refactor: new API & universal load functions (#1743)

* feat(API): refactor API with Elysia

* feat: initial elysia setup

* feat: replace conv/[id] load function with universal

* fix: delete v1 catchall

* wip

* fix: response type

* fix: add cors

* feat: more routes in tools & assistants

* refacto: use normal svelte fetch in `/assistant/[assistantId]`

* refacto: use normal svelte fetch in `conversation/[id]`

* feat: use universal load function for `tools/[toolId]`

* wip: removing more server load function stuff

* feat: more routes to universal load functions

* feat: more routes to universal

* refactor: move tools loading to API endpoint

* refactor(api): implement tools search API endpoint and move load function

* fix: types on tool search

* refactor: update assistant route and remove redundant page load function

* refactor(api): move assistants page load function to api call

* refactor(settings): remove waterfall loading

* refactor: main load function

* fix: types

* feat: improve fetchJSON to handle empty responses

* fix: issues with page loading & assistant avatars

* refactor(api): remove unused Eden fetch utility

* refactor(routes): improve conversation page loading and error handling

* feat(api): migrate login and logout to API routes (#1703)

* feat(auth): migrate login and logout to API routes

- Replaced form-based login/logout with fetch-based API routes
- Updated hooks and components to use new `/api/login` and `/api/logout` endpoints

* fix: invalidate on logout

* refactor: move `/api/login` routes back to `/login` and `/api/logout` to `/logout`

remove breaing change to connected apps

* refactor(api): update import aliases and configuration for API routes

* refactor: update conversation handling to use generic tree structure

- Changed `addChildren` and `addSibling` functions to utilize a generic `Tree` type for better flexibility.
- Updated `buildSubtree` to return a tree node structure.
- Modified conversation response types to use `Serialize<Conversation>` for improved serialization.
- Adjusted related tests to align with the new tree structure and types.

* fix: specify message type in ChatWindow component

- Updated the `messages` prop in the ChatWindow component to explicitly cast `messagesPath` as `Message[]` for improved type safety and clarity.

* feat: make login simpler with GET's

* fix: debug logs

* fix: isAdmin flag

* refactor: remove debug route

* fix: use config manager in api routes

* chores: use latest elysia

* wip

* feat: working with different origin

* refactor: update API routes to throw errors for unimplemented features

* fix: use hook for public config

so we dont use context outside of component lifecycles

* refactor: use api client for user reports in settings load function

* fix: deps

* feat: get rid of last fetchJSON call in load function

* cors setup

* feat: use api client side

* feat: use api for assistant loading

* feat: use api client for assistant search

* fix: lint

* feat: use api client for tool

* feat: rename client hook and use for deleting all convs

* fix: let non-authed user set their model

* feat: bump minor for elysia API

package.json

@@ -1,6 +1,6 @@
 {
 	"name": "chat-ui",
-	"version": "0.9.5",
+	"version": "0.10.0",
 	"private": true,
 	"packageManager": "npm@9.5.0",
 	"scripts": {
@@ -18,6 +18,9 @@
 		"prepare": "husky"
 	},
 	"devDependencies": {
+		"@elysiajs/cors": "^1.3.3",
+		"@elysiajs/eden": "^1.3.2",
+		"@elysiajs/node": "^1.2.6",
 		"@faker-js/faker": "^8.4.1",
 		"@iconify-json/carbon": "^1.1.16",
 		"@iconify-json/eos-icons": "^1.1.6",
@@ -41,6 +44,7 @@
 		"@typescript-eslint/eslint-plugin": "^6.x",
 		"@typescript-eslint/parser": "^6.x",
 		"dompurify": "^3.2.4",
+		"elysia": "^1.3.2",
 		"eslint": "^8.28.0",
 		"eslint-config-prettier": "^8.5.0",
 		"eslint-plugin-svelte": "^2.45.1",
@@ -71,6 +75,7 @@
 	"dependencies": {
 		"@aws-sdk/credential-providers": "^3.592.0",
 		"@cliqz/adblocker-playwright": "^1.34.0",
+		"@elysiajs/swagger": "^1.3.0",
 		"@gradio/client": "^1.8.0",
 		"@huggingface/hub": "^0.5.1",
 		"@huggingface/inference": "^3.12.1",
@@ -86,7 +91,7 @@
 		"date-fns": "^2.29.3",
 		"dotenv": "^16.5.0",
 		"express": "^4.21.2",
-		"file-type": "^19.4.1",
+		"file-type": "^21.0.0",
 		"google-auth-library": "^9.13.0",
 		"handlebars": "^4.7.8",
 		"highlight.js": "^11.7.0",

src/hooks.server.ts

@@ -2,20 +2,19 @@ import { config, ready } from "$lib/server/config";
 import type { Handle, HandleServerError, ServerInit } from "@sveltejs/kit";
 import { collections } from "$lib/server/database";
 import { base } from "$app/paths";
-import { findUser, refreshSessionCookie, requiresUser } from "$lib/server/auth";
+import { authenticateRequest, refreshSessionCookie, requiresUser } from "$lib/server/auth";
 import { ERROR_MESSAGES } from "$lib/stores/errors";
-import { sha256 } from "$lib/utils/sha256";
 import { addWeeks } from "date-fns";
 import { checkAndRunMigrations } from "$lib/migrations/migrations";
-import { building } from "$app/environment";
+import { building, dev } from "$app/environment";
 import { logger } from "$lib/server/logger";
 import { AbortedGenerations } from "$lib/server/abortedGenerations";
 import { MetricsServer } from "$lib/server/metrics";
 import { initExitHandler } from "$lib/server/exitHandler";
-import { ObjectId } from "mongodb";
 import { refreshAssistantsCounts } from "$lib/jobs/refresh-assistants-counts";
 import { refreshConversationStats } from "$lib/jobs/refresh-conversation-stats";
 import { adminTokenManager } from "$lib/server/adminToken";
+import { isHostLocalhost } from "$lib/server/isURLLocal";
 
 export const init: ServerInit = async () => {
 	// Wait for config to be fully loaded
@@ -120,108 +119,13 @@ export const handle: Handle = async ({ event, resolve }) => {
 		}
 	}
 
-	const token = event.cookies.get(config.COOKIE_NAME);
-
-	// if the trusted email header is set we use it to get the user email
-	const email = config.TRUSTED_EMAIL_HEADER
-		? event.request.headers.get(config.TRUSTED_EMAIL_HEADER)
-		: null;
-
-	let secretSessionId: string | null = null;
-	let sessionId: string | null = null;
-
-	if (email) {
-		secretSessionId = sessionId = await sha256(email);
-
-		event.locals.user = {
-			// generate id based on email
-			_id: new ObjectId(sessionId.slice(0, 24)),
-			name: email,
-			email,
-			createdAt: new Date(),
-			updatedAt: new Date(),
-			hfUserId: email,
-			avatarUrl: "",
-			logoutDisabled: true,
-		};
-	} else if (token) {
-		secretSessionId = token;
-		sessionId = await sha256(token);
-
-		const user = await findUser(sessionId);
-
-		if (user) {
-			event.locals.user = user;
-		}
-	} else if (
-		event.url.pathname.startsWith(`${base}/api/`) &&
-		config.USE_HF_TOKEN_IN_API === "true"
-	) {
-		// if the request goes to the API and no user is available in the header
-		// check if a bearer token is available in the Authorization header
-
-		const authorization = event.request.headers.get("Authorization");
-
-		if (authorization && authorization.startsWith("Bearer ")) {
-			const token = authorization.slice(7);
-
-			const hash = await sha256(token);
-
-			sessionId = secretSessionId = hash;
-
-			// check if the hash is in the DB and get the user
-			// else check against https://huggingface.co/api/whoami-v2
-
-			const cacheHit = await collections.tokenCaches.findOne({ tokenHash: hash });
-
-			if (cacheHit) {
-				const user = await collections.users.findOne({ hfUserId: cacheHit.userId });
-
-				if (!user) {
-					return errorResponse(500, "User not found");
-				}
-
-				event.locals.user = user;
-			} else {
-				const response = await fetch("https://huggingface.co/api/whoami-v2", {
-					headers: {
-						Authorization: `Bearer ${token}`,
-					},
-				});
-
-				if (!response.ok) {
-					return errorResponse(401, "Unauthorized");
-				}
-
-				const data = await response.json();
-				const user = await collections.users.findOne({ hfUserId: data.id });
-
-				if (!user) {
-					return errorResponse(500, "User not found");
-				}
-
-				await collections.tokenCaches.insertOne({
-					tokenHash: hash,
-					userId: data.id,
-					createdAt: new Date(),
-					updatedAt: new Date(),
-				});
-
-				event.locals.user = user;
-			}
-		}
-	}
+	const auth = await authenticateRequest(
+		{ type: "svelte", value: event.request.headers },
+		{ type: "svelte", value: event.cookies }
+	);
 
-	if (!sessionId || !secretSessionId) {
-		secretSessionId = crypto.randomUUID();
-		sessionId = await sha256(secretSessionId);
-
-		if (await collections.sessions.findOne({ sessionId })) {
-			return errorResponse(500, "Session ID collision");
-		}
-	}
-
-	event.locals.sessionId = sessionId;
+	event.locals.user = auth.user || undefined;
+	event.locals.sessionId = auth.sessionId;
 
 	event.locals.isAdmin =
 		event.locals.user?.isAdmin || adminTokenManager.isAdmin(event.locals.sessionId);
@@ -254,12 +158,16 @@ export const handle: Handle = async ({ event, resolve }) => {
 		}
 	}
 
-	if (event.request.method === "POST") {
-		// if the request is a POST request we refresh the cookie
-		refreshSessionCookie(event.cookies, secretSessionId);
+	if (
+		event.request.method === "POST" ||
+		event.url.pathname.startsWith(`${base}/login`) ||
+		event.url.pathname.startsWith(`${base}/login/callback`)
+	) {
+		// if the request is a POST request or login-related we refresh the cookie
+		refreshSessionCookie(event.cookies, auth.secretSessionId);
 
 		await collections.sessions.updateOne(
-			{ sessionId },
+			{ sessionId: auth.sessionId },
 			{ $set: { updatedAt: new Date(), expiresAt: addWeeks(new Date(), 2) } }
 		);
 	}
@@ -309,6 +217,9 @@ export const handle: Handle = async ({ event, resolve }) => {
 
 			return chunk.html.replace("%gaId%", config.PUBLIC_GOOGLE_ANALYTICS_ID);
 		},
+		filterSerializedResponseHeaders: (header) => {
+			return header.includes("content-type");
+		},
 	});
 
 	// Add CSP header to disallow framing if ALLOW_IFRAME is not "true"
@@ -316,5 +227,38 @@ export const handle: Handle = async ({ event, resolve }) => {
 		response.headers.append("Content-Security-Policy", "frame-ancestors 'none';");
 	}
 
+	if (
+		event.url.pathname.startsWith(`${base}/login/callback`) ||
+		event.url.pathname.startsWith(`${base}/login`)
+	) {
+		response.headers.append("Cache-Control", "no-store");
+	}
+
+	if (event.url.pathname.startsWith(`${base}/api/`)) {
+		// get origin from the request
+		const requestOrigin = event.request.headers.get("origin");
+
+		// get origin from the config if its defined
+		let allowedOrigin = config.PUBLIC_ORIGIN ? new URL(config.PUBLIC_ORIGIN).origin : undefined;
+
+		if (
+			dev || // if we're in dev mode
+			!requestOrigin || // or the origin is null (SSR)
+			isHostLocalhost(new URL(requestOrigin).hostname) // or the origin is localhost
+		) {
+			allowedOrigin = "*"; // allow all origins
+		} else if (allowedOrigin === requestOrigin) {
+			allowedOrigin = requestOrigin; // echo back the caller
+		}
+
+		if (allowedOrigin) {
+			response.headers.set("Access-Control-Allow-Origin", allowedOrigin);
+			response.headers.set(
+				"Access-Control-Allow-Methods",
+				"GET, POST, PUT, PATCH, DELETE, OPTIONS"
+			);
+			response.headers.set("Access-Control-Allow-Headers", "Content-Type, Authorization");
+		}
+	}
 	return response;
 };

src/hooks.ts

@@ -0,0 +1,6 @@
+import { publicConfigTransporter } from "$lib/utils/PublicConfig.svelte";
+import type { Transport } from "@sveltejs/kit";
+
+export const transport: Transport = {
+	PublicConfig: publicConfigTransporter,
+};

src/lib/APIClient.ts

@@ -0,0 +1,55 @@
+import type { App } from "$api";
+import { base } from "$app/paths";
+import { treaty, type Treaty } from "@elysiajs/eden";
+import { browser } from "$app/environment";
+
+export function useAPIClient({ fetch }: { fetch?: Treaty.Config["fetcher"] } = {}) {
+	let url;
+
+	if (!browser) {
+		let port;
+		if (process.argv.includes("--port")) {
+			port = parseInt(process.argv[process.argv.indexOf("--port") + 1]);
+		} else {
+			const mode = process.argv.find((arg) => arg === "preview" || arg === "dev");
+			if (mode === "preview") {
+				port = 4173;
+			} else if (mode === "dev") {
+				port = 5173;
+			} else {
+				port = 3000;
+			}
+		}
+		// Always use localhost for server-side requests to avoid external HTTP calls during SSR
+		url = `http://localhost:${port}${base}/api/v2`;
+	} else {
+		url = `${window.location.origin}${base}/api/v2`;
+	}
+	const app = treaty<App>(url, { fetcher: fetch });
+
+	return app;
+}
+
+export function throwOnErrorNullable<T extends Record<number, unknown>>(
+	response: Treaty.TreatyResponse<T>
+): T[200] {
+	if (response.error) {
+		throw new Error(JSON.stringify(response.error));
+	}
+
+	return response.data as T[200];
+}
+
+export function throwOnError<T extends Record<number, unknown>>(
+	response: Treaty.TreatyResponse<T>
+): NonNullable<T[200]> {
+	if (response.error) {
+		throw new Error(JSON.stringify(response.error));
+	}
+
+	if (response.data === null) {
+		throw new Error("No data received on API call");
+	}
+
+	return response.data as NonNullable<T[200]>;
+}

