hugo/AiThingy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: hugo:UpdatePermissionsChecking
Branches Tags
hugo:main hugo:UpdatePermissionsChecking hugo:fixLoginSignup
...
compare: hugo:dea4b79014f1ff5a9b92f5a0aab7e07990577b2a
Branches Tags
hugo:main hugo:UpdatePermissionsChecking hugo:fixLoginSignup

3 Commits
UpdatePerm ... dea4b79014

Author SHA1 Message Date
Hugo H
dea4b79014 Fix APIs and intergrate chat permission checking 2025-09-03 10:33:23 +01:00
Hugo H
694947f225 Fixed chat permissions lookup function 2025-09-02 19:55:24 +01:00
Hugo H
08cc5dd165 Added chat list endpoint 
Returns all chats that are associated with a user
 2025-09-02 17:45:44 +01:00
1 changed files with 36 additions and 15 deletions
Expand all files Collapse all files

51
main.py
View File

@@ -1,6 +1,7 @@
from flask import Flask, jsonify, request, render_template from flask import Flask, jsonify, request, render_template
from pymongo import MongoClient from pymongo import MongoClient
from bson.objectid import ObjectId from bson.objectid import ObjectId
from bson.json_util import dumps, loads
from datetime import datetime from datetime import datetime
from argon2 import PasswordHasher from argon2 import PasswordHasher
import random import random
@@ -73,32 +74,52 @@ def checkChatPermission(token, chatId, permission):
returnedChat = chatCollection.find_one({'_id': ObjectId(chatId)}) returnedChat = chatCollection.find_one({'_id': ObjectId(chatId)})
# Convert chatId into string # Convert chatId into string
returnedChat['_id'] = str(returnedChat['_id']) returnedChat['_id'] = str(returnedChat['_id'])
if permission in returnedChat['permissions']: if permission in returnedChat['permissions'][userId]:
return True, userId
elif (permission == True):
return True, userId return True, userId
else: else:
return False, "Incorrect permissions" return False, "Incorrect permissions"
else: else:
return False, "Invalid Token" return False, "Invalid Token"
# Chat Details Endpoint: # Chat List Endpoint:
# Get or change details about a chat using the chatId # Get all the chats associated with a user
# Arguments: token (required), details (required), model, name # Arguments: token (required)
@app.route('/api/chat/<_id>/details', methods = ['GET', 'POST']) @app.route('/api/user/chats', methods = ['GET'])
def getChatHistory(_id): def getUserChats():
# Get user auth token # Get user auth token
token = request.json['token'] token = request.json['token']
a, userId = checkUserPermission(token, True) a, userId = checkUserPermission(token, True)
if (a == True): if (a == True):
# Get the request details returnedChats = list(chatCollection.find({'permissions.' + userId : "view"}))
details = request.json['details'] chats = []
for doc in returnedChats:
if '_id' in doc and isinstance(doc['_id'], ObjectId):
doc['_id'] = str(doc['_id'])
chats.append(doc)
jsonChats = json.dumps(chats, indent=2)
return jsonChats
# Chat Details Endpoint:
# Get or change details about a chat using the chatId
# Arguments: token (required), details (required), model, name
@app.route('/api/chat/<_id>/details/<details>', methods = ['GET', 'POST'])
def getChatHistory(_id, details):
# Get user auth token
token = request.json['token']
a, userId = checkChatPermission(token, _id, True)
if (a == True):
# If the user is trying to GET data # If the user is trying to GET data
if (request.method == 'GET'): if (request.method == 'GET'):
# Get the chat from the chatId # Get the chat from the chatId
returnedChat = chatCollection.find_one({'_id': ObjectId(_id)}) returnedChat = chatCollection.find_one({'_id': ObjectId(_id)})
# Convert chatId into string # Convert chatId into string
returnedChat['_id'] = str(returnedChat['_id']) returnedChat['_id'] = str(returnedChat['_id'])
try: # Get chat permissions
returnedChat["permissions"][userId].index("view") a, userId = checkChatPermission(token, _id, "view")
if (a == True):
print("Chat " + _id + " has been found with token " + token) print("Chat " + _id + " has been found with token " + token)
# Check for detail type and return correct value from db # Check for detail type and return correct value from db
if (details == "history"): if (details == "history"):
@@ -109,11 +130,11 @@ def getChatHistory(_id):
return jsonify(returnedChat["model"]) return jsonify(returnedChat["model"])
elif (details == "name"): elif (details == "name"):
return jsonify(returnedChat["name"]) return jsonify(returnedChat["name"])
except: else:
return jsonify("Invalid Permissions") return jsonify("Invalid Permissions")
else: else:
try: a, userId = checkChatPermission(token, _id, "view")
returnedChat["permissions"][userId].index("edit") if (a == True):
# Check for the detail type and add data to db # Check for the detail type and add data to db
if (details == "model"): if (details == "model"):
model = request.json['model'] model = request.json['model']
@@ -122,7 +143,7 @@ def getChatHistory(_id):
name = request.json['name'] name = request.json['name']
chatCollection.update_one({'_id': ObjectId(_id)}, { "$set": { "name": name } }) chatCollection.update_one({'_id': ObjectId(_id)}, { "$set": { "name": name } })
return jsonify("Success") return jsonify("Success")
except: else:
return jsonify("Invalid Permissions") return jsonify("Invalid Permissions")
else: else:
return jsonify("User token is invalid") return jsonify("User token is invalid")
@@ -368,7 +389,7 @@ def handleSignup():
def logout(): def logout():
token = request.cookies.get('auth_token', 'none') token = request.cookies.get('auth_token', 'none')
try: try:
token = request.json['remove_token'] token = request.headers['remove-token']
except: except:
pass pass
user = usersCollection.update_one({'tokens.token': token}, {"$pull":{'tokens':{'token':token}}}) user = usersCollection.update_one({'tokens.token': token}, {"$pull":{'tokens':{'token':token}}})