From d2b1880824ebc4f4933c4d896560eb1333d54dfb Mon Sep 17 00:00:00 2001
From: sangjanai <sang@jan.ai>
Date: Tue, 18 Mar 2025 14:34:48 +0700
Subject: [PATCH 1/2] fix: crash if invalid url is set

---
 engine/services/model_service.cc | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/engine/services/model_service.cc b/engine/services/model_service.cc
index 035b0446f..5c8179bc1 100644
--- a/engine/services/model_service.cc
+++ b/engine/services/model_service.cc
@@ -226,8 +226,11 @@ cpp::result<DownloadTask, std::string> ModelService::HandleDownloadUrlAsync(
     const std::string& url, std::optional<std::string> temp_model_id,
     std::optional<std::string> temp_name) {
   auto url_obj = url_parser::FromUrlString(url);
-  if (url_obj.has_error()) {
-    return cpp::fail("Invalid url: " + url);
+  if (url_obj.has_error() || url_obj->pathParams.size() < 5) {
+    return cpp::fail(
+        "Invalid url: " + url +
+        ", a valid URL example is: "
+        "https://huggingface.co/cortexso/tinyllama/blob/1b/model.gguf");
   }
 
   if (url_obj->host == kHuggingFaceHost) {
@@ -243,10 +246,6 @@ cpp::result<DownloadTask, std::string> ModelService::HandleDownloadUrlAsync(
     return DownloadModelFromCortexsoAsync(model_id, url_obj->pathParams[3]);
   }
 
-  if (url_obj->pathParams.size() < 5) {
-    return cpp::fail("Invalid url: " + url);
-  }
-
   std::string huggingFaceHost{kHuggingFaceHost};
   std::string unique_model_id = "";
   if (temp_model_id.has_value()) {
@@ -905,8 +904,11 @@ cpp::result<ModelPullInfo, std::string> ModelService::GetModelPullInfo(
 
   if (string_utils::StartsWith(input, "https://")) {
     auto url_obj = url_parser::FromUrlString(input);
-    if (url_obj.has_error()) {
-      return cpp::fail("Invalid url: " + input);
+    if (url_obj.has_error() || url_obj->pathParams.size() < 5) {
+      return cpp::fail(
+          "Invalid url: " + input +
+          ", a valid URL example is: "
+          "https://huggingface.co/cortexso/tinyllama/blob/1b/model.gguf");
     }
     if (url_obj->host == kHuggingFaceHost) {
       if (url_obj->pathParams[2] == "blob") {

From 42fa968001e4232e6a9967b7e5408703ca016f47 Mon Sep 17 00:00:00 2001
From: sangjanai <sang@jan.ai>
Date: Wed, 19 Mar 2025 09:13:13 +0700
Subject: [PATCH 2/2] fix: validation for hf

---
 engine/services/model_service.cc | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/engine/services/model_service.cc b/engine/services/model_service.cc
index 811fa75e6..b0a692eb5 100644
--- a/engine/services/model_service.cc
+++ b/engine/services/model_service.cc
@@ -237,6 +237,9 @@ cpp::result<DownloadTask, std::string> ModelService::HandleDownloadUrlAsync(
     if (url_obj->pathParams[2] == "blob") {
       url_obj->pathParams[2] = "resolve";
     }
+  } else {
+    return cpp::fail("Only support pull model from " +
+                     std::string(kHuggingFaceHost));
   }
   auto author{url_obj->pathParams[0]};
   auto model_id{url_obj->pathParams[1]};
@@ -807,6 +810,9 @@ cpp::result<ModelPullInfo, std::string> ModelService::GetModelPullInfo(
       if (url_obj->pathParams[2] == "blob") {
         url_obj->pathParams[2] = "resolve";
       }
+    } else {
+      return cpp::fail("Only support pull model from " +
+                       std::string(kHuggingFaceHost));
     }
 
     auto author{url_obj->pathParams[0]};