hugo/AiThingy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: hugo:fixLoginSignup
Branches Tags
hugo:main hugo:UpdatePermissionsChecking hugo:fixLoginSignup
...
compare: hugo:dea4b79014f1ff5a9b92f5a0aab7e07990577b2a
Branches Tags
hugo:main hugo:UpdatePermissionsChecking hugo:fixLoginSignup

5 Commits
fixLoginSi ... dea4b79014

Author SHA1 Message Date
Hugo H
dea4b79014 Fix APIs and intergrate chat permission checking 2025-09-03 10:33:23 +01:00
Hugo H
694947f225 Fixed chat permissions lookup function 2025-09-02 19:55:24 +01:00
Hugo H
08cc5dd165 Added chat list endpoint 
Returns all chats that are associated with a user
 2025-09-02 17:45:44 +01:00
Hugo H
ef577c11f7 Added function to check permissions on specific chat. 
The checkChatPermission function checks if a use is allowed to perform an action in a chat
 2025-09-02 17:30:14 +01:00
Hugo H
89f9b6d270 Moved permissions checking to a function 
Permissions checking now happens in another function, code is now much cleaner
 2025-08-31 11:22:41 +01:00
1 changed files with 115 additions and 89 deletions
Expand all files Collapse all files

204
main.py
View File

@@ -1,6 +1,7 @@
from flask import Flask, jsonify, request, render_template from flask import Flask, jsonify, request, render_template
from pymongo import MongoClient from pymongo import MongoClient
from bson.objectid import ObjectId from bson.objectid import ObjectId
from bson.json_util import dumps, loads
from datetime import datetime from datetime import datetime
from argon2 import PasswordHasher from argon2 import PasswordHasher
import random import random
@@ -44,15 +45,9 @@ except Exception as e:
app = Flask(__name__) app = Flask(__name__)
# Chat Details Endpoint: def checkUserPermission(token, permission):
# Get or change details about a chat using the chatId
# Arguments: token (required), details (required), model, name
@app.route('/api/chat/<_id>/details', methods = ['GET', 'POST'])
def getChatHistory(_id):
# Get user auth token
token = request.json['token']
# Find the correct user token in user db # Find the correct user token in user db
user = usersCollection.find_one({'tokens.token': token}, {"_id":1,"tokens":{"$elemMatch": {"token":token}}}) user = usersCollection.find_one({'tokens.token': token}, {"_id":1,"tokens":{"$elemMatch": {"token":token}}, "permissions":1})
# If the user exists, continue, otherwise return fail # If the user exists, continue, otherwise return fail
if (user): if (user):
# Convert _id to a string, python doesn't like ObjectId() # Convert _id to a string, python doesn't like ObjectId()
@@ -61,44 +56,95 @@ def getChatHistory(_id):
if (user['tokens'][0]['expiry'] > int(datetime.now().timestamp())): if (user['tokens'][0]['expiry'] > int(datetime.now().timestamp())):
# Store the userId # Store the userId
userId = user['_id'] userId = user['_id']
print(userId) if permission in user["permissions"]:
# Get the request details return True, userId
details = request.json['details'] elif (permission == True):
# If the user is trying to GET data return True, userId
if (request.method == 'GET'):
# Get the chat from the chatId
returnedChat = chatCollection.find_one({'_id': ObjectId(_id)})
# Convert chatId into string
returnedChat['_id'] = str(returnedChat['_id'])
try:
returnedChat["permissions"][userId].index("view")
print("Chat " + _id + " has been found with token " + token)
# Check for detail type and return correct value from db
if (details == "history"):
return jsonify(returnedChat["messages"])
elif (details == "users"):
return jsonify(returnedChat["permissions"])
elif (details == "model"):
return jsonify(returnedChat["model"])
elif (details == "name"):
return jsonify(returnedChat["name"])
except:
return jsonify("Invalid Permissions")
else: else:
try: return False, "Incorrect permissions"
returnedChat["permissions"][userId].index("edit")
# Check for the detail type and add data to db
if (details == "model"):
model = request.json['model']
chatCollection.update_one({'_id': ObjectId(_id)}, { "$set": { "model": model } })
if (details == "name"):
name = request.json['name']
chatCollection.update_one({'_id': ObjectId(_id)}, { "$set": { "name": name } })
return jsonify("Success")
except:
return jsonify("Invalid Permissions")
else: else:
return jsonify("User token is invalid") return False, "Token is expired"
else:
return False, "Token doesn't exist"
def checkChatPermission(token, chatId, permission):
a, userId = checkUserPermission(token, True)
if (a == True):
# Get the chat from the chatId
returnedChat = chatCollection.find_one({'_id': ObjectId(chatId)})
# Convert chatId into string
returnedChat['_id'] = str(returnedChat['_id'])
if permission in returnedChat['permissions'][userId]:
return True, userId
elif (permission == True):
return True, userId
else:
return False, "Incorrect permissions"
else:
return False, "Invalid Token"
# Chat List Endpoint:
# Get all the chats associated with a user
# Arguments: token (required)
@app.route('/api/user/chats', methods = ['GET'])
def getUserChats():
