`575ebbc`

Add organization avatar uploads

Authored by

espadonne 3 days ago

SHA: 575ebbc0102d790d1491b2d6c493193e9f9ae8d7
Parents: acfe4d1
Tree: 4134a72

11 changed files

Status	File	+	-
M	`docs/internal/storage.md`	2	0
A	`internal/web/handlers/orgs/avatar.go`	149	0
A	`internal/web/handlers/orgs/avatar_test.go`	192	0
M	`internal/web/handlers/orgs/orgs.go`	5	0
M	`internal/web/handlers/profile/profile.go`	33	20
M	`internal/web/handlers/profile/profile_test.go`	40	0
M	`internal/web/orgs_wiring.go`	3	0
M	`internal/web/server.go`	1	1
M	`internal/web/templates/orgs/profile.html`	2	2
A	`internal/web/templates/orgs/settings_profile.html`	36	0
M	`internal/web/templates/settings/organizations.html`	1	1

docs/internal/storage.mdmodified

  attachments/<scope>/<id>/<filename>   # issue/PR/comment attachments
  avatars/<user_id>/<hash>.png          # largest rendered avatar variant
  avatars/<user_id>/<hash>-<size>.png   # smaller rendered avatar variants
 +avatars/orgs/<org_id>/<hash>.png      # largest rendered org avatar variant
 +avatars/orgs/<org_id>/<hash>-<size>.png
  backups/...                           # S37
  ```

internal/web/handlers/orgs/avatar.goadded

 +// SPDX-License-Identifier: AGPL-3.0-or-later
++
 +package orgs
++
 +import (
 +	"bytes"
 +	"errors"
 +	"fmt"
 +	"net/http"
++
 +	"github.com/jackc/pgx/v5/pgtype"
++
 +	"github.com/tenseleyFlow/shithub/internal/avatars"
 +	"github.com/tenseleyFlow/shithub/internal/infra/storage"
 +	orgsdb "github.com/tenseleyFlow/shithub/internal/orgs/sqlc"
 +	"github.com/tenseleyFlow/shithub/internal/web/middleware"
 +)
++
 +const avatarUploadCap = avatars.MaxUploadBytes + 64*1024
++
 +func (h *Handlers) settingsProfile(w http.ResponseWriter, r *http.Request) {
 +	org, ok := h.orgFromSlug(w, r)
 +	if !ok {
 +		return
 +	}
 +	viewer := middleware.CurrentUserFromContext(r.Context())
 +	if !h.requireOrgOwner(w, r, org.ID, viewer) {
 +		return
 +	}
 +	h.renderSettingsProfile(w, r, org, "", "")
 +}
++
 +func (h *Handlers) settingsAvatarUpload(w http.ResponseWriter, r *http.Request) {
 +	org, ok := h.orgFromSlug(w, r)
 +	if !ok {
 +		return
 +	}
 +	viewer := middleware.CurrentUserFromContext(r.Context())
 +	if !h.requireOrgOwner(w, r, org.ID, viewer) {
 +		return
 +	}
 +	if h.d.ObjectStore == nil {
 +		h.d.Render.HTTPError(w, r, http.StatusServiceUnavailable, "avatar storage is not configured")
 +		return
 +	}
 +	r.Body = http.MaxBytesReader(w, r.Body, avatarUploadCap)
 +	//nolint:gosec // G120 false positive: avatarUploadCap is constant-bounded, MaxBytesReader enforces the cap.
