first cut at anonymizing query history (#4123)

Co-authored-by: Richard Kuo <rkuo@rkuo.com>
2025-09-18 11:34:12 +02:00 · 2025-02-26 13:32:01 -08:00
parent ad0721ecd8
commit 25389c5120
8 changed files with 91 additions and 16 deletions
--- a/backend/ee/onyx/server/query_history/api.py
+++ b/backend/ee/onyx/server/query_history/api.py
@@ -2,6 +2,7 @@ import csv
 import io
 from datetime import datetime
 from datetime import timezone
+from http import HTTPStatus
 from uuid import UUID

 from fastapi import APIRouter
@@ -21,8 +22,10 @@ from ee.onyx.server.query_history.models import QuestionAnswerPairSnapshot
 from onyx.auth.users import current_admin_user
 from onyx.auth.users import get_display_email
 from onyx.chat.chat_utils import create_chat_chain
+from onyx.configs.app_configs import ONYX_QUERY_HISTORY_TYPE
 from onyx.configs.constants import MessageType
 from onyx.configs.constants import QAFeedbackType
+from onyx.configs.constants import QueryHistoryType
 from onyx.configs.constants import SessionType
 from onyx.db.chat import get_chat_session_by_id
 from onyx.db.chat import get_chat_sessions_by_user
@@ -35,6 +38,8 @@ from onyx.server.query_and_chat.models import ChatSessionsResponse

 router = APIRouter()

+ONYX_ANONYMIZED_EMAIL = "anonymous@anonymous.invalid"
+

 def fetch_and_process_chat_session_history(
    db_session: Session,
@@ -107,6 +112,17 @@ def get_user_chat_sessions(
    _: User | None = Depends(current_admin_user),
    db_session: Session = Depends(get_session),
 ) -> ChatSessionsResponse:
+    # we specifically don't allow this endpoint if "anonymized" since
+    # this is a direct query on the user id
+    if ONYX_QUERY_HISTORY_TYPE in [
+        QueryHistoryType.DISABLED,
+        QueryHistoryType.ANONYMIZED,
+    ]:
+        raise HTTPException(
+            status_code=HTTPStatus.FORBIDDEN,
+            detail="Per user query history has been disabled by the administrator.",
+        )
+
    try:
        chat_sessions = get_chat_sessions_by_user(
            user_id=user_id, deleted=False, db_session=db_session, limit=0
@@ -141,6 +157,12 @@ def get_chat_session_history(
    _: User | None = Depends(current_admin_user),
    db_session: Session = Depends(get_session),
 ) -> PaginatedReturn[ChatSessionMinimal]:
+    if ONYX_QUERY_HISTORY_TYPE == QueryHistoryType.DISABLED:
+        raise HTTPException(
+            status_code=HTTPStatus.FORBIDDEN,
+            detail="Query history has been disabled by the administrator.",
+        )
+
    page_of_chat_sessions = get_page_of_chat_sessions(
        page_num=page_num,
        page_size=page_size,
@@ -157,11 +179,16 @@ def get_chat_session_history(
        feedback_filter=feedback_type,
    )

+    minimal_chat_sessions: list[ChatSessionMinimal] = []
+
+    for chat_session in page_of_chat_sessions:
+        minimal_chat_session = ChatSessionMinimal.from_chat_session(chat_session)
+        if ONYX_QUERY_HISTORY_TYPE == QueryHistoryType.ANONYMIZED:
+            minimal_chat_session.user_email = ONYX_ANONYMIZED_EMAIL
+        minimal_chat_sessions.append(minimal_chat_session)
+
    return PaginatedReturn(
-        items=[
-            ChatSessionMinimal.from_chat_session(chat_session)
-            for chat_session in page_of_chat_sessions
-        ],
+        items=minimal_chat_sessions,
        total_items=total_filtered_chat_sessions_count,
    )

@@ -172,6 +199,12 @@ def get_chat_session_admin(
    _: User | None = Depends(current_admin_user),
    db_session: Session = Depends(get_session),
 ) -> ChatSessionSnapshot:
+    if ONYX_QUERY_HISTORY_TYPE == QueryHistoryType.DISABLED:
+        raise HTTPException(
+            status_code=HTTPStatus.FORBIDDEN,
+            detail="Query history has been disabled by the administrator.",
+        )
+
    try:
        chat_session = get_chat_session_by_id(
            chat_session_id=chat_session_id,
@@ -193,6 +226,9 @@ def get_chat_session_admin(
            f"Could not create snapshot for chat session with id '{chat_session_id}'",
        )

+    if ONYX_QUERY_HISTORY_TYPE == QueryHistoryType.ANONYMIZED:
+        snapshot.user_email = ONYX_ANONYMIZED_EMAIL
+
    return snapshot


