-
Notifications
You must be signed in to change notification settings - Fork 58
Properly handle unknown conversation_id #634
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Properly handle unknown conversation_id #634
Conversation
WalkthroughThe query endpoint now returns HTTP 404 with "Conversation not found" when a conversation is missing or not owned by the user; log message text and argument order were adjusted. A unit test asserting the 404 behaviour was added (duplicated in the file). Changes
Sequence Diagram(s)sequenceDiagram
autonumber
actor User
participant API as Query Endpoint
participant Auth as Auth/Ownership Validator
participant Store as Conversation Store
User->>API: POST /query {conversation_id, ...}
API->>Auth: validate_conversation_ownership(user_id, conversation_id)
alt ownership missing or not found
Auth-->>API: None
API-->>User: 404 Not Found ("Conversation not found")
note right of API #D9EAD3: Log updated: conversation_id first, then user_id
else ownership valid
Auth-->>API: ownership ok
API->>Store: fetch/process conversation data
Store-->>API: result
API-->>User: 200 OK (response)
end
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Poem
Pre-merge checks and finishing touches❌ Failed checks (2 warnings)
✅ Passed checks (3 passed)
✨ Finishing touches
🧪 Generate unit tests (beta)
📜 Recent review detailsConfiguration used: CodeRabbit UI Review profile: CHILL Plan: Pro 📒 Files selected for processing (2)
🚧 Files skipped from review as they are similar to previous changes (1)
🧰 Additional context used📓 Path-based instructions (3)**/*.py📄 CodeRabbit inference engine (CLAUDE.md)
Files:
tests/{unit,integration}/**/*.py📄 CodeRabbit inference engine (CLAUDE.md)
Files:
tests/**/*.py📄 CodeRabbit inference engine (CLAUDE.md)
Files:
🧬 Code graph analysis (1)tests/unit/app/endpoints/test_query.py (3)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 1
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (2)
src/app/endpoints/query.py(1 hunks)tests/unit/app/endpoints/test_query.py(1 hunks)
🧰 Additional context used
📓 Path-based instructions (7)
**/*.py
📄 CodeRabbit inference engine (CLAUDE.md)
**/*.py: All modules start with descriptive module-level docstrings explaining purpose
Use logger = logging.getLogger(name) for module logging after import logging
Define type aliases at module level for clarity
All functions require docstrings with brief descriptions
Provide complete type annotations for all function parameters and return types
Use typing_extensions.Self in model validators where appropriate
Use modern union syntax (str | int) and Optional[T] or T | None consistently
Function names use snake_case with descriptive, action-oriented prefixes (get_, validate_, check_)
Avoid in-place parameter modification; return new data structures instead of mutating arguments
Use appropriate logging levels: debug, info, warning, error with clear messages
All classes require descriptive docstrings explaining purpose
Class names use PascalCase with conventional suffixes (Configuration, Error/Exception, Resolver, Interface)
Abstract base classes should use abc.ABC and @AbstractMethod for interfaces
Provide complete type annotations for all class attributes
Follow Google Python docstring style for modules, classes, and functions, including Args, Returns, Raises, Attributes sections as needed
Files:
tests/unit/app/endpoints/test_query.pysrc/app/endpoints/query.py
tests/{unit,integration}/**/*.py
📄 CodeRabbit inference engine (CLAUDE.md)
tests/{unit,integration}/**/*.py: Use pytest for all unit and integration tests
Do not use unittest in tests; pytest is the standard
Files:
tests/unit/app/endpoints/test_query.py
tests/**/*.py
📄 CodeRabbit inference engine (CLAUDE.md)
tests/**/*.py: Use pytest-mock to create AsyncMock objects for async interactions in tests
Use the shared auth mock constant: MOCK_AUTH = ("mock_user_id", "mock_username", False, "mock_token") in tests
Files:
tests/unit/app/endpoints/test_query.py
src/**/*.py
📄 CodeRabbit inference engine (CLAUDE.md)
Use absolute imports for internal modules (e.g., from auth import get_auth_dependency)
Files:
src/app/endpoints/query.py
src/app/**/*.py
📄 CodeRabbit inference engine (CLAUDE.md)
Use standard FastAPI imports (from fastapi import APIRouter, HTTPException, Request, status, Depends) in FastAPI app code
Files:
src/app/endpoints/query.py
src/{app/**/*.py,client.py}
📄 CodeRabbit inference engine (CLAUDE.md)
Use async def for I/O-bound operations and external API calls
Files:
src/app/endpoints/query.py
src/app/endpoints/**/*.py
📄 CodeRabbit inference engine (CLAUDE.md)
In API endpoints, raise FastAPI HTTPException with appropriate status codes for error handling
Files:
src/app/endpoints/query.py
🧬 Code graph analysis (1)
tests/unit/app/endpoints/test_query.py (3)
tests/unit/app/endpoints/test_conversations.py (1)
dummy_request(30-40)src/models/requests.py (1)
QueryRequest(72-222)src/app/endpoints/query.py (1)
query_endpoint_handler(212-389)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
- GitHub Check: e2e_tests (ci)
🔇 Additional comments (2)
src/app/endpoints/query.py (1)
259-269: LGTM: Status code change from 403 to 404 is appropriate.The change from
HTTP_403_FORBIDDENtoHTTP_404_NOT_FOUNDwhen a conversation is not found correctly aligns the response with REST semantics. Returning 404 for both non-existent and not-owned conversations also prevents information disclosure about which conversation IDs exist in the system, which is a good security practice.The log parameter order fix (conversation_id before user_id) now matches the format string placeholders.
tests/unit/app/endpoints/test_query.py (1)
2033-2052: No duplicate test definition found. Verified only one occurrence oftest_query_endpoint_handler_conversation_not_foundintests/unit/app/endpoints/test_query.py; no removal needed.Likely an incorrect or invalid review comment.
10de8d1 to
8a036c0
Compare
tisnik
left a comment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
8a036c0 to
0b3ebd5
Compare
Description
Type of change
Related Tickets & Documents
Checklist before requesting a review
Testing
Summary by CodeRabbit
Bug Fixes
Tests