diff --git a/End_to_end_Solutions/AOAISearchDemo/app/data/app.py b/End_to_end_Solutions/AOAISearchDemo/app/data/app.py index 92c9cdb..98d6a72 100644 --- a/End_to_end_Solutions/AOAISearchDemo/app/data/app.py +++ b/End_to_end_Solutions/AOAISearchDemo/app/data/app.py @@ -65,7 +65,7 @@ def create_chat_session(user_id: str, conversation_id: str): return Response(response="A bad request error occurred.", status=400) except CosmosConflictError as e: logger.exception(f"create-chat-session: error: {e} ", extra=properties) - return Response(response="A conflict error occurred.", status=409) + return Response(response="Conflict occurred while creating chat session.", status=409) except Exception as e: logger.exception(f"create-chat-session: error: {e} ", extra=properties) return Response(response="An internal server error occurred.", status=500) @@ -85,8 +85,8 @@ def get_chat_session(user_id: str, conversation_id: str): properties = logger.get_updated_properties(addl_dim) if session is None: - logger.info(f"get-chat-session: session with conversation_id {conversation_id} not found", extra=properties) - return Response(response=f"Chat session with conversation_id {conversation_id} not found.", status=404) + logger.info(f"get-chat-session: session with conversation_id {html.escape(conversation_id)} not found", extra=properties) + return Response(response=f"Chat session with conversation_id {html.escape(conversation_id)} not found.", status=404) else: logger.info("get-chat-session: session found", extra=properties) return Response(response=json.dumps(session.to_item()), status=200) @@ -114,7 +114,7 @@ def check_chat_session(user_id: str, conversation_id: str): return Response(response="true", status=200) except Exception as e: logger.exception(f"check-chat-session: error: {e} ", extra=properties) - return Response(response=str(e), status=500) + return Response(response="An internal error has occurred.", status=500) @app.route('/chat-sessions//', methods=['PUT']) def update_chat_session(user_id: str, conversation_id: str): @@ -148,13 +148,13 @@ def update_chat_session(user_id: str, conversation_id: str): return Response(response=json.dumps(session.to_item()), status=200) except (TypeError, NullValueError, MissingPropertyError, ValueError) as e: logger.exception(f"update-chat-session: error: {e} ", extra=properties) - return Response(response=str(e), status=400) + return Response(response="An error occurred while processing your request.", status=400) except SessionNotFoundError as e: logger.exception(f"update-chat-session: error: {e} ", extra=properties) - return Response(response=str(e), status=404) + return Response(response="Chat session not found.", status=404) except Exception as e: logger.exception(f"update-chat-session: error: {e} ", extra=properties) - return Response(response=str(e), status=500) + return Response(response="An internal server error occurred.", status=500) @app.route('/chat-sessions//', methods=['DELETE']) def clear_chat_session(user_id: str, conversation_id: str): @@ -162,9 +162,11 @@ def clear_chat_session(user_id: str, conversation_id: str): chat_manager.clear_chat_session(user_id, conversation_id) return Response(status=200) except SessionNotFoundError as e: - return Response(response=str(e), status=404) + logger.exception(f"clear-chat-session: error: {e} ") + return Response(response="Chat session not found.", status=404) except Exception as e: - return Response(response=str(e), status=500) + logger.exception(f"clear-chat-session: error: {e} ") + return Response(response="An internal server error occurred.", status=500) @app.route('/user-profiles/', methods=['POST']) def create_user_profile(user_id: str): @@ -185,11 +187,12 @@ def create_user_profile(user_id: str): user_profile = entities_manager.create_user_profile(user_id, user_name, description, sample_questions) return Response(response=json.dumps(user_profile.to_item()), status=201) except (TypeError, NullValueError, MissingPropertyError) as e: - return Response(response=str(e), status=400) + return Response(response="Invalid request data.", status=400) except CosmosConflictError as e: - return Response(response=str(e), status=409) + return Response(response="Conflict occurred while creating user profile.", status=409) except Exception as e: - return Response(response=str(e), status=500) + logger.exception(f"create-user-profile: error: {e}") + return Response(response="An internal server error occurred.", status=500) @app.route('/user-profiles/', methods=['GET']) def get_user_profile(user_id: str): @@ -242,7 +245,8 @@ def get_user_group(group_id: str): try: user_group = entities_manager.get_user_group(group_id) if user_group is None: - return Response(response=f"User group with group_id {group_id} not found.", status=404) + escaped_group_id = html.escape(group_id) + return Response(response=f"User group with group_id {escaped_group_id} not found.", status=404) else: return Response(response=json.dumps(user_group.to_item()), status=200) except Exception as e: @@ -254,7 +258,7 @@ def get_user_member_groups(user_id: str): try: user_groups = entities_manager.get_user_member_groups(user_id) if user_groups is None: - return Response(response=f"User with user_id {user_id} not found.", status=404) + return Response(response=f"User with user_id {html.escape(user_id)} not found.", status=404) else: return Response(response=json.dumps([user_group.to_item_no_users() for user_group in user_groups]), status=200) except Exception as e: @@ -279,7 +283,8 @@ def update_user_group(group_id: str): except (TypeError, NullValueError, MissingPropertyError, ValueError) as e: return Response(response=str(e), status=400) except SessionNotFoundError as e: - return Response(response=str(e), status=404) + logging.error("Session not found: %s", e, exc_info=True) + return Response(response="Session not found.", status=404) except Exception as e: logging.error("An error occurred while updating user group: %s", e, exc_info=True) return Response(response="An internal error has occurred.", status=500) @@ -310,7 +315,7 @@ def get_resource(resource_id: str): try: resource = entities_manager.get_resource(resource_id) if resource is None: - return Response(response=f"Resource with resource_id {resource_id} not found.", status=404) + return Response(response=f"Resource with resource_id {html.escape(resource_id)} not found.", status=404) else: return Response(response=json.dumps(resource.to_item()), status=200) except Exception as e: @@ -322,7 +327,7 @@ def get_user_resources(user_id: str): try: user_profile = entities_manager.get_user_profile(user_id) if user_profile is None: - return Response(response=f"User with user_id {user_id} not found.", status=404) + return Response(response=f"User with user_id {html.escape(user_id)} not found.", status=404) user_groups = entities_manager.get_user_member_groups(user_id) resources = permissions_manager.get_user_resources(user_profile, user_groups) @@ -373,7 +378,7 @@ def get_access_rule(rule_id: str): try: access_rule = permissions_manager.get_access_rule(rule_id) if access_rule is None: - return Response(response=f"Access rule with rule_id {rule_id} not found.", status=404) + return Response(response=f"Access rule with rule_id {html.escape(rule_id)} not found.", status=404) else: return Response(response=json.dumps(access_rule.to_item()), status=200) except Exception as e: