PyPI - chainlit - Versions diffs - 2.0.0__py3-none-any.whl → 2.0.dev0__py3-none-any.whl - Mend

chainlit 2.0.0py3-none-any.whl → 2.0.dev0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of chainlit might be problematic. Click here for more details.

Files changed (98) hide show

chainlit/__init__.py +57 -56
chainlit/action.py +10 -12
chainlit/{auth/__init__.py → auth.py} +34 -26
chainlit/cache.py +6 -4
chainlit/callbacks.py +7 -52
chainlit/chat_context.py +2 -2
chainlit/chat_settings.py +1 -3
chainlit/cli/__init__.py +2 -15
chainlit/config.py +70 -41
chainlit/context.py +9 -8
chainlit/copilot/dist/index.js +874 -8533
chainlit/data/__init__.py +8 -96
chainlit/data/acl.py +2 -3
chainlit/data/base.py +15 -1
chainlit/data/dynamodb.py +4 -7
chainlit/data/literalai.py +6 -4
chainlit/data/sql_alchemy.py +9 -10
chainlit/data/{storage_clients/azure.py → storage_clients.py} +33 -2
chainlit/discord/__init__.py +4 -4
chainlit/discord/app.py +1 -2
chainlit/element.py +9 -41
chainlit/emitter.py +21 -17
chainlit/frontend/dist/assets/DailyMotion-b4b7af47.js +1 -0
chainlit/frontend/dist/assets/Facebook-572972a0.js +1 -0
chainlit/frontend/dist/assets/FilePlayer-85c69ca8.js +1 -0
chainlit/frontend/dist/assets/Kaltura-dfc24672.js +1 -0
chainlit/frontend/dist/assets/Mixcloud-705011f4.js +1 -0
chainlit/frontend/dist/assets/Mux-4201a9e6.js +1 -0
chainlit/frontend/dist/assets/Preview-23ba40a6.js +1 -0
chainlit/frontend/dist/assets/SoundCloud-1a582d51.js +1 -0
chainlit/frontend/dist/assets/Streamable-5017c4ba.js +1 -0
chainlit/frontend/dist/assets/Twitch-bb2de2fa.js +1 -0
chainlit/frontend/dist/assets/Vidyard-54e269b1.js +1 -0
chainlit/frontend/dist/assets/Vimeo-d92c37dd.js +1 -0
chainlit/frontend/dist/assets/Wistia-25a1363b.js +1 -0
chainlit/frontend/dist/assets/YouTube-616e8cb7.js +1 -0
chainlit/frontend/dist/assets/index-aaf974a9.css +1 -0
chainlit/frontend/dist/assets/index-f5df2072.js +1027 -0
chainlit/frontend/dist/assets/{react-plotly-BpxUS-ab.js → react-plotly-f0315f86.js} +94 -94
chainlit/frontend/dist/index.html +3 -2
chainlit/haystack/callbacks.py +4 -5
chainlit/input_widget.py +4 -6
chainlit/langchain/callbacks.py +47 -56
chainlit/langflow/__init__.py +0 -1
chainlit/llama_index/callbacks.py +7 -7
chainlit/message.py +10 -8
chainlit/mistralai/__init__.py +2 -3
chainlit/oauth_providers.py +12 -113
chainlit/openai/__init__.py +7 -6
chainlit/secret.py +1 -1
chainlit/server.py +181 -491
chainlit/session.py +5 -7
chainlit/slack/__init__.py +3 -3
chainlit/slack/app.py +2 -3
chainlit/socket.py +103 -78
chainlit/step.py +29 -21
chainlit/sync.py +1 -2
chainlit/teams/__init__.py +3 -3
chainlit/teams/app.py +0 -1
chainlit/types.py +4 -20
chainlit/user.py +1 -2
chainlit/utils.py +2 -3
chainlit/version.py +2 -3
{chainlit-2.0.0.dist-info → chainlit-2.0.dev0.dist-info}/METADATA +39 -27
chainlit-2.0.dev0.dist-info/RECORD +96 -0
chainlit/auth/cookie.py +0 -123
chainlit/auth/jwt.py +0 -37
chainlit/data/chainlit_data_layer.py +0 -584
chainlit/data/storage_clients/__init__.py +0 -0
chainlit/data/storage_clients/azure_blob.py +0 -80
chainlit/data/storage_clients/base.py +0 -22
chainlit/data/storage_clients/gcs.py +0 -78
chainlit/data/storage_clients/s3.py +0 -49
chainlit/frontend/dist/assets/DailyMotion-DgRzV5GZ.js +0 -1
chainlit/frontend/dist/assets/Dataframe-DVgwSMU2.js +0 -22
chainlit/frontend/dist/assets/Facebook-C0vx6HWv.js +0 -1
chainlit/frontend/dist/assets/FilePlayer-CdhzeHPP.js +0 -1
chainlit/frontend/dist/assets/Kaltura-5iVmeUct.js +0 -1
chainlit/frontend/dist/assets/Mixcloud-C2zi77Ex.js +0 -1
chainlit/frontend/dist/assets/Mux-Vkebogdf.js +0 -1
chainlit/frontend/dist/assets/Preview-DwY_sEIl.js +0 -1
chainlit/frontend/dist/assets/SoundCloud-CREBXAWo.js +0 -1
chainlit/frontend/dist/assets/Streamable-B5Lu25uy.js +0 -1