 +	if err := r.ParseMultipartForm(avatarUploadCap); err != nil {
 +		h.renderSettingsProfile(w, r, org, friendlyAvatarErr(err), "")
 +		return
 +	}
 +	file, _, err := r.FormFile("avatar")
 +	if err != nil {
 +		h.renderSettingsProfile(w, r, org, "Choose an image file to upload.", "")
 +		return
 +	}
 +	defer func() { _ = file.Close() }()
++
 +	variants, hash, err := avatars.Process(file)
 +	if err != nil {
 +		h.renderSettingsProfile(w, r, org, friendlyAvatarErr(err), "")
 +		return
 +	}
 +	prefix := fmt.Sprintf("avatars/orgs/%d/%s", org.ID, hash)
 +	largest := ""
 +	for _, v := range variants {
 +		key := fmt.Sprintf("%s-%d.png", prefix, v.Size)
 +		if v.Size == variants[0].Size {
 +			key = prefix + ".png"
 +			largest = key
 +		}
 +		if _, err := h.d.ObjectStore.Put(
 +			r.Context(), key,
 +			bytes.NewReader(v.Data),
 +			storage.PutOpts{ContentType: "image/png", ContentLength: int64(len(v.Data))},
 +		); err != nil {
 +			h.d.Logger.ErrorContext(r.Context(), "org avatar: put", "error", err, "key", key)
 +			h.renderSettingsProfile(w, r, org, "Could not store that avatar. Try again.", "")
 +			return
 +		}
 +	}
 +	if err := orgsdb.New().SetOrgAvatarKey(r.Context(), h.d.Pool, orgsdb.SetOrgAvatarKeyParams{
 +		ID:              org.ID,
 +		AvatarObjectKey: pgtype.Text{String: largest, Valid: true},
 +	}); err != nil {
 +		h.d.Logger.ErrorContext(r.Context(), "org avatar: db update", "error", err)
 +		h.renderSettingsProfile(w, r, org, "Could not save that avatar. Try again.", "")
 +		return
 +	}
 +	http.Redirect(w, r, orgSettingsProfilePath(org), http.StatusSeeOther)
 +}
++
 +func (h *Handlers) settingsAvatarRemove(w http.ResponseWriter, r *http.Request) {
 +	org, ok := h.orgFromSlug(w, r)
 +	if !ok {
 +		return
 +	}
 +	viewer := middleware.CurrentUserFromContext(r.Context())
 +	if !h.requireOrgOwner(w, r, org.ID, viewer) {
 +		return
 +	}
 +	if err := orgsdb.New().SetOrgAvatarKey(r.Context(), h.d.Pool, orgsdb.SetOrgAvatarKeyParams{
 +		ID:              org.ID,
 +		AvatarObjectKey: pgtype.Text{},
 +	}); err != nil {
 +		h.d.Logger.ErrorContext(r.Context(), "org avatar: db clear", "error", err)
 +		h.renderSettingsProfile(w, r, org, "Could not remove that avatar. Try again.", "")
 +		return
 +	}
 +	http.Redirect(w, r, orgSettingsProfilePath(org), http.StatusSeeOther)
 +}
++
 +func (h *Handlers) renderSettingsProfile(
 +	w http.ResponseWriter,
 +	r *http.Request,
 +	org orgsdb.Org,
 +	errMsg string,
 +	success string,
 +) {
 +	_ = h.d.Render.RenderPage(w, r, "orgs/settings_profile", map[string]any{
 +		"Title":               org.Slug + " · profile settings",
 +		"CSRFToken":           middleware.CSRFTokenForRequest(r),
 +		"Org":                 org,
 +		"AvatarURL":           "/avatars/" + org.Slug,
 +		"AvatarUploadEnabled": h.d.ObjectStore != nil,
 +		"HasAvatar":           org.AvatarObjectKey.Valid && org.AvatarObjectKey.String != "",
 +		"Error":               errMsg,
 +		"Success":             success,
 +	})
 +}
++
 +func orgSettingsProfilePath(org orgsdb.Org) string {
 +	return "/organizations/" + org.Slug + "/settings/profile"
 +}
++
 +func friendlyAvatarErr(err error) string {
 +	switch {
 +	case errors.Is(err, avatars.ErrTooLarge):
 +		return "Avatar must be 5 MB or smaller."