src/lib/components/AssistantSettings.svelte

@@ -12,7 +12,6 @@
 	import CarbonTools from "~icons/carbon/tools";
 
 	import { useSettingsStore } from "$lib/stores/settings";
-	import { publicConfig } from "$lib/utils/PublicConfig.svelte";
 	import IconInternet from "./icons/IconInternet.svelte";
 	import TokensCounter from "./TokensCounter.svelte";
 	import HoverTooltip from "./HoverTooltip.svelte";
@@ -20,6 +19,9 @@
 	import AssistantToolPicker from "./AssistantToolPicker.svelte";
 	import { error } from "$lib/stores/errors";
 	import { goto } from "$app/navigation";
+	import { usePublicConfig } from "$lib/utils/PublicConfig.svelte";
+
+	const publicConfig = usePublicConfig();
 
 	type AssistantFront = Omit<Assistant, "_id" | "createdById"> & { _id: string };
 

src/lib/components/DisclaimerModal.svelte

@@ -1,13 +1,15 @@
 <script lang="ts">
 	import { base } from "$app/paths";
 	import { page } from "$app/state";
-	import { publicConfig } from "$lib/utils/PublicConfig.svelte";
 
 	import LogoHuggingFaceBorderless from "$lib/components/icons/LogoHuggingFaceBorderless.svelte";
 	import Modal from "$lib/components/Modal.svelte";
 	import { useSettingsStore } from "$lib/stores/settings";
 	import { cookiesAreEnabled } from "$lib/utils/cookiesAreEnabled";
 	import Logo from "./icons/Logo.svelte";
+	import { usePublicConfig } from "$lib/utils/PublicConfig.svelte";
+
+	const publicConfig = usePublicConfig();
 
 	const settings = useSettingsStore();
 </script>
@@ -56,20 +58,18 @@
 				{/if}
 			</button>
 			{#if page.data.loginEnabled}
-				<form action="{base}/login" target="_parent" method="POST" class="w-full">
-					<button
-						type="submit"
-						class="flex w-full flex-wrap items-center justify-center whitespace-nowrap rounded-full border-2 border-black bg-black px-5 py-2 text-lg font-semibold text-gray-100 transition-colors hover:bg-gray-900"
-					>
-						Sign in
-						{#if publicConfig.isHuggingChat}
-							<span class="flex items-center">
-								&nbsp;with <LogoHuggingFaceBorderless classNames="text-xl mr-1 ml-1.5 flex-none" /> Hugging
-								Face
-							</span>
-						{/if}
-					</button>
-				</form>
+				<a
+					href="{base}/login"
+					class="flex w-full flex-wrap items-center justify-center whitespace-nowrap rounded-full border-2 border-black bg-black px-5 py-2 text-lg font-semibold text-gray-100 transition-colors hover:bg-gray-900"
+				>
+					Sign in
+					{#if publicConfig.isHuggingChat}
+						<span class="flex items-center">
+							&nbsp;with <LogoHuggingFaceBorderless classNames="text-xl mr-1 ml-1.5 flex-none" /> Hugging
+							Face
+						</span>
+					{/if}
+				</a>
 			{/if}
 		</div>
 	</div>

src/lib/components/LoginModal.svelte

@@ -1,14 +1,15 @@
 <script lang="ts">
 	import { base } from "$app/paths";
 	import { page } from "$app/state";
-	import { publicConfig } from "$lib/utils/PublicConfig.svelte";
 
 	import LogoHuggingFaceBorderless from "$lib/components/icons/LogoHuggingFaceBorderless.svelte";
 	import Modal from "$lib/components/Modal.svelte";
 	import { useSettingsStore } from "$lib/stores/settings";
 	import { cookiesAreEnabled } from "$lib/utils/cookiesAreEnabled";
 	import Logo from "./icons/Logo.svelte";
+	import { usePublicConfig } from "$lib/utils/PublicConfig.svelte";
 
+	const publicConfig = usePublicConfig();
 	const settings = useSettingsStore();
 </script>
 
@@ -27,15 +28,10 @@
 			{publicConfig.PUBLIC_APP_GUEST_MESSAGE}
 		</p>
 
-		<form
-			action="{base}/{page.data.loginRequired ? 'login' : 'settings'}"
-			target="_parent"
-			method="POST"
-			class="flex w-full flex-col items-center gap-2"
-		>
+		<div class="flex w-full flex-col items-center gap-2">
 			{#if page.data.loginRequired}
-				<button
-					type="submit"
+				<a
+					href="{base}/login"
 					class="flex w-full flex-wrap items-center justify-center whitespace-nowrap rounded-full bg-black px-5 py-2 text-center text-lg font-semibold text-gray-100 transition-colors hover:bg-gray-900"
 				>
 					Sign in
@@ -44,7 +40,7 @@
 							&nbsp;with <LogoHuggingFaceBorderless classNames="text-xl mr-1 ml-1.5" /> Hugging Face
 						</span>
 					{/if}
-				</button>
+				</a>
 			{:else}
 				<button
 					class="flex w-full items-center justify-center whitespace-nowrap rounded-full border-2 border-black bg-black px-5 py-2 text-lg font-semibold text-gray-100 transition-colors hover:bg-gray-900"
@@ -59,6 +55,6 @@
 					Start chatting
 				</button>
 			{/if}
-		</form>
+		</div>
 	</div>
 </Modal>

src/lib/components/NavConversationItem.svelte

@@ -43,11 +43,15 @@
 			<span class="mr-1 font-semibold"> Delete </span>
 		{/if}
 		{#if conv.avatarUrl}
-			<img
-				src="{base}{conv.avatarUrl}"
-				alt="Assistant avatar"
-				class="mr-1.5 inline size-4 flex-none rounded-full object-cover"
-			/>
+			{#await conv.avatarUrl then avatarUrl}
+				{#if avatarUrl}
+					<img
+						src="{base}{avatarUrl}"
+						alt="Assistant avatar"
+						class="mr-1.5 inline size-4 flex-none rounded-full object-cover"
+					/>
+				{/if}
+			{/await}
 			{conv.title.replace(/\p{Emoji}/gu, "")}
 		{:else if conv.assistantId}
 			<div

src/lib/components/NavMenu.svelte

@@ -13,7 +13,6 @@
 	import Logo from "$lib/components/icons/Logo.svelte";
 	import { switchTheme } from "$lib/switchTheme";
 	import { isAborted } from "$lib/stores/isAborted";
-	import { publicConfig } from "$lib/utils/PublicConfig.svelte";
 
 	import NavConversationItem from "./NavConversationItem.svelte";
 	import type { LayoutData } from "../../routes/$types";
@@ -21,13 +20,20 @@
 	import type { Model } from "$lib/types/Model";
 	import { page } from "$app/stores";
 	import InfiniteScroll from "./InfiniteScroll.svelte";
-	import type { Conversation } from "$lib/types/Conversation";
 	import { CONV_NUM_PER_PAGE } from "$lib/constants/pagination";
+	import { goto } from "$app/navigation";
 	import { browser } from "$app/environment";
 	import { toggleSearch } from "./chat/Search.svelte";
 	import CarbonSearch from "~icons/carbon/search";
 	import { closeMobileNav } from "./MobileNav.svelte";
+	import { usePublicConfig } from "$lib/utils/PublicConfig.svelte";
+
 	import { isVirtualKeyboard } from "$lib/utils/isVirtualKeyboard";
+	import { useAPIClient, throwOnError } from "$lib/APIClient";
+	import { jsonSerialize } from "$lib/utils/serialize";
+
+	const publicConfig = usePublicConfig();
+	const client = useAPIClient();
 
 	interface Props {
 		conversations: ConvSidebar[];
@@ -65,15 +71,18 @@
 
 	async function handleVisible() {
 		p++;
-		const newConvs = await fetch(`${base}/api/conversations?p=${p}`)
-			.then((res) => res.json())
-			.then((convs) =>
-				convs.map(
-					(conv: Pick<Conversation, "_id" | "title" | "updatedAt" | "model" | "assistantId">) => ({
-						...conv,
-						updatedAt: new Date(conv.updatedAt),
-					})
-				)
+		const newConvs = await client.conversations
+			.get({
+				query: {
+					p,
+				},
+			})
+			.then(throwOnError)
+			.then(({ conversations }) =>
+				conversations.map((conv) => ({
+					...jsonSerialize(conv),
+					updatedAt: new Date(conv.updatedAt),
+				}))
 			)
 			.catch(() => []);
 
@@ -166,9 +175,13 @@
 	class="flex touch-none flex-col gap-1 rounded-r-xl p-3 text-sm md:mt-3 md:bg-gradient-to-l md:from-gray-50 md:dark:from-gray-800/30"
 >
 	{#if user?.username || user?.email}
-		<form
-			action="{base}/logout"
-			method="post"
+		<button
+			onclick={async () => {
+				await fetch(`${base}/logout`, {
+					method: "POST",
+				});
+				await goto(base + "/", { invalidateAll: true });
+			}}
 			class="group flex items-center gap-1.5 rounded-lg pl-2.5 pr-2 hover:bg-gray-100 dark:hover:bg-gray-700"
 		>
 			<span
@@ -176,24 +189,21 @@
 				>{user?.username || user?.email}</span
 			>
 			{#if !user.logoutDisabled}
-				<button
-					type="submit"
+				<span
 					class="ml-auto h-6 flex-none items-center gap-1.5 rounded-md border bg-white px-2 text-gray-700 shadow-sm group-hover:flex hover:shadow-none dark:border-gray-600 dark:bg-gray-600 dark:text-gray-400 dark:hover:text-gray-300 md:hidden"
 				>
 					Sign Out
-				</button>
+				</span>
 			{/if}
-		</form>
+		</button>
 	{/if}
 	{#if canLogin}
-		<form action="{base}/login" method="POST" target="_parent">
-			<button
-				type="submit"
-				class="flex h-9 w-full flex-none items-center gap-1.5 rounded-lg pl-2.5 pr-2 text-gray-500 hover:bg-gray-100 dark:text-gray-400 dark:hover:bg-gray-700"
-			>
-				Login
-			</button>
-		</form>
+		<a
+			href="{base}/login"
+			class="flex h-9 w-full flex-none items-center gap-1.5 rounded-lg pl-2.5 pr-2 text-gray-500 hover:bg-gray-100 dark:text-gray-400 dark:hover:bg-gray-700"
+		>
+			Login
+		</a>
 	{/if}
 	{#if nModels > 1}
 		<a

src/lib/components/ToolsMenu.svelte

@@ -4,10 +4,12 @@
 	import { clickOutside } from "$lib/actions/clickOutside";
 	import { useSettingsStore } from "$lib/stores/settings";
 	import type { ToolFront } from "$lib/types/Tool";
-	import { publicConfig } from "$lib/utils/PublicConfig.svelte";
 	import IconTool from "./icons/IconTool.svelte";
 	import CarbonInformation from "~icons/carbon/information";
 	import CarbonGlobe from "~icons/carbon/earth-filled";
+	import { usePublicConfig } from "$lib/utils/PublicConfig.svelte";
+
+	const publicConfig = usePublicConfig();
 
 	interface Props {
 		loading?: boolean;

src/lib/components/chat/AssistantIntroduction.svelte

@@ -15,14 +15,17 @@
 	import CarbonTools from "~icons/carbon/tools";
 
 	import { share } from "$lib/utils/share";
-	import { publicConfig } from "$lib/utils/PublicConfig.svelte";
+	import { usePublicConfig } from "$lib/utils/PublicConfig.svelte";
 
 	import { page } from "$app/state";
+	import type { Serialize } from "$lib/utils/serialize";
+
+	const publicConfig = usePublicConfig();
 
 	interface Props {
 		models: Model[];
 		assistant: Pick<
-			Assistant,
+			Serialize<Assistant>,
 			| "avatar"
 			| "name"
 			| "rag"

src/lib/components/chat/ChatInput.svelte

@@ -23,6 +23,8 @@
 	import { captureScreen } from "$lib/utils/screenshot";
 	import IconScreenshot from "../icons/IconScreenshot.svelte";
 	import { loginModalOpen } from "$lib/stores/loginModal";
+	import type { Serialize } from "$lib/utils/serialize";
+
 	import { isVirtualKeyboard } from "$lib/utils/isVirtualKeyboard";
 	interface Props {
 		files?: File[];
@@ -31,7 +33,7 @@
 		placeholder?: string;
 		loading?: boolean;
 		disabled?: boolean;
-		assistant?: Assistant | undefined;
+		assistant?: Serialize<Assistant> | undefined;
 		modelHasTools?: boolean;
 		modelIsMultimodal?: boolean;
 		children?: import("svelte").Snippet;

src/lib/components/chat/ChatIntroduction.svelte

@@ -1,6 +1,4 @@
 <script lang="ts">
-	import { publicConfig } from "$lib/utils/PublicConfig.svelte";
-
 	import Logo from "$lib/components/icons/Logo.svelte";
 	import { createEventDispatcher } from "svelte";
 	import IconGear from "~icons/bi/gear-fill";
@@ -9,6 +7,9 @@
 	import ModelCardMetadata from "../ModelCardMetadata.svelte";
 	import { base } from "$app/paths";
 	import JSON5 from "json5";
+	import { usePublicConfig } from "$lib/utils/PublicConfig.svelte";
+
+	const publicConfig = usePublicConfig();
 
 	interface Props {
 		currentModel: Model;

src/lib/components/chat/ChatWindow.svelte

@@ -37,6 +37,7 @@
 	import { cubicInOut } from "svelte/easing";
 	import type { ToolFront } from "$lib/types/Tool";
 	import { loginModalOpen } from "$lib/stores/loginModal";
+	import type { Serialize } from "$lib/utils/serialize";
 	import { beforeNavigate } from "$app/navigation";
 	import { isVirtualKeyboard } from "$lib/utils/isVirtualKeyboard";
 
