feat(api): add input validation to AI endpoints

Add prompt validation to ai-event (non-empty string, max 2000 chars) and events array length validation to ai-summary (max 100 items) to prevent abuse and injection attacks.
2026-04-06 23:24:15 -04:00
parent a4656520f8
commit e1fd7dc5a3
2 changed files with 20 additions and 0 deletions
--- a/src/app/api/ai-summary/route.ts
+++ b/src/app/api/ai-summary/route.ts
@@ -23,6 +23,12 @@ export async function POST(request: Request) {
 				{ status: 400 },
 			);
 		}
+		if (events.length > 100) {
+			return NextResponse.json(
+				{ error: "Events array must contain 100 or fewer items" },
+				{ status: 400 },
+			);
+		}

 		const res = await fetch("https://openrouter.ai/api/v1/chat/completions", {
 			method: "POST",