Fix APIs and intergrate chat permission checking

2025-09-03 10:33:23 +01:00
parent 694947f225
commit dea4b79014
1 changed files with 11 additions and 12 deletions
--- a/main.py
+++ b/main.py
@@ -105,22 +105,21 @@ def getUserChats():
 # Chat Details Endpoint:
 # Get or change details about a chat using the chatId
 # Arguments: token (required), details (required), model, name
-@app.route('/api/chat/<_id>/details', methods = ['GET', 'POST'])
-def getChatHistory(_id):
+@app.route('/api/chat/<_id>/details/<details>', methods = ['GET', 'POST'])
+def getChatHistory(_id, details):
    # Get user auth token
    token = request.json['token']
-    a, userId = checkUserPermission(token, True)
+    a, userId = checkChatPermission(token, _id, True)
    if (a == True):
-        # Get the request details
-        details = request.json['details']
        # If the user is trying to GET data
        if (request.method == 'GET'):
            # Get the chat from the chatId
            returnedChat = chatCollection.find_one({'_id': ObjectId(_id)})
            # Convert chatId into string
            returnedChat['_id'] = str(returnedChat['_id'])
-            try:
-                returnedChat["permissions"][userId].index("view")
+            # Get chat permissions
+            a, userId = checkChatPermission(token, _id, "view")
+            if (a == True):
                print("Chat " + _id + " has been found with token " + token)
                # Check for detail type and return correct value from db
                if (details == "history"):
@@ -131,11 +130,11 @@ def getChatHistory(_id):
                    return jsonify(returnedChat["model"])
                elif (details == "name"):
                    return jsonify(returnedChat["name"])
-            except:
+            else:
                return jsonify("Invalid Permissions")
        else:
-            try:
-                returnedChat["permissions"][userId].index("edit")
+            a, userId = checkChatPermission(token, _id, "view")
+            if (a == True):
                # Check for the detail type and add data to db
                if (details == "model"):
                    model = request.json['model']
@@ -144,7 +143,7 @@ def getChatHistory(_id):
                    name = request.json['name']
                    chatCollection.update_one({'_id': ObjectId(_id)}, { "$set": { "name": name } })
                return jsonify("Success")
-            except:
+            else:
                return jsonify("Invalid Permissions")
    else:
        return jsonify("User token is invalid")
@@ -390,7 +389,7 @@ def handleSignup():
 def logout():
    token = request.cookies.get('auth_token', 'none')
    try:
-        token = request.json['remove_token']
+        token = request.headers['remove-token']
    except:
        pass
    user = usersCollection.update_one({'tokens.token': token}, {"$pull":{'tokens':{'token':token}}})