@@ -48,7 +49,7 @@
 		shared?: boolean;
 		currentModel: Model;
 		models: Model[];
-		assistant?: Assistant | undefined;
+		assistant?: Serialize<Assistant> | undefined;
 		preprompt?: string | undefined;
 		files?: File[];
 	}
@@ -259,7 +260,7 @@
 			{#if assistant && !!messages.length}
 				<a
 					class="mx-auto flex items-center gap-1.5 rounded-full border border-gray-100 bg-gray-50 py-1 pl-1 pr-3 text-sm text-gray-800 hover:bg-gray-100 dark:border-gray-800 dark:bg-gray-800 dark:text-gray-200 dark:hover:bg-gray-700"
-					href="{base}/settings/assistants/{assistant._id}"
+					href="{base}/assistant/{assistant._id}"
 				>
 					{#if assistant.avatar}
 						<img

src/lib/components/icons/Logo.svelte

@@ -1,8 +1,7 @@
 <script lang="ts">
-	import { page } from "$app/state";
-	import { publicConfig } from "$lib/utils/PublicConfig.svelte";
+	import { usePublicConfig } from "$lib/utils/PublicConfig.svelte";
 
-	import { base } from "$app/paths";
+	const publicConfig = usePublicConfig();
 
 	interface Props {
 		classNames?: string;
@@ -11,16 +10,6 @@
 	let { classNames = "" }: Props = $props();
 </script>
 
-<svelte:head>
-	<link
-		rel="preload"
-		href="{publicConfig.PUBLIC_ORIGIN ||
-			page.url.origin}{base}/{publicConfig.PUBLIC_APP_ASSETS}/logo.svg"
-		as="image"
-		type="image/svg+xml"
-	/>
-</svelte:head>
-
 {#if publicConfig.PUBLIC_APP_ASSETS === "chatui"}
 	<svg
 		height="30"
@@ -38,7 +27,6 @@
 	<img
 		class={classNames}
 		alt="{publicConfig.PUBLIC_APP_NAME} logo"
-		src="{publicConfig.PUBLIC_ORIGIN ||
-			page.url.origin}{base}/{publicConfig.PUBLIC_APP_ASSETS}/logo.svg"
+		src="{publicConfig.assetPath}/logo.svg"
 	/>
 {/if}

src/lib/server/api/authPlugin.ts

@@ -0,0 +1,25 @@
+import Elysia from "elysia";
+import { authenticateRequest } from "../auth";
+
+export const authPlugin = new Elysia({ name: "auth" }).derive(
+	{ as: "scoped" },
+	async ({
+		headers,
+		cookie,
+	}): Promise<{
+		locals: App.Locals;
+	}> => {
+		const auth = await authenticateRequest(
+			{ type: "elysia", value: headers },
+			{ type: "elysia", value: cookie },
+			true
+		);
+		return {
+			locals: {
+				user: auth?.user,
+				sessionId: auth?.sessionId,
+				isAdmin: auth?.isAdmin,
+			},
+		};
+	}
+);

src/lib/server/api/index.ts

@@ -0,0 +1,35 @@
+import { authPlugin } from "$api/authPlugin";
+import { conversationGroup } from "$api/routes/groups/conversations";
+import { assistantGroup } from "$api/routes/groups/assistants";
+import { userGroup } from "$api/routes/groups/user";
+import { toolGroup } from "$api/routes/groups/tools";
+import { misc } from "$api/routes/groups/misc";
+import { modelGroup } from "$api/routes/groups/models";
+
+import { Elysia } from "elysia";
+import { base } from "$app/paths";
+import { swagger } from "@elysiajs/swagger";
+
+const prefix = `${base}/api/v2` as unknown as "";
+
+export const app = new Elysia({ prefix })
+	.use(
+		swagger({
+			documentation: {
+				info: {
+					title: "Elysia Documentation",
+					version: "1.0.0",
+				},
+			},
+			provider: "swagger-ui",
+		})
+	)
+	.use(authPlugin)
+	.use(conversationGroup)
+	.use(toolGroup)
+	.use(assistantGroup)
+	.use(userGroup)
+	.use(modelGroup)
+	.use(misc);
+
+export type App = typeof app;

src/lib/server/api/routes/groups/assistants.ts

@@ -0,0 +1,180 @@
+import { Elysia, t } from "elysia";
+import { authPlugin } from "$api/authPlugin";
+import { collections } from "$lib/server/database";
+import { ObjectId, type Filter } from "mongodb";
+import { authCondition } from "$lib/server/auth";
+import { SortKey, type Assistant } from "$lib/types/Assistant";
+import type { User } from "$lib/types/User";
+import { ReviewStatus } from "$lib/types/Review";
+import { generateQueryTokens } from "$lib/utils/searchTokens";
+import { jsonSerialize, type Serialize } from "$lib/utils/serialize";
+import { config } from "$lib/server/config";
+
+export type GETAssistantsSearchResponse = {
+	assistants: Array<Serialize<Assistant>>;
+	selectedModel: string;
+	numTotalItems: number;
+	numItemsPerPage: number;
+	query: string | null;
+	sort: SortKey;
+	showUnfeatured: boolean;
+};
+
+const NUM_PER_PAGE = 24;
+
+export const assistantGroup = new Elysia().use(authPlugin).group("/assistants", (app) => {
+	return app
+		.get("/", () => {
+			// todo: get assistants
+			throw new Error("Not implemented");
+		})
+		.post("/", () => {
+			// todo: post new assistant
+			throw new Error("Not implemented");
+		})
+		.get(
+			"/search",
+			async ({ query, locals, error }) => {
+				if (!config.ENABLE_ASSISTANTS) {
+					error(403, "Assistants are not enabled");
+				}
+				const modelId = query.modelId;
+				const pageIndex = query.p ?? 0;
+				const username = query.user;
+				const search = query.q?.trim() ?? null;
+				const sort = query.sort ?? SortKey.TRENDING;
+				const showUnfeatured = query.showUnfeatured ?? false;
+				const createdByCurrentUser = locals.user?.username && locals.user.username === username;
+
+				let user: Pick<User, "_id"> | null = null;
+				if (username) {
+					user = await collections.users.findOne<Pick<User, "_id">>(
+						{ username },
+						{ projection: { _id: 1 } }
+					);
+					if (!user) {
+						error(404, `User "${username}" doesn't exist`);
+					}
+				}
+				// if we require featured assistants, that we are not on a user page and we are not an admin who wants to see unfeatured assistants, we show featured assistants
+				let shouldBeFeatured = {};
+
+				if (config.REQUIRE_FEATURED_ASSISTANTS === "true" && !(locals.isAdmin && showUnfeatured)) {
+					if (!user) {
+						// only show featured assistants on the community page
+						shouldBeFeatured = { review: ReviewStatus.APPROVED };
+					} else if (!createdByCurrentUser) {
+						// on a user page show assistants that have been approved or are pending
+						shouldBeFeatured = { review: { $in: [ReviewStatus.APPROVED, ReviewStatus.PENDING] } };
+					}
+				}
+
+				const noSpecificSearch = !user && !search;
+				// fetch the top assistants sorted by user count from biggest to smallest.
+				// filter by model too if modelId is provided or query if query is provided
+				// only show assistants that have been used by more than 5 users if no specific search is made
+				const filter: Filter<Assistant> = {
+					...(modelId && { modelId }),
+					...(user && { createdById: user._id }),
+					...(search && { searchTokens: { $all: generateQueryTokens(search) } }),
+					...(noSpecificSearch && { userCount: { $gte: 5 } }),
+					...shouldBeFeatured,
+				};
+
+				const assistants = await collections.assistants
+					.find(filter)
+					.sort({
+						...(sort === SortKey.TRENDING && { last24HoursCount: -1 }),
+						userCount: -1,
+						_id: 1,
+					})
+					.skip(NUM_PER_PAGE * pageIndex)
+					.limit(NUM_PER_PAGE)
+					.toArray();
+
+				const numTotalItems = await collections.assistants.countDocuments(filter);
+
+				return {
+					assistants: jsonSerialize(assistants),
+					selectedModel: modelId ?? "",
+					numTotalItems,
+					numItemsPerPage: NUM_PER_PAGE,
+					query: search,
+					sort,
+					showUnfeatured,
+				};
+			},
+			{
+				query: t.Object({
+					user: t.Optional(t.String()),
+					q: t.Optional(t.String()),
+					sort: t.Optional(t.Enum(SortKey)),
+					p: t.Optional(t.Numeric()),
+					showUnfeatured: t.Optional(t.Boolean()),
+					modelId: t.Optional(t.String()),
+				}),
+			}
+		)
+		.group("/:id", (app) => {
+			return app
+				.derive(async ({ params, error }) => {
+					const assistant = await collections.assistants.findOne({
+						_id: new ObjectId(params.id),
+					});
+
+					if (!assistant) {
+						return error(404, "Assistant not found");
+					}
+
+					return { assistant };
+				})
+				.get("", ({ assistant }) => {
+					return assistant;
+				})
+				.patch("", () => {
+					// todo: patch assistant
+					throw new Error("Not implemented");
+				})
+				.delete("/", () => {
+					// todo: delete assistant
+					throw new Error("Not implemented");
+				})
+				.post("/report", () => {
+					// todo: report assistant
+					throw new Error("Not implemented");
+				})
+				.patch("/review", () => {
+					// todo: review assistant
+					throw new Error("Not implemented");
+				})
+				.post("/follow", async ({ locals, assistant }) => {
+					const result = await collections.settings.updateOne(authCondition(locals), {
+						$addToSet: { assistants: assistant._id },
+						$set: { activeModel: assistant._id.toString() },
+					});
+
+					if (result.modifiedCount > 0) {
+						await collections.assistants.updateOne(
+							{ _id: assistant._id },
+							{ $inc: { userCount: 1 } }
+						);
+					}
+
+					return { message: "Assistant subscribed" };
+				})
+				.delete("/follow", async ({ locals, assistant }) => {
+					const result = await collections.settings.updateOne(authCondition(locals), {
+						$pull: { assistants: assistant._id },
+					});
+
+					if (result.modifiedCount > 0) {
+						await collections.assistants.updateOne(
+							{ _id: assistant._id },
+							{ $inc: { userCount: -1 } }
+						);
+					}
+
+					return { message: "Assistant unsubscribed" };
+				});
+		});
+});

src/lib/server/api/routes/groups/conversations.ts

@@ -0,0 +1,171 @@
+import { Elysia, error, t } from "elysia";
+import { authPlugin } from "$api/authPlugin";
+import { collections } from "$lib/server/database";
+import { ObjectId } from "mongodb";
+import { authCondition } from "$lib/server/auth";
+import { models } from "$lib/server/models";
+import { convertLegacyConversation } from "$lib/utils/tree/convertLegacyConversation";
+import type { Conversation } from "$lib/types/Conversation";
+import { jsonSerialize } from "$lib/utils/serialize";
+import { CONV_NUM_PER_PAGE } from "$lib/constants/pagination";
+
+export const conversationGroup = new Elysia().use(authPlugin).group("/conversations", (app) => {
+	return app
+		.guard({
+			as: "scoped",
+			beforeHandle: async ({ locals }) => {
+				if (!locals.user?._id && !locals.sessionId) {
+					return error(401, "Must have a valid session or user");
+				}
+			},
+		})
+		.get(
+			"",
+			async ({ locals, query }) => {
+				const convs = await collections.conversations
+					.find(authCondition(locals))
+					.project<Pick<Conversation, "_id" | "title" | "updatedAt" | "model" | "assistantId">>({
+						title: 1,
+						updatedAt: 1,
+						model: 1,
+						assistantId: 1,
+					})
+					.sort({ updatedAt: -1 })
+					.skip((query.p ?? 0) * CONV_NUM_PER_PAGE)
+					.limit(CONV_NUM_PER_PAGE)
+					.toArray();
+
+				const nConversations = await collections.conversations.countDocuments(
+					authCondition(locals)
+				);
+
+				const res = convs.map((conv) => ({
+					_id: conv._id,
+					id: conv._id, // legacy param iOS
+					title: conv.title,
+					updatedAt: conv.updatedAt,
+					model: conv.model,
+					modelId: conv.model, // legacy param iOS
+					assistantId: conv.assistantId,
+					modelTools: models.find((m) => m.id == conv.model)?.tools ?? false,
+				}));
+
+				return { conversations: res, nConversations };
+			},
+			{
+				query: t.Object({
+					p: t.Optional(t.Number()),
+				}),
+			}
+		)
+		.delete("", async ({ locals }) => {
+			const res = await collections.conversations.deleteMany({
+				...authCondition(locals),
+			});
+			return res.deletedCount;
+		})
+		.group(
+			"/:id",
+			{
+				params: t.Object({
+					id: t.String(),
+				}),
+			},
+			(app) => {
+				return app
+					.derive(async ({ locals, params, error }) => {
+						let conversation;
+						let shared = false;
+
+						// if the conver
+						if (params.id.length === 7) {
+							// shared link of length 7
+							conversation = await collections.sharedConversations.findOne({
+								_id: params.id,
+							});
+							shared = true;
+
+							if (!conversation) {
+								return error(404, "Conversation not found");
+							}
+						} else {
+							// todo: add validation on params.id
+							try {
+								new ObjectId(params.id);
+							} catch {
+								return error(400, "Invalid conversation ID format");
+							}
+							conversation = await collections.conversations.findOne({
+								_id: new ObjectId(params.id),
+								...authCondition(locals),
+							});
+
+							if (!conversation) {
+								const conversationExists =
+									(await collections.conversations.countDocuments({
+										_id: new ObjectId(params.id),
+									})) !== 0;
+
+								if (conversationExists) {
+									return error(
+										403,
+										"You don't have access to this conversation. If someone gave you this link, ask them to use the 'share' feature instead."
+									);
+								}
+
+								return error(404, "Conversation not found.");
+							}
+						}
+
+						const convertedConv = {
+							...conversation,
+							...convertLegacyConversation(conversation),
+							shared,
+						};
+
+						return { conversation: convertedConv };
+					})
+					.get("", async ({ conversation }) => {
+						return jsonSerialize({
+							messages: conversation.messages,
+							title: conversation.title,
+							model: conversation.model,
+							preprompt: conversation.preprompt,
+							rootMessageId: conversation.rootMessageId,
+							assistant: conversation.assistantId
+								? jsonSerialize(
+										(await collections.assistants.findOne({
+											_id: new ObjectId(conversation.assistantId),
+										})) ?? undefined
+									)
+								: undefined,
+							id: conversation._id.toString(),
+							updatedAt: conversation.updatedAt,
+							modelId: conversation.model,
+							assistantId: conversation.assistantId,
+							modelTools: models.find((m) => m.id == conversation.model)?.tools ?? false,
+							shared: conversation.shared,
+						});
+					})
+					.post("", () => {
+						// todo: post new message
+						throw new Error("Not implemented");
+					})
+					.delete("", () => {
+						throw new Error("Not implemented");
+					})
+					.get("/output/:sha256", () => {
+						// todo: get output
+						throw new Error("Not implemented");
+					})
+					.post("/share", () => {
+						// todo: share conversation
+						throw new Error("Not implemented");
+					})
+					.post("/stop-generating", () => {
+						// todo: stop generating
+						throw new Error("Not implemented");
+					});
+			}
+		);
+});

