feat(#128): extend /search to support user-indexed repos

- Add repo_id parameter to PlaygroundSearchRequest
- Keep demo_repo for backward compatibility (defaults to flask)
- Validate session ownership for non-demo repos
- Return 403 for access denied, 410 for expired repos
- Add 7 tests for user repo search scenarios

Author: DevanshuNEU

backend/routes/playground.py

@@ -46,7 +46,8 @@
 
 class PlaygroundSearchRequest(BaseModel):
     query: str
-    demo_repo: str = "flask"
+    demo_repo: Optional[str] = None  # Keep for backward compat
+    repo_id: Optional[str] = None    # Direct repo_id (user-indexed repos)
     max_results: int = 10
 
 
@@ -270,18 +271,65 @@ async def playground_search(
     if not valid_query:
         raise HTTPException(status_code=400, detail=f"Invalid query: {query_error}")
 
-    # Get demo repo ID
-    repo_id = DEMO_REPO_IDS.get(request.demo_repo)
-    if not repo_id:
-        repos = repo_manager.list_repos()
-        indexed_repos = [r for r in repos if r.get("status") == "indexed"]
-        if indexed_repos:
-            repo_id = indexed_repos[0]["id"]
-        else:
-            raise HTTPException(
-                status_code=404,
-                detail=f"Demo repo '{request.demo_repo}' not available"
-            )
+    # Resolve repo_id: priority is repo_id > demo_repo > default "flask"
+    repo_id = None
+    
+    if request.repo_id:
+        # Direct repo_id provided
+        repo_id = request.repo_id
+        
+        # Check if it's a demo repo (always allowed)
+        if repo_id not in DEMO_REPO_IDS.values():
+            # User-indexed repo - validate session ownership
+            session_token = limit_result.session_token or _get_session_token(req)
+            if not session_token:
+                raise HTTPException(
+                    status_code=403,
+                    detail={
+                        "error": "access_denied",
+                        "message": "You don't have access to this repository"
+                    }
+                )
+            
+            session_data = limiter.get_session_data(session_token)
+            indexed_repo = session_data.indexed_repo
+            
+            if not indexed_repo or indexed_repo.get("repo_id") != repo_id:
+                raise HTTPException(
+                    status_code=403,
+                    detail={
+                        "error": "access_denied",
+                        "message": "You don't have access to this repository"
+                    }
+                )
+            
+            # Check expiry
+            from services.playground_limiter import IndexedRepoData
+            repo_data = IndexedRepoData.from_dict(indexed_repo)
+            if repo_data.is_expired():
+                raise HTTPException(
+                    status_code=410,
+                    detail={
+                        "error": "repo_expired",
+                        "message": "Repository index expired. Re-index to continue searching.",
+                        "can_reindex": True
+                    }
+                )
+    else:
+        # Fall back to demo_repo (default to "flask" for backward compat)
+        demo_name = request.demo_repo or "flask"
+        repo_id = DEMO_REPO_IDS.get(demo_name)
+        
+        if not repo_id:
+            repos = repo_manager.list_repos()
+            indexed_repos = [r for r in repos if r.get("status") == "indexed"]
+            if indexed_repos:
+                repo_id = indexed_repos[0]["id"]
+            else:
+                raise HTTPException(
+                    status_code=404,
+                    detail=f"Demo repo '{demo_name}' not available"
+                )
 
     start_time = time.time()
 

backend/tests/test_anonymous_indexing.py

@@ -5,7 +5,7 @@
 Note: These tests rely on conftest.py for Pinecone/OpenAI/Redis mocking.
 """
 import pytest
-from unittest.mock import patch, MagicMock
+from unittest.mock import patch, MagicMock, AsyncMock
 from datetime import datetime, timezone, timedelta
 import json
 
