages/ui/src/api/chatmessage.js
  • Local commit hooks passed successfully.
  • Also tested frontend side -- not giving any issue.

Checklist

  • Kept existing functionality intact for current UI flows
  • Limited scope to route contract cleanup
  • No unrelated files included in commit

gemini-code-assist[bot]
gemini-code-assist Bot reviewed May 24, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request simplifies the routing logic in the chat-messages and tools modules by replacing array-based route definitions with single, parameterized paths. Specifically, it removes the optional root paths from GET, PUT, and DELETE endpoints, ensuring that these routes now explicitly require an ID or specific parameters. I have no feedback to provide as there were no review comments to evaluate.

@sahil2448
Copy link
Copy Markdown
Contributor Author

sahil2448 commented May 24, 2026

@ maintainers, waiting for Review and Merge if this issue and PR is considerable...!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Ambiguous route contracts in tools and chatmessage endpoints accept / even when controller requires /:id

1 participant

@sahil2448