24 multi user support

.env.example

@@ -11,3 +11,5 @@ RANDOM_SEQ_ENCLOSURE_LENGTH=20
 SYSTEM_ROLE="Your role is to assist the user with work-related tasks, such as sending emails. You should maintain a professional tone and try to be helpful. Before sending an email, always check the subject and body of the email with the user before sending it."
 # List of allowed emails or email domains, comma separated 
 EMAIL_WHITELIST=kate@hotmail.com,bob@hotmail.com,@scottlogic.com
+# Session secret 
+SESSION_SECRET=YOUR_SESSION_SECRET

backend/app.js

@@ -2,6 +2,7 @@ const express = require("express");
 const router = require("./router");
 const dotenv = require("dotenv");
 const cors = require("cors");
+const session = require("express-session");
 const { initOpenAi } = require("./openai");
 
 dotenv.config();
@@ -13,19 +14,37 @@ const port = process.env.PORT || 3001;
 const app = express();
 // for parsing application/json
 app.use(express.json());
+// use session
+app.use(
+  session({
+    secret: process.env.SESSION_SECRET,
+    resave: false,
+    saveUninitialized: true,
+  })
+);
 
 // initialise openai
 initOpenAi();
 
-app.use(cors());
-app.options("*", cors());
+app.use(
+  cors({
+    credentials: true,
+    origin: true,
+  })
+);
 
 app.use(function (req, res, next) {
-  res.header("Access-Control-Allow-Origin", "*");
-  res.header(
-    "Access-Control-Allow-Headers",
-    "Origin, X-Requested-With, Content-Type, Accept"
-  );
+  // initialise session variables
+  if (!req.session.chatHistory) {
+    req.session.chatHistory = [];
+  }
+  if (!req.session.sentEmails) {
+    req.session.sentEmails = [];
+  }
+  if (!req.session.activeDefences) {
+    req.session.activeDefences = [];
+  }
+
   next();
 });
 

backend/defence.js

@@ -1,46 +1,22 @@
-// keep track of active defences as flags
-const defenceEnums = [
-  "CHARACTER_LIMIT",
-  "RANDOM_SEQUENCE_ENCLOSURE",
-  "SYSTEM_ROLE",
-  "XML_TAGGING",
-  "EMAIL_WHITELIST"
-];
-// all defences start inactive
-const defences = defenceEnums.map((defence) => {
-  return { id: defence, isActive: false };
-});
-
 // activate a defence
-function activateDefence(id) {
-  const defence = defences.find((defence) => defence.id === id);
-  if (defence) {
-    defence.isActive = true;
+function activateDefence(id, activeDefences) {
+  // add to the list of active defences if it's not already there
+  if (!activeDefences.find((defence) => defence === id)) {
+    activeDefences.push(id);
   }
-  return defence;
+  // return the updated list of defences
+  return activeDefences;
 }
 
 // deactivate a defence
-function deactivateDefence(id) {
-  const defence = defences.find((defence) => defence.id === id);
-  if (defence) {
-    defence.isActive = false;
-  }
-  return defence;
-}
-
-// get the status of all defences
-function getDefences() {
-  return defences;
+function deactivateDefence(id, activeDefences) {
+  // return the updated list of defences
+  return activeDefences.filter((defence) => defence !== id);
 }
 
 // get the status of a single defence
-function isDefenceActive(id) {
-  const defence = defences.find((defence) => defence.id === id);
-  if (defence) {
-    return defence.isActive;
-  }
-  return false;
+function isDefenceActive(id, activeDefences) {
+  return activeDefences.find((defence) => defence === id);
 }
 
 function generate_random_string(string_length) {
@@ -105,12 +81,12 @@ function transformXmlTagging(message) {
 }
 
 //apply defence string transformations to original message
-function transformMessage(message) {
+function transformMessage(message, activeDefences) {
   let transformedMessage = message;
-  if (isDefenceActive("RANDOM_SEQUENCE_ENCLOSURE")) {
+  if (isDefenceActive("RANDOM_SEQUENCE_ENCLOSURE", activeDefences)) {
     transformedMessage = transformRandomSequenceEnclosure(transformedMessage);
   }
-  if (isDefenceActive("XML_TAGGING")) {
+  if (isDefenceActive("XML_TAGGING", activeDefences)) {
     transformedMessage = transformXmlTagging(transformedMessage);
   }
   if (message == transformedMessage) {
@@ -123,26 +99,8 @@ function transformMessage(message) {
   return transformedMessage;
 }
 