chainlit/frontend/dist/assets/Twitch-y9iKCcM1.js +0 -1
chainlit/frontend/dist/assets/Vidyard-ClYvcuEu.js +0 -1
chainlit/frontend/dist/assets/Vimeo-D6HvM2jt.js +0 -1
chainlit/frontend/dist/assets/Wistia-Cu4zZ2Ci.js +0 -1
chainlit/frontend/dist/assets/YouTube-D10tR6CJ.js +0 -1
chainlit/frontend/dist/assets/index-CI4qFOt5.js +0 -8665
chainlit/frontend/dist/assets/index-CrrqM0nZ.css +0 -1
chainlit/translations/nl-NL.json +0 -229
chainlit-2.0.0.dist-info/RECORD +0 -106
/chainlit/copilot/dist/assets/{logo_dark-IkGJ_IwC.svg → logo_dark-2a3cf740.svg} +0 -0
/chainlit/copilot/dist/assets/{logo_light-Bb_IPh6r.svg → logo_light-b078e7bc.svg} +0 -0
/chainlit/frontend/dist/assets/{logo_dark-IkGJ_IwC.svg → logo_dark-2a3cf740.svg} +0 -0
/chainlit/frontend/dist/assets/{logo_light-Bb_IPh6r.svg → logo_light-b078e7bc.svg} +0 -0
{chainlit-2.0.0.dist-info → chainlit-2.0.dev0.dist-info}/WHEEL +0 -0
{chainlit-2.0.0.dist-info → chainlit-2.0.dev0.dist-info}/entry_points.txt +0 -0

chainlit/server.py CHANGED Viewed

@@ -1,5 +1,4 @@
 import asyncio
-import fnmatch
 import glob
 import json
 import mimetypes
@@ -10,36 +9,10 @@ import urllib.parse
 import webbrowser
 from contextlib import asynccontextmanager
 from pathlib import Path
-from typing import List, Optional, Union, cast
+from typing import Any, Optional, Union
 import socketio
-from fastapi import (
-    APIRouter,
-    Depends,
-    FastAPI,
-    Form,
-    HTTPException,
-    Query,
-    Request,
-    Response,
-    UploadFile,
-    status,
-)
-from fastapi.responses import FileResponse, HTMLResponse, JSONResponse, RedirectResponse
-from fastapi.security import OAuth2PasswordRequestForm
-from starlette.datastructures import URL
-from starlette.middleware.cors import CORSMiddleware
-from typing_extensions import Annotated
-from watchfiles import awatch
-from chainlit.auth import create_jwt, decode_jwt, get_configuration, get_current_user
-from chainlit.auth.cookie import (
-    clear_auth_cookie,
-    clear_oauth_state_cookie,
-    set_auth_cookie,
-    set_oauth_state_cookie,
-    validate_oauth_state_cookie,
-)
+from chainlit.auth import create_jwt, get_configuration, get_current_user
 from chainlit.config import (
     APP_ROOT,
     BACKEND_ROOT,
@@ -48,7 +21,6 @@ from chainlit.config import (
     PACKAGE_ROOT,
     config,
     load_module,
-    public_dir,
     reload_config,
 )
 from chainlit.data import get_data_layer
@@ -58,16 +30,32 @@ from chainlit.markdown import get_markdown_str
 from chainlit.oauth_providers import get_oauth_provider
 from chainlit.secret import random_secret
 from chainlit.types import (
-    CallActionRequest,
     DeleteFeedbackRequest,
     DeleteThreadRequest,
-    ElementRequest,
     GetThreadsRequest,
     Theme,
     UpdateFeedbackRequest,
-    UpdateThreadRequest,
 )
 from chainlit.user import PersistedUser, User
+from fastapi import (
+    APIRouter,
+    Depends,
+    FastAPI,
+    Form,
+    HTTPException,
+    Query,
+    Request,
+    Response,
+    UploadFile,
+    status,
+)
+from fastapi.responses import FileResponse, HTMLResponse, JSONResponse, RedirectResponse
+from fastapi.security import OAuth2PasswordRequestForm
+from fastapi.staticfiles import StaticFiles
+from starlette.datastructures import URL
+from starlette.middleware.cors import CORSMiddleware
+from typing_extensions import Annotated
+from watchfiles import awatch
 from ._utils import is_path_inside
@@ -216,59 +204,29 @@ app.add_middleware(
 router = APIRouter(prefix=PREFIX)
+app.mount(
+    f"{PREFIX}/public",
+    StaticFiles(directory="public", check_dir=False),
+    name="public",
+)
-@router.get("/public/{filename:path}")
-async def serve_public_file(
-    filename: str,
-):
-    """Serve a file from public dir."""