src/lib/server/api/routes/groups/misc.ts

@@ -0,0 +1,77 @@
+import { Elysia } from "elysia";
+import { authPlugin } from "../../authPlugin";
+import { requiresUser } from "$lib/server/auth";
+import { collections } from "$lib/server/database";
+import { authCondition } from "$lib/server/auth";
+import { config } from "$lib/server/config";
+
+export interface FeatureFlags {
+	searchEnabled: boolean;
+	enableAssistants: boolean;
+	enableAssistantsRAG: boolean;
+	enableCommunityTools: boolean;
+	loginEnabled: boolean;
+	loginRequired: boolean;
+	guestMode: boolean;
+	isAdmin: boolean;
+}
+
+export const misc = new Elysia()
+	.use(authPlugin)
+	.get("/public-config", async () => config.getPublicConfig())
+	.get("/feature-flags", async ({ locals }) => {
+		let loginRequired = false;
+		const messagesBeforeLogin = config.MESSAGES_BEFORE_LOGIN
+			? parseInt(config.MESSAGES_BEFORE_LOGIN)
+			: 0;
+		const nConversations = await collections.conversations.countDocuments(authCondition(locals));
+
+		if (requiresUser && !locals.user) {
+			if (messagesBeforeLogin === 0) {
+				loginRequired = true;
+			} else if (nConversations >= messagesBeforeLogin) {
+				loginRequired = true;
+			} else {
+				// get the number of messages where `from === "assistant"` across all conversations.
+				const totalMessages =
+					(
+						await collections.conversations
+							.aggregate([
+								{ $match: { ...authCondition(locals), "messages.from": "assistant" } },
+								{ $project: { messages: 1 } },
+								{ $limit: messagesBeforeLogin + 1 },
+								{ $unwind: "$messages" },
+								{ $match: { "messages.from": "assistant" } },
+								{ $count: "messages" },
+							])
+							.toArray()
+					)[0]?.messages ?? 0;
+
+				loginRequired = totalMessages >= messagesBeforeLogin;
+			}
+		}
+
+		return {
+			searchEnabled: !!(
+				config.SERPAPI_KEY ||
+				config.SERPER_API_KEY ||
+				config.SERPSTACK_API_KEY ||
+				config.SEARCHAPI_KEY ||
+				config.YDC_API_KEY ||
+				config.USE_LOCAL_WEBSEARCH ||
+				config.SEARXNG_QUERY_URL ||
+				config.BING_SUBSCRIPTION_KEY
+			),
+			enableAssistants: config.ENABLE_ASSISTANTS === "true",
+			enableAssistantsRAG: config.ENABLE_ASSISTANTS_RAG === "true",
+			enableCommunityTools: config.COMMUNITY_TOOLS === "true",
+			loginEnabled: requiresUser, // misnomer, this is actually whether the feature is available, not required
+			loginRequired,
+			guestMode: requiresUser && messagesBeforeLogin > 0,
+			isAdmin: locals.isAdmin,
+		} satisfies FeatureFlags;
+	})
+	.get("/spaces-config", () => {
+		// todo: get spaces config
+		return;
+	});

src/lib/server/api/routes/groups/models.ts

@@ -0,0 +1,106 @@
+import { Elysia } from "elysia";
+import { models, oldModels, type BackendModel } from "$lib/server/models";
+import { authPlugin } from "../../authPlugin";
+import { authCondition } from "$lib/server/auth";
+import { collections } from "$lib/server/database";
+
+export type GETModelsResponse = Array<{
+	id: string;
+	name: string;
+	websiteUrl?: string;
+	modelUrl?: string;
+	tokenizer?: string | { tokenizerUrl: string; tokenizerConfigUrl: string };
+	datasetName?: string;
+	datasetUrl?: string;
+	displayName: string;
+	description?: string;
+	reasoning: boolean;
+	logoUrl?: string;
+	promptExamples?: { title: string; prompt: string }[];
+	parameters: BackendModel["parameters"];
+	preprompt?: string;
+	multimodal: boolean;
+	multimodalAcceptedMimetypes?: string[];
+	tools: boolean;
+	unlisted: boolean;
+	hasInferenceAPI: boolean;
+}>;
+
+export type GETOldModelsResponse = Array<{
+	id: string;
+	name: string;
+	displayName: string;
+	transferTo?: string;
+}>;
+
+export const modelGroup = new Elysia().group("/models", (app) =>
+	app
+		.get("/", () => {
+			return models
+				.filter((m) => m.unlisted == false)
+				.map((model) => ({
+					id: model.id,
+					name: model.name,
+					websiteUrl: model.websiteUrl,
+					modelUrl: model.modelUrl,
+					tokenizer: model.tokenizer,
+					datasetName: model.datasetName,
+					datasetUrl: model.datasetUrl,
+					displayName: model.displayName,
+					description: model.description,
+					reasoning: !!model.reasoning,
+					logoUrl: model.logoUrl,
+					promptExamples: model.promptExamples,
+					parameters: model.parameters,
+					preprompt: model.preprompt,
+					multimodal: model.multimodal,
+					multimodalAcceptedMimetypes: model.multimodalAcceptedMimetypes,
+					tools: model.tools,
+					unlisted: model.unlisted,
+					hasInferenceAPI: model.hasInferenceAPI,
+				})) satisfies GETModelsResponse;
+		})
+		.get("/old", () => {
+			return oldModels satisfies GETOldModelsResponse;
+		})
+		.group("/:namespace/:model?", (app) =>
+			app
+				.derive(async ({ params, error }) => {
+					let modelId: string = params.namespace;
+					if (params.model) {
+						modelId += "/" + params.model;
+					}
+					const model = models.find((m) => m.id === modelId);
+					if (!model || model.unlisted) {
+						return error(404, "Model not found");
+					}
+					return { model };
+				})
+				.get("/", ({ model }) => {
+					return model;
+				})
+				.use(authPlugin)
+				.post("/subscribe", async ({ locals, model, error }) => {
+					if (!locals.sessionId) {
+						return error(401, "Unauthorized");
+					}
+					await collections.settings.updateOne(
+						authCondition(locals),
+						{
+							$set: {
+								activeModel: model.id,
+								updatedAt: new Date(),
+							},
+							$setOnInsert: {
+								createdAt: new Date(),
+							},
+						},
+						{
+							upsert: true,
+						}
+					);
+
+					return new Response();
+				})
+		)
+);

src/lib/server/api/routes/groups/tools.ts

@@ -0,0 +1,253 @@
+import { Elysia, t } from "elysia";
+import { authPlugin } from "$api/authPlugin";
+import { ReviewStatus } from "$lib/types/Review";
+import { toolFromConfigs } from "$lib/server/tools";
+import { collections } from "$lib/server/database";
+import { ObjectId, type Filter } from "mongodb";
+import type { CommunityToolDB, ConfigTool, ToolFront, ToolInputFile } from "$lib/types/Tool";
+import { MetricsServer } from "$lib/server/metrics";
+import { authCondition } from "$lib/server/auth";
+import { SortKey } from "$lib/types/Assistant";
+import type { User } from "$lib/types/User";
+import { generateQueryTokens, generateSearchTokens } from "$lib/utils/searchTokens";
+import { jsonSerialize, type Serialize } from "$lib/utils/serialize";
+import { config } from "$lib/server/config";
+
+const NUM_PER_PAGE = 16;
+
+export type GETToolsResponse = Array<ToolFront>;
+export type GETToolsSearchResponse = {
+	tools: Array<Serialize<ConfigTool | CommunityToolDB>>;
+	numTotalItems: number;
+	numItemsPerPage: number;
+	query: string | null;
+	sort: SortKey;
+	showUnfeatured: boolean;
+};
+
+export const toolGroup = new Elysia().use(authPlugin).group("/tools", (app) => {
+	return app
+		.get("/active", async ({ locals }) => {
+			const settings = await collections.settings.findOne(authCondition(locals));
+
+			if (!settings) {
+				return [];
+			}
+
+			const toolUseDuration = (await MetricsServer.getMetrics().tool.toolUseDuration.get()).values;
+
+			const activeCommunityToolIds = settings.tools ?? [];
+
+			const communityTools = await collections.tools
+				.find({ _id: { $in: activeCommunityToolIds.map((el) => new ObjectId(el)) } })
+				.toArray()
+				.then((tools) =>
+					tools.map((tool) => ({
+						...tool,
+						isHidden: false,
+						isOnByDefault: true,
+						isLocked: true,
+					}))
+				);
+
+			const fullTools = [...communityTools, ...toolFromConfigs];
+
+			return fullTools
+				.filter((tool) => !tool.isHidden)
+				.map(
+					(tool) =>
+						({
+							_id: tool._id.toString(),
+							type: tool.type,
+							displayName: tool.displayName,
+							name: tool.name,
+							description: tool.description,
+							mimeTypes: (tool.inputs ?? [])
+								.filter((input): input is ToolInputFile => input.type === "file")
+								.map((input) => (input as ToolInputFile).mimeTypes)
+								.flat(),
+							isOnByDefault: tool.isOnByDefault ?? true,
+							isLocked: tool.isLocked ?? true,
+							timeToUseMS:
+								toolUseDuration.find(
+									(el) => el.labels.tool === tool._id.toString() && el.labels.quantile === 0.9
+								)?.value ?? 15_000,
+							color: tool.color,
+							icon: tool.icon,
+						}) satisfies ToolFront
+				);
+		})
+		.get(
+			"/search",
+			async ({ query, locals, error }) => {
+				if (config.COMMUNITY_TOOLS !== "true") {
+					error(403, "Community tools are not enabled");
+				}
+
+				const username = query.user;
+				const search = query.q?.trim() ?? null;
+
+				const pageIndex = query.p ?? 0;
+				const sort = query.sort ?? SortKey.TRENDING;
+				const createdByCurrentUser = locals.user?.username && locals.user.username === username;
+				const activeOnly = query.active ?? false;
+				const showUnfeatured = query.showUnfeatured ?? false;
+
+				let user: Pick<User, "_id"> | null = null;
+				if (username) {
+					user = await collections.users.findOne<Pick<User, "_id">>(
+						{ username },
+						{ projection: { _id: 1 } }
+					);
+					if (!user) {
+						error(404, `User "${username}" doesn't exist`);
+					}
+				}
+
+				const settings = await collections.settings.findOne(authCondition(locals));
+
+				if (!settings && activeOnly) {
+					error(404, "No user settings found");
+				}
+
+				const queryTokens = !!search && generateQueryTokens(search);
+
+				const filter: Filter<CommunityToolDB> = {
+					...(!createdByCurrentUser &&
+						!activeOnly &&
+						!(locals.isAdmin && showUnfeatured) && { review: ReviewStatus.APPROVED }),
+					...(user && { createdById: user._id }),
+					...(queryTokens && { searchTokens: { $all: queryTokens } }),
+					...(activeOnly && {
+						_id: {
+							$in: (settings?.tools ?? []).map((key) => {
+								return new ObjectId(key);
+							}),
+						},
+					}),
+				};
+
+				const communityTools = await collections.tools
+					.find(filter)
+					.skip(NUM_PER_PAGE * pageIndex)
+					.sort({
+						...(sort === SortKey.TRENDING && { last24HoursUseCount: -1 }),
+						useCount: -1,
+					})
+					.limit(NUM_PER_PAGE)
+					.toArray();
+
+				const configTools = toolFromConfigs
+					.filter((tool) => !tool?.isHidden)
+					.filter((tool) => {
+						if (queryTokens) {
+							return generateSearchTokens(tool.displayName).some((token) =>
+								queryTokens.some((queryToken) => queryToken.test(token))
+							);
+						}
+						return true;
+					});
+
+				const tools = [...(pageIndex == 0 && !username ? configTools : []), ...communityTools];
+
+				const numTotalItems =
+					(await collections.tools.countDocuments(filter)) + toolFromConfigs.length;
+
+				return {
+					tools: jsonSerialize(tools),
+					numTotalItems,
+					numItemsPerPage: NUM_PER_PAGE,
+					query: search,
+					sort,
+					showUnfeatured,
+				} satisfies GETToolsSearchResponse;
+			},
+			{
+				query: t.Object({
+					user: t.Optional(t.String()),
+					q: t.Optional(t.String()),
+					sort: t.Optional(t.Enum(SortKey)),
+					p: t.Optional(t.Numeric()),
+					showUnfeatured: t.Optional(t.Boolean()),
+					active: t.Optional(t.Boolean()),
+				}),
+			}
+		)
+		.get("/count", () => {
+			// return community tool count
+			return collections.tools.countDocuments({ type: "community", review: ReviewStatus.APPROVED });
+		})
+		.group("/:id", (app) => {
+			return app
+				.derive(async ({ params, error, locals }) => {
+					const tool = await collections.tools.findOne({ _id: new ObjectId(params.id) });
+
+					if (!tool) {
+						const tool = toolFromConfigs.find((el) => el._id.toString() === params.id);
+						if (!tool) {
+							throw error(404, "Tool not found");
+						} else {
+							return {
+								tool: {
+									...tool,
+									_id: tool._id.toString(),
+									call: undefined,
+									createdById: null,
+									createdByName: null,
+									createdByMe: false,
+									reported: false,
+									review: ReviewStatus.APPROVED,
+								},
+							};
+						}
+					} else {
+						const reported = await collections.reports.findOne({
+							contentId: tool._id,
+							object: "tool",
+						});
+
+						return {
+							tool: {
+								...tool,
+								_id: tool._id.toString(),
+								call: undefined,
+								createdById: tool.createdById.toString(),
+								createdByMe:
+									tool.createdById.toString() === (locals.user?._id ?? locals.sessionId).toString(),
+								reported: !!reported,
+							},
+						};
+					}
+				})
+				.get("", ({ tool }) => {
+					return tool;
+				})
+				.post("/", () => {
+					// todo: post new tool
+					throw new Error("Not implemented");
+				})
+				.group("/:toolId", (app) => {
+					return app
+						.get("/", () => {
+							// todo: get tool
+							throw new Error("Not implemented");
+						})
+						.patch("/", () => {
+							// todo: patch tool
+							throw new Error("Not implemented");
+						})
+						.delete("/", () => {
+							// todo: delete tool
+							throw new Error("Not implemented");
+						})
+						.post("/report", () => {
+							// todo: report tool
+							throw new Error("Not implemented");
+						})
+						.patch("/review", () => {
+							// todo: review tool
+							throw new Error("Not implemented");
+						});
+				});
+		});
+});