@@ -203,6 +239,12 @@ def get_query_history_as_csv(
    end: datetime | None = None,
    db_session: Session = Depends(get_session),
 ) -> StreamingResponse:
+    if ONYX_QUERY_HISTORY_TYPE == QueryHistoryType.DISABLED:
+        raise HTTPException(
+            status_code=HTTPStatus.FORBIDDEN,
+            detail="Query history has been disabled by the administrator.",
+        )
+
    complete_chat_session_history = fetch_and_process_chat_session_history(
        db_session=db_session,
        start=start or datetime.fromtimestamp(0, tz=timezone.utc),
@@ -213,6 +255,9 @@ def get_query_history_as_csv(

    question_answer_pairs: list[QuestionAnswerPairSnapshot] = []
    for chat_session_snapshot in complete_chat_session_history:
+        if ONYX_QUERY_HISTORY_TYPE == QueryHistoryType.ANONYMIZED:
+            chat_session_snapshot.user_email = ONYX_ANONYMIZED_EMAIL
+
        question_answer_pairs.extend(
            QuestionAnswerPairSnapshot.from_chat_session_snapshot(chat_session_snapshot)
        )
--- a/backend/onyx/configs/app_configs.py
+++ b/backend/onyx/configs/app_configs.py
@@ -6,6 +6,7 @@ from typing import cast
 from onyx.auth.schemas import AuthBackend
 from onyx.configs.constants import AuthType
 from onyx.configs.constants import DocumentIndexType
+from onyx.configs.constants import QueryHistoryType
 from onyx.file_processing.enums import HtmlBasedConnectorTransformLinksStrategy

 #####
@@ -29,6 +30,9 @@ GENERATIVE_MODEL_ACCESS_CHECK_FREQ = int(
 )  # 1 day
 DISABLE_GENERATIVE_AI = os.environ.get("DISABLE_GENERATIVE_AI", "").lower() == "true"

+ONYX_QUERY_HISTORY_TYPE = QueryHistoryType(
+    (os.environ.get("ONYX_QUERY_HISTORY_TYPE") or QueryHistoryType.NORMAL.value).lower()
+)

 #####
 # Web Configs
--- a/backend/onyx/configs/constants.py
+++ b/backend/onyx/configs/constants.py
@@ -213,6 +213,12 @@ class AuthType(str, Enum):
    CLOUD = "cloud"


+class QueryHistoryType(str, Enum):
+    DISABLED = "disabled"
+    ANONYMIZED = "anonymized"
+    NORMAL = "normal"
+
+
 # Special characters for password validation
 PASSWORD_SPECIAL_CHARS = "!@#$%^&*()_+-=[]{}|;:,.<>?"

--- a/backend/onyx/server/settings/models.py
+++ b/backend/onyx/server/settings/models.py
@@ -4,6 +4,7 @@ from enum import Enum
 from pydantic import BaseModel

 from onyx.configs.constants import NotificationType
+from onyx.configs.constants import QueryHistoryType
 from onyx.db.models import Notification as NotificationDBModel
 from shared_configs.configs import POSTGRES_DEFAULT_SCHEMA

@@ -50,6 +51,7 @@ class Settings(BaseModel):

    temperature_override_enabled: bool | None = False
    auto_scroll: bool | None = False
+    query_history_type: QueryHistoryType | None = None


 class UserSettings(Settings):
--- a/backend/onyx/server/settings/store.py
+++ b/backend/onyx/server/settings/store.py
@@ -1,3 +1,4 @@
+from onyx.configs.app_configs import ONYX_QUERY_HISTORY_TYPE
 from onyx.configs.constants import KV_SETTINGS_KEY
 from onyx.configs.constants import OnyxRedisLocks
 from onyx.key_value_store.factory import get_kv_store
@@ -45,6 +46,7 @@ def load_settings() -> Settings:
        anonymous_user_enabled = False

    settings.anonymous_user_enabled = anonymous_user_enabled
+    settings.query_history_type = ONYX_QUERY_HISTORY_TYPE
    return settings


--- a/web/src/app/admin/settings/interfaces.ts
+++ b/web/src/app/admin/settings/interfaces.ts
@@ -4,6 +4,12 @@ export enum ApplicationStatus {
  ACTIVE = "active",
 }

+export enum QueryHistoryType {
+  DISABLED = "disabled",
+  ANONYMIZED = "anonymized",
+  NORMAL = "normal",
+}
+
 export interface Settings {
  anonymous_user_enabled: boolean;
  maximum_chat_retention_days: number | null;
@@ -14,6 +20,7 @@ export interface Settings {
  application_status: ApplicationStatus;
  auto_scroll: boolean;
  temperature_override_enabled: boolean;
+  query_history_type: QueryHistoryType;
 }

 export enum NotificationType {
--- a/web/src/components/admin/ClientLayout.tsx
+++ b/web/src/components/admin/ClientLayout.tsx
@@ -359,6 +359,9 @@ export function ClientLayout({
                                ),
                                link: "/admin/performance/usage",
                              },
+                              ...(settings?.settings.query_history_type !==
+                              "disabled"
+                                ? [
                                    {
                                      name: (
                                        <div className="flex">
@@ -366,11 +369,15 @@ export function ClientLayout({
                                            className="text-text-700"
                                            size={18}
                                          />
-                                    <div className="ml-1">Query History</div>
+                                          <div className="ml-1">
+                                            Query History
+                                          </div>
                                        </div>
                                      ),
                                      link: "/admin/performance/query-history",
                                    },
+                                  ]
+                                : []),
                              {
                                name: (
                                  <div className="flex">
--- a/web/src/components/settings/lib.ts
+++ b/web/src/components/settings/lib.ts
@@ -3,6 +3,7 @@ import {
  EnterpriseSettings,
  ApplicationStatus,
  Settings,
+  QueryHistoryType,
 } from "@/app/admin/settings/interfaces";
 import {
  CUSTOM_ANALYTICS_ENABLED,
@@ -53,6 +54,7 @@ export async function fetchSettingsSS(): Promise<CombinedSettings | null> {
          anonymous_user_enabled: false,
          pro_search_enabled: true,
          temperature_override_enabled: true,
+          query_history_type: QueryHistoryType.NORMAL,
        };
      } else {
        throw new Error(