@@ -679,3 +679,203 @@ def test_partial_job_includes_partial_info(self, mock_job_class, client):
         data = response.json()
         assert data["partial"] is True
         assert data["max_files"] == 200
+
+
+
+# =============================================================================
+# Issue #128: Search User-Indexed Repos Tests
+# =============================================================================
+
+class TestSearchUserRepos:
+    """Tests for searching user-indexed repositories."""
+
+    @patch('routes.playground._get_limiter')
+    @patch('routes.playground.indexer')
+    def test_search_with_repo_id_user_owns(self, mock_indexer, mock_get_limiter, client):
+        """User can search their own indexed repo via repo_id."""
+        mock_limiter = MagicMock()
+        mock_limiter.check_and_record.return_value = MagicMock(
+            allowed=True,
+            remaining=99,
+            limit=100,
+            session_token="test_session_123"
+        )
+        # Session owns this repo
+        mock_limiter.get_session_data.return_value = MagicMock(
+            indexed_repo={
+                "repo_id": "repo_user_abc123",
+                "github_url": "https://github.com/user/repo",
+                "name": "repo",
+                "file_count": 50,
+                "indexed_at": "2024-01-01T00:00:00Z",
+                "expires_at": "2099-01-02T00:00:00Z"  # Far future
+            }
+        )
+        mock_get_limiter.return_value = mock_limiter
+        mock_indexer.semantic_search = AsyncMock(return_value=[
+            {"file": "test.py", "score": 0.9}
+        ])
+
+        response = client.post(
+            "/api/v1/playground/search",
+            json={"query": "test function", "repo_id": "repo_user_abc123"}
+        )
+
+        assert response.status_code == 200
+        data = response.json()
+        assert data["count"] == 1
+
+    @patch('routes.playground._get_limiter')
+    def test_search_repo_id_not_owned_returns_403(self, mock_get_limiter, client):
+        """Searching repo_id user doesn't own returns 403."""
+        mock_limiter = MagicMock()
+        mock_limiter.check_and_record.return_value = MagicMock(
+            allowed=True,
+            remaining=99,
+            limit=100,
+            session_token="test_session_123"
+        )
+        # Session owns different repo
+        mock_limiter.get_session_data.return_value = MagicMock(
+            indexed_repo={
+                "repo_id": "repo_OTHER_xyz",
+                "github_url": "https://github.com/other/repo",
+                "name": "other-repo",
+                "file_count": 50,
+                "indexed_at": "2024-01-01T00:00:00Z",
+                "expires_at": "2099-01-02T00:00:00Z"
+            }
+        )
+        mock_get_limiter.return_value = mock_limiter
+
+        response = client.post(
+            "/api/v1/playground/search",
+            json={"query": "test", "repo_id": "repo_user_abc123"}
+        )
+
+        assert response.status_code == 403
+        data = response.json()
+        assert data["detail"]["error"] == "access_denied"
+
+    @patch('routes.playground._get_limiter')
+    def test_search_repo_id_no_session_repo_returns_403(self, mock_get_limiter, client):
+        """Searching repo_id when session has no indexed repo returns 403."""
+        mock_limiter = MagicMock()
+        mock_limiter.check_and_record.return_value = MagicMock(
+            allowed=True,
+            remaining=99,
+            limit=100,
+            session_token="test_session_123"
+        )
+        # Session has no indexed repo
+        mock_limiter.get_session_data.return_value = MagicMock(indexed_repo=None)
+        mock_get_limiter.return_value = mock_limiter
+
+        response = client.post(
+            "/api/v1/playground/search",
+            json={"query": "test", "repo_id": "repo_user_abc123"}
+        )
+
+        assert response.status_code == 403
+
+    @patch('routes.playground._get_limiter')
+    def test_search_expired_repo_returns_410(self, mock_get_limiter, client):
+        """Searching expired repo returns 410 with can_reindex hint."""
+        mock_limiter = MagicMock()
+        mock_limiter.check_and_record.return_value = MagicMock(
+            allowed=True,
+            remaining=99,
+            limit=100,
+            session_token="test_session_123"
+        )
+        # Session owns repo but it's expired
+        mock_limiter.get_session_data.return_value = MagicMock(
+            indexed_repo={
+                "repo_id": "repo_user_abc123",
+                "github_url": "https://github.com/user/repo",
+                "name": "repo",
+                "file_count": 50,
+                "indexed_at": "2024-01-01T00:00:00Z",
+                "expires_at": "2024-01-01T00:00:01Z"  # Already expired
+            }
+        )
+        mock_get_limiter.return_value = mock_limiter
+
+        response = client.post(
+            "/api/v1/playground/search",
+            json={"query": "test", "repo_id": "repo_user_abc123"}
+        )
+
+        assert response.status_code == 410
+        data = response.json()
+        assert data["detail"]["error"] == "repo_expired"
+        assert data["detail"]["can_reindex"] is True
+
+    @patch('routes.playground._get_limiter')
+    @patch('routes.playground.indexer')
+    def test_search_demo_repo_via_repo_id_allowed(self, mock_indexer, mock_get_limiter, client):
+        """Demo repos can be accessed via repo_id without ownership check."""
+        mock_limiter = MagicMock()
+        mock_limiter.check_and_record.return_value = MagicMock(
+            allowed=True,
+            remaining=99,
+            limit=100,
+            session_token="test_session_123"
+        )
+        mock_get_limiter.return_value = mock_limiter
+        mock_indexer.semantic_search = AsyncMock(return_value=[])
+
+        # Use the flask demo repo ID
+        from routes.playground import DEMO_REPO_IDS
+        flask_repo_id = DEMO_REPO_IDS.get("flask")
+        
+        if flask_repo_id:
+            response = client.post(
+                "/api/v1/playground/search",
+                json={"query": "route handler", "repo_id": flask_repo_id}
+            )
+            assert response.status_code == 200
+
+    @patch('routes.playground._get_limiter')
+    @patch('routes.playground.indexer')
+    def test_search_backward_compat_demo_repo(self, mock_indexer, mock_get_limiter, client):
+        """Backward compat: demo_repo parameter still works."""
+        mock_limiter = MagicMock()
+        mock_limiter.check_and_record.return_value = MagicMock(
+            allowed=True,
+            remaining=99,
+            limit=100,
+            session_token=None
+        )
+        mock_get_limiter.return_value = mock_limiter
+        mock_indexer.semantic_search = AsyncMock(return_value=[])
+
+        response = client.post(
+            "/api/v1/playground/search",
+            json={"query": "test", "demo_repo": "flask"}
+        )
+
+        # Should work (200) or 404 if flask not indexed - but not 4xx auth error
+        assert response.status_code in [200, 404]
+
+    @patch('routes.playground._get_limiter')
+    @patch('routes.playground.indexer')
+    def test_search_default_to_flask_when_no_repo_specified(self, mock_indexer, mock_get_limiter, client):
+        """When neither repo_id nor demo_repo provided, defaults to flask."""
+        mock_limiter = MagicMock()
+        mock_limiter.check_and_record.return_value = MagicMock(
+            allowed=True,
+            remaining=99,
+            limit=100,
+            session_token=None
+        )
+        mock_get_limiter.return_value = mock_limiter
+        mock_indexer.semantic_search = AsyncMock(return_value=[])
+
+        response = client.post(
+            "/api/v1/playground/search",
+            json={"query": "test"}  # No repo_id or demo_repo
+        )
+
+        # Should default to flask
+        assert response.status_code in [200, 404]