diff --git a/my_modules/functions.py b/my_modules/functions.py
index bd49d9f..05fd0bf 100644
--- a/my_modules/functions.py
+++ b/my_modules/functions.py
@@ -1,15 +1,14 @@
 from quart import has_request_context, request, has_websocket_context, websocket
 from flask_limiter import Limiter
+from uuid import UUID
 import subprocess, aiohttp
 
 # Get IPs
 def get_ip():
-  if has_request_context():
-    xff = request.headers.get("X-Forwarded-For", "")
-    return xff.split(",")[0].strip() if xff else request.remote_addr
-  elif has_websocket_context():
-    xff = websocket.headers.get("X-Forwarded-For", "")
-    return xff.split(",")[0].strip() if xff else websocket.remote_addr
+  context = get_request_context()
+  if context:
+    xff = context.headers.get("X-Forwarded-For", "")
+    return xff.split(",")[0].strip() if xff else context.remote_addr
   return None  # No active request or websocket context
 
 async def get_my_ip_address():
@@ -61,3 +60,17 @@ def replace_last_ip_segment(ip:str, new_value:str="1") -> str:
     parts[-1] = str(new_value)
     return '.'.join(parts)
   raise ValueError("Invalid IP address format")
+
+def get_request_context():
+  if has_request_context():
+    return request
+  elif has_websocket_context():
+    return websocket
+  return None
+
+def is_valid_uuid(value: str) -> bool:
+  try:
+    UUID(value)
+    return True
+  except ValueError:
+    return False
diff --git a/routes/handeling/basics.py b/routes/handeling/basics.py
index 021fd6b..0fec8e5 100644
--- a/routes/handeling/basics.py
+++ b/routes/handeling/basics.py
@@ -1,6 +1,7 @@
 from my_modules.app.setup import LIMITER
+from my_modules.functions import is_valid_uuid
 
-from quart import Blueprint, send_from_directory, render_template, current_app, Response, redirect
+from quart import Blueprint, send_from_directory, current_app, Response, redirect, abort
 
 basic_bp = Blueprint('basic', __name__)
 
@@ -18,6 +19,9 @@ async def robots():
 
 @basic_bp.route("/storage/<path:file_id>")
 async def convex_storage_proxy(file_id:str):
+  if not is_valid_uuid(file_id):
+    return abort(404, "Not a valid uuid")
+
   return Response(
     current_app.convex.stream_from_storage(file_id, add_api_path=True),
     mimetype="application/octet-stream"