-    base_path = Path(public_dir)
-    file_path = (base_path / filename).resolve()
-    if not is_path_inside(file_path, base_path):
-        raise HTTPException(status_code=400, detail="Invalid filename")
-    if file_path.is_file():
-        return FileResponse(file_path)
-    else:
-        raise HTTPException(status_code=404, detail="File not found")
-@router.get("/assets/{filename:path}")
-async def serve_asset_file(
-    filename: str,
-):
-    """Serve a file from assets dir."""
-    base_path = Path(os.path.join(build_dir, "assets"))
-    file_path = (base_path / filename).resolve()
-    if not is_path_inside(file_path, base_path):
-        raise HTTPException(status_code=400, detail="Invalid filename")
-    if file_path.is_file():
-        return FileResponse(file_path)
-    else:
-        raise HTTPException(status_code=404, detail="File not found")
-@router.get("/copilot/{filename:path}")
-async def serve_copilot_file(
-    filename: str,
-):
-    """Serve a file from assets dir."""
-    base_path = Path(copilot_build_dir)
-    file_path = (base_path / filename).resolve()
-    if not is_path_inside(file_path, base_path):
-        raise HTTPException(status_code=400, detail="Invalid filename")
+app.mount(
+    f"{PREFIX}/assets",
+    StaticFiles(
+        packages=[("chainlit", os.path.join(build_dir, "assets"))],
+        follow_symlink=config.project.follow_symlink,
+    ),
+    name="assets",
+)
-    if file_path.is_file():
-        return FileResponse(file_path)
-    else:
-        raise HTTPException(status_code=404, detail="File not found")
+app.mount(
+    f"{PREFIX}/copilot",
+    StaticFiles(
+        packages=[("chainlit", copilot_build_dir)],
+        follow_symlink=config.project.follow_symlink,
+    ),
+    name="copilot",
+)
 # -------------------------------------------------------------------------------
@@ -289,7 +247,6 @@ if os.environ.get("SLACK_BOT_TOKEN") and os.environ.get("SLACK_SIGNING_SECRET"):
 if os.environ.get("TEAMS_APP_ID") and os.environ.get("TEAMS_APP_PASSWORD"):
     from botbuilder.schema import Activity
     from chainlit.teams.app import adapter, bot
     @router.post("/teams/events")
@@ -319,16 +276,6 @@ def get_html_template():
     """
     Get HTML template for the index view.
     """
-    ROOT_PATH = os.environ.get("CHAINLIT_ROOT_PATH", "")
-    custom_theme = None
-    custom_theme_file_path = Path(public_dir) / "theme.json"
-    if (
-        is_path_inside(custom_theme_file_path, Path(public_dir))
-        and custom_theme_file_path.is_file()
-    ):
-        custom_theme = json.loads(custom_theme_file_path.read_text(encoding="utf-8"))
     PLACEHOLDER = "<!-- TAG INJECTION PLACEHOLDER -->"
     JS_PLACEHOLDER = "<!-- JS INJECTION PLACEHOLDER -->"
     CSS_PLACEHOLDER = "<!-- CSS INJECTION PLACEHOLDER -->"
@@ -351,10 +298,7 @@ def get_html_template():
     <meta property="og:url" content="{url}">
     <meta property="og:root_path" content="{ROOT_PATH}">"""
-    js = f"""<script>
-{f"window.theme = {json.dumps(custom_theme.get('variables'))};" if custom_theme and custom_theme.get("variables") else "undefined"}
-{f"window.transports = {json.dumps(config.project.transports)};" if config.project.transports else "undefined"}
-</script>"""
+    js = f"""<script>{f"window.theme = {json.dumps(config.ui.theme.to_dict())}; " if config.ui.theme else ""}</script>"""
     css = None
     if config.ui.custom_css:
@@ -366,15 +310,12 @@ def get_html_template():
         js += f"""<script src="{config.ui.custom_js}" defer></script>"""
     font = None
-    if custom_theme and custom_theme.get("custom_fonts"):
-        font = "\n".join(
-            f"""<link rel="stylesheet" href="{font}">"""
-            for font in custom_theme.get("custom_fonts")
-        )
+    if config.ui.custom_font:
+        font = f"""<link rel="stylesheet" href="{config.ui.custom_font}">"""
     index_html_file_path = os.path.join(build_dir, "index.html")
-    with open(index_html_file_path, encoding="utf-8") as f:
+    with open(index_html_file_path, "r", encoding="utf-8") as f:
         content = f.read()
         content = content.replace(PLACEHOLDER, tags)
         if js:
@@ -419,132 +360,46 @@ async def auth(request: Request):
     return get_configuration()
-def _get_response_dict(access_token: str) -> dict:
-    """Get the response dictionary for the auth response."""
