fix: guard Ollama SSRF check by provider and skip normalization for single-provider results

Author: teedonk

apps/sim/app/api/knowledge/search/route.ts

@@ -425,15 +425,16 @@ export async function POST(request: NextRequest) {
       // returned unchanged to preserve the original score semantics.
       const isMixedProviders = openaiKbIds.length > 0 && ollamaKbIds.length > 0
       const normalizeByProvider = (items: SearchResult[]): SearchResult[] => {
+        const openaiGroup = items.filter((r) => openaiKbIds.includes(r.knowledgeBaseId))
+        const ollamaGroup = items.filter((r) => ollamaKbIds.includes(r.knowledgeBaseId))
+        if (openaiGroup.length === 0 || ollamaGroup.length === 0) return items
         const normalizeGroup = (group: SearchResult[]): SearchResult[] => {
           if (group.length <= 1) return group
           const min = Math.min(...group.map((r) => r.distance))
           const max = Math.max(...group.map((r) => r.distance))
           const range = max - min || 1
           return group.map((r) => ({ ...r, distance: (r.distance - min) / range }))
         }
-        const openaiGroup = items.filter((r) => openaiKbIds.includes(r.knowledgeBaseId))
-        const ollamaGroup = items.filter((r) => ollamaKbIds.includes(r.knowledgeBaseId))
         return [...normalizeGroup(openaiGroup), ...normalizeGroup(ollamaGroup)]
       }
 

apps/sim/lib/knowledge/chunks/service.ts

@@ -167,14 +167,16 @@ export async function createChunk(
   const rawKbCfg = kbRows[0].chunkingConfig as { ollamaBaseUrl?: string } | null
   const kbOllamaBaseUrl = rawKbCfg?.ollamaBaseUrl
 
-  const resolvedCreateUrl = getOllamaBaseUrl(kbOllamaBaseUrl)
-  if (!isAllowedOllamaUrl(resolvedCreateUrl)) {
-    throw new Error(`Knowledge base has a disallowed Ollama URL: ${resolvedCreateUrl}`)
-  }
-
   const { provider } = parseEmbeddingModel(kbEmbeddingModel)
   const isOllama = provider === 'ollama'
 
+  if (isOllama) {
+    const resolvedCreateUrl = getOllamaBaseUrl(kbOllamaBaseUrl)
+    if (!isAllowedOllamaUrl(resolvedCreateUrl)) {
+      throw new Error(`Knowledge base has a disallowed Ollama URL: ${resolvedCreateUrl}`)
+    }
+  }
+
   logger.info(`[${requestId}] Generating embedding for manual chunk`)
   const { embeddings, modelName: usedModel } = await generateEmbeddings(
     [chunkData.content],
@@ -478,15 +480,17 @@ export async function updateChunk(
   const rawCfg = kbRows[0].chunkingConfig as { ollamaBaseUrl?: string } | null
   const kbOllamaBaseUrl = rawCfg?.ollamaBaseUrl
 
-  const resolvedUpdateUrl = getOllamaBaseUrl(kbOllamaBaseUrl)
-  if (!isAllowedOllamaUrl(resolvedUpdateUrl)) {
-    throw new Error(`Knowledge base has a disallowed Ollama URL: ${resolvedUpdateUrl}`)
-  }
-
   const { provider } = parseEmbeddingModel(kbEmbeddingModel)
   const isOllama = provider === 'ollama'
   const tableName = isOllama ? kbTableName(knowledgeBaseId) : null
 
+  if (isOllama) {
+    const resolvedUpdateUrl = getOllamaBaseUrl(kbOllamaBaseUrl)
+    if (!isAllowedOllamaUrl(resolvedUpdateUrl)) {
+      throw new Error(`Knowledge base has a disallowed Ollama URL: ${resolvedUpdateUrl}`)
+    }
+  }
+
   // Content update path — needs a transaction for atomic stat updates
   if (updateData.content !== undefined && typeof updateData.content === 'string') {
     return await db.transaction(async (tx) => {