✨ Backend preparation for "Sign in with HF" (#190)

.env

@@ -5,6 +5,11 @@ MONGODB_URL=#your mongodb URL here
 MONGODB_DB_NAME=chat-ui
 COOKIE_NAME=hf-chat
 HF_ACCESS_TOKEN=#hf_<token> from from https://huggingface.co/settings/token
+
+# Parameters to enable "Sign in with HF"
+HF_CLIENT_ID=
+HF_CLIENT_SECRET=
+
 # 'name', 'userMessageToken', 'assistantMessageToken', 'parameters' are required
 MODELS=`[
   {

src/app.d.ts

@@ -1,6 +1,8 @@
 /// <reference types="@sveltejs/kit" />
 /// <reference types="unplugin-icons/types/svelte" />
 
+import type { ObjectId } from "mongodb";
+
 // See https://kit.svelte.dev/docs/types#app
 // for information about these interfaces
 declare global {
@@ -8,6 +10,7 @@ declare global {
 		// interface Error {}
 		interface Locals {
 			sessionId: string;
+			userId?: ObjectId;
 		}
 		// interface PageData {}
 		// interface Platform {}

src/hooks.server.ts

@@ -8,38 +8,61 @@ import {
 import { addYears } from "date-fns";
 import { collections } from "$lib/server/database";
 import { base } from "$app/paths";
+import { requiresUser } from "$lib/server/auth";
 
 export const handle: Handle = async ({ event, resolve }) => {
 	const token = event.cookies.get(COOKIE_NAME);
 
 	event.locals.sessionId = token || crypto.randomUUID();
 
+	const user = await collections.users.findOne({ sessionId: event.locals.sessionId });
+
+	if (user) {
+		event.locals.userId = user._id;
+	}
+
 	if (
-		event.request.method === "POST" &&
-		!event.url.pathname.startsWith(`${base}/settings`) &&
-		!event.url.pathname.startsWith(`${base}/admin`)
+		!event.url.pathname.startsWith(`${base}/admin`) &&
+		!["GET", "OPTIONS", "HEAD"].includes(event.request.method)
 	) {
-		const hasAcceptedEthicsModal = await collections.settings.countDocuments({
-			sessionId: event.locals.sessionId,
-			ethicsModalAcceptedAt: { $exists: true },
-		});
+		const sendJson =
+			event.request.headers.get("accept")?.includes("application/json") ||
+			event.request.headers.get("content-type")?.includes("application/json");
 
-		if (!hasAcceptedEthicsModal) {
-			const sendJson =
-				event.request.headers.get("accept")?.includes("application/json") ||
-				event.request.headers.get("content-type")?.includes("application/json");
+		if (!user && requiresUser) {
 			return new Response(
 				sendJson
-					? JSON.stringify({ error: "You need to accept the welcome modal first" })
-					: "You need to accept the welcome modal first",
+					? JSON.stringify({ error: "You need to be logged in first" })
+					: "You need to be logged in first",
 				{
-					status: 405,
+					status: 401,
 					headers: {
 						"content-type": sendJson ? "application/json" : "text/plain",
 					},
 				}
 			);
 		}
+
+		if (!event.url.pathname.startsWith(`${base}/settings`)) {
+			const hasAcceptedEthicsModal = await collections.settings.countDocuments({
+				sessionId: event.locals.sessionId,
+				ethicsModalAcceptedAt: { $exists: true },
+			});
+
+			if (!hasAcceptedEthicsModal) {
+				return new Response(
+					sendJson
+						? JSON.stringify({ error: "You need to accept the welcome modal first" })
+						: "You need to accept the welcome modal first",
+					{
+						status: 405,
+						headers: {
+							"content-type": sendJson ? "application/json" : "text/plain",
+						},
+					}
+				);
+			}
+		}
 	}
 