# Get user auth token
token = request.json['token']
a, userId = checkUserPermission(token, True)
if (a == True):
returnedChats = list(chatCollection.find({'permissions.' + userId : "view"}))
chats = []
for doc in returnedChats:
if '_id' in doc and isinstance(doc['_id'], ObjectId):
doc['_id'] = str(doc['_id'])
chats.append(doc)
jsonChats = json.dumps(chats, indent=2)
return jsonChats
# Chat Details Endpoint:
# Get or change details about a chat using the chatId
# Arguments: token (required), details (required), model, name
@app.route('/api/chat/<_id>/details/<details>', methods = ['GET', 'POST'])
def getChatHistory(_id, details):
# Get user auth token
token = request.json['token']
a, userId = checkChatPermission(token, _id, True)
if (a == True):
# If the user is trying to GET data
if (request.method == 'GET'):
# Get the chat from the chatId
returnedChat = chatCollection.find_one({'_id': ObjectId(_id)})
# Convert chatId into string
returnedChat['_id'] = str(returnedChat['_id'])
# Get chat permissions
a, userId = checkChatPermission(token, _id, "view")
if (a == True):
print("Chat " + _id + " has been found with token " + token)
# Check for detail type and return correct value from db
if (details == "history"):
return jsonify(returnedChat["messages"])
elif (details == "users"):
return jsonify(returnedChat["permissions"])
elif (details == "model"):
return jsonify(returnedChat["model"])
elif (details == "name"):
return jsonify(returnedChat["name"])
else:
return jsonify("Invalid Permissions")
else:
a, userId = checkChatPermission(token, _id, "view")
if (a == True):
# Check for the detail type and add data to db
if (details == "model"):
model = request.json['model']
chatCollection.update_one({'_id': ObjectId(_id)}, { "$set": { "model": model } })
if (details == "name"):
name = request.json['name']
chatCollection.update_one({'_id': ObjectId(_id)}, { "$set": { "name": name } })
return jsonify("Success")
else:
return jsonify("Invalid Permissions")
else: else:
return jsonify("User token is invalid") return jsonify("User token is invalid")
@@ -109,44 +155,28 @@ def getChatHistory(_id):
def createChat(): def createChat():
# Get user auth token # Get user auth token
token = request.json['token'] token = request.json['token']
# Find the correct user token in user db a, userId = checkUserPermission(token, "createChat")
user = usersCollection.find_one({'tokens.token': token}, {"_id":1,"tokens":{"$elemMatch": {"token":token}}}) if (a == True):
# If the user exists, continue, otherwise return fail name = request.json['name']
if (user): model = request.json['model']
# Convert _id to a string, python doesn't like ObjectId() chatCollection.insert_one(
user['_id'] = str(user['_id']) {
# Check if the token expiry is after the current date (Using unix timestamp, other mongodb Date datatype is a pain to use in python) "name":name,
if (user['tokens'][0]['expiry'] > int(datetime.now().timestamp())): "model":model,
# Store the userId "permissions": {
userId = user['_id'] userId:[
print(user) "owner",
print(user['permissions']) "view",
if ("createChat" in user['permissions']): "message",
print(userId) "edit"
name = request.json['name'] ]
model = request.json['model'] },
chatCollection.insert_one( "messages": [
{
"name":name, ]
"model":model, }
"permissions": { )
userId:[ return jsonify("Success")
"owner",
"view",
"message",
"edit"
]
},
"messages": [
]
}
)
return jsonify("Success")
else:
return jsonify("Incorrect permissions")
else:
return jsonify("User token is invalid")
else: else:
return jsonify("User token is invalid") return jsonify("User token is invalid")
@@ -167,13 +197,9 @@ def index():
if (token == 'none'): if (token == 'none'):
return render_template('login.html', appName=appName, githubUrl=github_auth_endpoint, githublogin=settings["github_oauth"]["enabled"], oauthlogin=settings["oauth_login"]) return render_template('login.html', appName=appName, githubUrl=github_auth_endpoint, githublogin=settings["github_oauth"]["enabled"], oauthlogin=settings["oauth_login"])
else: else:
user = usersCollection.find_one({'tokens.token': token}, {"_id":1,"tokens":{"$elemMatch": {"token":token}}}) a, userId = checkUserPermission(token, True)
if (user): if (a == True):
user['_id'] = str(user['_id'])
if (user['tokens'][0]['expiry'] > int(datetime.now().timestamp())):
return render_template('home.html', appName=appName) return render_template('home.html', appName=appName)
else:
render_template('logout.html', appName=appName)
else: else:
render_template('logout.html', appName=appName) render_template('logout.html', appName=appName)
@@ -363,7 +389,7 @@ def handleSignup():
def logout(): def logout():
token = request.cookies.get('auth_token', 'none') token = request.cookies.get('auth_token', 'none')
try: try:
token = request.json['remove_token'] token = request.headers['remove-token']
except: except:
pass pass
user = usersCollection.update_one({'tokens.token': token}, {"$pull":{'tokens':{'token':token}}}) user = usersCollection.update_one({'tokens.token': token}, {"$pull":{'tokens':{'token':token}}})