in apisix/plugins/ai-prompt-guard.lua [96:151]
function _M.access(conf, ctx)
local body = core.request.get_body()
if not body then
core.log.error("Empty request body")
return 400, {message = "Empty request body"}
end
local json_body, err = core.json.decode(body)
if err then
return 400, {message = err}
end
local messages = json_body.messages or {}
messages = get_content_to_check(conf, messages)
if not conf.match_all_roles then
local new_messages = {}
for _, msg in ipairs(messages) do
if msg.role == "user" then
core.table.insert(new_messages, msg)
end
end
messages = new_messages
end
if #messages == 0 then
return 200
end
local content = {}
for _, msg in ipairs(messages) do
if msg.content then
core.table.insert(content, msg.content)
end
end
local content_to_check = table.concat(content, " ")
if #conf.allow_patterns > 0 then
local any_allowed = false
for _, pattern in ipairs(conf.allow_patterns) do
if re_find(content_to_check, pattern, "jou") then
any_allowed = true
break
end
end
if not any_allowed then
return 400, {message = "Request doesn't match allow patterns"}
end
end
for _, pattern in ipairs(conf.deny_patterns) do
if re_find(content_to_check, pattern, "jou") then
return 400, {message = "Request contains prohibited content"}
end
end
end