mirror of
https://github.com/infiniflow/ragflow.git
synced 2026-07-03 09:11:59 +08:00
### What problem does this PR solve? Part of #15240 (rewriting the RAGFlow API server in Go). Implements the two public bot endpoints from `api/apps/restful_apis/bot_api.py`: - **`GET /api/v1/chatbots/<dialog_id>/info`** (`chatbots_inputs`) — returns `{title, avatar, prologue, has_tavily_key}` for a dialog the authenticated tenant owns (tenant match + `status == VALID`), otherwise `"Authentication error: no access to this chatbot!"`. - **`GET /api/v1/searchbots/detail`** (`detail_share_embedded`) — returns search-app detail for a `search_id` the tenant can access. Permission is checked across the tenant's joined tenants; denial returns `"Has no permission for this operation."` (operating error, `data: false`) and a missing app returns `"Can't find this Search App!"`. Both endpoints authenticate with an SDK **beta token** (`Authorization: Bearer <beta>`) rather than a session — the token is resolved to a tenant via `APIToken.query(beta=token)`, backed by a new `APITokenDAO.GetByBeta`. Because they perform their own token-based auth, the routes are registered on the unauthenticated route group (mirroring the Python blueprint, which has no `@login_required`). Both live in a new `internal/handler/bot.go` + `internal/service/bot.go` since they share the same source module. Handler unit tests cover the auth, success, and error-mapping paths. ### Type of change - [x] New Feature (non-breaking change which adds functionality) --------- Co-authored-by: Claude Code <claude@anthropic.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Co-authored-by: Ling Qin <qinling0210@163.com>