 +	case errors.Is(err, avatars.ErrUnsupported):
 +		return "Avatar must be a PNG, JPEG, or GIF image."
 +	case errors.Is(err, avatars.ErrDecompression):
 +		return "Avatar dimensions are too large."
 +	case errors.Is(err, avatars.ErrDecode):
 +		return "Could not decode that image."
 +	default:
 +		return "Could not upload that avatar."
 +	}
 +}

internal/web/handlers/orgs/avatar_test.goadded

 +// SPDX-License-Identifier: AGPL-3.0-or-later
++
 +package orgs_test
++
 +import (
 +	"bytes"
 +	"context"
 +	"image"
 +	"image/color"
 +	"image/png"
 +	"io"
 +	"log/slog"
 +	"mime/multipart"
 +	"net/http"
 +	"net/http/httptest"
 +	"net/url"
 +	"strings"
 +	"testing"
 +	"testing/fstest"
++
 +	"github.com/go-chi/chi/v5"
++
 +	"github.com/tenseleyFlow/shithub/internal/infra/storage"
 +	orgsdb "github.com/tenseleyFlow/shithub/internal/orgs/sqlc"
 +	"github.com/tenseleyFlow/shithub/internal/testing/dbtest"
 +	orgsh "github.com/tenseleyFlow/shithub/internal/web/handlers/orgs"
 +	"github.com/tenseleyFlow/shithub/internal/web/middleware"
 +	"github.com/tenseleyFlow/shithub/internal/web/render"
 +)
++
 +func TestOrgAvatarUploadRoundTrip(t *testing.T) {
 +	t.Parallel()
 +	ctx := context.Background()
 +	pool := dbtest.NewTestDB(t)
 +	q := orgsdb.New()
 +	viewerID := insertOrgAvatarUser(t, pool, "mfwolffe")
 +	orgID := insertOrgAvatarOrg(t, pool, viewerID, "tenseleyFlow")
++
 +	tmplFS := fstest.MapFS{
 +		"_layout.html":               {Data: []byte(`{{ define "layout" }}<html><body>{{ template "page" . }}</body></html>{{ end }}`)},
 +		"orgs/settings_profile.html": {Data: []byte(`{{ define "page" }}{{ with .Error }}ERROR={{ . }}{{ end }}<form action="/organizations/{{ .Org.Slug }}/settings/profile/avatar"><input name=csrf_token value="{{.CSRFToken}}"></form>{{ if .HasAvatar }}REMOVE=/organizations/{{ .Org.Slug }}/settings/profile/avatar/remove{{ end }}{{ end }}`)},
 +		"errors/403.html":            {Data: []byte(`{{ define "page" }}403{{ end }}`)},
 +		"errors/404.html":            {Data: []byte(`{{ define "page" }}404{{ end }}`)},
 +		"errors/500.html":            {Data: []byte(`{{ define "page" }}500{{ end }}`)},
 +	}
 +	rr, err := render.New(tmplFS, render.Options{})
 +	if err != nil {
 +		t.Fatalf("render.New: %v", err)
 +	}
 +	h, err := orgsh.New(orgsh.Deps{
 +		Logger:      slog.New(slog.NewTextHandler(io.Discard, nil)),
 +		Render:      rr,
 +		Pool:        pool,
 +		ObjectStore: storage.NewMemoryStore(),
 +	})
 +	if err != nil {
 +		t.Fatalf("orgsh.New: %v", err)
 +	}
 +	r := chi.NewRouter()
 +	r.Use(func(next http.Handler) http.Handler {
 +		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 +			viewer := middleware.CurrentUser{ID: viewerID, Username: "mfwolffe"}
 +			next.ServeHTTP(w, r.WithContext(middleware.WithCurrentUserForTest(r.Context(), viewer)))
 +		})
 +	})
 +	h.MountCreate(r)
 +	srv := httptest.NewServer(r)
 +	t.Cleanup(srv.Close)
++