src/lib/server/api/routes/groups/user.ts

@@ -0,0 +1,197 @@
+import { Elysia } from "elysia";
+import { authPlugin } from "$api/authPlugin";
+import { defaultModel } from "$lib/server/models";
+import { collections } from "$lib/server/database";
+import { authCondition } from "$lib/server/auth";
+import { models, validateModel } from "$lib/server/models";
+import { DEFAULT_SETTINGS, type SettingsEditable } from "$lib/types/Settings";
+import { toolFromConfigs } from "$lib/server/tools";
+import { ObjectId } from "mongodb";
+import { z } from "zod";
+import { jsonSerialize } from "$lib/utils/serialize";
+
+export const userGroup = new Elysia()
+	.use(authPlugin)
+	.get("/login", () => {
+		// todo: login
+		throw new Error("Not implemented");
+	})
+	.get("/login/callback", () => {
+		// todo: login callback
+		throw new Error("Not implemented");
+	})
+	.post("/logout", () => {
+		// todo: logout
+		throw new Error("Not implemented");
+	})
+	.group("/user", (app) => {
+		return app
+			.get("/", ({ locals }) => {
+				return locals.user
+					? {
+							id: locals.user._id.toString(),
+							username: locals.user.username,
+							avatarUrl: locals.user.avatarUrl,
+							email: locals.user.email,
+							logoutDisabled: locals.user.logoutDisabled,
+							isAdmin: locals.user.isAdmin ?? false,
+							isEarlyAccess: locals.user.isEarlyAccess ?? false,
+						}
+					: null;
+			})
+			.get("/settings", async ({ locals }) => {
+				const settings = await collections.settings.findOne(authCondition(locals));
+
+				if (
+					settings &&
+					!validateModel(models).safeParse(settings?.activeModel).success &&
+					!settings.assistants?.map((el) => el.toString())?.includes(settings?.activeModel)
+				) {
+					settings.activeModel = defaultModel.id;
+					await collections.settings.updateOne(authCondition(locals), {
+						$set: { activeModel: defaultModel.id },
+					});
+				}
+
+				// if the model is unlisted, set the active model to the default model
+				if (
+					settings?.activeModel &&
+					models.find((m) => m.id === settings?.activeModel)?.unlisted === true
+				) {
+					settings.activeModel = defaultModel.id;
+					await collections.settings.updateOne(authCondition(locals), {
+						$set: { activeModel: defaultModel.id },
+					});
+				}
+
+				// todo: get user settings
+				return {
+					ethicsModalAccepted: !!settings?.ethicsModalAcceptedAt,
+					ethicsModalAcceptedAt: settings?.ethicsModalAcceptedAt ?? null,
+
+					activeModel: settings?.activeModel ?? DEFAULT_SETTINGS.activeModel,
+					hideEmojiOnSidebar: settings?.hideEmojiOnSidebar ?? DEFAULT_SETTINGS.hideEmojiOnSidebar,
+					disableStream: settings?.disableStream ?? DEFAULT_SETTINGS.disableStream,
+					directPaste: settings?.directPaste ?? DEFAULT_SETTINGS.directPaste,
+					shareConversationsWithModelAuthors:
+						settings?.shareConversationsWithModelAuthors ??
+						DEFAULT_SETTINGS.shareConversationsWithModelAuthors,
+
+					customPrompts: settings?.customPrompts ?? {},
+					assistants: settings?.assistants?.map((assistantId) => assistantId.toString()) ?? [],
+					tools:
+						settings?.tools ??
+						toolFromConfigs
+							.filter((el) => !el.isHidden && el.isOnByDefault)
+							.map((el) => el._id.toString()),
+				};
+			})
+			.post("/settings", async ({ locals, request }) => {
+				const body = await request.json();
+
+				const { ethicsModalAccepted, ...settings } = z
+					.object({
+						shareConversationsWithModelAuthors: z
+							.boolean()
+							.default(DEFAULT_SETTINGS.shareConversationsWithModelAuthors),
+						hideEmojiOnSidebar: z.boolean().default(DEFAULT_SETTINGS.hideEmojiOnSidebar),
+						ethicsModalAccepted: z.boolean().optional(),
+						activeModel: z.string().default(DEFAULT_SETTINGS.activeModel),
+						customPrompts: z.record(z.string()).default({}),
+						tools: z.array(z.string()).optional(),
+						disableStream: z.boolean().default(false),
+						directPaste: z.boolean().default(false),
+					})
+					.parse(body) satisfies SettingsEditable;
+
+				// make sure all tools exist
+				// either in db or in config
+				if (settings.tools) {
+					const newTools = [
+						...(await collections.tools
+							.find({ _id: { $in: settings.tools.map((toolId) => new ObjectId(toolId)) } })
+							.project({ _id: 1 })
+							.toArray()
+							.then((tools) => tools.map((tool) => tool._id.toString()))),
+						...toolFromConfigs
+							.filter((el) => (settings?.tools ?? []).includes(el._id.toString()))
+							.map((el) => el._id.toString()),
+					];
+
+					settings.tools = newTools;
+				}
+
+				await collections.settings.updateOne(
+					authCondition(locals),
+					{
+						$set: {
+							...settings,
+							...(ethicsModalAccepted && { ethicsModalAcceptedAt: new Date() }),
+							updatedAt: new Date(),
+						},
+						$setOnInsert: {
+							createdAt: new Date(),
+						},
+					},
+					{
+						upsert: true,
+					}
+				);
+				// return ok response
+				return new Response();
+			})
+			.get("/reports", async ({ locals }) => {
+				if (!locals.user || !locals.sessionId) {
+					return [];
+				}
+
+				const reports = await collections.reports
+					.find({
+						createdBy: locals.user?._id ?? locals.sessionId,
+					})
+					.toArray()
+					.then((el) => el.map((el) => jsonSerialize(el)));
+				return reports;
+			})
+			.get("/assistant/active", async ({ locals }) => {
+				const settings = await collections.settings.findOne(authCondition(locals));
+
+				if (!settings) {
+					return null;
+				}
+
+				if (settings.assistants?.map((el) => el.toString())?.includes(settings?.activeModel)) {
+					return await collections.assistants.findOne({
+						_id: new ObjectId(settings.activeModel),
+					});
+				}
+
+				return null;
+			})
+			.get("/assistants", async ({ locals }) => {
+				const settings = await collections.settings.findOne(authCondition(locals));
+
+				if (!settings) {
+					return [];
+				}
+
+				const userAssistants =
+					settings?.assistants?.map((assistantId) => assistantId.toString()) ?? [];
+
+				const assistants = await collections.assistants
+					.find({
+						_id: {
+							$in: [...userAssistants.map((el) => new ObjectId(el))],
+						},
+					})
+					.toArray();
+
+				return assistants.map((el) => ({
+					...el,
+					_id: el._id.toString(),
+					createdById: undefined,
+					createdByMe:
+						el.createdById.toString() === (locals.user?._id ?? locals.sessionId).toString(),
+				}));
+			});
+	});

src/lib/server/auth.ts

@@ -14,6 +14,9 @@ import type { Cookies } from "@sveltejs/kit";
 import { collections } from "$lib/server/database";
 import JSON5 from "json5";
 import { logger } from "$lib/server/logger";
+import { ObjectId } from "mongodb";
+import type { Cookie } from "elysia";
+import { adminTokenManager } from "./adminToken";
 
 export interface OIDCSettings {
 	redirectURI: string;
@@ -79,6 +82,10 @@ export async function findUser(sessionId: string) {
 	return await collections.users.findOne({ _id: session.userId });
 }
 export const authCondition = (locals: App.Locals) => {
+	if (!locals.user && !locals.sessionId) {
+		throw new Error("User or sessionId is required");
+	}
+
 	return locals.user
 		? { userId: locals.user._id }
 		: { sessionId: locals.sessionId, userId: { $exists: false } };
@@ -165,6 +172,7 @@ export async function validateAndParseCsrfToken(
 				signature: z.string().length(64),
 			})
 			.parse(JSON.parse(token));
+
 		const reconstructSign = await sha256(JSON.stringify(data) + "##" + sessionId);
 
 		if (data.expiration > Date.now() && signature === reconstructSign) {
@@ -175,3 +183,131 @@ export async function validateAndParseCsrfToken(
 	}
 	return null;
 }
+
+type CookieRecord =
+	| { type: "elysia"; value: Record<string, Cookie<string | undefined>> }
+	| { type: "svelte"; value: Cookies };
+type HeaderRecord =
+	| { type: "elysia"; value: Record<string, string | undefined> }
+	| { type: "svelte"; value: Headers };
+
+export async function authenticateRequest(
+	headers: HeaderRecord,
+	cookie: CookieRecord,
+	isApi?: boolean
+): Promise<App.Locals & { secretSessionId: string }> {
+	// once the entire API has been moved to elysia
+	// we can move this function to authPlugin.ts
+	// and get rid of the isApi && type: "svelte" options
+	const token =
+		cookie.type === "elysia"
+			? cookie.value[config.COOKIE_NAME].value
+			: cookie.value.get(config.COOKIE_NAME);
+
+	let email = null;
+	if (config.TRUSTED_EMAIL_HEADER) {
+		if (headers.type === "elysia") {
+			email = headers.value[config.TRUSTED_EMAIL_HEADER];
+		} else {
+			email = headers.value.get(config.TRUSTED_EMAIL_HEADER);
+		}
+	}
+
+	let secretSessionId: string | null = null;
+	let sessionId: string | null = null;
+
+	if (email) {
+		secretSessionId = sessionId = await sha256(email);
+		return {
+			user: {
+				_id: new ObjectId(sessionId.slice(0, 24)),
+				name: email,
+				email,
+				createdAt: new Date(),
+				updatedAt: new Date(),
+				hfUserId: email,
+				avatarUrl: "",
+				logoutDisabled: true,
+			},
+			sessionId,
+			secretSessionId,
+			isAdmin: adminTokenManager.isAdmin(sessionId),
+		};
+	}
+
+	if (token) {
+		secretSessionId = token;
+		sessionId = await sha256(token);
+		const user = await findUser(sessionId);
+		return {
+			user: user ?? undefined,
+			sessionId,
+			secretSessionId,
+			isAdmin: user?.isAdmin || adminTokenManager.isAdmin(sessionId),
+		};
+	}
+
+	if (isApi) {
+		const authorization =
+			headers.type === "elysia"
+				? headers.value["Authorization"]
+				: headers.value.get("Authorization");
+		if (authorization?.startsWith("Bearer ")) {
+			const token = authorization.slice(7);
+			const hash = await sha256(token);
+			sessionId = secretSessionId = hash;
+
+			const cacheHit = await collections.tokenCaches.findOne({ tokenHash: hash });
+			if (cacheHit) {
+				const user = await collections.users.findOne({ hfUserId: cacheHit.userId });
+				if (!user) {
+					throw new Error("User not found");
+				}
+				return {
+					user,
+					sessionId,
+					secretSessionId,
+					isAdmin: user.isAdmin || adminTokenManager.isAdmin(sessionId),
+				};
+			}
+
+			const response = await fetch("https://huggingface.co/api/whoami-v2", {
+				headers: { Authorization: `Bearer ${token}` },
+			});
+
+			if (!response.ok) {
+				throw new Error("Unauthorized");
+			}
+
+			const data = await response.json();
+			const user = await collections.users.findOne({ hfUserId: data.id });
+			if (!user) {
+				throw new Error("User not found");
+			}
+
+			await collections.tokenCaches.insertOne({
+				tokenHash: hash,
+				userId: data.id,
+				createdAt: new Date(),
+				updatedAt: new Date(),
+			});
+
+			return {
+				user,
+				sessionId,
+				secretSessionId,
+				isAdmin: user.isAdmin || adminTokenManager.isAdmin(sessionId),
+			};
+		}
+	}
+
+	// Generate new session if none exists
+	secretSessionId = crypto.randomUUID();
+	sessionId = await sha256(secretSessionId);
+
+	if (await collections.sessions.findOne({ sessionId })) {
+		throw new Error("Session ID collision");
+	}
+
+	return { user: undefined, sessionId, secretSessionId, isAdmin: false };
+}

