Private one-on-one conversations between Mirage users
Direct messaging in Mirage allows users to have private conversations with each other through a personal inbox system. Send and receive messages securely with any user on the platform.
@inbox_bp.route('/api/send_inbox_message',methods=['POST'])def send_inbox_message(): data = request.get_json() token = request.headers.get('Authorization') recipient_username = data.get('recipient') message = data.get('message','') if not token: return jsonify({'error':'invalid token , please re-login'}),401 if not recipient_username or not message: return jsonify({'error':'missing recipient or message'}),400 # Authenticate sender c.execute('SELECT username FROM users WHERE token=?',(token,)) user = c.fetchone() if not user: return jsonify({'error':'unauthorized'}),401 sender = user[0] # Verify recipient exists c.execute('SELECT username FROM users WHERE username=?',(recipient_username,)) recipient = c.fetchone() if not recipient: return jsonify({'erorr':'recipient not found'}),404 recipient = recipient[0] # Insert message into inbox c.execute('INSERT INTO inbox_messages (sender,recipient,message) VALUES (?,?,?)', (sender,recipient,message)) conn.commit() return jsonify({'message':'message sent'}),200
Message Validation: The system verifies both sender authentication and recipient existence before delivering any message.
Access all your direct messages in one unified inbox view.
Inbox Overview
Message Details
Conversation View
Your inbox displays all messages where you’re either the sender or recipient:
app/routes/inbox.py:45-84
@inbox_bp.route('/api/inbox', methods=['GET'])def inbox(): token = request.headers.get('Authorization') # Get user from token c.execute('SELECT username FROM users WHERE token=?', (token,)) user = c.fetchone() username = user[0] # Fetch all messages (sent and received) c.execute(''' SELECT im.id, im.sender, im.recipient, im.message, im.created_at, u.avatar_url AS sender_avatar FROM inbox_messages im LEFT JOIN users u ON im.sender = u.username WHERE im.recipient=? OR im.sender=? ORDER BY im.created_at DESC ''', (username, username))
Each inbox message includes:
Message ID: Unique identifier
Sender: Username who sent the message
Recipient: Username who received the message
Content: The message text
Timestamp: When the message was sent
Avatar: Sender’s profile picture (or default)
app/routes/inbox.py:73-82
for msg in messages_rows: inbox_data.append({ 'id': msg[0], 'sender': msg[1], 'recipient': msg[2], 'message': msg[3], 'created_at': msg[4], 'avatar_url': msg[5] or "https://i.pinimg.com/736x/20/da/fa/20dafa83d38f2277472e132bf1f21c22.jpg" })
Messages are ordered by timestamp (most recent first) for easy conversation tracking. You can see both:
Messages you sent to others
Messages others sent to you
Default Avatar
If a user doesn’t have a custom avatar, Mirage provides a default avatar image to ensure consistent UI display.
Remove messages from your inbox for privacy or organization.
Permanent Deletion: Deleted messages cannot be recovered. This action is permanent.
app/routes/inbox.py:86-124
@inbox_bp.route('/api/delete_inbox_message',methods=['POST'])def delete_inbox_message(): data = request.get_json() token = request.headers.get('Authorization') message_id = data.get('message_id') if not token: return jsonify({'error': 'invalid token, please re-login'}), 401 if not message_id: return jsonify({'error': 'missing message ID'}), 400 # Verify user is authorized c.execute('SELECT username FROM users WHERE token=?', (token,)) user = c.fetchone() username = user[0] # Check if message exists and user is sender or recipient c.execute('SELECT * FROM inbox_messages WHERE id=? AND (recipient=? OR sender=?)', (message_id, username, username)) msg = c.fetchone() if not msg: return jsonify({'error': 'message not found or unauthorized access'}), 404 # Delete the message c.execute('DELETE FROM inbox_messages WHERE id=?', (message_id,)) conn.commit() return jsonify({'message': 'message deleted successfully'}), 200
Quickly see how many messages are in your inbox without loading all messages.
app/routes/inbox.py:127-149
@inbox_bp.route('/api/inbox_count',methods=['GET'])def inbox_count(): token = request.headers.get('Authorization') if not token: return jsonify({'error': 'invalid token, please re-login'}), 401 # Get user c.execute('SELECT username FROM users WHERE token=?', (token,)) user = c.fetchone() username = user[0] # Count all messages (sent + received) c.execute('SELECT COUNT(*) FROM inbox_messages WHERE recipient=? OR sender=?', (username, username)) count = c.fetchone()[0] return jsonify({'inbox_count': count}), 200
Badge Notification
Use the inbox count endpoint to display notification badges in your UI, showing users how many unread or total messages they have.
Direct messages are stored in the inbox_messages table:
app/db.py:104-112
CREATE TABLE IF NOT EXISTS inbox_messages( id INTEGER PRIMARY KEY AUTOINCREMENT, sender TEXT NOT NULL, recipient TEXT NOT NULL, message TEXT NOT NULL, created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, FOREIGN KEY(sender) REFERENCES users(username), FOREIGN KEY(recipient) REFERENCES users(username))