 	// Refresh cookie expiration date

src/lib/server/auth.ts

@@ -0,0 +1,9 @@
+import { HF_CLIENT_ID, HF_CLIENT_SECRET } from "$env/static/private";
+
+export const requiresUser = !!HF_CLIENT_ID && !!HF_CLIENT_SECRET;
+
+export const authCondition = (locals: App.Locals) => {
+	return locals.userId
+		? { userId: locals.userId }
+		: { sessionId: locals.sessionId, userId: { $exists: false } };
+};

src/lib/server/database.ts

@@ -4,6 +4,7 @@ import type { Conversation } from "$lib/types/Conversation";
 import type { SharedConversation } from "$lib/types/SharedConversation";
 import type { AbortedGeneration } from "$lib/types/AbortedGeneration";
 import type { Settings } from "$lib/types/Settings";
+import type { User } from "$lib/types/User";
 
 const client = new MongoClient(MONGODB_URL, {
 	// directConnection: true
@@ -17,15 +18,35 @@ const conversations = db.collection<Conversation>("conversations");
 const sharedConversations = db.collection<SharedConversation>("sharedConversations");
 const abortedGenerations = db.collection<AbortedGeneration>("abortedGenerations");
 const settings = db.collection<Settings>("settings");
+const users = db.collection<User>("users");
 
 export { client, db };
-export const collections = { conversations, sharedConversations, abortedGenerations, settings };
+export const collections = {
+	conversations,
+	sharedConversations,
+	abortedGenerations,
+	settings,
+	users,
+};
 
 client.on("open", () => {
-	conversations.createIndex({ sessionId: 1, updatedAt: -1 });
-	abortedGenerations.createIndex({ updatedAt: 1 }, { expireAfterSeconds: 30 });
-	abortedGenerations.createIndex({ conversationId: 1 }, { unique: true });
-	sharedConversations.createIndex({ hash: 1 }, { unique: true });
-	// Sparse so that we can have settings on userId later
-	settings.createIndex({ sessionId: 1 }, { unique: true, sparse: true });
+	conversations
+		.createIndex(
+			{ sessionId: 1, updatedAt: -1 },
+			{ partialFilterExpression: { sessionId: { $exists: true } } }
+		)
+		.catch(console.error);
+	conversations
+		.createIndex(
+			{ userId: 1, updatedAt: -1 },
+			{ partialFilterExpression: { userId: { $exists: true } } }
+		)
+		.catch(console.error);
+	abortedGenerations.createIndex({ updatedAt: 1 }, { expireAfterSeconds: 30 }).catch(console.error);
+	abortedGenerations.createIndex({ conversationId: 1 }, { unique: true }).catch(console.error);
+	sharedConversations.createIndex({ hash: 1 }, { unique: true }).catch(console.error);
+	settings.createIndex({ sessionId: 1 }, { unique: true, sparse: true }).catch(console.error);
+	settings.createIndex({ userId: 1 }, { unique: true, sparse: true }).catch(console.error);
+	users.createIndex({ hfUserId: 1 }, { unique: true }).catch(console.error);
+	users.createIndex({ sessionId: 1 }, { unique: true, sparse: true }).catch(console.error);
 });

src/lib/types/Conversation.ts

@@ -1,12 +1,13 @@
 import type { ObjectId } from "mongodb";
 import type { Message } from "./Message";
 import type { Timestamps } from "./Timestamps";
+import type { User } from "./User";
 
 export interface Conversation extends Timestamps {
 	_id: ObjectId;
 
-	// Can be undefined for shared convo then deleted
-	sessionId: string;
+	sessionId?: string;
+	userId?: User["_id"];
 
 	model: string;
 

src/lib/types/Settings.ts

@@ -1,7 +1,9 @@
 import type { Timestamps } from "./Timestamps";
+import type { User } from "./User";
 
 export interface Settings extends Timestamps {
-	sessionId: string;
+	userId?: User["_id"];
+	sessionId?: string;
 
 	/**
 	 * Note: Only conversations with this settings explictly set to true should be shared.

src/lib/types/User.ts

@@ -0,0 +1,14 @@
+import type { ObjectId } from "mongodb";
+import type { Timestamps } from "./Timestamps";
+
+export interface User extends Timestamps {
+	_id: ObjectId;
+
+	username: string;
+	name: string;
+	avatarUrl: string;
+	hfUserId: string;
+
+	// Session identifier, stored in the cookie
+	sessionId?: string;
+}

src/routes/+layout.server.ts

@@ -5,6 +5,7 @@ import type { Conversation } from "$lib/types/Conversation";
 import { UrlDependency } from "$lib/types/UrlDependency";
 import { defaultModel, models } from "$lib/server/models";
 import { validateModel } from "$lib/utils/models";
+import { authCondition } from "$lib/server/auth";
 
