Improvements to Flutter client (#1042)

* Chat improvements * Delete/reset account via API for Flutter app * Fix tests. * Add "contact us" to settings * Update mobile/lib/screens/chat_conversation_screen.dart Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> Signed-off-by: Juan José Mata <jjmata@jjmata.com> * Improve LLM special token detection * Deactivated user shouldn't have API working * Fix tests * API-Key usage * Flutter app launch failure on no network * Handle deletion/reset delays * Local cached data may become stale * Use X-Api-Key correctly! --------- Signed-off-by: Juan José Mata <jjmata@jjmata.com> Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
2026-04-17 19:14:11 +00:00 · 2026-02-22 21:22:32 -05:00
parent b1b2793e43
commit ad3087f1dd
15 changed files with 716 additions and 53 deletions
--- a/app/controllers/api/v1/base_controller.rb
+++ b/app/controllers/api/v1/base_controller.rb
@@ -73,6 +73,11 @@ class Api::V1::BaseController < ApplicationController
          render_json({ error: "unauthorized", message: "Access token is invalid - user not found" }, status: :unauthorized)
          return false
        end
+
+        unless @current_user.active?
+          render_json({ error: "unauthorized", message: "Account has been deactivated" }, status: :unauthorized)
+          return false
+        end
      else
        Rails.logger.warn "API OAuth Token Invalid: Access token missing resource_owner_id"
        render_json({ error: "unauthorized", message: "Access token is invalid - missing resource owner" }, status: :unauthorized)
@@ -96,6 +101,11 @@ class Api::V1::BaseController < ApplicationController
      return false unless @api_key && @api_key.active?

      @current_user = @api_key.user
+      unless @current_user.active?
+        render_json({ error: "unauthorized", message: "Account has been deactivated" }, status: :unauthorized)
+        return false
+      end
+
      @api_key.update_last_used!
      @authentication_method = :api_key
      @rate_limiter = ApiRateLimiter.limit(@api_key)
--- a/app/controllers/api/v1/users_controller.rb
+++ b/app/controllers/api/v1/users_controller.rb
@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+class Api::V1::UsersController < Api::V1::BaseController
+  before_action :ensure_write_scope
+
+  def reset
+    FamilyResetJob.perform_later(Current.family)
+    render json: { message: "Account reset has been initiated" }
+  end
+
+  def destroy
+    user = current_resource_owner
+
+    if user.deactivate
+      Current.session&.destroy
+      render json: { message: "Account has been deleted" }
+    else
+      render json: { error: "Failed to delete account", details: user.errors.full_messages }, status: :unprocessable_entity
+    end
+  end
+
+  private
+
+    def ensure_write_scope
+      authorize_scope!(:write)
+    end
+end