 +	cli := &http.Client{CheckRedirect: func(*http.Request, []*http.Request) error {
 +		return http.ErrUseLastResponse
 +	}}
++
 +	resp, err := cli.Get(srv.URL + "/organizations/tenseleyFlow/settings/profile")
 +	if err != nil {
 +		t.Fatalf("GET settings: %v", err)
 +	}
 +	body, _ := io.ReadAll(resp.Body)
 +	_ = resp.Body.Close()
 +	if resp.StatusCode != http.StatusOK {
 +		t.Fatalf("GET status=%d body=%s", resp.StatusCode, body)
 +	}
 +	if !strings.Contains(string(body), "/organizations/tenseleyFlow/settings/profile/avatar") {
 +		t.Fatalf("expected upload form, got %s", body)
 +	}
++
 +	resp = postOrgAvatar(t, cli, srv.URL+"/organizations/tenseleyFlow/settings/profile/avatar", makeOrgTestPNG(t))
 +	_ = resp.Body.Close()
 +	if resp.StatusCode != http.StatusSeeOther {
 +		t.Fatalf("upload status=%d", resp.StatusCode)
 +	}
 +	if got := resp.Header.Get("Location"); got != "/organizations/tenseleyFlow/settings/profile" {
 +		t.Fatalf("upload Location=%q", got)
 +	}
 +	org, err := q.GetOrgByID(ctx, pool, orgID)
 +	if err != nil {
 +		t.Fatalf("GetOrgByID: %v", err)
 +	}
 +	if !org.AvatarObjectKey.Valid || !strings.HasPrefix(org.AvatarObjectKey.String, "avatars/orgs/") {
 +		t.Fatalf("avatar key=%q valid=%v", org.AvatarObjectKey.String, org.AvatarObjectKey.Valid)
 +	}
++
 +	resp, err = cli.PostForm(srv.URL+"/organizations/tenseleyFlow/settings/profile/avatar/remove", url.Values{})
 +	if err != nil {
 +		t.Fatalf("POST remove: %v", err)
 +	}
 +	_ = resp.Body.Close()
 +	if resp.StatusCode != http.StatusSeeOther {
 +		t.Fatalf("remove status=%d", resp.StatusCode)
 +	}
 +	org, err = q.GetOrgByID(ctx, pool, orgID)
 +	if err != nil {
 +		t.Fatalf("GetOrgByID after remove: %v", err)
 +	}
 +	if org.AvatarObjectKey.Valid {
 +		t.Fatalf("expected cleared avatar key, got %q", org.AvatarObjectKey.String)
 +	}
 +}
++
 +func postOrgAvatar(t *testing.T, cli *http.Client, endpoint string, png []byte) *http.Response {
 +	t.Helper()
 +	body := &bytes.Buffer{}
 +	mw := multipart.NewWriter(body)
 +	part, err := mw.CreateFormFile("avatar", "avatar.png")
 +	if err != nil {
 +		t.Fatalf("CreateFormFile: %v", err)
 +	}
 +	if _, err := part.Write(png); err != nil {
 +		t.Fatalf("write png: %v", err)
 +	}
 +	if err := mw.Close(); err != nil {
 +		t.Fatalf("close multipart: %v", err)
 +	}
 +	req, err := http.NewRequest(http.MethodPost, endpoint, body)
 +	if err != nil {
 +		t.Fatalf("NewRequest: %v", err)
 +	}
 +	req.Header.Set("Content-Type", mw.FormDataContentType())
 +	resp, err := cli.Do(req)
 +	if err != nil {
 +		t.Fatalf("POST avatar: %v", err)
 +	}
 +	return resp
 +}
++
 +func makeOrgTestPNG(t *testing.T) []byte {
 +	t.Helper()
 +	img := image.NewRGBA(image.Rect(0, 0, 64, 64))
 +	for y := 0; y < 64; y++ {
 +		for x := 0; x < 64; x++ {
 +			img.Set(x, y, color.RGBA{R: 80, G: 30, B: 110, A: 255})
 +		}
 +	}
 +	buf := &bytes.Buffer{}
 +	if err := png.Encode(buf, img); err != nil {
 +		t.Fatalf("encode png: %v", err)
 +	}