-    return {"success": True}
-def _get_auth_response(access_token: str, redirect_to_callback: bool) -> Response:
-    """Get the redirect params for the OAuth callback."""
-    response_dict = _get_response_dict(access_token)
-    if redirect_to_callback:
-        root_path = os.environ.get("CHAINLIT_ROOT_PATH", "")
-        redirect_url = (
-            f"{root_path}/login/callback?{urllib.parse.urlencode(response_dict)}"
-        )
-        return RedirectResponse(
-            # FIXME: redirect to the right frontend base url to improve the dev environment
-            url=redirect_url,
-            status_code=302,
+@router.post("/login")
+async def login(form_data: OAuth2PasswordRequestForm = Depends()):
+    """
+    Login a user using the password auth callback.
+    """
+    if not config.code.password_auth_callback:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST, detail="No auth_callback defined"
         )
-    return JSONResponse(response_dict)
-def _get_oauth_redirect_error(error: str) -> Response:
-    """Get the redirect response for an OAuth error."""
-    params = urllib.parse.urlencode(
-        {
-            "error": error,
-        }
-    )
-    response = RedirectResponse(
-        # FIXME: redirect to the right frontend base url to improve the dev environment
-        url=f"/login?{params}",  # Shouldn't there be {root_path} here?
+    user = await config.code.password_auth_callback(
+        form_data.username, form_data.password
     )
-    return response
-async def _authenticate_user(
-    user: Optional[User], redirect_to_callback: bool = False
-) -> Response:
-    """Authenticate a user and return the response."""
     if not user:
         raise HTTPException(
             status_code=status.HTTP_401_UNAUTHORIZED,
             detail="credentialssignin",
         )
-    # If a data layer is defined, attempt to persist user.
+    access_token = create_jwt(user)
     if data_layer := get_data_layer():
         try:
             await data_layer.create_user(user)
         except Exception as e:
-            # Catch and log exceptions during user creation.
-            # TODO: Make this catch only specific errors and allow others to propagate.
             logger.error(f"Error creating user: {e}")
-    access_token = create_jwt(user)
-    response = _get_auth_response(access_token, redirect_to_callback)
-    set_auth_cookie(response, access_token)
-    return response
-@router.post("/login")
-async def login(response: Response, form_data: OAuth2PasswordRequestForm = Depends()):
-    """
-    Login a user using the password auth callback.
-    """
-    if not config.code.password_auth_callback:
-        raise HTTPException(
-            status_code=status.HTTP_400_BAD_REQUEST, detail="No auth_callback defined"
-        )
-    user = await config.code.password_auth_callback(
-        form_data.username, form_data.password
-    )
-    return await _authenticate_user(user)
+    return {
+        "access_token": access_token,
+        "token_type": "bearer",
+    }
 @router.post("/logout")
 async def logout(request: Request, response: Response):
     """Logout the user by calling the on_logout callback."""
-    clear_auth_cookie(response)
     if config.code.on_logout:
         return await config.code.on_logout(request, response)
     return {"success": True}
-@router.post("/auth/jwt")
-async def jwt_auth(request: Request):
-    """Login a user using a valid jwt."""
-    from jwt import InvalidTokenError
-    auth_header: Optional[str] = request.headers.get("Authorization")
-    if not auth_header:
-        raise HTTPException(status_code=401, detail="Authorization header missing")
-    # Check if it starts with "Bearer "
-    try:
-        scheme, token = auth_header.split()
-        if scheme.lower() != "bearer":
-            raise HTTPException(
-                status_code=401,
-                detail="Invalid authentication scheme. Please use Bearer",
-            )
-    except ValueError:
-        raise HTTPException(
-            status_code=401, detail="Invalid authorization header format"
-        )
-    try:
-        user = decode_jwt(token)
-        return await _authenticate_user(user)
-    except InvalidTokenError:
-        raise HTTPException(status_code=401, detail="Invalid token")
 @router.post("/auth/header")
 async def header_auth(request: Request):
     """Login a user using the header_auth_callback."""
