* fix: add rate limiting to conversation duplicate endpoint
* chore: linter
* fix: address review findings for conversation duplicate rate limiting
* refactor: streamline test mocks for conversation routes
- Consolidated mock implementations into a dedicated `convos-route-mocks.js` file to enhance maintainability and readability of test files.
- Updated tests in `convos-duplicate-ratelimit.spec.js` and `convos.spec.js` to utilize the new mock structure, improving clarity and reducing redundancy.
- Enhanced the `duplicateConversation` function to accept an optional title parameter for better flexibility in conversation duplication.
* chore: rename files
* 🔧 feat: Update user key handling in keys route and add comprehensive tests
- Enhanced the PUT /api/keys route to destructure request body for better clarity and maintainability.
- Introduced a new test suite for keys route, covering key update, deletion, and retrieval functionalities, ensuring robust validation and IDOR prevention.
- Added tests to verify handling of extraneous fields and missing optional parameters in requests.
* 🔧 fix: Enhance conversation deletion route with parameter validation
- Updated the DELETE /api/convos route to handle cases where the request body is empty or the 'arg' parameter is null/undefined, returning a 400 status with an appropriate error message for DoS prevention.
- Added corresponding tests to ensure proper validation and error handling for these scenarios, enhancing the robustness of the API.
* 🔧 fix: Improve request body validation in keys and convos routes
- Updated the DELETE /api/convos and PUT /api/keys routes to validate the request body, returning a 400 status for null or invalid bodies to enhance security and prevent potential DoS attacks.
- Added corresponding tests to ensure proper error handling for these scenarios, improving the robustness of the API.
The archive conversation feature was broken after the `/api/convos/update`
route was modified to only handle title updates. The frontend was sending
`{ conversationId, isArchived }` to the update endpoint, but the backend
was only extracting `title` and ignoring the `isArchived` field entirely.
This fix implements a dedicated `/api/convos/archive` endpoint to restore
the archive/unarchive functionality.
Changes:
packages/data-provider/src/api-endpoints.ts:
- Add `archiveConversation()` endpoint returning `/api/convos/archive`
packages/data-provider/src/data-service.ts:
- Update `archiveConversation()` to use dedicated archive endpoint
api/server/routes/convos.js:
- Add `POST /archive` route with validation for `conversationId` (required)
and `isArchived` (must be boolean)
api/server/routes/__tests__/convos.spec.js:
- Add test coverage for archive endpoint (success, validation, error cases)
* ✨ feat: Enhance DELETE /all endpoint to remove shared links alongside conversations and tool calls
- Added functionality to delete all shared links for a user when clearing conversations.
- Introduced comprehensive tests to ensure correct behavior and error handling for the new deletion process.
* ✨ feat: Implement deleteConvoSharedLink method and update conversation deletion logic to remove associated shared links
