diff --git a/src/middleware/assert.js b/src/middleware/assert.js
index c5e8ec3402..b112bacecc 100644
--- a/src/middleware/assert.js
+++ b/src/middleware/assert.js
@@ -126,3 +126,11 @@ Assert.room = helpers.try(async (req, res, next) => {
 
 	next();
 });
+
+Assert.message = helpers.try(async (req, res, next) => {
+	if (!isFinite(req.params.mid) || !(await messaging.messageExists(req.params.mid))) {
+		return controllerHelpers.formatApiResponse(400, res, new Error('[[error:invalid-mid]]'));
+	}
+
+	next();
+});
diff --git a/src/routes/write/chats.js b/src/routes/write/chats.js
index e3717680af..3ec6d5c3c7 100644
--- a/src/routes/write/chats.js
+++ b/src/routes/write/chats.js
@@ -23,8 +23,8 @@ module.exports = function () {
 	// setupApiRoute(router, 'put', '/:roomId/users', [...middlewares, middleware.assert.room, middleware.checkRequired.bind(null, ['uids'])], controllers.write.chats.invite);
 	// setupApiRoute(router, 'delete', '/:roomId/users', [...middlewares, middleware.assert.room, middleware.checkRequired.bind(null, ['uids'])], controllers.write.chats.kick);
 
-	setupApiRoute(router, 'get', '/:roomId/:mid', [...middlewares, middleware.assert.room], controllers.write.chats.messages.get);
-	setupApiRoute(router, 'put', '/:roomId/:mid', [...middlewares, middleware.assert.room], controllers.write.chats.messages.edit);
+	setupApiRoute(router, 'get', '/:roomId/:mid', [...middlewares, middleware.assert.room, middleware.assert.message], controllers.write.chats.messages.get);
+	setupApiRoute(router, 'put', '/:roomId/:mid', [...middlewares, middleware.assert.room, middleware.assert.message], controllers.write.chats.messages.edit);
 	// setupApiRoute(router, 'delete', '/:roomId/:mid', [...middlewares, middleware.assert.room], controllers.write.chats.messages.delete);
 
 	return router;