@@ -556,7 +411,23 @@ async def header_auth(request: Request):
     user = await config.code.header_auth_callback(request.headers)
-    return await _authenticate_user(user)
+    if not user:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Unauthorized",
+        )
+    access_token = create_jwt(user)
+    if data_layer := get_data_layer():
+        try:
+            await data_layer.create_user(user)
+        except Exception as e:
+            logger.error(f"Error creating user: {e}")
+    return {
+        "access_token": access_token,
+        "token_type": "bearer",
+    }
 @router.get("/auth/oauth/{provider_id}")
@@ -588,9 +459,16 @@ async def oauth_login(provider_id: str, request: Request):
     response = RedirectResponse(
         url=f"{provider.authorize_url}?{params}",
     )
-    set_oauth_state_cookie(response, random)
+    samesite: Any = os.environ.get("CHAINLIT_COOKIE_SAMESITE", "lax")
+    secure = samesite.lower() == "none"
+    response.set_cookie(
+        "oauth_state",
+        random,
+        httponly=True,
+        samesite=samesite,
+        secure=secure,
+        max_age=3 * 60,
+    )
     return response
@@ -618,7 +496,16 @@ async def oauth_callback(
         )
     if error:
-        return _get_oauth_redirect_error(error)
+        params = urllib.parse.urlencode(
+            {
+                "error": error,
+            }
+        )
+        response = RedirectResponse(
+            # FIXME: redirect to the right frontend base url to improve the dev environment
+            url=f"/login?{params}",
+        )
+        return response
     if not code or not state:
         raise HTTPException(
@@ -626,11 +513,9 @@ async def oauth_callback(
             detail="Missing code or state",
         )
-    try:
-        validate_oauth_state_cookie(request, state)
-    except Exception as e:
-        logger.exception("Unable to validate oauth state: %1", e)
+    # Check the state from the oauth provider against the browser cookie
+    oauth_state = request.cookies.get("oauth_state")
+    if oauth_state != state:
         raise HTTPException(
             status_code=status.HTTP_401_UNAUTHORIZED,
             detail="Unauthorized",
@@ -645,10 +530,34 @@ async def oauth_callback(
         provider_id, token, raw_user_data, default_user
     )
-    response = await _authenticate_user(user, redirect_to_callback=True)
+    if not user:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Unauthorized",
+        )
-    clear_oauth_state_cookie(response)
+    access_token = create_jwt(user)
+    if data_layer := get_data_layer():
+        try:
+            await data_layer.create_user(user)
+        except Exception as e:
+            logger.error(f"Error creating user: {e}")
+    params = urllib.parse.urlencode(
+        {
+            "access_token": access_token,
+            "token_type": "bearer",
+        }
+    )
+    root_path = os.environ.get("CHAINLIT_ROOT_PATH", "")
+    response = RedirectResponse(
+        # FIXME: redirect to the right frontend base url to improve the dev environment
+        url=f"{root_path}/login/callback?{params}",
+    )
+    response.delete_cookie("oauth_state")
     return response
@@ -677,7 +586,16 @@ async def oauth_azure_hf_callback(
         )
     if error:
-        return _get_oauth_redirect_error(error)
+        params = urllib.parse.urlencode(
+            {
+                "error": error,
+            }
+        )
+        response = RedirectResponse(
+            # FIXME: redirect to the right frontend base url to improve the dev environment
+            url=f"/login?{params}",
+        )
+        return response
     if not code:
         raise HTTPException(
@@ -694,24 +612,40 @@ async def oauth_azure_hf_callback(
         provider_id, token, raw_user_data, default_user, id_token
     )
-    response = await _authenticate_user(user, redirect_to_callback=True)
-    clear_oauth_state_cookie(response)
+    if not user:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Unauthorized",
+        )
-    return response
+    access_token = create_jwt(user)
+    if data_layer := get_data_layer():
+        try:
+            await data_layer.create_user(user)
+        except Exception as e:
+            logger.error(f"Error creating user: {e}")
-GenericUser = Union[User, PersistedUser, None]
-UserParam = Annotated[GenericUser, Depends(get_current_user)]
