Fix APIs and intergrate chat permission checking

Fixed chat permissions lookup function
Added chat list endpoint
2025-09-03 10:33:23 +01:00 · 2025-09-02 19:55:24 +01:00 · 2025-09-02 17:45:44 +01:00
1 changed files with 36 additions and 15 deletions
--- a/main.py
+++ b/main.py
@@ -1,6 +1,7 @@
 from flask import Flask, jsonify, request, render_template
 from pymongo import MongoClient
 from bson.objectid import ObjectId
+from bson.json_util import dumps, loads
 from datetime import datetime
 from argon2 import PasswordHasher
 import random
@@ -73,32 +74,52 @@ def checkChatPermission(token, chatId, permission):
        returnedChat = chatCollection.find_one({'_id': ObjectId(chatId)})
        # Convert chatId into string
        returnedChat['_id'] = str(returnedChat['_id'])
-        if permission in returnedChat['permissions']:
+        if permission in returnedChat['permissions'][userId]:
+            return True, userId
+        elif (permission == True):
            return True, userId
        else:
            return False, "Incorrect permissions"
    else:
        return False, "Invalid Token"

-# Chat Details Endpoint:
-# Get or change details about a chat using the chatId
-# Arguments: token (required), details (required), model, name
-@app.route('/api/chat/<_id>/details', methods = ['GET', 'POST'])
-def getChatHistory(_id):
+# Chat List Endpoint:
+# Get all the chats associated with a user
+# Arguments: token (required)
+@app.route('/api/user/chats', methods = ['GET'])
+def getUserChats():
    # Get user auth token
    token = request.json['token']
    a, userId = checkUserPermission(token, True)
    if (a == True):
-        # Get the request details
-        details = request.json['details']
+        returnedChats = list(chatCollection.find({'permissions.' + userId : "view"}))
+        chats = []
+        for doc in returnedChats:
+            if '_id' in doc and isinstance(doc['_id'], ObjectId):
+                doc['_id'] = str(doc['_id'])
+            chats.append(doc)
+
+        jsonChats = json.dumps(chats, indent=2)
+        return jsonChats
+
+# Chat Details Endpoint:
+# Get or change details about a chat using the chatId
+# Arguments: token (required), details (required), model, name
+@app.route('/api/chat/<_id>/details/<details>', methods = ['GET', 'POST'])
+def getChatHistory(_id, details):
+    # Get user auth token
+    token = request.json['token']
+    a, userId = checkChatPermission(token, _id, True)
+    if (a == True):
        # If the user is trying to GET data
        if (request.method == 'GET'):
            # Get the chat from the chatId
            returnedChat = chatCollection.find_one({'_id': ObjectId(_id)})
            # Convert chatId into string
            returnedChat['_id'] = str(returnedChat['_id'])
-            try:
-                returnedChat["permissions"][userId].index("view")
+            # Get chat permissions
+            a, userId = checkChatPermission(token, _id, "view")
+            if (a == True):
                print("Chat " + _id + " has been found with token " + token)
                # Check for detail type and return correct value from db
                if (details == "history"):
@@ -109,11 +130,11 @@ def getChatHistory(_id):
                    return jsonify(returnedChat["model"])
                elif (details == "name"):
                    return jsonify(returnedChat["name"])
-            except:
+            else:
                return jsonify("Invalid Permissions")
        else:
-            try:
-                returnedChat["permissions"][userId].index("edit")
+            a, userId = checkChatPermission(token, _id, "view")
+            if (a == True):
                # Check for the detail type and add data to db
                if (details == "model"):
                    model = request.json['model']
@@ -122,7 +143,7 @@ def getChatHistory(_id):
                    name = request.json['name']
                    chatCollection.update_one({'_id': ObjectId(_id)}, { "$set": { "name": name } })
                return jsonify("Success")
-            except:
+            else:
                return jsonify("Invalid Permissions")
    else:
        return jsonify("User token is invalid")
@@ -368,7 +389,7 @@ def handleSignup():
 def logout():
    token = request.cookies.get('auth_token', 'none')
    try:
-        token = request.json['remove_token']
+        token = request.headers['remove-token']
    except:
        pass
    user = usersCollection.update_one({'tokens.token': token}, {"$pull":{'tokens':{'token':token}}})
Author	SHA1	Message	Date
Hugo H	dea4b79014	Fix APIs and intergrate chat permission checking	2025-09-03 10:33:23 +01:00
Hugo H	694947f225	Fixed chat permissions lookup function	2025-09-02 19:55:24 +01:00
Hugo H	08cc5dd165	Added chat list endpoint Returns all chats that are associated with a user	2025-09-02 17:45:44 +01:00