buster/api/prds/active/api_update_message_endpoint.md

# Update Message REST Endpoint PRD

## Overview
This PRD describes the implementation of a new REST endpoint for updating a message. This endpoint will allow users to update specific properties of a message, such as setting feedback on a message.

## Endpoint Details

### Basic Information
- **HTTP Method**: PUT
- **URL Path**: `/api/v1/messages/:id`
- **Purpose**: Update properties of a specific message

### Request Format
- **Headers**:
  - `Content-Type: application/json`
  - `Authorization: Bearer {token}`
- **URL Parameters**:
  - `id`: UUID of the message to update
- **Request Body (JSON)**:
  - `feedback`: String (optional) - "positive" or "negative"

### Response Format
- **Success**:
  - Status: 200 OK
  - Body: Updated message object
- **Error Responses**:
  - 401 Unauthorized: If the user is not authenticated
  - 403 Forbidden: If the user does not have permission to update the message
  - 404 Not Found: If the message with the specified ID does not exist
  - 500 Internal Server Error: If there's a server error

### Example Request
```bash
curl --location --request PUT 'http://localhost:3001/api/v1/messages/cee3065d-c165-4e04-be44-be05d1e6d902' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJjMmRkNjRjZC1mN2YzLTQ4ODQtYmM5MS1kNDZhZTQzMTkwMWUiLCJuYW1lIjoiSm9obiBEb2UiLCJpYXQiOjE1MTYyMzkwMjIsImV4cCI6MjUxODU1NTMyNiwiYXVkIjoiYXV0aGVudGljYXRlZCJ9.uRs5OVyYErQ1iSQwAXVUD6TFolOu31ejPhcBS41ResA' \
--data '{
    "feedback": "negative"
}'
```

### Example Response
```json
{
  "id": "cee3065d-c165-4e04-be44-be05d1e6d902",
  "request_message": {
    "request": "Example message text",
    "sender_id": "c2dd64cd-f7f3-4884-bc91-d46ae431901e",
    "sender_name": "John Doe",
    "sender_avatar": null
  },
  "response_message_ids": ["..."],
  "response_messages": {},
  "reasoning_message_ids": ["..."],
  "reasoning_messages": {},
  "created_at": "2025-03-20T15:30:00Z",
  "final_reasoning_message": null,
  "feedback": "negative"
}
```

## Implementation Details

### New Files to Create

#### 1. Handler Implementation
- **File**: `/libs/handlers/src/messages/helpers/update_message_handler.rs`
- **Purpose**: Contains the business logic for updating a message

#### 2. REST Route Implementation
- **File**: `/src/routes/rest/routes/messages/update_message.rs`
- **Purpose**: Contains the HTTP handler for the REST endpoint

#### 3. Update Module Exports
- **File**: `/libs/handlers/src/messages/helpers/mod.rs` (update)
- **File**: `/src/routes/rest/routes/messages/mod.rs` (update)

### Implementation Steps

#### 1. Create the Handler Function
Create a new handler in `/libs/handlers/src/messages/helpers/update_message_handler.rs` that:
- Takes a user, message ID, and update parameters
- Verifies the user has permission to update the message
- Updates the message in the database
- Returns the updated message

#### 2. Create the REST Endpoint
Create a new file at `/src/routes/rest/routes/messages/update_message.rs` that:
- Creates a request struct to deserialize the request body
- Maps the HTTP request to the handler function
- Handles errors appropriately
- Returns the appropriate HTTP response

#### 3. Update Module Exports
Update the module exports to include the new handler and endpoint.

## Technical Details

### Database Updates
The update operation will modify records in the `messages` table.

### Expected Behavior
- Only the user who created the message or an admin should be able to update the message
- Updates should be atomic and consistent
- The endpoint should validate input data before updating the database

### Testing Strategy
1. Test updating a message with valid data as the message owner
2. Test updating a message with valid data as an admin
3. Test updating a message with invalid data
4. Test updating a non-existent message
5. Test updating a message without permission
6. Test concurrent updates to the same message

## Security Considerations
- Ensure proper authentication and authorization
- Validate input data to prevent injection attacks
- Ensure database queries are properly parameterized
added in the message and chat updates 2025-03-21 06:12:51 +08:00			`# Update Message REST Endpoint PRD`

			`## Overview`
			`This PRD describes the implementation of a new REST endpoint for updating a message. This endpoint will allow users to update specific properties of a message, such as setting feedback on a message.`

