feat(users): users profile pictures

Author: Blckbrry-Pi

modules/users/config.ts

@@ -0,0 +1,9 @@
+export interface Config {
+    maxProfilePictureBytes: number;
+    allowedMimes?: string[];
+}
+
+export const DEFAULT_MIME_TYPES = [
+    "image/jpeg",
+    "image/png",
+];

modules/users/db/migrations/20240401001004_add_pfps/migration.sql

@@ -0,0 +1,22 @@
+-- AlterTable
+ALTER TABLE "User" ADD COLUMN     "pfpId" UUID;
+
+-- CreateTable
+CREATE TABLE "Pfp" (
+    "uploadId" UUID NOT NULL,
+    "fileId" UUID NOT NULL,
+    "url" TEXT NOT NULL,
+    "urlExpiry" TIMESTAMP(3) NOT NULL,
+    "userId" UUID NOT NULL,
+    "createdAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "updatedAt" TIMESTAMP(3) NOT NULL,
+    "finishedAt" TIMESTAMP(3),
+
+    CONSTRAINT "Pfp_pkey" PRIMARY KEY ("uploadId")
+);
+
+-- CreateIndex
+CREATE UNIQUE INDEX "Pfp_userId_key" ON "Pfp"("userId");
+
+-- AddForeignKey
+ALTER TABLE "Pfp" ADD CONSTRAINT "Pfp_userId_fkey" FOREIGN KEY ("userId") REFERENCES "User"("id") ON DELETE RESTRICT ON UPDATE CASCADE;

modules/users/db/migrations/20240401002555_remove_file_id/migration.sql

@@ -0,0 +1,8 @@
+/*
+  Warnings:
+
+  - You are about to drop the column `fileId` on the `Pfp` table. All the data in the column will be lost.
+
+*/
+-- AlterTable
+ALTER TABLE "Pfp" DROP COLUMN "fileId";

modules/users/db/migrations/20240418032247_remove_pfp_table_rely_on_uploads_module_to_presign_every_time/migration.sql

@@ -0,0 +1,16 @@
+/*
+  Warnings:
+
+  - You are about to drop the column `pfpId` on the `User` table. All the data in the column will be lost.
+  - You are about to drop the `Pfp` table. If the table is not empty, all the data it contains will be lost.
+
+*/
+-- DropForeignKey
+ALTER TABLE "Pfp" DROP CONSTRAINT "Pfp_userId_fkey";
+
+-- AlterTable
+ALTER TABLE "User" DROP COLUMN "pfpId",
+ADD COLUMN     "avatarUploadId" UUID;
+
+-- DropTable
+DROP TABLE "Pfp";

modules/users/db/schema.prisma

@@ -4,8 +4,10 @@ datasource db {
 }
 
 model User {
-    id        String   @id @default(uuid()) @db.Uuid
-    username  String   @unique
-    createdAt DateTime @default(now())
-    updatedAt DateTime @updatedAt
+	id				String		@id @default(uuid()) @db.Uuid
+	username		String		@unique
+	createdAt		DateTime	@default(now())
+	updatedAt		DateTime	@updatedAt
+
+	avatarUploadId	String?		@db.Uuid
 }

modules/users/module.yaml

@@ -11,6 +11,7 @@ status: stable
 dependencies:
   rate_limit: {}
   tokens: {}
+  uploads: {}
 scripts:
   get_user:
     name: Get User
@@ -24,8 +25,22 @@ scripts:
   create_user_token:
     name: Create User Token
     description: Create a token for a user to authenticate future requests.
+  set_profile_picture:
+    name: Set Profile Picture
+    description: Set the profile picture for a user.
+    public: true
+  start_profile_picture_upload:
+    name: Start Profile Picture Upload
+    description: Allow the user to begin uploading a profile picture.
+    public: true
 errors:
   token_not_user_token:
     name: Token Not User Token
   unknown_identity_type:
     name: Unknown Identity Type
+  invalid_mime_type:
+    name: Invalid MIME Type
+    description: The MIME type for the supposed PFP isn't an image
+  file_too_large:
+    name: File Too Large
+    description: The file is larger than the configured maximum size for a profile picture

modules/users/scripts/create_user.ts

@@ -1,4 +1,5 @@
 import { ScriptContext } from "../_gen/scripts/create_user.ts";
+import { withPfpUrl } from "../utils/pfp.ts";
 import { User } from "../utils/types.ts";
 
 export interface Request {
@@ -23,7 +24,7 @@ export async function run(
 	});
 
 	return {
-		user,
+		user: await withPfpUrl(ctx, user, user.avatarUploadId),
 	};
 }
 

modules/users/scripts/get_user.ts

@@ -1,5 +1,6 @@
 import { ScriptContext } from "../_gen/scripts/get_user.ts";
 import { User } from "../utils/types.ts";
+import { withPfpUrl } from "../utils/pfp.ts";
 
 export interface Request {
 	userIds: string[];
@@ -20,5 +21,10 @@ export async function run(
 		orderBy: { username: "desc" },
 	});
 