 +	return buf.Bytes()
 +}
++
 +func insertOrgAvatarUser(t *testing.T, db orgsdb.DBTX, username string) int64 {
 +	t.Helper()
 +	var id int64
 +	if err := db.QueryRow(context.Background(),
 +		`INSERT INTO users (username, password_hash) VALUES ($1, $2) RETURNING id`,
 +		username,
 +		"$argon2id$v=19$m=16384,t=1,p=1$AAAAAAAAAAAAAAAA$AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
 +	).Scan(&id); err != nil {
 +		t.Fatalf("insert user: %v", err)
 +	}
 +	return id
 +}
++
 +func insertOrgAvatarOrg(t *testing.T, db orgsdb.DBTX, userID int64, slug string) int64 {
 +	t.Helper()
 +	var orgID int64
 +	if err := db.QueryRow(context.Background(),
 +		`INSERT INTO orgs (slug, display_name, created_by_user_id)
 +		 VALUES ($1, $1, $2)
 +		 RETURNING id`,
 +		slug, userID,
 +	).Scan(&orgID); err != nil {
 +		t.Fatalf("insert org: %v", err)
 +	}
 +	if _, err := db.Exec(context.Background(),
 +		`INSERT INTO org_members (org_id, user_id, role) VALUES ($1, $2, 'owner')`,
 +		orgID, userID,
 +	); err != nil {
 +		t.Fatalf("insert org member: %v", err)
 +	}
 +	return orgID
 +}

internal/web/handlers/orgs/orgs.gomodified

  	"github.com/jackc/pgx/v5/pgxpool"
  	authemail "github.com/tenseleyFlow/shithub/internal/auth/email"
 +	"github.com/tenseleyFlow/shithub/internal/infra/storage"
  	"github.com/tenseleyFlow/shithub/internal/orgs"
  	orgsdb "github.com/tenseleyFlow/shithub/internal/orgs/sqlc"
  	"github.com/tenseleyFlow/shithub/internal/web/middleware"
  	EmailFrom   string
  	SiteName    string
  	BaseURL     string
 +	ObjectStore storage.ObjectStore
+ }
  // Handlers groups the org surface handlers.
  func (h *Handlers) MountCreate(r chi.Router) {
  	r.Get("/organizations/new", h.newForm)
  	r.Post("/organizations", h.createSubmit)
 +	r.Get("/organizations/{org}/settings/profile", h.settingsProfile)
 +	r.Post("/organizations/{org}/settings/profile/avatar", h.settingsAvatarUpload)
 +	r.Post("/organizations/{org}/settings/profile/avatar/remove", h.settingsAvatarRemove)
+ }
  // MountOrgRoutes registers the per-org surface under /{org}/people

internal/web/handlers/profile/profile.gomodified

  	"github.com/tenseleyFlow/shithub/internal/avatars"
  	"github.com/tenseleyFlow/shithub/internal/infra/storage"
  	"github.com/tenseleyFlow/shithub/internal/orgs"
 +	orgsdb "github.com/tenseleyFlow/shithub/internal/orgs/sqlc"
  	usersdb "github.com/tenseleyFlow/shithub/internal/users/sqlc"
  	"github.com/tenseleyFlow/shithub/internal/web/middleware"
  	"github.com/tenseleyFlow/shithub/internal/web/render"
  // ------------------------------ avatar ----------------------------------
 -// serveAvatar resolves the username, then either streams the uploaded
 -// avatar from object storage or returns the deterministic SVG identicon.
 +// serveAvatar resolves the slug, then either streams the uploaded
 +// user/org avatar from object storage or returns the deterministic SVG
 +// identicon.
