Conversation
- Replace middleware_validation.go with auth middleware in api/middleware/auth.go - Update config.go with new configuration options - Refactor main.go with significant restructuring (+386/-497 lines) - Adjust streaming helpers and model service files for compatibility
…service layer - Extracted session helpers and workspace CRUD into dedicated files - Removed legacy `api/service/` package, migrating functionality to handler/service files - Simplified chat session handler by ~350 lines with reusable helpers - Restructured file upload handler for clarity - Added new service files: chat_auth_user_service, chat_session_service, chat_workspace_crud, chat_workspace_sessions, chat_works
- Move model implementations to `provider/` package for better organization - Remove unused middleware (gzip, lastRequestTime, rateLimit) - Remove deprecated streaming helpers and text buffer - Fix typo in filename: chat_prompt_hander -> chat_prompt_handler - Clean up imports and interfaces
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: dd12f2d465
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| sessionUUID := r.Header.Get("X-Session-Uuid") | ||
| if sessionUUID == "" { | ||
| RespondWithAPIError(w, ErrValidationInvalidInput("missing session UUID")) | ||
| RespondWithAPIError(w, ErrValidationInvalidInput("missing X-Session-Uuid header")) |
There was a problem hiding this comment.
This change makes /upload reject requests unless X-Session-Uuid is present, but existing clients submit the session ID as multipart form data (session-uuid) and do not set that header. In that common path, uploads now fail immediately with missing X-Session-Uuid header, which is a functional regression for file attachments unless frontend and other callers are migrated in lockstep.
Useful? React with 👍 / 👎.
| // --- Global middleware --- | ||
| router.Use(middleware.RecoveryMiddleware) | ||
| router.Use(middleware.RequestIDMiddleware) | ||
| router.Use(middleware.BodyLimitMiddleware) |
There was a problem hiding this comment.
Applying BodyLimitMiddleware globally enforces a 1MB max request body on every route, which conflicts with the upload handler's explicit 32MB allowance and the app's file-upload feature. Any file between 1MB and 32MB will now be rejected before ReceiveFile can process it, so large (but intended) uploads are broken.
Useful? React with 👍 / 👎.
1 participant
No description provided.