Task 5 — REST API: conversation list, detail, send message fallback, mark read
Title: api: implement inbox REST endpoints (conversations & messages)
Endpoints
GET /api/conversations/ — list conversations for current user (paginated), include last_message, unread_count, linked project/startup info.
GET /api/conversations/{conversation_id}/messages/?page=1&page_size=50 — list messages (pagination, newest last or newest first per mockup).
POST /api/conversations/{conversation_id}/messages/ — fallback non-WebSocket send (same body as WS).
POST /api/conversations/ — create conversation (body: participants list, optional project_id), returns conversation_id.
POST /api/conversations/{conversation_id}/read/ — mark all messages as read by user.
Permissions / validation
- All endpoints require auth.
- Validate user is participant on conversation or authorized to create a conversation (e.g., investor → startup).
- Rate limit send endpoints.
Acceptance
- API documented in OpenAPI with example requests.
- Tests: list, create, send message via REST (persisted to Mongo), unauthorized access returns 403.
Dependencies
- Task 3 (service layer), Task 2 (Mongo), Auth.
Notes
- Provide caching headers for conversation list if desired.
Task 5 — REST API: conversation list, detail, send message fallback, mark read
Title: api: implement inbox REST endpoints (conversations & messages)
Endpoints
GET /api/conversations/— list conversations for current user (paginated), includelast_message,unread_count, linkedproject/startupinfo.GET /api/conversations/{conversation_id}/messages/?page=1&page_size=50— list messages (pagination, newest last or newest first per mockup).POST /api/conversations/{conversation_id}/messages/— fallback non-WebSocket send (same body as WS).POST /api/conversations/— create conversation (body: participants list, optional project_id), returns conversation_id.POST /api/conversations/{conversation_id}/read/— mark all messages as read by user.Permissions / validation
Acceptance
Dependencies
Notes