			`## Endpoint Details`

			`### Basic Information`
			`- HTTP Method: PUT`
			- URL Path: `/api/v1/messages/:id`
			`- Purpose: Update properties of a specific message`

			`### Request Format`
			`- Headers:`
			- `Content-Type: application/json`
			- `Authorization: Bearer {token}`
			`- URL Parameters:`
			- `id`: UUID of the message to update
			`- Request Body (JSON):`
			- `feedback`: String (optional) - "positive" or "negative"

			`### Response Format`
			`- Success:`
			`- Status: 200 OK`
			`- Body: Updated message object`
			`- Error Responses:`
			`- 401 Unauthorized: If the user is not authenticated`
			`- 403 Forbidden: If the user does not have permission to update the message`
			`- 404 Not Found: If the message with the specified ID does not exist`
			`- 500 Internal Server Error: If there's a server error`

			`### Example Request`
			```bash
			`curl --location --request PUT 'http://localhost:3001/api/v1/messages/cee3065d-c165-4e04-be44-be05d1e6d902' \`
			`--header 'Content-Type: application/json' \`
			`--header 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJjMmRkNjRjZC1mN2YzLTQ4ODQtYmM5MS1kNDZhZTQzMTkwMWUiLCJuYW1lIjoiSm9obiBEb2UiLCJpYXQiOjE1MTYyMzkwMjIsImV4cCI6MjUxODU1NTMyNiwiYXVkIjoiYXV0aGVudGljYXRlZCJ9.uRs5OVyYErQ1iSQwAXVUD6TFolOu31ejPhcBS41ResA' \`
			`--data '{`
			`"feedback": "negative"`
			`}'`
			```

			`### Example Response`
			```json
			`{`
			`"id": "cee3065d-c165-4e04-be44-be05d1e6d902",`
			`"request_message": {`
			`"request": "Example message text",`
			`"sender_id": "c2dd64cd-f7f3-4884-bc91-d46ae431901e",`
			`"sender_name": "John Doe",`
			`"sender_avatar": null`
			`},`
			`"response_message_ids": ["..."],`
			`"response_messages": {},`
			`"reasoning_message_ids": ["..."],`
			`"reasoning_messages": {},`
			`"created_at": "2025-03-20T15:30:00Z",`
			`"final_reasoning_message": null,`
			`"feedback": "negative"`
			`}`
			```

			`## Implementation Details`

			`### New Files to Create`

			`#### 1. Handler Implementation`
			- File: `/libs/handlers/src/messages/helpers/update_message_handler.rs`
			`- Purpose: Contains the business logic for updating a message`

			`#### 2. REST Route Implementation`
			- File: `/src/routes/rest/routes/messages/update_message.rs`
			`- Purpose: Contains the HTTP handler for the REST endpoint`

			`#### 3. Update Module Exports`
			- File: `/libs/handlers/src/messages/helpers/mod.rs` (update)
			- File: `/src/routes/rest/routes/messages/mod.rs` (update)

			`### Implementation Steps`

			`#### 1. Create the Handler Function`
			Create a new handler in `/libs/handlers/src/messages/helpers/update_message_handler.rs` that:
			`- Takes a user, message ID, and update parameters`
			`- Verifies the user has permission to update the message`
			`- Updates the message in the database`
			`- Returns the updated message`

			`#### 2. Create the REST Endpoint`
			Create a new file at `/src/routes/rest/routes/messages/update_message.rs` that:
			`- Creates a request struct to deserialize the request body`
			`- Maps the HTTP request to the handler function`
			`- Handles errors appropriately`
			`- Returns the appropriate HTTP response`

			`#### 3. Update Module Exports`
			`Update the module exports to include the new handler and endpoint.`

			`## Technical Details`

			`### Database Updates`
			The update operation will modify records in the `messages` table.

			`### Expected Behavior`
			`- Only the user who created the message or an admin should be able to update the message`
			`- Updates should be atomic and consistent`
			`- The endpoint should validate input data before updating the database`

			`### Testing Strategy`
			`1. Test updating a message with valid data as the message owner`
			`2. Test updating a message with valid data as an admin`
			`3. Test updating a message with invalid data`
			`4. Test updating a non-existent message`
			`5. Test updating a message without permission`
			`6. Test concurrent updates to the same message`

			`## Security Considerations`
			`- Ensure proper authentication and authorization`
			`- Validate input data to prevent injection attacks`
			`- Ensure database queries are properly parameterized`