  //
  // Implementation notes:
  //   - Lookup-by-username happens on every request. At our scale this is
  //     fine; if the avatar route becomes hot we can add an LRU.
 -//   - Suspended/deleted users get the identicon (NOT a 404) so the
 -//     suspended-page UX still has *something* to render in the header.
 +//   - Missing, suspended, or deleted principals get the identicon (NOT a
 +//     404) so avatar URLs leak less existence state.
  //   - Cache-Control: long max-age + immutable. Avatar contents are
 -//     content-addressed at upload time (S10 stores under
 -//     avatars/<owner>/<sha256>.<ext>) so the URL changes when the image
 -//     does, making "immutable" safe.
 +//     content-addressed at upload time so the URL changes when the image
 +//     changes, making "immutable" safe.
  func (h *Handlers) serveAvatar(w http.ResponseWriter, r *http.Request) {
 -	username := chi.URLParam(r, "username")
 -	user, err := h.q.GetUserByUsername(r.Context(), h.d.Pool, username)
 -	if err != nil {
 -		// Don't 404 on missing user — silently fall through to the
 -		// identicon. Avatar URLs leak less existence info that way.
 -		writeIdenticon(w, r, username)
 -		return
 -	}
 -	if !user.AvatarObjectKey.Valid || user.AvatarObjectKey.String == "" {
 -		writeIdenticon(w, r, user.Username)
 +	slug := chi.URLParam(r, "username")
 +	key, seed := h.avatarKeyForSlug(r, slug)
 +	if key == "" {
 +		writeIdenticon(w, r, seed)
  		return
+ 	}
  	if h.d.ObjectStore == nil {
 -		writeIdenticon(w, r, user.Username)
 +		writeIdenticon(w, r, seed)
  		return
+ 	}
 -	rc, meta, err := h.d.ObjectStore.Get(r.Context(), user.AvatarObjectKey.String)
 +	rc, meta, err := h.d.ObjectStore.Get(r.Context(), key)
  	if err != nil {
 -		writeIdenticon(w, r, user.Username)
 +		writeIdenticon(w, r, seed)
  		return
+ 	}
  	defer func() { _ = rc.Close() }()
  	_, _ = io.Copy(w, rc)
+ }
 +func (h *Handlers) avatarKeyForSlug(r *http.Request, slug string) (string, string) {
 +	user, err := h.q.GetUserByUsername(r.Context(), h.d.Pool, slug)
 +	if err == nil {
 +		if user.AvatarObjectKey.Valid {
 +			return user.AvatarObjectKey.String, user.Username
 +		}
 +		return "", user.Username
 +	}
 +	org, err := orgsdb.New().GetOrgBySlug(r.Context(), h.d.Pool, slug)
 +	if err == nil {
 +		if org.AvatarObjectKey.Valid {
 +			return org.AvatarObjectKey.String, org.Slug
 +		}
 +		return "", org.Slug
 +	}
 +	return "", slug
 +}
++
  func writeIdenticon(w http.ResponseWriter, _ *http.Request, username string) {
  	w.Header().Set("Content-Type", "image/svg+xml")
  	// Identicons depend ONLY on the username; cache forever.

