user restricted to own objects

2026-03-30 06:12:00 +02:00 · 2024-12-15 22:52:34 +01:00
parent ae4781363f
commit 291c473d00
18 changed files with 109 additions and 28 deletions
--- a/src/server/middleware_api_auth.rs
+++ b/src/server/middleware_api_auth.rs
@@ -13,7 +13,7 @@ pub async fn api_auth(
    mut request: Request,
    next: Next,
 ) -> Result<Response, ApiError> {
-    let api_key = extract_api_key(&request).ok_or(ApiError::UserNotFound)?;
+    let api_key = extract_api_key(&request).ok_or(ApiError::AuthRequired)?;

    let user = User::find_by_api_key(&api_key, &state.surreal_db_client).await?;
    let user = user.ok_or(ApiError::UserNotFound)?;
--- a/src/server/routes/ingress.rs
+++ b/src/server/routes/ingress.rs
@@ -2,18 +2,20 @@ use crate::{
    error::ApiError,
    ingress::types::ingress_input::{create_ingress_objects, IngressInput},
    server::AppState,
+    storage::types::user::User,
 };
-use axum::{extract::State, http::StatusCode, response::IntoResponse, Json};
+use axum::{extract::State, http::StatusCode, response::IntoResponse, Extension, Json};
 use futures::future::try_join_all;
 use tracing::info;

 pub async fn ingress_handler(
    State(state): State<AppState>,
+    Extension(user): Extension<User>,
    Json(input): Json<IngressInput>,
 ) -> Result<impl IntoResponse, ApiError> {
    info!("Received input: {:?}", input);

-    let ingress_objects = create_ingress_objects(input, &state.surreal_db_client).await?;
+    let ingress_objects = create_ingress_objects(input, &state.surreal_db_client, &user.id).await?;

    let futures: Vec<_> = ingress_objects
        .into_iter()
--- a/src/server/routes/query.rs
+++ b/src/server/routes/query.rs
@@ -33,9 +33,13 @@ pub async fn query_handler(
    info!("Received input: {:?}", query);
    info!("{:?}", user);

-    let answer =
-        get_answer_with_references(&state.surreal_db_client, &state.openai_client, &query.query)
-            .await?;
+    let answer = get_answer_with_references(
+        &state.surreal_db_client,
+        &state.openai_client,
+        &query.query,
+        &user.id,
+    )
+    .await?;

    Ok(
        Json(serde_json::json!({"answer": answer.content, "references": answer.references}))
--- a/src/server/routes/query/helper.rs
+++ b/src/server/routes/query/helper.rs
@@ -4,6 +4,7 @@ use async_openai::types::{
    ResponseFormat, ResponseFormatJsonSchema,
 };
 use serde_json::{json, Value};
+use tracing::debug;

 use crate::{
    error::ApiError,
@@ -66,6 +67,7 @@ use super::{
 /// * `surreal_db_client` - Client for SurrealDB interactions
 /// * `openai_client` - Client for OpenAI API calls
 /// * `query` - The user's query string
+/// * `user_id` - The user's id
 ///
 /// # Returns
 ///
@@ -80,11 +82,14 @@ pub async fn get_answer_with_references(
    surreal_db_client: &SurrealDbClient,
    openai_client: &async_openai::Client<async_openai::config::OpenAIConfig>,
    query: &str,
+    user_id: &str,
 ) -> Result<Answer, ApiError> {
    let entities =
-        combined_knowledge_entity_retrieval(surreal_db_client, openai_client, query).await?;
+        combined_knowledge_entity_retrieval(surreal_db_client, openai_client, query, user_id)
+            .await?;

    let entities_json = format_entities_json(&entities);
+    debug!("{:?}", entities_json);
    let user_message = create_user_message(&entities_json, query);

    let request = create_chat_request(user_message)?;
--- a/src/server/routes/search_result.rs
+++ b/src/server/routes/search_result.rs
@@ -2,14 +2,18 @@ use axum::{
    extract::{Query, State},
    response::Html,
 };
+use axum_session_auth::AuthSession;
+use axum_session_surreal::SessionSurrealPool;
 use serde::Deserialize;
 use serde_json::json;
+use surrealdb::{engine::any::Any, Surreal};
 use tera::Context;
 use tracing::info;

 use crate::{
    error::ApiError,
    server::{routes::query::helper::get_answer_with_references, AppState},
+    storage::types::user::User,
 };
 #[derive(Deserialize)]
 pub struct SearchParams {
@@ -19,12 +23,19 @@ pub struct SearchParams {
 pub async fn search_result_handler(
    State(state): State<AppState>,
    Query(query): Query<SearchParams>,
+    auth: AuthSession<User, String, SessionSurrealPool<Any>, Surreal<Any>>,
 ) -> Result<Html<String>, ApiError> {
    info!("Displaying search results");

-    let answer =
-        get_answer_with_references(&state.surreal_db_client, &state.openai_client, &query.query)
-            .await?;
+    let user_id = auth.current_user.ok_or_else(|| ApiError::AuthRequired)?.id;
+
+    let answer = get_answer_with_references(
+        &state.surreal_db_client,
+        &state.openai_client,
+        &query.query,
+        &user_id,
+    )
+    .await?;

    let output = state
        .tera