-	return { users };
+
+	const usersWithPfps = await Promise.all(users.map(
+		user => withPfpUrl(ctx, user, user.avatarUploadId),
+	));
+
+	return { users: usersWithPfps };
 }

modules/users/scripts/set_profile_picture.ts

@@ -0,0 +1,76 @@
+import { ScriptContext, RuntimeError } from "../_gen/scripts/set_pfp.ts";
+import { User } from "../utils/types.ts";
+import { withPfpUrl } from "../utils/pfp.ts";
+
+export interface Request {
+	uploadId: string;
+	userToken: string;
+}
+
+export interface Response {
+	user: User;
+}
+
+export async function run(
+	ctx: ScriptContext,
+	req: Request,
+): Promise<Response> {
+	// Authenticate/rate limit because this is a public route
+	await ctx.modules.rateLimit.throttlePublic({ period: 60, requests: 5 });
+	const { userId } = await ctx.modules.users.authenticateUser({ userToken: req.userToken });
+
+	// Complete the upload in the `uploads` module
+	await ctx.modules.uploads.complete({ uploadId: req.uploadId });
+
+	// Delete the old uploaded profile picture and replace it with the new one
+	const user = await ctx.db.$transaction(async (db) => {
+		// If there is an existing profile picture, delete it
+		const oldUser = await db.user.findFirst({
+			where: { id: userId },
+		});
+
+		// (This means that `users.authenticateUser` is broken!)
+		if (!oldUser) {
+			throw new RuntimeError(
+				"internal_error",
+				{
+					meta: "Existing user not found",
+				},
+			);
+		}
+
+		if (oldUser.avatarUploadId) {
+			await ctx.modules.uploads.delete({ uploadId: oldUser.avatarUploadId });
+		}
+
+		// Update the user upload ID
+		const user = await db.user.update({
+			where: {
+				id: userId,
+			},
+			data: {
+				avatarUploadId: req.uploadId,
+			},
+			select: {
+				id: true,
+				username: true,
+				avatarUploadId: true,
+				createdAt: true,
+				updatedAt: true,
+			},
+		});
+
+		if (!user) {
+			throw new RuntimeError("internal_error", { cause: "User not found" });
+		}
+
+		return await withPfpUrl(
+			ctx,
+			user,
+			user.avatarUploadId,
+		);
+	});
+
+	return { user };
+}
+

modules/users/scripts/start_profile_picture_upload.ts

@@ -0,0 +1,57 @@
+import { ScriptContext, RuntimeError } from "../_gen/scripts/start_pfp_upload.ts";
+import { DEFAULT_MIME_TYPES } from "../config.ts";
+
+export interface Request {
+    mime: string;
+	contentLength: string;
+	userToken: string;
+}
+
+export interface Response {
+	url: string;
+	uploadId: string;
+}
+
+export async function run(
+	ctx: ScriptContext,
+	req: Request,
+): Promise<Response> {
+	// Authenticate/rate limit because this is a public route
+	await ctx.modules.rateLimit.throttlePublic({ period: 60, requests: 5 });
+	const { userId } = await ctx.modules.users.authenticateUser({ userToken: req.userToken });
+
+	// Ensure at least the MIME type says it is an image
+	const allowedMimes = ctx.userConfig.allowedMimes ?? DEFAULT_MIME_TYPES;
+	if (!allowedMimes.includes(req.mime)) {
+		throw new RuntimeError(
+			"invalid_mime_type",
+			{ cause: `MIME type ${req.mime} is not an allowed image type` },
+		);
+	}
+
+	// Ensure the file is within the maximum configured size for a PFP
+	if (BigInt(req.contentLength) > ctx.userConfig.maxProfilePictureBytes) { 
+		throw new RuntimeError(
+			"file_too_large",
+			{ cause: `File is too large (${req.contentLength} bytes)` },
+		);
+	}
+
+	// Prepare the upload to get the presigned URL
+	const { upload: presigned } = await ctx.modules.uploads.prepare({
+		files: [
+			{
+				path: `profile-picture`,
+				contentLength: req.contentLength,
+				mime: req.mime,
+				multipart: false,
+			},
+		],
+	});
+
+	return {
+		url: presigned.files[0].presignedUrls[0].url,
+		uploadId: presigned.id,
+	}
+}
+