 export const load: LayoutServerLoad = async ({ locals, depends, url }) => {
 	const { conversations } = collections;
@@ -17,7 +18,7 @@ export const load: LayoutServerLoad = async ({ locals, depends, url }) => {
 
 		if (isValidModel) {
 			await collections.settings.updateOne(
-				{ sessionId: locals.sessionId },
+				authCondition(locals),
 				{ $set: { activeModel: urlModel } },
 				{ upsert: true }
 			);
@@ -26,13 +27,11 @@ export const load: LayoutServerLoad = async ({ locals, depends, url }) => {
 		throw redirect(302, url.pathname);
 	}
 
-	const settings = await collections.settings.findOne({ sessionId: locals.sessionId });
+	const settings = await collections.settings.findOne(authCondition(locals));
 
 	return {
 		conversations: await conversations
-			.find({
-				sessionId: locals.sessionId,
-			})
+			.find(authCondition(locals))
 			.sort({ updatedAt: -1 })
 			.project<Pick<Conversation, "title" | "model" | "_id" | "updatedAt" | "createdAt">>({
 				title: 1,

src/routes/+page.svelte

@@ -4,7 +4,7 @@
 	import ChatWindow from "$lib/components/chat/ChatWindow.svelte";
 	import { ERROR_MESSAGES, error } from "$lib/stores/errors";
 	import { pendingMessage } from "$lib/stores/pendingMessage";
-	import { findCurrentModel } from "$lib/utils/models.js";
+	import { findCurrentModel } from "$lib/utils/models";
 
 	export let data;
 	let loading = false;

src/routes/admin/export/+server.ts

@@ -3,8 +3,8 @@ import {
 	PARQUET_EXPORT_HF_TOKEN,
 	PARQUET_EXPORT_SECRET,
 } from "$env/static/private";
-import { collections } from "$lib/server/database.js";
-import type { Message } from "$lib/types/Message.js";
+import { collections } from "$lib/server/database";
+import type { Message } from "$lib/types/Message";
 import { error } from "@sveltejs/kit";
 import { pathToFileURL } from "node:url";
 import { unlink } from "node:fs/promises";

src/routes/conversation/+server.ts

@@ -7,9 +7,10 @@ import { z } from "zod";
 import type { Message } from "$lib/types/Message";
 import { models } from "$lib/server/models";
 import { validateModel } from "$lib/utils/models";
+import { authCondition } from "$lib/server/auth";
 
-export const POST: RequestHandler = async (input) => {
-	const body = await input.request.text();
+export const POST: RequestHandler = async ({ locals, request }) => {
+	const body = await request.text();
 
 	let title = "";
 	let messages: Message[] = [];
@@ -39,14 +40,12 @@ export const POST: RequestHandler = async (input) => {
 		_id: new ObjectId(),
 		title:
 			title ||
-			"Untitled " +
-				((await collections.conversations.countDocuments({ sessionId: input.locals.sessionId })) +
-					1),
+			"Untitled " + ((await collections.conversations.countDocuments(authCondition(locals))) + 1),
 		messages,
 		model: values.model,
 		createdAt: new Date(),
 		updatedAt: new Date(),
-		sessionId: input.locals.sessionId,
+		...(locals.userId ? { userId: locals.userId } : { sessionId: locals.sessionId }),
 		...(values.fromShare ? { meta: { fromShareId: values.fromShare } } : {}),
 	});
 

src/routes/conversation/[id]/+page.server.ts

@@ -1,19 +1,19 @@
-import type { PageServerLoad } from "./$types";
 import { collections } from "$lib/server/database";
 import { ObjectId } from "mongodb";
 import { error } from "@sveltejs/kit";
+import { authCondition } from "$lib/server/auth";
 
