From ab4a185248bd68ccdefada7efe8f8a616d37f353 Mon Sep 17 00:00:00 2001
From: Google AI Studio <google@tower.local>
Date: Thu, 19 Mar 2026 21:55:56 -0400
Subject: [PATCH] Review Fix: Improve src/dashboard/routes/chat_api.py

---
 src/dashboard/routes/chat_api.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/dashboard/routes/chat_api.py b/src/dashboard/routes/chat_api.py
index c3f5c21..761e097 100644
--- a/src/dashboard/routes/chat_api.py
+++ b/src/dashboard/routes/chat_api.py
@@ -101,7 +101,7 @@ async def _process_chat(user_msg: str) -> dict | JSONResponse:
     try:
         response_text = await agent_chat(
             _build_context_prefix() + user_msg,
-            session_id="mobile",
+            session_id=body.get("session_id", "mobile"),
         )
         message_log.append(role="user", content=user_msg, timestamp=timestamp, source="api")
         message_log.append(role="agent", content=response_text, timestamp=timestamp, source="api")
@@ -165,6 +165,11 @@ async def api_upload(file: UploadFile = File(...)):
     if not str(resolved).startswith(str(upload_root)):
         raise HTTPException(status_code=400, detail="Invalid file name")
 
+    # Validate MIME type
+    allowed_types = ["image/png", "image/jpeg", "image/gif", "application/pdf", "text/plain"]
+    if file.content_type not in allowed_types:
+        raise HTTPException(status_code=400, detail=f"File type {file.content_type} not allowed")
+
     contents = await file.read()
     if len(contents) > _MAX_UPLOAD_SIZE:
         raise HTTPException(status_code=413, detail="File too large (max 50 MB)")