src/lib/server/config.ts

@@ -1,6 +1,6 @@
 import { env as publicEnv } from "$env/dynamic/public";
 import { env as serverEnv } from "$env/dynamic/private";
-import { publicConfig } from "$lib/utils/PublicConfig.svelte";
+import { serverPublicConfig } from "$lib/utils/PublicConfig.svelte";
 import { building } from "$app/environment";
 import type { Collection } from "mongodb";
 import type { ConfigKey as ConfigKeyType } from "$lib/types/ConfigKey";
@@ -152,7 +152,7 @@ const configManager = new ConfigManager();
 export const ready = (async () => {
 	if (!building) {
 		await configManager.init().then(() => {
-			publicConfig.init(configManager.getPublicConfig());
+			serverPublicConfig.init(configManager.getPublicConfig());
 		});
 	}
 })();

src/lib/server/isURLLocal.ts

@@ -1,5 +1,6 @@
 import { Address6, Address4 } from "ip-address";
 import dns from "node:dns";
+import { isIP } from "node:net";
 
 const dnsLookup = (hostname: string): Promise<{ address: string; family: number }> => {
 	return new Promise((resolve, reject) => {
@@ -36,3 +37,12 @@ export function isURLStringLocal(url: string) {
 		return true;
 	}
 }
+
+export function isHostLocalhost(host: string): boolean {
+	if (host === "localhost") return true;
+	if (host === "::1" || host === "[::1]") return true;
+	if (host.startsWith("127.") && isIP(host)) return true;
+	if (host.endsWith(".localhost")) return true;
+
+	return false;
+}

src/lib/server/models.ts

@@ -13,6 +13,7 @@ import JSON5 from "json5";
 import { getTokenizer } from "$lib/utils/getTokenizer";
 import { logger } from "$lib/server/logger";
 import { type ToolInput } from "$lib/types/Tool";
+import { fetchJSON } from "$lib/utils/fetchJSON";
 import { join, dirname } from "path";
 import { fileURLToPath } from "url";
 import { findRepoRoot } from "./findRepoRoot";
@@ -346,13 +347,12 @@ const addEndpoint = (m: Awaited<ReturnType<typeof processModel>>) => ({
 });
 
 const inferenceApiIds = config.isHuggingChat
-	? await fetch(
+	? await fetchJSON<{ id: string }[]>(
 			"https://huggingface.co/api/models?pipeline_tag=text-generation&inference=warm&filter=conversational"
 		)
-			.then((r) => r.json())
-			.then((json) => json.map((r: { id: string }) => r.id))
-			.catch((err) => {
-				logger.error(err, "Failed to fetch inference API ids");
+			.then((arr) => arr?.map((r) => r.id) || [])
+			.catch(() => {
+				logger.error("Failed to fetch inference API ids");
 				return [];
 			})
 	: [];

src/lib/types/ConvSidebar.ts

@@ -4,5 +4,5 @@ export interface ConvSidebar {
 	updatedAt: Date;
 	model?: string;
 	assistantId?: string;
-	avatarUrl?: string;
+	avatarUrl?: string | Promise<string | undefined>;
 }

src/lib/types/UrlDependency.ts

@@ -1,5 +1,5 @@
 /* eslint-disable no-shadow */
 export enum UrlDependency {
 	ConversationList = "conversation:list",
-	Conversation = "conversation",
+	Conversation = "conversation:id",
 }

src/lib/utils/PublicConfig.svelte.ts

@@ -1,12 +1,21 @@
 import type { env as publicEnv } from "$env/dynamic/public";
+import { page } from "$app/state";
+import { base } from "$app/paths";
+
+import type { Transporter } from "@sveltejs/kit";
+import { getContext } from "svelte";
 
 type PublicConfigKey = keyof typeof publicEnv;
 
 class PublicConfigManager {
 	#configStore = $state<Record<PublicConfigKey, string>>({});
 
-	constructor() {
+	constructor(initialConfig?: Record<PublicConfigKey, string>) {
 		this.init = this.init.bind(this);
+		this.getPublicConfig = this.getPublicConfig.bind(this);
+		if (initialConfig) {
+			this.init(initialConfig);
+		}
 	}
 
 	init(publicConfig: Record<PublicConfigKey, string>) {
@@ -17,29 +26,53 @@ class PublicConfigManager {
 		return this.#configStore[key];
 	}
 
+	getPublicConfig() {
+		return this.#configStore;
+	}
+
 	get isHuggingChat() {
 		return this.#configStore.PUBLIC_APP_ASSETS === "huggingchat";
 	}
+
+	get assetPath() {
+		return (
+			(this.#configStore.PUBLIC_ORIGIN || page.url.origin) +
+			base +
+			"/" +
+			this.#configStore.PUBLIC_APP_ASSETS
+		);
+	}
 }
+type ConfigProxy = PublicConfigManager & { [K in PublicConfigKey]: string };
 
-const publicConfigManager = new PublicConfigManager();
+export function getConfigManager(initialConfig?: Record<PublicConfigKey, string>) {
+	const publicConfigManager = new PublicConfigManager(initialConfig);
 
-type ConfigProxy = PublicConfigManager & { [K in PublicConfigKey]: string };
+	const publicConfig: ConfigProxy = new Proxy(publicConfigManager, {
+		get(target, prop) {
+			if (prop in target) {
+				return Reflect.get(target, prop);
+			}
+			if (typeof prop === "string") {
+				return target.get(prop as PublicConfigKey);
+			}
+			return undefined;
+		},
+		set(target, prop, value, receiver) {
+			if (prop in target) {
+				return Reflect.set(target, prop, value, receiver);
+			}
+			return false;
+		},
+	}) as ConfigProxy;
+	return publicConfig;
+}
 
-export const publicConfig: ConfigProxy = new Proxy(publicConfigManager, {
-	get(target, prop) {
-		if (prop in target) {
-			return Reflect.get(target, prop);
-		}
-		if (typeof prop === "string") {
-			return target.get(prop as PublicConfigKey);
-		}
-		return undefined;
-	},
-	set(target, prop, value, receiver) {
-		if (prop in target) {
-			return Reflect.set(target, prop, value, receiver);
-		}
-		return false;
-	},
-}) as ConfigProxy;
+export const publicConfigTransporter: Transporter = {
+	encode: (value) =>
+		value instanceof PublicConfigManager ? JSON.stringify(value.getPublicConfig()) : false,
+	decode: (value) => getConfigManager(JSON.parse(value)),
+};
+
+export const serverPublicConfig = getConfigManager();
+export const usePublicConfig = () => getContext<ConfigProxy>("publicConfig");

src/lib/utils/fetchJSON.ts

@@ -0,0 +1,25 @@
+import type { Serialize } from "./serialize";
+
+export async function fetchJSON<T>(
+	url: string,
+	options?: {
+		fetch?: typeof window.fetch;
+		allowNull?: boolean;
+	}
+): Promise<Serialize<T>> {
+	const response = await (options?.fetch ?? fetch)(url);
+	if (!response.ok) {
+		throw new Error(`Failed to fetch ${url}: ${response.status} ${response.statusText}`);
+	}
+
+	// Handle empty responses (which parse to null)
+	const text = await response.text();
+	if (!text || text.trim() === "") {
+		if (options?.allowNull) {
+			return null as Serialize<T>;
+		}
+		throw new Error(`Received empty response from ${url} but allowNull is not set to true`);
+	}
+
+	return JSON.parse(text);
+}

src/lib/utils/getShareUrl.ts

@@ -1,8 +1,9 @@
 import { base } from "$app/paths";
-import { publicConfig } from "$lib/utils/PublicConfig.svelte";
+import { page } from "$app/state";
 
 export function getShareUrl(url: URL, shareId: string): string {
 	return `${
-		publicConfig.PUBLIC_SHARE_PREFIX || `${publicConfig.PUBLIC_ORIGIN || url.origin}${base}`
+		page.data.publicConfig.PUBLIC_SHARE_PREFIX ||
+		`${page.data.publicConfig.PUBLIC_ORIGIN || url.origin}${base}`
 	}/r/${shareId}`;
 }

src/lib/utils/messageUpdates.ts

@@ -15,7 +15,8 @@ import {
 	type MessageToolResultUpdate,
 } from "$lib/types/MessageUpdate";
 
-import { publicConfig } from "$lib/utils/PublicConfig.svelte";
+import { page } from "$app/state";
+
 export const isMessageWebSearchUpdate = (update: MessageUpdate): update is MessageWebSearchUpdate =>
 	update.type === MessageUpdateType.WebSearch;
 export const isMessageWebSearchGeneralUpdate = (
@@ -96,7 +97,7 @@ export async function fetchMessageUpdates(
 		throw Error("Body not defined");
 	}
 
-	if (!(publicConfig.PUBLIC_SMOOTH_UPDATES === "true")) {
+	if (!(page.data.publicConfig.PUBLIC_SMOOTH_UPDATES === "true")) {
 		return endpointStreamToIterator(response, abortController);
 	}
 

src/lib/utils/serialize.ts

@@ -0,0 +1,13 @@
+import type { ObjectId } from "mongodb";
+
+export type Serialize<T> = T extends ObjectId | Date
+	? string
+	: T extends Array<infer U>
+		? Array<Serialize<U>>
+		: T extends object
+			? { [K in keyof T]: Serialize<T[K]> }
+			: T;
+
+export function jsonSerialize<T>(data: T): Serialize<T> {
+	return JSON.parse(JSON.stringify(data)) as Serialize<T>;
+}

src/lib/utils/tree/addChildren.ts

@@ -1,12 +1,7 @@
-import type { Conversation } from "$lib/types/Conversation";
-import type { Message } from "$lib/types/Message";
 import { v4 } from "uuid";
+import type { Tree, TreeId, NewNode, TreeNode } from "./tree";
 
-export function addChildren(
-	conv: Pick<Conversation, "messages" | "rootMessageId">,
-	message: Omit<Message, "id">,
-	parentId?: Message["id"]
-): Message["id"] {
+export function addChildren<T>(conv: Tree<T>, message: NewNode<T>, parentId?: TreeId): TreeId {
 	// if this is the first message we just push it
 	if (conv.messages.length === 0) {
 		const messageId = v4();
@@ -15,7 +10,7 @@ export function addChildren(
 			...message,
 			ancestors: [],
 			id: messageId,
-		});
+		} as TreeNode<T>);
 		return messageId;
 	}
 
@@ -29,7 +24,7 @@ export function addChildren(
 		if (!!parentId && parentId !== conv.messages[conv.messages.length - 1].id) {
 			throw new Error("This is a legacy conversation, you can only append to the last message");
 		}
-		conv.messages.push({ ...message, id: messageId });
+		conv.messages.push({ ...message, id: messageId } as TreeNode<T>);
 		return messageId;
 	}
 
@@ -39,7 +34,7 @@ export function addChildren(
 		ancestors,
 		id: messageId,
 		children: [],
-	});
+	} as TreeNode<T>);
 
 	const parent = conv.messages.find((m) => m.id === parentId);
 

src/lib/utils/tree/addSibling.spec.ts

@@ -5,10 +5,11 @@ import { describe, expect, it } from "vitest";
 import { insertLegacyConversation, insertSideBranchesConversation } from "./treeHelpers.spec";
 import type { Message } from "$lib/types/Message";
 import { addSibling } from "./addSibling";
+import type { Conversation } from "$lib/types/Conversation";
 
-const newMessage: Omit<Message, "id"> = {
+const newMessage = {
 	content: "new message",
-	from: "user",
+	from: "user" as const,
 };
 
 Object.freeze(newMessage);
@@ -18,8 +19,8 @@ describe("addSibling", async () => {
 		const conv = {
 			_id: new ObjectId(),
 			rootMessageId: undefined,
-			messages: [],
-		};
+			messages: [] as Message[],
+		} satisfies Pick<Conversation, "_id" | "rootMessageId" | "messages">;
 
 		expect(() => addSibling(conv, newMessage, "not-a-real-id-test")).toThrow(
 			"Cannot add a sibling to an empty conversation"

src/lib/utils/tree/addSibling.ts

@@ -1,12 +1,7 @@
-import type { Conversation } from "$lib/types/Conversation";
-import type { Message } from "$lib/types/Message";
 import { v4 } from "uuid";
+import type { Tree, TreeId, NewNode, TreeNode } from "./tree";
 
