From dea4b79014f1ff5a9b92f5a0aab7e07990577b2a Mon Sep 17 00:00:00 2001
From: Hugo H <hugo@haaxman.co.uk>
Date: Wed, 3 Sep 2025 10:33:23 +0100
Subject: [PATCH] Fix APIs and intergrate chat permission checking

---
 main.py | 23 +++++++++++------------
 1 file changed, 11 insertions(+), 12 deletions(-)

diff --git a/main.py b/main.py
index 336d455..381f413 100644
--- a/main.py
+++ b/main.py
@@ -105,22 +105,21 @@ def getUserChats():
 # Chat Details Endpoint:
 # Get or change details about a chat using the chatId
 # Arguments: token (required), details (required), model, name
-@app.route('/api/chat/<_id>/details', methods = ['GET', 'POST'])
-def getChatHistory(_id):
+@app.route('/api/chat/<_id>/details/<details>', methods = ['GET', 'POST'])
+def getChatHistory(_id, details):
     # Get user auth token
     token = request.json['token']
-    a, userId = checkUserPermission(token, True)
+    a, userId = checkChatPermission(token, _id, True)
     if (a == True):
-        # Get the request details
-        details = request.json['details']
         # If the user is trying to GET data
         if (request.method == 'GET'):
             # Get the chat from the chatId
             returnedChat = chatCollection.find_one({'_id': ObjectId(_id)})
             # Convert chatId into string
             returnedChat['_id'] = str(returnedChat['_id'])
-            try:
-                returnedChat["permissions"][userId].index("view")
+            # Get chat permissions
+            a, userId = checkChatPermission(token, _id, "view")
+            if (a == True):
                 print("Chat " + _id + " has been found with token " + token)
                 # Check for detail type and return correct value from db
                 if (details == "history"):
@@ -131,11 +130,11 @@ def getChatHistory(_id):
                     return jsonify(returnedChat["model"])
                 elif (details == "name"):
                     return jsonify(returnedChat["name"])
-            except:
+            else:
                 return jsonify("Invalid Permissions")
         else:
-            try:
-                returnedChat["permissions"][userId].index("edit")
+            a, userId = checkChatPermission(token, _id, "view")
+            if (a == True):
                 # Check for the detail type and add data to db
                 if (details == "model"):
                     model = request.json['model']
@@ -144,7 +143,7 @@ def getChatHistory(_id):
                     name = request.json['name']
                     chatCollection.update_one({'_id': ObjectId(_id)}, { "$set": { "name": name } })
                 return jsonify("Success")
-            except:
+            else:
                 return jsonify("Invalid Permissions")
     else:
         return jsonify("User token is invalid")
@@ -390,7 +389,7 @@ def handleSignup():
 def logout():
     token = request.cookies.get('auth_token', 'none')
     try:
-        token = request.json['remove_token']
+        token = request.headers['remove-token']
     except:
         pass
     user = usersCollection.update_one({'tokens.token': token}, {"$pull":{'tokens':{'token':token}}})