+    params = urllib.parse.urlencode(
+        {
+            "access_token": access_token,
+            "token_type": "bearer",
+        }
+    )
+    root_path = os.environ.get("CHAINLIT_ROOT_PATH", "")
-@router.get("/user")
-async def get_user(current_user: UserParam) -> GenericUser:
-    return current_user
+    response = RedirectResponse(
+        # FIXME: redirect to the right frontend base url to improve the dev environment
+        url=f"{root_path}/login/callback?{params}",
+        status_code=302,
+    )
+    response.delete_cookie("oauth_state")
+    return response
 _language_pattern = (
-    "^[a-zA-Z]{2,3}(-[a-zA-Z0-9]{2,3})?(-[a-zA-Z0-9]{2,8})?(-x-[a-zA-Z0-9]{1,8})?$"
+    "^[a-zA-Z]{2,3}(-[a-zA-Z]{2,3})?(-[a-zA-Z]{2,8})?(-x-[a-zA-Z0-9]{1,8})?$"
 )
@@ -735,7 +669,7 @@ async def project_translations(
 @router.get("/project/settings")
 async def project_settings(
-    current_user: UserParam,
+    current_user: Annotated[Union[User, PersistedUser], Depends(get_current_user)],
     language: str = Query(
         default="en-US", description="Language code", pattern=_language_pattern
     ),
@@ -786,7 +720,7 @@ async def project_settings(
 async def update_feedback(
     request: Request,
     update: UpdateFeedbackRequest,
-    current_user: UserParam,
+    current_user: Annotated[Union[User, PersistedUser], Depends(get_current_user)],
 ):
     """Update the human feedback for a particular message."""
     data_layer = get_data_layer()
@@ -796,7 +730,7 @@ async def update_feedback(
     try:
         feedback_id = await data_layer.upsert_feedback(feedback=update.feedback)
     except Exception as e:
-        raise HTTPException(detail=str(e), status_code=500) from e
+        raise HTTPException(detail=str(e), status_code=500)
     return JSONResponse(content={"success": True, "feedbackId": feedback_id})
@@ -805,7 +739,7 @@ async def update_feedback(
 async def delete_feedback(
     request: Request,
     payload: DeleteFeedbackRequest,
-    current_user: UserParam,
+    current_user: Annotated[Union[User, PersistedUser], Depends(get_current_user)],
 ):
     """Delete a feedback."""
@@ -824,7 +758,7 @@ async def delete_feedback(
 async def get_user_threads(
     request: Request,
     payload: GetThreadsRequest,
-    current_user: UserParam,
+    current_user: Annotated[Union[User, PersistedUser], Depends(get_current_user)],
 ):
     """Get the threads page by page."""
@@ -833,9 +767,6 @@ async def get_user_threads(
     if not data_layer:
         raise HTTPException(status_code=400, detail="Data persistence is not enabled")
-    if not current_user:
-        raise HTTPException(status_code=401, detail="Unauthorized")
     if not isinstance(current_user, PersistedUser):
         persisted_user = await data_layer.get_user(identifier=current_user.identifier)
         if not persisted_user:
@@ -852,7 +783,7 @@ async def get_user_threads(
 async def get_thread(
     request: Request,
     thread_id: str,
-    current_user: UserParam,
+    current_user: Annotated[Union[User, PersistedUser], Depends(get_current_user)],
 ):
     """Get a specific thread."""
     data_layer = get_data_layer()
@@ -860,9 +791,6 @@ async def get_thread(
     if not data_layer:
         raise HTTPException(status_code=400, detail="Data persistence is not enabled")
-    if not current_user:
-        raise HTTPException(status_code=401, detail="Unauthorized")
     await is_thread_author(current_user.identifier, thread_id)
     res = await data_layer.get_thread(thread_id)
@@ -874,7 +802,7 @@ async def get_thread_element(
     request: Request,
     thread_id: str,
     element_id: str,
-    current_user: UserParam,
+    current_user: Annotated[Union[User, PersistedUser], Depends(get_current_user)],
 ):
     """Get a specific thread element."""
     data_layer = get_data_layer()
@@ -882,135 +810,17 @@ async def get_thread_element(
     if not data_layer:
         raise HTTPException(status_code=400, detail="Data persistence is not enabled")
-    if not current_user:
-        raise HTTPException(status_code=401, detail="Unauthorized")
     await is_thread_author(current_user.identifier, thread_id)
     res = await data_layer.get_element(thread_id, element_id)
     return JSONResponse(content=res)
-@router.put("/project/element")
-async def update_thread_element(
-    payload: ElementRequest,
-    current_user: UserParam,
-):
-    """Update a specific thread element."""