-export function addSibling(
-	conv: Pick<Conversation, "messages" | "rootMessageId">,
-	message: Omit<Message, "id">,
-	siblingId: Message["id"]
-): Message["id"] {
+export function addSibling<T>(conv: Tree<T>, message: NewNode<T>, siblingId: TreeId): TreeId {
 	if (conv.messages.length === 0) {
 		throw new Error("Cannot add a sibling to an empty conversation");
 	}
@@ -31,7 +26,7 @@ export function addSibling(
 		id: messageId,
 		ancestors: sibling.ancestors,
 		children: [],
-	});
+	} as TreeNode<T>);
 
 	const nearestAncestorId = sibling.ancestors[sibling.ancestors.length - 1];
 	const nearestAncestor = conv.messages.find((m) => m.id === nearestAncestorId);

src/lib/utils/tree/buildSubtree.ts

@@ -1,10 +1,6 @@
-import type { Conversation } from "$lib/types/Conversation";
-import type { Message } from "$lib/types/Message";
+import type { Tree, TreeId, TreeNode } from "./tree";
 
-export function buildSubtree(
-	conv: Pick<Conversation, "messages" | "rootMessageId">,
-	id: Message["id"]
-): Message[] {
+export function buildSubtree<T>(conv: Tree<T>, id: TreeId): TreeNode<T>[] {
 	if (!conv.rootMessageId) {
 		if (conv.messages.length === 0) return [];
 		// legacy conversation slice up to id

src/lib/utils/tree/tree.d.ts

@@ -0,0 +1,14 @@
+export type TreeId = string;
+
+export type Tree<T> = {
+	rootMessageId?: TreeId;
+	messages: TreeNode<T>[];
+};
+
+export type TreeNode<T> = T & {
+	id: TreeId;
+	ancestors?: TreeId[];
+	children?: TreeId[];
+};
+
+export type NewNode<T> = Omit<TreeNode<T>, "id">;

src/routes/+layout.server.ts

@@ -1,286 +0,0 @@
-import type { LayoutServerLoad } from "./$types";
-import { collections } from "$lib/server/database";
-import type { Conversation } from "$lib/types/Conversation";
-import { UrlDependency } from "$lib/types/UrlDependency";
-import { defaultModel, models, oldModels, validateModel } from "$lib/server/models";
-import { authCondition, requiresUser } from "$lib/server/auth";
-import { DEFAULT_SETTINGS } from "$lib/types/Settings";
-import { config } from "$lib/server/config";
-import { ObjectId } from "mongodb";
-import type { ConvSidebar } from "$lib/types/ConvSidebar";
-import { toolFromConfigs } from "$lib/server/tools";
-import { MetricsServer } from "$lib/server/metrics";
-import type { ToolFront, ToolInputFile } from "$lib/types/Tool";
-import { ReviewStatus } from "$lib/types/Review";
-import { base } from "$app/paths";
-export const load: LayoutServerLoad = async ({ locals, depends, fetch }) => {
-	depends(UrlDependency.ConversationList);
-
-	const settings = await collections.settings.findOne(authCondition(locals));
-
-	// If the active model in settings is not valid, set it to the default model. This can happen if model was disabled.
-	if (
-		settings &&
-		!validateModel(models).safeParse(settings?.activeModel).success &&
-		!settings.assistants?.map((el) => el.toString())?.includes(settings?.activeModel)
-	) {
-		settings.activeModel = defaultModel.id;
-		await collections.settings.updateOne(authCondition(locals), {
-			$set: { activeModel: defaultModel.id },
-		});
-	}
-
-	// if the model is unlisted, set the active model to the default model
-	if (
-		settings?.activeModel &&
-		models.find((m) => m.id === settings?.activeModel)?.unlisted === true
-	) {
-		settings.activeModel = defaultModel.id;
-		await collections.settings.updateOne(authCondition(locals), {
-			$set: { activeModel: defaultModel.id },
-		});
-	}
-
-	const enableAssistants = config.ENABLE_ASSISTANTS === "true";
-
-	const assistantActive = !models.map(({ id }) => id).includes(settings?.activeModel ?? "");
-
-	const assistant = assistantActive
-		? await collections.assistants.findOne({
-				_id: new ObjectId(settings?.activeModel),
-			})
-		: null;
-
-	const nConversations = await collections.conversations.countDocuments(authCondition(locals));
-
-	const conversations =
-		nConversations === 0
-			? Promise.resolve([])
-			: fetch(`${base}/api/conversations`)
-					.then((res) => res.json())
-					.then(
-						(
-							convs: Pick<Conversation, "_id" | "title" | "updatedAt" | "model" | "assistantId">[]
-						) =>
-							convs.map((conv) => ({
-								...conv,
-								updatedAt: new Date(conv.updatedAt),
-							}))
-					);
-
-	const userAssistants = settings?.assistants?.map((assistantId) => assistantId.toString()) ?? [];
-	const userAssistantsSet = new Set(userAssistants);
-
-	const assistants = conversations.then((conversations) =>
-		collections.assistants
-			.find({
-				_id: {
-					$in: [
-						...userAssistants.map((el) => new ObjectId(el)),
-						...(conversations.map((conv) => conv.assistantId).filter((el) => !!el) as ObjectId[]),
-					],
-				},
-			})
-			.toArray()
-	);
-
-	const messagesBeforeLogin = config.MESSAGES_BEFORE_LOGIN
-		? parseInt(config.MESSAGES_BEFORE_LOGIN)
-		: 0;
-
-	let loginRequired = false;
-
-	if (requiresUser && !locals.user) {
-		if (messagesBeforeLogin === 0) {
-			loginRequired = true;
-		} else if (nConversations >= messagesBeforeLogin) {
-			loginRequired = true;
-		} else {
-			// get the number of messages where `from === "assistant"` across all conversations.
-			const totalMessages =
-				(
-					await collections.conversations
-						.aggregate([
-							{ $match: { ...authCondition(locals), "messages.from": "assistant" } },
-							{ $project: { messages: 1 } },
-							{ $limit: messagesBeforeLogin + 1 },
-							{ $unwind: "$messages" },
-							{ $match: { "messages.from": "assistant" } },
-							{ $count: "messages" },
-						])
-						.toArray()
-				)[0]?.messages ?? 0;
-
-			loginRequired = totalMessages >= messagesBeforeLogin;
-		}
-	}
-
-	const toolUseDuration = (await MetricsServer.getMetrics().tool.toolUseDuration.get()).values;
-
-	const configToolIds = toolFromConfigs.map((el) => el._id.toString());
-
-	let activeCommunityToolIds = (settings?.tools ?? []).filter(
-		(key) => !configToolIds.includes(key)
-	);
-
-	if (assistant) {
-		activeCommunityToolIds = [...activeCommunityToolIds, ...(assistant.tools ?? [])];
-	}
-
-	const communityTools = await collections.tools
-		.find({ _id: { $in: activeCommunityToolIds.map((el) => new ObjectId(el)) } })
-		.toArray()
-		.then((tools) =>
-			tools.map((tool) => ({
-				...tool,
-				isHidden: false,
-				isOnByDefault: true,
-				isLocked: true,
-			}))
-		);
-
-	return {
-		nConversations,
-		conversations: await conversations.then(
-			async (convs) =>
-				await Promise.all(
-					convs.map(async (conv) => {
-						if (settings?.hideEmojiOnSidebar) {
-							conv.title = conv.title.replace(/\p{Emoji}/gu, "");
-						}
-
-						// remove invalid unicode and trim whitespaces
-						conv.title = conv.title.replace(/\uFFFD/gu, "").trimStart();
-
-						let avatarUrl: string | undefined = undefined;
-
-						if (conv.assistantId) {
-							const hash = (
-								await collections.assistants.findOne({
-									_id: new ObjectId(conv.assistantId),
-								})
-							)?.avatar;
-							if (hash) {
-								avatarUrl = `/settings/assistants/${conv.assistantId}/avatar.jpg?hash=${hash}`;
-							}
-						}
-
-						return {
-							id: conv._id.toString(),
-							title: conv.title,
-							model: conv.model ?? defaultModel,
-							updatedAt: conv.updatedAt,
-							assistantId: conv.assistantId?.toString(),
-							avatarUrl,
-						} satisfies ConvSidebar;
-					})
-				)
-		),
-		settings: {
-			searchEnabled: !!(
-				config.SERPAPI_KEY ||
-				config.SERPER_API_KEY ||
-				config.SERPSTACK_API_KEY ||
-				config.SEARCHAPI_KEY ||
-				config.YDC_API_KEY ||
-				config.USE_LOCAL_WEBSEARCH ||
-				config.SEARXNG_QUERY_URL ||
-				config.BING_SUBSCRIPTION_KEY
-			),
-			ethicsModalAccepted: !!settings?.ethicsModalAcceptedAt,
-			ethicsModalAcceptedAt: settings?.ethicsModalAcceptedAt ?? null,
-			activeModel: settings?.activeModel ?? DEFAULT_SETTINGS.activeModel,
-			hideEmojiOnSidebar: settings?.hideEmojiOnSidebar ?? false,
-			shareConversationsWithModelAuthors:
-				settings?.shareConversationsWithModelAuthors ??
-				DEFAULT_SETTINGS.shareConversationsWithModelAuthors,
-			customPrompts: settings?.customPrompts ?? {},
-			assistants: userAssistants,
-			tools:
-				settings?.tools ??
-				toolFromConfigs
-					.filter((el) => !el.isHidden && el.isOnByDefault)
-					.map((el) => el._id.toString()),
-			disableStream: settings?.disableStream ?? DEFAULT_SETTINGS.disableStream,
-			directPaste: settings?.directPaste ?? DEFAULT_SETTINGS.directPaste,
-		},
-		models: models.map((model) => ({
-			id: model.id,
-			name: model.name,
-			websiteUrl: model.websiteUrl,
-			modelUrl: model.modelUrl,
-			tokenizer: model.tokenizer,
-			datasetName: model.datasetName,
-			datasetUrl: model.datasetUrl,
-			displayName: model.displayName,
-			description: model.description,
-			reasoning: !!model.reasoning,
-			logoUrl: model.logoUrl,
-			promptExamples: model.promptExamples,
-			parameters: model.parameters,
-			preprompt: model.preprompt,
-			multimodal: model.multimodal,
-			multimodalAcceptedMimetypes: model.multimodalAcceptedMimetypes,
-			tools: model.tools,
-			unlisted: model.unlisted,
-			hasInferenceAPI: model.hasInferenceAPI,
-		})),
-		oldModels,
-		tools: [...toolFromConfigs, ...communityTools]
-			.filter((tool) => !tool?.isHidden)
-			.map(
-				(tool) =>
-					({
-						_id: tool._id.toString(),
-						type: tool.type,
-						displayName: tool.displayName,
-						name: tool.name,
-						description: tool.description,
-						mimeTypes: (tool.inputs ?? [])
-							.filter((input): input is ToolInputFile => input.type === "file")
-							.map((input) => (input as ToolInputFile).mimeTypes)
-							.flat(),
-						isOnByDefault: tool.isOnByDefault ?? true,
-						isLocked: tool.isLocked ?? true,
-						timeToUseMS:
-							toolUseDuration.find(
-								(el) => el.labels.tool === tool._id.toString() && el.labels.quantile === 0.9
-							)?.value ?? 15_000,
-						color: tool.color,
-						icon: tool.icon,
-					}) satisfies ToolFront
-			),
-		communityToolCount: await collections.tools.countDocuments({
-			type: "community",
-			review: ReviewStatus.APPROVED,
-		}),
-		assistants: assistants.then((assistants) =>
-			assistants
-				.filter((el) => userAssistantsSet.has(el._id.toString()))
-				.map((el) => ({
-					...el,
-					_id: el._id.toString(),
-					createdById: undefined,
-					createdByMe:
-						el.createdById.toString() === (locals.user?._id ?? locals.sessionId).toString(),
-				}))
-		),
-		user: locals.user && {
-			id: locals.user._id.toString(),
-			username: locals.user.username,
-			avatarUrl: locals.user.avatarUrl,
-			email: locals.user.email,
-			logoutDisabled: locals.user.logoutDisabled,
-			isEarlyAccess: locals.user.isEarlyAccess ?? false,
-		},
-		isAdmin: locals.isAdmin,
-		assistant: assistant ? JSON.parse(JSON.stringify(assistant)) : null,
-		enableAssistants,
-		enableAssistantsRAG: config.ENABLE_ASSISTANTS_RAG === "true",
-		enableCommunityTools: config.COMMUNITY_TOOLS === "true",
-		loginRequired,
-		loginEnabled: requiresUser,
-		guestMode: requiresUser && messagesBeforeLogin > 0,
-		publicConfig: config.getPublicConfig(),
-	};
-};

src/routes/+layout.svelte

@@ -6,8 +6,6 @@
 	import { base } from "$app/paths";
 	import { page } from "$app/stores";
 
-	import { publicConfig } from "$lib/utils/PublicConfig.svelte";
-
 	import { error } from "$lib/stores/errors";
 	import { createSettingsStore } from "$lib/stores/settings";
 
@@ -23,9 +21,14 @@
 	import LoginModal from "$lib/components/LoginModal.svelte";
 	import OverloadedModal from "$lib/components/OverloadedModal.svelte";
 	import Search from "$lib/components/chat/Search.svelte";
+	import { setContext } from "svelte";
 
 	let { data = $bindable(), children } = $props();
 
+	setContext("publicConfig", data.publicConfig);
+
+	const publicConfig = data.publicConfig;
+
 	let conversations = $state(data.conversations);
 	$effect(() => {
 		data.conversations && untrack(() => (conversations = data.conversations));
@@ -181,14 +184,6 @@
 			publicConfig.PUBLIC_APP_DISCLAIMER === "1" &&
 			!($page.data.shared === true)
 	);
-
-	$effect.pre(() => {
-		publicConfig.init(data.publicConfig);
-	});
-
-	onMount(() => {
-		publicConfig.init(data.publicConfig);
-	});
 </script>
 