-export const load: PageServerLoad = async (event) => {
+export const load = async ({ params, locals }) => {
 	// todo: add validation on params.id
 	const conversation = await collections.conversations.findOne({
-		_id: new ObjectId(event.params.id),
-		sessionId: event.locals.sessionId,
+		_id: new ObjectId(params.id),
+		...authCondition(locals),
 	});
 
 	if (!conversation) {
 		const conversationExists =
 			(await collections.conversations.countDocuments({
-				_id: new ObjectId(event.params.id),
+				_id: new ObjectId(params.id),
 			})) !== 0;
 
 		if (conversationExists) {

src/routes/conversation/[id]/+page.svelte

@@ -11,7 +11,7 @@
 	import { UrlDependency } from "$lib/types/UrlDependency";
 	import { ERROR_MESSAGES, error } from "$lib/stores/errors";
 	import { randomUUID } from "$lib/utils/randomUuid";
-	import { findCurrentModel } from "$lib/utils/models.js";
+	import { findCurrentModel } from "$lib/utils/models";
 
 	export let data;
 

src/routes/conversation/[id]/+server.ts

@@ -1,14 +1,15 @@
-import { buildPrompt } from "$lib/buildPrompt.js";
-import { PUBLIC_SEP_TOKEN } from "$lib/constants/publicSepToken.js";
-import { abortedGenerations } from "$lib/server/abortedGenerations.js";
-import { collections } from "$lib/server/database.js";
-import { modelEndpoint } from "$lib/server/modelEndpoint.js";
-import { models } from "$lib/server/models.js";
-import type { Message } from "$lib/types/Message.js";
-import { concatUint8Arrays } from "$lib/utils/concatUint8Arrays.js";
+import { buildPrompt } from "$lib/buildPrompt";
+import { PUBLIC_SEP_TOKEN } from "$lib/constants/publicSepToken";
+import { abortedGenerations } from "$lib/server/abortedGenerations";
+import { authCondition } from "$lib/server/auth";
+import { collections } from "$lib/server/database";
+import { modelEndpoint } from "$lib/server/modelEndpoint";
+import { models } from "$lib/server/models";
+import type { Message } from "$lib/types/Message";
+import { concatUint8Arrays } from "$lib/utils/concatUint8Arrays";
 import { streamToAsyncIterable } from "$lib/utils/streamToAsyncIterable";
-import { trimPrefix } from "$lib/utils/trimPrefix.js";
-import { trimSuffix } from "$lib/utils/trimSuffix.js";
+import { trimPrefix } from "$lib/utils/trimPrefix";
+import { trimSuffix } from "$lib/utils/trimSuffix";
 import type { TextGenerationStreamOutput } from "@huggingface/inference";
 import { error } from "@sveltejs/kit";
 import { ObjectId } from "mongodb";
@@ -21,7 +22,7 @@ export async function POST({ request, fetch, locals, params }) {
 
 	const conv = await collections.conversations.findOne({
 		_id: convId,
-		sessionId: locals.sessionId,
+		...authCondition(locals),
 	});
 
 	if (!conv) {
@@ -139,7 +140,7 @@ export async function DELETE({ locals, params }) {
 
 	const conv = await collections.conversations.findOne({
 		_id: convId,
-		sessionId: locals.sessionId,
+		...authCondition(locals),
 	});
 
 	if (!conv) {
@@ -228,7 +229,7 @@ export async function PATCH({ request, locals, params }) {
 
 	const conv = await collections.conversations.findOne({
 		_id: convId,
-		sessionId: locals.sessionId,
+		...authCondition(locals),
 	});
 
 	if (!conv) {

src/routes/conversation/[id]/message/[messageId]/prompt/+server.ts

@@ -1,6 +1,7 @@
-import { buildPrompt } from "$lib/buildPrompt.js";
+import { buildPrompt } from "$lib/buildPrompt";
+import { authCondition } from "$lib/server/auth";
 import { collections } from "$lib/server/database";
-import { models } from "$lib/server/models.js";
+import { models } from "$lib/server/models";
 import { error } from "@sveltejs/kit";
 import { ObjectId } from "mongodb";
 
