Files
ragflow/internal/dao/api_token.go
Renzo 7d422ba67d feat(go): implement chatbots/<dialog_id>/info and searchbots/detail (#15420)
### What problem does this PR solve?

Part of #15240 (rewriting the RAGFlow API server in Go).

Implements the two public bot endpoints from
`api/apps/restful_apis/bot_api.py`:

- **`GET /api/v1/chatbots/<dialog_id>/info`** (`chatbots_inputs`) —
returns `{title, avatar, prologue, has_tavily_key}` for a dialog the
authenticated tenant owns (tenant match + `status == VALID`), otherwise
`"Authentication error: no access to this chatbot!"`.
- **`GET /api/v1/searchbots/detail`** (`detail_share_embedded`) —
returns search-app detail for a `search_id` the tenant can access.
Permission is checked across the tenant's joined tenants; denial returns
`"Has no permission for this operation."` (operating error, `data:
false`) and a missing app returns `"Can't find this Search App!"`.

Both endpoints authenticate with an SDK **beta token** (`Authorization:
Bearer <beta>`) rather than a session — the token is resolved to a
tenant via `APIToken.query(beta=token)`, backed by a new
`APITokenDAO.GetByBeta`. Because they perform their own token-based
auth, the routes are registered on the unauthenticated route group
(mirroring the Python blueprint, which has no `@login_required`).

Both live in a new `internal/handler/bot.go` + `internal/service/bot.go`
since they share the same source module. Handler unit tests cover the
auth, success, and error-mapping paths.

### Type of change

- [x] New Feature (non-breaking change which adds functionality)

---------

Co-authored-by: Claude Code <claude@anthropic.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Ling Qin <qinling0210@163.com>
2026-07-02 18:46:00 +08:00