-    from chainlit.context import init_ws_context
-    from chainlit.element import CustomElement, ElementDict
-    from chainlit.session import WebsocketSession
-    session = WebsocketSession.get_by_id(payload.sessionId)
-    context = init_ws_context(session)
-    element_dict = cast(ElementDict, payload.element)
-    if element_dict["type"] != "custom":
-        return {"success": False}
-    element = CustomElement(
-        id=element_dict["id"],
-        object_key=element_dict["objectKey"],
-        chainlit_key=element_dict["chainlitKey"],
-        url=element_dict["url"],
-        for_id=element_dict.get("forId") or "",
-        thread_id=element_dict.get("threadId") or "",
-        name=element_dict["name"],
-        props=element_dict.get("props") or {},
-        display=element_dict["display"],
-    )
-    if current_user:
-        if (
-            not context.session.user
-            or context.session.user.identifier != current_user.identifier
-        ):
-            raise HTTPException(
-                status_code=401,
-                detail="You are not authorized to update elements for this session",
-            )
-    await element.send(for_id=element.for_id or "")
-    return {"success": True}
-@router.delete("/project/element")
-async def delete_thread_element(
-    payload: ElementRequest,
-    current_user: UserParam,
-):
-    """Delete a specific thread element."""
-    from chainlit.context import init_ws_context
-    from chainlit.element import CustomElement, ElementDict
-    from chainlit.session import WebsocketSession
-    session = WebsocketSession.get_by_id(payload.sessionId)
-    context = init_ws_context(session)
-    element_dict = cast(ElementDict, payload.element)
-    if element_dict["type"] != "custom":
-        return {"success": False}
-    element = CustomElement(
-        id=element_dict["id"],
-        object_key=element_dict["objectKey"],
-        chainlit_key=element_dict["chainlitKey"],
-        url=element_dict["url"],
-        for_id=element_dict.get("forId") or "",
-        thread_id=element_dict.get("threadId") or "",
-        name=element_dict["name"],
-        props=element_dict.get("props") or {},
-        display=element_dict["display"],
-    )
-    if current_user:
-        if (
-            not context.session.user
-            or context.session.user.identifier != current_user.identifier
-        ):
-            raise HTTPException(
-                status_code=401,
-                detail="You are not authorized to remove elements for this session",
-            )
-    await element.remove()
-    return {"success": True}
-@router.put("/project/thread")
-async def rename_thread(
-    request: Request,
-    payload: UpdateThreadRequest,
-    current_user: UserParam,
-):
-    """Rename a thread."""
-    data_layer = get_data_layer()
-    if not data_layer:
-        raise HTTPException(status_code=400, detail="Data persistence is not enabled")
-    if not current_user:
-        raise HTTPException(status_code=401, detail="Unauthorized")
-    thread_id = payload.threadId
-    await is_thread_author(current_user.identifier, thread_id)
-    await data_layer.update_thread(thread_id, name=payload.name)
-    return JSONResponse(content={"success": True})
 @router.delete("/project/thread")
 async def delete_thread(
     request: Request,
     payload: DeleteThreadRequest,
-    current_user: UserParam,
+    current_user: Annotated[Union[User, PersistedUser], Depends(get_current_user)],
 ):
     """Delete a thread."""
@@ -1019,9 +829,6 @@ async def delete_thread(
     if not data_layer:
         raise HTTPException(status_code=400, detail="Data persistence is not enabled")
-    if not current_user:
-        raise HTTPException(status_code=401, detail="Unauthorized")
     thread_id = payload.threadId
     await is_thread_author(current_user.identifier, thread_id)
@@ -1030,49 +837,13 @@ async def delete_thread(
     return JSONResponse(content={"success": True})
-@router.post("/project/action")
-async def call_action(
-    payload: CallActionRequest,
-    current_user: UserParam,
-):
-    """Run an action."""
-    from chainlit.action import Action
-    from chainlit.context import init_ws_context
-    from chainlit.session import WebsocketSession
-    session = WebsocketSession.get_by_id(payload.sessionId)
-    context = init_ws_context(session)
-    action = Action(**payload.action)
-    if current_user:
-        if (
-            not context.session.user
-            or context.session.user.identifier != current_user.identifier
-        ):
-            raise HTTPException(
-                status_code=401,
-                detail="You are not authorized to upload files for this session",
-            )
-    callback = config.code.action_callbacks.get(action.name)
-    if callback:
-        await callback(action)
-    else:
-        raise HTTPException(
-            status_code=404,
-            detail=f"No callback found for action {action.name}",
-        )
-    return JSONResponse(content={"success": True})
 @router.post("/project/file")
 async def upload_file(
-    current_user: UserParam,
     session_id: str,
     file: UploadFile,
+    current_user: Annotated[
+        Union[None, User, PersistedUser], Depends(get_current_user)
+    ],
 ):
     """Upload a file to the session files directory."""
