hugo/AiThingy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix APIs and intergrate chat permission checking

Browse Source
This commit is contained in:
Hugo H
2025-09-03 10:33:23 +01:00
parent 694947f225
commit dea4b79014
1 changed files with 11 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
main.py
View File

@@ -105,22 +105,21 @@ def getUserChats():
# Chat Details Endpoint: # Chat Details Endpoint:
# Get or change details about a chat using the chatId # Get or change details about a chat using the chatId
# Arguments: token (required), details (required), model, name # Arguments: token (required), details (required), model, name
@app.route('/api/chat/<_id>/details', methods = ['GET', 'POST']) @app.route('/api/chat/<_id>/details/<details>', methods = ['GET', 'POST'])
def getChatHistory(_id): def getChatHistory(_id, details):
# Get user auth token # Get user auth token
token = request.json['token'] token = request.json['token']
a, userId = checkUserPermission(token, True) a, userId = checkChatPermission(token, _id, True)
if (a == True): if (a == True):
# Get the request details
details = request.json['details']
# If the user is trying to GET data # If the user is trying to GET data
if (request.method == 'GET'): if (request.method == 'GET'):
# Get the chat from the chatId # Get the chat from the chatId
returnedChat = chatCollection.find_one({'_id': ObjectId(_id)}) returnedChat = chatCollection.find_one({'_id': ObjectId(_id)})
# Convert chatId into string # Convert chatId into string
returnedChat['_id'] = str(returnedChat['_id']) returnedChat['_id'] = str(returnedChat['_id'])
try: # Get chat permissions
returnedChat["permissions"][userId].index("view") a, userId = checkChatPermission(token, _id, "view")
if (a == True):
print("Chat " + _id + " has been found with token " + token) print("Chat " + _id + " has been found with token " + token)
# Check for detail type and return correct value from db # Check for detail type and return correct value from db
if (details == "history"): if (details == "history"):
@@ -131,11 +130,11 @@ def getChatHistory(_id):
return jsonify(returnedChat["model"]) return jsonify(returnedChat["model"])
elif (details == "name"): elif (details == "name"):
return jsonify(returnedChat["name"]) return jsonify(returnedChat["name"])
except: else:
return jsonify("Invalid Permissions") return jsonify("Invalid Permissions")
else: else:
try: a, userId = checkChatPermission(token, _id, "view")
returnedChat["permissions"][userId].index("edit") if (a == True):
# Check for the detail type and add data to db # Check for the detail type and add data to db
if (details == "model"): if (details == "model"):
model = request.json['model'] model = request.json['model']
@@ -144,7 +143,7 @@ def getChatHistory(_id):
name = request.json['name'] name = request.json['name']
chatCollection.update_one({'_id': ObjectId(_id)}, { "$set": { "name": name } }) chatCollection.update_one({'_id': ObjectId(_id)}, { "$set": { "name": name } })
return jsonify("Success") return jsonify("Success")
except: else:
return jsonify("Invalid Permissions") return jsonify("Invalid Permissions")
else: else:
return jsonify("User token is invalid") return jsonify("User token is invalid")
@@ -390,7 +389,7 @@ def handleSignup():
def logout(): def logout():
token = request.cookies.get('auth_token', 'none') token = request.cookies.get('auth_token', 'none')
try: try:
token = request.json['remove_token'] token = request.headers['remove-token']
except: except:
pass pass
user = usersCollection.update_one({'tokens.token': token}, {"$pull":{'tokens':{'token':token}}}) user = usersCollection.update_one({'tokens.token': token}, {"$pull":{'tokens':{'token':token}}})