internal/web/handlers/profile/profile_test.gomodified

  	"github.com/jackc/pgx/v5/pgxpool"
  	authpkg "github.com/tenseleyFlow/shithub/internal/auth"
 +	"github.com/tenseleyFlow/shithub/internal/infra/storage"
  	"github.com/tenseleyFlow/shithub/internal/testing/dbtest"
  	usersdb "github.com/tenseleyFlow/shithub/internal/users/sqlc"
  	profileh "github.com/tenseleyFlow/shithub/internal/web/handlers/profile"
+ }
  func setupProfileEnv(t *testing.T) *profileEnv {
 +	return setupProfileEnvWithStore(t, nil)
 +}
++
 +func setupProfileEnvWithStore(t *testing.T, objectStore storage.ObjectStore) *profileEnv {
  	t.Helper()
  	pool := dbtest.NewTestDB(t)
  	h, err := profileh.New(profileh.Deps{
  		Logger: slog.New(slog.NewTextHandler(io.Discard, nil)),
  		Render: rr, Pool: pool,
 +		ObjectStore: objectStore,
  	})
  	if err != nil {
  		t.Fatalf("profileh.New: %v", err)
+ 	}
+ }
 +func TestProfile_AvatarStreamsOrgAvatar(t *testing.T) {
 +	t.Parallel()
 +	store := storage.NewMemoryStore()
 +	env := setupProfileEnvWithStore(t, store)
 +	owner := env.insertUser(t, "alice", "Alice", "")
 +	orgID := env.insertOrg(t, "acme", "Acme", "", owner)
 +	key := "avatars/orgs/acme/test.png"
 +	if _, err := store.Put(context.Background(), key, strings.NewReader("org-avatar"), storage.PutOpts{
 +		ContentType:   "image/png",
 +		ContentLength: int64(len("org-avatar")),
 +	}); err != nil {
 +		t.Fatalf("store.Put: %v", err)
 +	}
 +	if _, err := env.pool.Exec(context.Background(),
 +		`UPDATE orgs SET avatar_object_key = $1 WHERE id = $2`,
 +		key, orgID,
 +	); err != nil {
 +		t.Fatalf("set org avatar: %v", err)
 +	}
++
 +	resp, _ := http.Get(env.srv.URL + "/avatars/acme")
 +	defer func() { _ = resp.Body.Close() }()
 +	if resp.StatusCode != http.StatusOK {
 +		t.Fatalf("status %d", resp.StatusCode)
 +	}
 +	if resp.Header.Get("Content-Type") != "image/png" {
 +		t.Fatalf("content-type %q", resp.Header.Get("Content-Type"))
 +	}
 +	body, _ := io.ReadAll(resp.Body)
 +	if string(body) != "org-avatar" {
 +		t.Fatalf("body=%q", body)
 +	}
 +}
++
  // TestReservedNameList_HasReasonableContents is the route-audit test: it
  // asserts every top-level path segment shithub registers as of S09 is on
  // the reserved list. When a future sprint adds a new top-level route,

internal/web/orgs_wiring.gomodified

  	"github.com/tenseleyFlow/shithub/internal/auth/email"
  	"github.com/tenseleyFlow/shithub/internal/infra/config"
 +	"github.com/tenseleyFlow/shithub/internal/infra/storage"
  	orgshandlers "github.com/tenseleyFlow/shithub/internal/web/handlers/orgs"
  	"github.com/tenseleyFlow/shithub/internal/web/render"
+ )
  func buildOrgHandlers(
  	cfg config.Config,
  	pool *pgxpool.Pool,
 +	objectStore storage.ObjectStore,
  	tmplFS fs.FS,
  	logger *slog.Logger,
  ) (*orgshandlers.Handlers, error) {
  		EmailFrom:   cfg.Auth.EmailFrom,
  		SiteName:    cfg.Auth.SiteName,
  		BaseURL:     cfg.Auth.BaseURL,
 +		ObjectStore: objectStore,
  	})
+ }

internal/web/server.gomodified

  		deps.NotifPublicMounter = notifH.MountPublic
  		// S30 — orgs.