@@ -1097,111 +868,30 @@ async def upload_file(
     content = await file.read()
-    assert file.filename, "No filename for uploaded file"
-    assert file.content_type, "No content type for uploaded file"
-    try:
-        validate_file_upload(file)
-    except ValueError as e:
-        raise HTTPException(status_code=400, detail=str(e))
     file_response = await session.persist_file(
         name=file.filename, content=content, mime=file.content_type
     )
-    return JSONResponse(content=file_response)
-def validate_file_upload(file: UploadFile):
-    """Validate the file upload as configured in config.features.spontaneous_file_upload.
-    Args:
-        file (UploadFile): The file to validate.
-    Raises:
-        ValueError: If the file is not allowed.
-    """
-    if config.features.spontaneous_file_upload is None:
-        """Default for a missing config is to allow the fileupload without any restrictions"""
-        return
-    if config.features.spontaneous_file_upload.enabled is False:
-        raise ValueError("File upload is not enabled")
-    validate_file_mime_type(file)
-    validate_file_size(file)
-def validate_file_mime_type(file: UploadFile):
-    """Validate the file mime type as configured in config.features.spontaneous_file_upload.
-    Args:
-        file (UploadFile): The file to validate.
-    Raises:
-        ValueError: If the file type is not allowed.
-    """
-    accept = config.features.spontaneous_file_upload.accept
-    if accept is None:
-        "Accept is not configured, allowing all file types"
-        return
-    assert (
-        isinstance(accept, List) or isinstance(accept, dict)
-    ), "Invalid configuration for spontaneous_file_upload, accept must be a list or a dict"
-    if isinstance(accept, List):
-        for pattern in accept:
-            if fnmatch.fnmatch(file.content_type, pattern):
-                return
-    elif isinstance(accept, dict):
-        for pattern, extensions in accept.items():
-            if fnmatch.fnmatch(file.content_type, pattern):
-                if len(extensions) == 0:
-                    return
-                for extension in extensions:
-                    if file.filename is not None and file.filename.endswith(extension):
-                        return
-    raise ValueError("File type not allowed")
-def validate_file_size(file: UploadFile):
-    """Validate the file size as configured in config.features.spontaneous_file_upload.
-    Args:
-        file (UploadFile): The file to validate.
-    Raises:
-        ValueError: If the file size is too large.
-    """
-    if config.features.spontaneous_file_upload.max_size_mb is None:
-        return
-    if (
-        file.size is not None
-        and file.size
-        > config.features.spontaneous_file_upload.max_size_mb * 1024 * 1024
-    ):
-        raise ValueError("File size too large")
+    return JSONResponse(file_response)
 @router.get("/project/file/{file_id}")
 async def get_file(
     file_id: str,
-    session_id: str,
-    current_user: UserParam,
+    session_id: Optional[str] = None,
 ):
     """Get a file from the session files directory."""
     from chainlit.session import WebsocketSession
     session = WebsocketSession.get_by_id(session_id) if session_id else None
     if not session:
         raise HTTPException(
-            status_code=401,
-            detail="Unauthorized",
+            status_code=404,
+            detail="Session not found",
         )
-    if current_user:
-        if not session.user or session.user.identifier != current_user.identifier:
-            raise HTTPException(
-                status_code=401,
-                detail="You are not authorized to download files from this session",
-            )
     if file_id in session.files:
         file = session.files[file_id]
         return FileResponse(file["path"], media_type=file["type"])
@@ -1212,7 +902,7 @@ async def get_file(
 @router.get("/files/{filename:path}")
 async def serve_file(
     filename: str,
-    current_user: UserParam,
+    current_user: Annotated[Union[User, PersistedUser], Depends(get_current_user)],
 ):
     """Serve a file from the local filesystem."""
@@ -1271,7 +961,7 @@ async def get_logo(theme: Optional[Theme] = Query(Theme.light)):
 @router.get("/avatars/{avatar_id:str}")
 async def get_avatar(avatar_id: str):
     """Get the avatar for the user based on the avatar_id."""
-    if not re.match(r"^[a-zA-Z0-9_ -]+$", avatar_id):
+    if not re.match(r"^[a-zA-Z0-9_-]+$", avatar_id):
         raise HTTPException(status_code=400, detail="Invalid avatar_id")
     if avatar_id == "default":

chainlit 2.0.0__py3-none-any.whl → 2.0.dev0__py3-none-any.whl

Potentially problematic release.

chainlit 2.0.0py3-none-any.whl → 2.0.dev0py3-none-any.whl