bug: `/v1/files/` invalid filename will hang the server

[gau-nernst]

Cortex version

dev 2e1dfa0

Describe the issue and expected behaviour

Something like this will hang the server

curl http://127.0.0.1:3928/v1/files -X POST -F "data=@libvulkan.so;filename=../hi" -F purpose=assistants

Digging further, I find that this loop never exits in such cases

cortex.cpp/engine/repositories/file_fs_repository.cc

Lines 20 to 25 in 2e1dfa0

	/* Ensure the resolved path is within our basedir */
	for (auto p = resolved_path; !p.empty(); p = p.parent_path()) {
	if (std::filesystem::equivalent(p, abs_base)) {
	return resolved_path;
	}
	}

We might want to just sanitize the filename as a string instead of a path i.e. no weird characters, including /. This will also solve an issue if the filename appears to be a subdirectory

curl http://127.0.0.1:3928/v1/files -X POST -F "data=@libvulkan.so;filename=abc/hello" -F purpose=assistants
{"message":"Failed to open file for writing: <redacted>/cortexcpp/files/abc/hello"}

(or we can just store the binary file in a DB 😆)

Steps to Reproduce

No response

Screenshots / Logs

No response

What is your OS?

• Windows
• Mac Silicon
• Mac Intel
• Linux / Ubuntu

What engine are you running?

• cortex.llamacpp (default)
• cortex.tensorrt-llm (Nvidia GPUs)
• cortex.onnx (NPUs, DirectML)

Hardware Specs eg OS version, GPU

No response