 -		orgH, err := buildOrgHandlers(cfg, pool, deps.TemplatesFS, logger)
 +		orgH, err := buildOrgHandlers(cfg, pool, objectStore, deps.TemplatesFS, logger)
  		if err != nil {
  			return fmt.Errorf("org handlers: %w", err)
+ 		}

internal/web/templates/orgs/profile.htmlmodified

          </ul>
        </div>
        <div class="shithub-org-hero-actions">
 -        {{ if .IsOwner }}<button type="button" class="shithub-button" disabled>Settings</button>{{ else }}<button type="button" class="shithub-button" disabled>Follow</button>{{ end }}
 +        {{ if .IsOwner }}<a href="/organizations/{{ .Org.Slug }}/settings/profile" class="shithub-button">Settings</a>{{ else }}<button type="button" class="shithub-button" disabled>Follow</button>{{ end }}
        </div>
      </div>
    </header>
      <a href="/{{ .Org.Slug }}/people" class="shithub-org-nav-item">{{ octicon "person" }} People <span class="shithub-tab-count">{{ .MemberCount }}</span></a>
      <span class="shithub-org-nav-item is-disabled" aria-disabled="true">{{ octicon "shield-check" }} Security and quality</span>
      <span class="shithub-org-nav-item is-disabled" aria-disabled="true">{{ octicon "pulse" }} Insights</span>
 -    {{ if .IsOwner }}<span class="shithub-org-nav-item is-disabled" aria-disabled="true">{{ octicon "gear" }} Settings</span>{{ end }}
 +    {{ if .IsOwner }}<a href="/organizations/{{ .Org.Slug }}/settings/profile" class="shithub-org-nav-item">{{ octicon "gear" }} Settings</a>{{ end }}
    </nav>
    {{ if .Org.SuspendedAt.Valid }}

internal/web/templates/orgs/settings_profile.htmladded

 +{{ define "page" -}}
 +<section class="shithub-org-settings">
 +  <header class="shithub-org-profile-head">
 +    <h1>{{ .Org.DisplayName }} · Profile settings</h1>
 +    <p class="shithub-meta">@{{ .Org.Slug }}</p>
 +  </header>
++
 +  {{ with .Error }}<p class="shithub-flash shithub-flash-error" role="alert">{{ . }}</p>{{ end }}
 +  {{ with .Success }}<p class="shithub-flash shithub-flash-success" role="status">{{ . }}</p>{{ end }}
++
 +  <section class="shithub-settings-section" aria-labelledby="org-avatar-heading">
 +    <h2 id="org-avatar-heading">Profile picture</h2>
 +    <div class="shithub-profile-picture-settings">
 +      <img src="{{ .AvatarURL }}" alt="" class="shithub-profile-edit-avatar">
 +      {{ if .AvatarUploadEnabled }}
 +        <form method="POST" action="/organizations/{{ .Org.Slug }}/settings/profile/avatar" enctype="multipart/form-data" novalidate>
 +          <input type="hidden" name="csrf_token" value="{{ .CSRFToken }}">
 +          <label>
 +            <span>Upload new picture</span>
 +            <input type="file" name="avatar" accept="image/png,image/jpeg,image/gif" required>
 +          </label>
 +          <button type="submit" class="shithub-button shithub-button-primary">Upload</button>
 +        </form>
 +        {{ if .HasAvatar }}
 +        <form method="POST" action="/organizations/{{ .Org.Slug }}/settings/profile/avatar/remove" novalidate>
 +          <input type="hidden" name="csrf_token" value="{{ .CSRFToken }}">
 +          <button type="submit" class="shithub-button shithub-button-danger">Remove picture</button>
 +        </form>
 +        {{ end }}
 +      {{ else }}
 +        <p class="shithub-meta">Avatar uploads are disabled until object storage is configured.</p>
 +      {{ end }}
 +    </div>
 +  </section>
 +</section>
 +{{- end }}

internal/web/templates/settings/organizations.htmlmodified

            <div class="shithub-settings-org-actions">
              {{ if .CanManage }}
              <button type="button" class="shithub-button shithub-button-small" disabled>Compare plans</button>
 -            <a href="/{{ .Slug }}/people" class="shithub-button shithub-button-small">Settings</a>
 +            <a href="/organizations/{{ .Slug }}/settings/profile" class="shithub-button shithub-button-small">Settings</a>
              {{ end }}
              <button type="button" class="shithub-button shithub-button-small shithub-button-danger" disabled>Leave</button>
            </div>