192 lines
6.7 KiB
Go

//
// Copyright 2026 The InfiniFlow Authors. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
package dao
import (
"errors"
"ragflow/internal/entity"
)
// APITokenDAO API token data access object
type APITokenDAO struct{}
// NewAPITokenDAO create API token DAO
func NewAPITokenDAO() *APITokenDAO {
return &APITokenDAO{}
}
// Create creates a new API token
func (dao *APITokenDAO) Create(apiToken *entity.APIToken) error {
return DB.Create(apiToken).Error
}
// GetByTenantID gets API tokens by tenant ID
func (dao *APITokenDAO) GetByTenantID(tenantID string) ([]*entity.APIToken, error) {
var tokens []*entity.APIToken
err := DB.Where("tenant_id = ?", tenantID).Find(&tokens).Error
return tokens, err
}
// DeleteByTenantID deletes all API tokens by tenant ID (hard delete)
func (dao *APITokenDAO) DeleteByTenantID(tenantID string) (int64, error) {
result := DB.Unscoped().Where("tenant_id = ?", tenantID).Delete(&entity.APIToken{})
return result.RowsAffected, result.Error
}
// GetByToken gets API token by access key
func (dao *APITokenDAO) GetUserByAPIToken(token string) (*entity.APIToken, error) {
var apiToken entity.APIToken
err := DB.Where("token = ?", token).First(&apiToken).Error
if err != nil {
return nil, err
}
return &apiToken, nil
}
// GetByBeta gets API tokens by beta key (SDK/bot authorization token).
// Mirrors Python's APIToken.query(beta=token), which returns a list.
func (dao *APITokenDAO) GetByBeta(beta string) ([]*entity.APIToken, error) {
var tokens []*entity.APIToken
err := DB.Where("beta = ?", beta).Find(&tokens).Error
return tokens, err
}
// DeleteByDialogIDs deletes API tokens by dialog IDs (hard delete)
func (dao *APITokenDAO) DeleteByDialogIDs(dialogIDs []string) (int64, error) {
if len(dialogIDs) == 0 {
return 0, nil
}
result := DB.Unscoped().Where("dialog_id IN ?", dialogIDs).Delete(&entity.APIToken{})
return result.RowsAffected, result.Error
}
// DeleteByTenantIDAndToken deletes a specific API token by tenant ID and token value
func (dao *APITokenDAO) DeleteByTenantIDAndToken(tenantID, token string) (int64, error) {
result := DB.Unscoped().Where("tenant_id = ? AND token = ?", tenantID, token).Delete(&entity.APIToken{})
return result.RowsAffected, result.Error
}
// API4ConversationDAO API for conversation data access object
type API4ConversationDAO struct{}
// NewAPI4ConversationDAO create API4Conversation DAO
func NewAPI4ConversationDAO() *API4ConversationDAO {
return &API4ConversationDAO{}
}
// ConversationStatsRow is one daily aggregate row for api_4_conversation.
type ConversationStatsRow struct {
Dt string `gorm:"column:dt"`
PV int64 `gorm:"column:pv"`
UV int64 `gorm:"column:uv"`
Tokens float64 `gorm:"column:tokens"`
Duration float64 `gorm:"column:duration"`
Round float64 `gorm:"column:round"`
ThumbUp int64 `gorm:"column:thumb_up"`
}
// Create inserts a new api_4_conversation row. The caller is responsible
// for setting ID, DialogID, UserID and the BaseModel time fields; the
// DAO does not assign defaults because session creation paths in the
// Python agent API generate a uuid + tenant timestamp and rely on the
// round-trip shape being byte-identical.
func (dao *API4ConversationDAO) Create(conv *entity.API4Conversation) error {
if conv == nil {
return errors.New("api4 conversation: nil row")
}
return DB.Create(conv).Error
}
// Update writes back an existing api_4_conversation row. The bot
// completion path calls this with the updated Message JSON after each
// turn so multi-turn chatbot sessions carry prior history into the next
// LLM call. Matches the Python conversation_service.update pattern at
// api/db/services/conversation_service.py:236 (async_iframe_completion).
func (dao *API4ConversationDAO) Update(conv *entity.API4Conversation) error {
if conv == nil {
return errors.New("api4 conversation: nil row")
}
if conv.ID == "" {
return errors.New("api4 conversation: empty id")
}
return DB.Save(conv).Error
}
// Stats returns daily conversation aggregates for a tenant.
func (dao *API4ConversationDAO) Stats(tenantID, fromDate, toDate string, source *string) ([]ConversationStatsRow, error) {
var rows []ConversationStatsRow
dateExpr := "DATE_FORMAT(a.create_date, '%Y-%m-%d 00:00:00')"
db := DB.Table("api_4_conversation AS a").
Select(`
DATE_FORMAT(a.create_date, '%Y-%m-%d 00:00:00') AS dt,
COUNT(a.id) AS pv,
COUNT(DISTINCT a.user_id) AS uv,
COALESCE(SUM(a.tokens), 0) AS tokens,
COALESCE(SUM(a.duration), 0) AS duration,
COALESCE(AVG(a.round), 0) AS round,
COALESCE(SUM(a.thumb_up), 0) AS thumb_up
`).
Joins("JOIN dialog AS d ON a.dialog_id = d.id AND d.tenant_id = ?", tenantID).
Where("a.create_date >= ? AND a.create_date <= ?", fromDate, toDate)
if source == nil {
db = db.Where("a.source IS NULL")
} else {
db = db.Where("a.source = ?", *source)
}
err := db.Group(dateExpr).
Order(dateExpr).
Scan(&rows).Error
return rows, err
}
func (dao *API4ConversationDAO) GetBySessionID(sessionID, agentID string) (*entity.API4Conversation, error) {
var result entity.API4Conversation
tx := DB.Where("id = ? AND dialog_id = ?", sessionID, agentID).Find(&result)
if tx.Error != nil {
return nil, tx.Error
}
if tx.RowsAffected == 0 {
return nil, nil
}
return &result, nil
}
// ListIDsByAgentID lists conversation IDs for one agent.
func (dao *API4ConversationDAO) ListIDsByAgentID(agentID string) ([]string, error) {
var ids []string
err := DB.Model(&entity.API4Conversation{}).Where("dialog_id = ?", agentID).Pluck("id", &ids).Error
return ids, err
}
// DeleteBySessionIDAndAgentID deletes API4Conversations by sessionID and agentID
func (dao *API4ConversationDAO) DeleteBySessionIDAndAgentID(sessionID, agentID string) (int64, error) {
result := DB.Where("id = ? AND dialog_id = ?", sessionID, agentID).Delete(&entity.API4Conversation{})
return result.RowsAffected, result.Error
}
// DeleteByDialogIDs deletes API4Conversations by dialog IDs (hard delete)
func (dao *API4ConversationDAO) DeleteByDialogIDs(dialogIDs []string) (int64, error) {
if len(dialogIDs) == 0 {
return 0, nil
}
result := DB.Unscoped().Where("dialog_id IN ?", dialogIDs).Delete(&entity.API4Conversation{})
return result.RowsAffected, result.Error
}