 <svelte:head>
@@ -203,35 +198,13 @@
 		<meta property="og:title" content={publicConfig.PUBLIC_APP_NAME} />
 		<meta property="og:type" content="website" />
 		<meta property="og:url" content="{publicConfig.PUBLIC_ORIGIN || $page.url.origin}{base}" />
-		<meta
-			property="og:image"
-			content="{publicConfig.PUBLIC_ORIGIN ||
-				$page.url.origin}{base}/{publicConfig.PUBLIC_APP_ASSETS}/thumbnail.png"
-		/>
+		<meta property="og:image" content="{publicConfig.assetPath}/thumbnail.png" />
 		<meta property="og:description" content={publicConfig.PUBLIC_APP_DESCRIPTION} />
 	{/if}
-	<link
-		rel="icon"
-		href="{publicConfig.PUBLIC_ORIGIN ||
-			$page.url.origin}{base}/{publicConfig.PUBLIC_APP_ASSETS}/favicon.ico"
-		sizes="32x32"
-	/>
-	<link
-		rel="icon"
-		href="{publicConfig.PUBLIC_ORIGIN ||
-			$page.url.origin}{base}/{publicConfig.PUBLIC_APP_ASSETS}/icon.svg"
-		type="image/svg+xml"
-	/>
-	<link
-		rel="apple-touch-icon"
-		href="{publicConfig.PUBLIC_ORIGIN ||
-			$page.url.origin}{base}/{publicConfig.PUBLIC_APP_ASSETS}/apple-touch-icon.png"
-	/>
-	<link
-		rel="manifest"
-		href="{publicConfig.PUBLIC_ORIGIN ||
-			$page.url.origin}{base}/{publicConfig.PUBLIC_APP_ASSETS}/manifest.json"
-	/>
+	<link rel="icon" href="{publicConfig.assetPath}/favicon.ico" sizes="32x32" />
+	<link rel="icon" href="{publicConfig.assetPath}/icon.svg" type="image/svg+xml" />
+	<link rel="apple-touch-icon" href="{publicConfig.assetPath}/apple-touch-icon.png" />
+	<link rel="manifest" href="{publicConfig.assetPath}/manifest.json" />
 
 	{#if publicConfig.PUBLIC_PLAUSIBLE_SCRIPT_URL && publicConfig.PUBLIC_ORIGIN}
 		<script
@@ -281,7 +254,7 @@
 		<NavMenu
 			{conversations}
 			user={data.user}
-			canLogin={data.user === undefined && data.loginEnabled}
+			canLogin={!data.user && data.loginEnabled}
 			on:shareConversation={(ev) => shareConversation(ev.detail.id, ev.detail.title)}
 			on:deleteConversation={(ev) => deleteConversation(ev.detail)}
 			on:editConversationTitle={(ev) => editConversationTitle(ev.detail.id, ev.detail.title)}
@@ -293,7 +266,7 @@
 		<NavMenu
 			{conversations}
 			user={data.user}
-			canLogin={data.user === undefined && data.loginEnabled}
+			canLogin={!data.user && data.loginEnabled}
 			on:shareConversation={(ev) => shareConversation(ev.detail.id, ev.detail.title)}
 			on:deleteConversation={(ev) => deleteConversation(ev.detail)}
 			on:editConversationTitle={(ev) => editConversationTitle(ev.detail.id, ev.detail.title)}

src/routes/+layout.ts

@@ -0,0 +1,81 @@
+import { UrlDependency } from "$lib/types/UrlDependency";
+import type { ConvSidebar } from "$lib/types/ConvSidebar";
+import { jsonSerialize } from "../lib/utils/serialize";
+import { useAPIClient, throwOnError, throwOnErrorNullable } from "$lib/APIClient";
+import { getConfigManager } from "$lib/utils/PublicConfig.svelte";
+
+export const load = async ({ depends, fetch }) => {
+	depends(UrlDependency.ConversationList);
+
+	const client = useAPIClient({ fetch });
+
+	const settings = await client.user.settings.get().then(throwOnError);
+	const models = await client.models.get().then(throwOnError);
+	const defaultModel = models[0];
+
+	// if the active model is not in the list of models, its probably an assistant
+	// so we fetch it
+	const assistantActive = !models.map(({ id }) => id).includes(settings?.activeModel ?? "");
+
+	const assistant = assistantActive
+		? await client.assistants({ id: settings?.activeModel }).get().then(throwOnErrorNullable)
+		: null;
+
+	const { conversations, nConversations } = await client.conversations
+		.get({ query: { p: 0 } })
+		.then(throwOnError)
+		.then(({ conversations, nConversations }) => {
+			return {
+				nConversations,
+				conversations: conversations.map((conv) => {
+					if (settings?.hideEmojiOnSidebar) {
+						conv.title = conv.title.replace(/\p{Emoji}/gu, "");
+					}
+
+					// remove invalid unicode and trim whitespaces
+					conv.title = conv.title.replace(/\uFFFD/gu, "").trimStart();
+
+					return {
+						id: conv._id.toString(),
+						title: conv.title,
+						model: conv.model ?? defaultModel,
+						updatedAt: new Date(conv.updatedAt),
+						...(conv.assistantId
+							? {
+									assistantId: conv.assistantId.toString(),
+									avatarUrl: client
+										.assistants({ id: conv.assistantId.toString() })
+										.get()
+										.then(throwOnErrorNullable)
+										.then((assistant) => {
+											if (!assistant.avatar) {
+												return undefined;
+											}
+										}),
+								}
+							: {}),
+					} satisfies ConvSidebar;
+				}),
+			};
+		});
+
+	return {
+		nConversations,
+		conversations,
+		assistant: assistant ? jsonSerialize(assistant) : undefined,
+		assistants: await client.user.assistants.get().then(throwOnError),
+		models: await client.models.get().then(throwOnError),
+		oldModels: await client.models.old.get().then(throwOnError),
+		tools: await client.tools.active.get().then(throwOnError),
+		communityToolCount: await client.tools.count.get().then(throwOnError),
+		user: await client.user.get().then(throwOnErrorNullable),
+		settings: {
+			...settings,
+			ethicsModalAcceptedAt: settings.ethicsModalAcceptedAt
+				? new Date(settings.ethicsModalAcceptedAt)
+				: null,
+		},
+		publicConfig: getConfigManager(await client["public-config"].get().then(throwOnError)),
+		...(await client["feature-flags"].get().then(throwOnError)),
+	};
+};

src/routes/+page.svelte

@@ -2,7 +2,9 @@
 	import { goto } from "$app/navigation";
 	import { base } from "$app/paths";
 	import { page } from "$app/state";
-	import { publicConfig } from "$lib/utils/PublicConfig.svelte";
+	import { usePublicConfig } from "$lib/utils/PublicConfig.svelte";
+
+	const publicConfig = usePublicConfig();
 
 	import ChatWindow from "$lib/components/chat/ChatWindow.svelte";
 	import { ERROR_MESSAGES, error } from "$lib/stores/errors";
@@ -31,8 +33,8 @@
 			if (validModels.includes($settings.activeModel)) {
 				model = $settings.activeModel;
 			} else {
-				if (validModels.includes(data.assistant?.modelId)) {
-					model = data.assistant?.modelId;
+				if (data.assistant?.modelId && validModels.includes(data.assistant.modelId)) {
+					model = data.assistant.modelId;
 				} else {
 					model = data.models[0].id;
 				}

src/routes/api/assistant/[id]/subscribe/+server.ts

@@ -23,6 +23,7 @@ export async function POST({ params, locals }) {
 
 	const result = await collections.settings.updateOne(authCondition(locals), {
 		$addToSet: { assistants: assistant._id },
+		$set: { activeModel: assistant._id.toString() },
 	});
 
 	// reduce count only if push succeeded

src/routes/api/v2/[...slugs]/+server.ts

@@ -0,0 +1,9 @@
+import { app } from "$api";
+
+type RequestHandler = (v: { request: Request; locals: App.Locals }) => Response | Promise<Response>;
+
+export const GET: RequestHandler = ({ request }) => app.handle(request);
+export const POST: RequestHandler = ({ request }) => app.handle(request);
+export const PUT: RequestHandler = ({ request }) => app.handle(request);
+export const PATCH: RequestHandler = ({ request }) => app.handle(request);
+export const DELETE: RequestHandler = ({ request }) => app.handle(request);

src/routes/assistant/[assistantId]/+page.server.ts

@@ -1,42 +0,0 @@
-import { base } from "$app/paths";
-import { collections } from "$lib/server/database";
-import { redirect } from "@sveltejs/kit";
-import { ObjectId } from "mongodb";
-import { authCondition } from "$lib/server/auth.js";
-
-export async function load({ params, locals }) {
-	try {
-		const assistant = await collections.assistants.findOne({
-			_id: new ObjectId(params.assistantId),
-		});
-
-		if (!assistant) {
-			redirect(302, `${base}`);
-		}
-
-		if (locals.user?._id ?? locals.sessionId) {
-			await collections.settings.updateOne(
-				authCondition(locals),
-				{
-					$set: {
-						activeModel: assistant._id.toString(),
-						updatedAt: new Date(),
-					},
-					$push: { assistants: assistant._id },
-					$setOnInsert: {
-						createdAt: new Date(),
-					},
-				},
-				{
-					upsert: true,
-				}
-			);
-		}
-
-		return {
-			assistant: JSON.parse(JSON.stringify(assistant)),
-		};
-	} catch {
-		redirect(302, `${base}`);
-	}
-}

src/routes/assistant/[assistantId]/+page.svelte

@@ -3,7 +3,9 @@
 	import { base } from "$app/paths";
 	import { goto } from "$app/navigation";
 	import { onMount } from "svelte";
-	import { publicConfig } from "$lib/utils/PublicConfig.svelte";
+	import { usePublicConfig } from "$lib/utils/PublicConfig.svelte";
+
+	const publicConfig = usePublicConfig();
 
 	import ChatWindow from "$lib/components/chat/ChatWindow.svelte";
 	import { findCurrentModel } from "$lib/utils/models";

src/routes/assistant/[assistantId]/+page.ts

@@ -0,0 +1,16 @@
+import { useAPIClient, throwOnError } from "$lib/APIClient";
+import { jsonSerialize } from "$lib/utils/serialize";
+
+export async function load({ fetch, params }) {
+	const client = useAPIClient({ fetch });
+
+	const data = client
+		.assistants({ id: params.assistantId })
+		.get()
+		.then(throwOnError)
+		.then(jsonSerialize);
+
+	await client.assistants({ id: params.assistantId }).follow.post();
+
+	return { assistant: await data };
+}

src/routes/assistants/+page.server.ts

@@ -1,83 +0,0 @@
-import { base } from "$app/paths";
-import { config } from "$lib/server/config";
-import { collections } from "$lib/server/database.js";
-import { SortKey, type Assistant } from "$lib/types/Assistant";
-import type { User } from "$lib/types/User";
-import { generateQueryTokens } from "$lib/utils/searchTokens.js";
-import { error, redirect } from "@sveltejs/kit";
-import type { Filter } from "mongodb";
-import { ReviewStatus } from "$lib/types/Review";
-const NUM_PER_PAGE = 24;
-
-export const load = async ({ url, locals }) => {
-	if (!config.ENABLE_ASSISTANTS) {
-		redirect(302, `${base}/`);
-	}
-
-	const modelId = url.searchParams.get("modelId");
-	const pageIndex = parseInt(url.searchParams.get("p") ?? "0");
-	const username = url.searchParams.get("user");
-	const query = url.searchParams.get("q")?.trim() ?? null;
-	const sort = url.searchParams.get("sort")?.trim() ?? SortKey.TRENDING;
-	const showUnfeatured = url.searchParams.get("showUnfeatured") === "true";
-	const createdByCurrentUser = locals.user?.username && locals.user.username === username;
-
-	let user: Pick<User, "_id"> | null = null;
-	if (username) {
-		user = await collections.users.findOne<Pick<User, "_id">>(
-			{ username },
-			{ projection: { _id: 1 } }
-		);
-		if (!user) {
-			error(404, `User "${username}" doesn't exist`);
-		}
-	}
-
-	// if we require featured assistants, that we are not on a user page and we are not an admin who wants to see unfeatured assistants, we show featured assistants
-	let shouldBeFeatured = {};
-
-	if (config.REQUIRE_FEATURED_ASSISTANTS === "true" && !(locals.isAdmin && showUnfeatured)) {
-		if (!user) {
-			// only show featured assistants on the community page
-			shouldBeFeatured = { review: ReviewStatus.APPROVED };
-		} else if (!createdByCurrentUser) {
-			// on a user page show assistants that have been approved or are pending
-			shouldBeFeatured = { review: { $in: [ReviewStatus.APPROVED, ReviewStatus.PENDING] } };
-		}
-	}
-
-	const noSpecificSearch = !user && !query;
-	// fetch the top assistants sorted by user count from biggest to smallest.
-	// filter by model too if modelId is provided or query if query is provided
-	// only show assistants that have been used by more than 5 users if no specific search is made
-	const filter: Filter<Assistant> = {
-		...(modelId && { modelId }),
-		...(user && { createdById: user._id }),
-		...(query && { searchTokens: { $all: generateQueryTokens(query) } }),
-		...(noSpecificSearch && { userCount: { $gte: 5 } }),
-		...shouldBeFeatured,
-	};
-
-	const assistants = await collections.assistants
-		.find(filter)
-		.sort({
-			...(sort === SortKey.TRENDING && { last24HoursCount: -1 }),
-			userCount: -1,
-			_id: 1,
-		})
-		.skip(NUM_PER_PAGE * pageIndex)
-		.limit(NUM_PER_PAGE)
-		.toArray();
-
-	const numTotalItems = await collections.assistants.countDocuments(filter);
-
-	return {
-		assistants: JSON.parse(JSON.stringify(assistants)) as Array<Assistant>,
-		selectedModel: modelId ?? "",
-		numTotalItems,
-		numItemsPerPage: NUM_PER_PAGE,
-		query,
-		sort,
-		showUnfeatured,
-	};
-};