LLM_Chat_Interface/rag_citations.php at main · NHLBI/LLM_Chat_Interface · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
<?php
declare(strict_types=1);

require_once __DIR__ . '/bootstrap.php';
require_once __DIR__ . '/db.php';
require_once __DIR__ . '/inc/azure-api.inc.php';

header('Content-Type: application/json');

if (empty($_SESSION['user_data']['userid']) || empty($_SESSION['authorized'])) {
    http_response_code(401);
    echo json_encode([
        'ok'      => false,
        'error'   => 'unauthorized',
        'message' => 'Session expired. Please refresh and sign in again.',
    ]);
    exit;
}

$exchangeId = filter_input(INPUT_GET, 'exchange_id', FILTER_VALIDATE_INT);
if (!$exchangeId || $exchangeId < 1) {
    http_response_code(400);
    echo json_encode([
        'ok'      => false,
        'error'   => 'invalid_request',
        'message' => 'A valid exchange_id is required.',
    ]);
    exit;
}

$userId = (string)($_SESSION['user_data']['userid'] ?? '');

try {
    global $pdo;
    if (!$pdo instanceof PDO) {
        throw new RuntimeException('Database connection is not available.');
    }

    $stmt = $pdo->prepare("
        SELECT c.user
        FROM exchange e
        INNER JOIN chat c ON c.id = e.chat_id
        WHERE e.id = :exchange_id
        LIMIT 1
    ");
    $stmt->execute(['exchange_id' => $exchangeId]);
    $row = $stmt->fetch(PDO::FETCH_ASSOC);

    if (!$row) {
        http_response_code(404);
        echo json_encode([
            'ok'      => false,
            'error'   => 'not_found',
            'message' => 'No exchange found for the provided identifier.',
        ]);
        exit;
    }

    if (!hash_equals((string)$row['user'], $userId)) {
        http_response_code(403);
        echo json_encode([
            'ok'      => false,
            'error'   => 'forbidden',
            'message' => 'You do not have access to this exchange.',
        ]);
        exit;
    }

    $citations = fetch_rag_citations($exchangeId);
    // Return 200 with an empty array to avoid noisy 404s in the client when no citations exist.
    echo json_encode([
        'ok'         => true,
        'citations'  => $citations,
    ]);
} catch (Throwable $e) {
    error_log('rag_citations error: ' . $e->getMessage());
    http_response_code(500);
    echo json_encode([
        'ok'      => false,
        'error'   => 'server_error',
        'message' => 'Unable to load citation metadata at this time.',
    ]);
}
exit;