* 🔧 feat: Update user key handling in keys route and add comprehensive tests
- Enhanced the PUT /api/keys route to destructure request body for better clarity and maintainability.
- Introduced a new test suite for keys route, covering key update, deletion, and retrieval functionalities, ensuring robust validation and IDOR prevention.
- Added tests to verify handling of extraneous fields and missing optional parameters in requests.
* 🔧 fix: Enhance conversation deletion route with parameter validation
- Updated the DELETE /api/convos route to handle cases where the request body is empty or the 'arg' parameter is null/undefined, returning a 400 status with an appropriate error message for DoS prevention.
- Added corresponding tests to ensure proper validation and error handling for these scenarios, enhancing the robustness of the API.
* 🔧 fix: Improve request body validation in keys and convos routes
- Updated the DELETE /api/convos and PUT /api/keys routes to validate the request body, returning a 400 status for null or invalid bodies to enhance security and prevent potential DoS attacks.
- Added corresponding tests to ensure proper error handling for these scenarios, improving the robustness of the API.
The archive conversation feature was broken after the `/api/convos/update`
route was modified to only handle title updates. The frontend was sending
`{ conversationId, isArchived }` to the update endpoint, but the backend
was only extracting `title` and ignoring the `isArchived` field entirely.
This fix implements a dedicated `/api/convos/archive` endpoint to restore
the archive/unarchive functionality.
Changes:
packages/data-provider/src/api-endpoints.ts:
- Add `archiveConversation()` endpoint returning `/api/convos/archive`
packages/data-provider/src/data-service.ts:
- Update `archiveConversation()` to use dedicated archive endpoint
api/server/routes/convos.js:
- Add `POST /archive` route with validation for `conversationId` (required)
and `isArchived` (must be boolean)
api/server/routes/__tests__/convos.spec.js:
- Add test coverage for archive endpoint (success, validation, error cases)
* ✨ feat: Enhance DELETE /all endpoint to remove shared links alongside conversations and tool calls
- Added functionality to delete all shared links for a user when clearing conversations.
- Introduced comprehensive tests to ensure correct behavior and error handling for the new deletion process.
* ✨ feat: Implement deleteConvoSharedLink method and update conversation deletion logic to remove associated shared links
