Add input validation for chat endpoint - length limits and type checking

flask_api_standalone.py

@@ -150,12 +150,36 @@ def chat():
             }), 400
         
         message = data['message']
+        
+        # Input validation
+        if not isinstance(message, str):
+            return jsonify({
+                'success': False,
+                'error': 'Message must be a string'
+            }), 400
+        
+        # Strip whitespace and validate
+        message = message.strip()
+        if not message:
+            return jsonify({
+                'success': False,
+                'error': 'Message cannot be empty'
+            }), 400
+        
+        # Length limit (prevent abuse)
+        MAX_MESSAGE_LENGTH = 10000  # 10KB limit
+        if len(message) > MAX_MESSAGE_LENGTH:
+            return jsonify({
+                'success': False,
+                'error': f'Message too long. Maximum length is {MAX_MESSAGE_LENGTH} characters'
+            }), 400
+        
         history = data.get('history', [])
         session_id = data.get('session_id')
         user_id = data.get('user_id', 'anonymous')
         
         logger.info(f"Chat request - User: {user_id}, Session: {session_id}")
-        logger.info(f"Message: {message[:100]}...")
+        logger.info(f"Message length: {len(message)} chars, preview: {message[:100]}...")
         
         if not orchestrator_available or orchestrator is None:
             return jsonify({