[BUG]: Embed API Improvements

[chalitbkb]

How are you running AnythingLLM?

All versions

What happened?

The API is unsafe when I use the 'embed' feature on my website. I can intercept all API requests, which I can then exploit anywhere. This needs to be fixed urgently. Even the 'sessionId' can be altered to bypass the existing limitations on the number of requests per session.

Are there known steps to reproduce?

No response

[timothycarambat]

The session ID is not a security feature. It is how chats are referenced to keep their history consistent on page loads. This exists in lieu of the ability to track by a user id.

[chalitbkb]

The session ID is not a security feature. It is how chats are referenced to keep their history consistent on page loads. This exists in lieu of the ability to track by a user id.

I understand what you mean, but why can I intercept API requests and use them elsewhere? For example, I capture the URL endpoint, headers, and body to create a backend with Node.js. Then I try sending a POST request. It can send the request, but from a security standard perspective, this shouldn't be the case. You should encrypt the data using something like the 'crypto-js module' or similar before sending the request to prevent unauthorized use elsewhere.

I believe that if I were to examine the chatbox of others using the 'anything-llm' service, I am confident that I could intercept their requests and then use them elsewhere, which means I could send unlimited requests anywhere.

[timothycarambat]

This would just be CORS blocking from the Origin header, which of course can always be spoofed with tools like Burpsuite. The embed chat functionality was added because many people wanted to just expose something like this but we warn this in the embed config styleguide https://github.com/Mintplex-Labs/anything-llm/tree/master/embed#security

I dont disagree with you that this is an annoyance and likely should not be enabled. Does the domain allowlist not improve this?

anything-llm/server/utils/middleware/embedMiddleware.js

Line 65 in 2fabc84

const host = request.headers.origin ?? "";

It does not prevent a session ID rotation or replay. We could add an IP logger and restrict based on IP, but this still does not make that whole endpoint more robust since all of these client side things can be spoofed? I think that could be a good improvement though?

[chalitbkb]

This would just be CORS blocking from the Origin header, which of course can always be spoofed with tools like Burpsuite. The embed chat functionality was added because many people wanted to just expose something like this but we warn this in the embed config styleguide https://github.com/Mintplex-Labs/anything-llm/tree/master/embed#security

I dont disagree with you that this is an annoyance and likely should not be enabled. Does the domain allowlist not improve this?

anything-llm/server/utils/middleware/embedMiddleware.js

Line 65 in 2fabc84

const host = request.headers.origin ?? "";

It does not prevent a session ID rotation or replay. We could add an IP logger and restrict based on IP, but this still does not make that whole endpoint more robust since all of these client side things can be spoofed? I think that could be a good improvement though?

Yes, sir, you understand correctly just as you thought.