@@ -9,7 +10,7 @@ export async function GET({ params, locals }) {
 
 	const conv = await collections.conversations.findOne({
 		_id: convId,
-		sessionId: locals.sessionId,
+		...authCondition(locals),
 	});
 
 	if (!conv) {

src/routes/conversation/[id]/share/+server.ts

@@ -1,8 +1,9 @@
 import { base } from "$app/paths";
 import { PUBLIC_ORIGIN } from "$env/static/public";
-import { collections } from "$lib/server/database.js";
-import type { SharedConversation } from "$lib/types/SharedConversation.js";
-import { sha256 } from "$lib/utils/sha256.js";
+import { authCondition } from "$lib/server/auth";
+import { collections } from "$lib/server/database";
+import type { SharedConversation } from "$lib/types/SharedConversation";
+import { sha256 } from "$lib/utils/sha256";
 import { error } from "@sveltejs/kit";
 import { ObjectId } from "mongodb";
 import { nanoid } from "nanoid";
@@ -10,7 +11,7 @@ import { nanoid } from "nanoid";
 export async function POST({ params, url, locals }) {
 	const conversation = await collections.conversations.findOne({
 		_id: new ObjectId(params.id),
-		sessionId: locals.sessionId,
+		...authCondition(locals),
 	});
 
 	if (!conversation) {

src/routes/conversation/[id]/stop-generating/+server.ts

@@ -1,3 +1,4 @@
+import { authCondition } from "$lib/server/auth";
 import { collections } from "$lib/server/database";
 import { error } from "@sveltejs/kit";
 import { ObjectId } from "mongodb";
@@ -10,7 +11,7 @@ export async function POST({ params, locals }) {
 
 	const conversation = await collections.conversations.findOne({
 		_id: conversationId,
-		sessionId: locals.sessionId,
+		...authCondition(locals),
 	});
 
 	if (!conversation) {

src/routes/conversation/[id]/summarize/+server.ts

@@ -1,10 +1,11 @@
 import { buildPrompt } from "$lib/buildPrompt";
-import { PUBLIC_SEP_TOKEN } from "$lib/constants/publicSepToken.js";
-import { collections } from "$lib/server/database.js";
-import { modelEndpoint } from "$lib/server/modelEndpoint.js";
-import { defaultModel } from "$lib/server/models.js";
-import { trimPrefix } from "$lib/utils/trimPrefix.js";
-import { trimSuffix } from "$lib/utils/trimSuffix.js";
+import { PUBLIC_SEP_TOKEN } from "$lib/constants/publicSepToken";
+import { authCondition } from "$lib/server/auth";
+import { collections } from "$lib/server/database";
+import { modelEndpoint } from "$lib/server/modelEndpoint";
+import { defaultModel } from "$lib/server/models";
+import { trimPrefix } from "$lib/utils/trimPrefix";
+import { trimSuffix } from "$lib/utils/trimSuffix";
 import { textGeneration } from "@huggingface/inference";
 import { error } from "@sveltejs/kit";
 import { ObjectId } from "mongodb";
@@ -14,7 +15,7 @@ export async function POST({ params, locals, fetch }) {
 
 	const conversation = await collections.conversations.findOne({
 		_id: convId,
-		sessionId: locals.sessionId,
+		...authCondition(locals),
 	});
 
 	if (!conversation) {
@@ -56,7 +57,7 @@ export async function POST({ params, locals, fetch }) {
 		await collections.conversations.updateOne(
 			{
 				_id: convId,
-				sessionId: locals.sessionId,
+				...authCondition(locals),
 			},
 			{
 				$set: { title: generated_text },

src/routes/r/[id]/message/[messageId]/prompt/+server.ts

@@ -1,6 +1,6 @@
-import { buildPrompt } from "$lib/buildPrompt.js";
+import { buildPrompt } from "$lib/buildPrompt";
 import { collections } from "$lib/server/database";
-import { models } from "$lib/server/models.js";
+import { models } from "$lib/server/models";
 import { error } from "@sveltejs/kit";
 
 export async function GET({ params }) {

src/routes/settings/+page.server.ts

@@ -3,7 +3,8 @@ import { collections } from "$lib/server/database";
 import { redirect } from "@sveltejs/kit";
 import { z } from "zod";
 import { defaultModel, models } from "$lib/server/models";
-import { validateModel } from "$lib/utils/models.js";
+import { validateModel } from "$lib/utils/models";
+import { authCondition } from "$lib/server/auth";
 
 export const actions = {
 	default: async function ({ request, locals }) {
@@ -22,9 +23,7 @@ export const actions = {
 			});
 
 		await collections.settings.updateOne(
-			{
-				sessionId: locals.sessionId,
-			},
+			authCondition(locals),
 			{
 				$set: {
 					...settings,