-// check if email is in whitelist
-function isEmailInWhitelist(emailAddress) {
-  // get the domain from email
-  const emailAddressDomain = emailAddress.split("@")[1];
-  const emailWhitelist = process.env.EMAIL_WHITELIST.split(",");
-  // find email domains in whitelist (start with @)
-  const emailDomainWhitelist = emailWhitelist.filter(email => email.startsWith("@"));
-
-  // check if the users email domain is in the domain whitelist
-  for (let i = 0; i < emailDomainWhitelist.length; i++) {
-    if (emailAddressDomain.endsWith(emailDomainWhitelist[i].substring(1))) {
-      return true;
-    }
-  }
-  // otherwise check if their full email is whitelisted
-  return emailWhitelist.includes(emailAddress);
-}
-
-// detects triggered defences in original message and blocks the message if necessary 
-function detectTriggeredDefences(message) {
+// detects triggered defences in original message and blocks the message if necessary
+function detectTriggeredDefences(message, activeDefences) {
   // keep track of any triggered defences
   const defenceInfo = { blocked: false, triggeredDefences: [] };
   const maxMessageLength = process.env.MAX_MESSAGE_LENGTH || 280;
@@ -152,7 +110,7 @@ function detectTriggeredDefences(message) {
     // add the defence to the list of triggered defences
     defenceInfo.triggeredDefences.push("CHARACTER_LIMIT");
     // check if the defence is active
-    if (isDefenceActive("CHARACTER_LIMIT")) {
+    if (isDefenceActive("CHARACTER_LIMIT", activeDefences)) {
       // block the message
       defenceInfo.blocked = true;
       // return the defence info
@@ -171,9 +129,7 @@ function detectTriggeredDefences(message) {
 module.exports = {
   activateDefence,
   deactivateDefence,
-  getDefences,
   isDefenceActive,
   transformMessage,
   detectTriggeredDefences,
-  isEmailInWhitelist
 };

backend/email.js

@@ -1,31 +1,47 @@
-const sentEmails = [];
-
-function clearEmails() {
-  sentEmails.length = 0;
+// return the whitelist of emails and domains, or domains only
+function getEmailWhitelist() {
+  const emailWhitelist = process.env.EMAIL_WHITELIST.split(",");
+  return "Whitelisted emails and domains are: " + emailWhitelist;
 }
 
-function getSentEmails() {
-  return sentEmails;
+// check if email is in whitelist
+function isEmailInWhitelist(emailAddress) {
+  // get the domain from email
+  const emailAddressDomain = emailAddress.split("@")[1];
+  const emailWhitelist = process.env.EMAIL_WHITELIST.split(",");
+  // find email domains in whitelist (start with @)
+  const emailDomainWhitelist = emailWhitelist.filter((email) =>
+    email.startsWith("@")
+  );
+
+  // check if the users email domain is in the domain whitelist
+  for (let i = 0; i < emailDomainWhitelist.length; i++) {
+    if (emailAddressDomain.endsWith(emailDomainWhitelist[i].substring(1))) {
+      return true;
+    }
+  }
+  // otherwise check if their full email is whitelisted
+  return emailWhitelist.includes(emailAddress);
 }
 
-function sendEmail(email, subject, message) {
+function sendEmail(address, subject, body, session) {
   // add to the list of sent emails
-  sentEmails.push({ address: email, subject: subject, content: message });
-  response =
-    "Sending email to " +
-    email +
+  const email = { address: address, subject: subject, content: body };
+  const response =
+    "Email sent to " +
+    address +
     " with subject " +
     subject +
-    " and message " +
-    message;
+    " and body " +
+    body;
   console.log(response);
+  // add the sent email to the session
+  session.sentEmails.push(email);
   return response;
 }
 
-// return the whitelist of emails and domains, or domains only
-function getEmailWhitelist(){
-  const emailWhitelist = process.env.EMAIL_WHITELIST.split(",");
-  return "Whitelisted emails and domains are: " + emailWhitelist;
-}
-
-module.exports = { clearEmails, getSentEmails, sendEmail, getEmailWhitelist };
+module.exports = {
+  getEmailWhitelist,
+  isEmailInWhitelist,
+  sendEmail,
+};