`d09fe8a`

S10: avatar upload + remove handlers

Authored by mfwolffe <wolffemf@dukes.jmu.edu> 6 days ago

SHA: d09fe8a94475f4dd76ad9d64dea01d721dd7e8ea
Parents: c090746
Tree: 320b7e0

2 changed files

Status	File	+	-
A	`internal/web/handlers/auth/avatar.go`	141	0
A	`internal/web/handlers/auth/avatar_test.go`	124	0

internal/web/handlers/auth/avatar.goadded

 +// SPDX-License-Identifier: AGPL-3.0-or-later
++
 +package auth
++
 +import (
 +	"bytes"
 +	"errors"
 +	"fmt"
 +	"net/http"
++
 +	"github.com/jackc/pgx/v5/pgtype"
++
 +	"github.com/tenseleyFlow/shithub/internal/avatars"
 +	"github.com/tenseleyFlow/shithub/internal/infra/storage"
 +	usersdb "github.com/tenseleyFlow/shithub/internal/users/sqlc"
 +	"github.com/tenseleyFlow/shithub/internal/web/middleware"
 +)
++
 +// avatarUploadCap is the multipart-parse cap. Slightly larger than the
 +// per-image cap inside `avatars.Process` to leave room for the form
 +// envelope without rejecting valid uploads.
 +const avatarUploadCap = avatars.MaxUploadBytes + 64*1024
++
 +// settingsAvatarUpload handles POST /settings/profile/avatar.
 +//
 +// On success: writes 3 PNG variants to the object store, points the
 +// user's avatar_object_key at the largest variant, and redirects back
 +// to /settings/profile with a flash on the next render.
 +func (h *Handlers) settingsAvatarUpload(w http.ResponseWriter, r *http.Request) {
 +	if h.d.ObjectStore == nil {
 +		h.d.Render.HTTPError(w, r, http.StatusServiceUnavailable, "avatar storage is not configured")
 +		return
 +	}
 +	// Hard cap on the request body BEFORE multipart parsing so a large
 +	// upload can't soak memory even via the chunked-encoding path.
 +	r.Body = http.MaxBytesReader(w, r.Body, avatarUploadCap)
 +	//nolint:gosec // G120 false positive: avatarUploadCap is a constant bound, and MaxBytesReader above is the real cap.
 +	if err := r.ParseMultipartForm(avatarUploadCap); err != nil {
 +		h.renderAvatarError(w, r, "Could not parse upload (file too large?).")
 +		return
 +	}
 +	defer func() {
 +		if r.MultipartForm != nil {
 +			_ = r.MultipartForm.RemoveAll()
 +		}
 +	}()
++
 +	file, _, err := r.FormFile("avatar")
 +	if err != nil {
 +		h.renderAvatarError(w, r, "Choose a file to upload.")
 +		return
 +	}
 +	defer func() { _ = file.Close() }()
++
 +	variants, hash, err := avatars.Process(file)
 +	if err != nil {
 +		h.renderAvatarError(w, r, friendlyAvatarError(err))
 +		return
 +	}
++
 +	user := middleware.CurrentUserFromContext(r.Context())
 +	prefix := fmt.Sprintf("avatars/%d/%s", user.ID, hash)
 +	// Largest variant lives at <prefix>.png and is what the public
 +	// avatar route serves.
 +	largestKey := prefix + ".png"
 +	for _, v := range variants {
 +		key := fmt.Sprintf("%s-%d.png", prefix, v.Size)
 +		if v.Size == variants[0].Size {
 +			key = largestKey
 +		}
 +		if _, err := h.d.ObjectStore.Put(r.Context(), key,
 +			bytes.NewReader(v.Data),
 +			storage.PutOpts{ContentType: "image/png", ContentLength: int64(len(v.Data))},
 +		); err != nil {
 +			h.d.Logger.ErrorContext(r.Context(), "avatar: put", "error", err, "key", key)
 +			h.d.Render.HTTPError(w, r, http.StatusInternalServerError, "")
 +			return
 +		}
 +	}
++
 +	if err := h.q.UpdateUserAvatarKey(r.Context(), h.d.Pool, usersdb.UpdateUserAvatarKeyParams{
 +		ID:              user.ID,
 +		AvatarObjectKey: pgtype.Text{String: largestKey, Valid: true},
 +	}); err != nil {
 +		h.d.Logger.ErrorContext(r.Context(), "avatar: db update", "error", err)
 +		h.d.Render.HTTPError(w, r, http.StatusInternalServerError, "")
 +		return
 +	}
++
 +	http.Redirect(w, r, "/settings/profile", http.StatusSeeOther)
 +}
++
 +// settingsAvatarRemove handles POST /settings/profile/avatar/remove.
 +//
 +// We clear avatar_object_key on the user but DO NOT delete the stored
 +// objects. The current key is content-addressed so future uploads land
 +// at a new path; old objects stop being referenced and a future
 +// orphan-sweep job (post-MVP) will purge them.
 +func (h *Handlers) settingsAvatarRemove(w http.ResponseWriter, r *http.Request) {
 +	user := middleware.CurrentUserFromContext(r.Context())
 +	if err := h.q.UpdateUserAvatarKey(r.Context(), h.d.Pool, usersdb.UpdateUserAvatarKeyParams{
 +		ID:              user.ID,
 +		AvatarObjectKey: pgtype.Text{Valid: false},
 +	}); err != nil {
 +		h.d.Logger.ErrorContext(r.Context(), "avatar: db clear", "error", err)
 +		h.d.Render.HTTPError(w, r, http.StatusInternalServerError, "")
 +		return
 +	}
 +	http.Redirect(w, r, "/settings/profile", http.StatusSeeOther)
 +}
++
 +func (h *Handlers) renderAvatarError(w http.ResponseWriter, r *http.Request, msg string) {
 +	row, err := h.q.GetUserByID(r.Context(), h.d.Pool, middleware.CurrentUserFromContext(r.Context()).ID)
 +	if err != nil {
 +		h.d.Render.HTTPError(w, r, http.StatusInternalServerError, "")
 +		return
 +	}
 +	h.renderProfileForm(w, r, profileForm{
 +		DisplayName: row.DisplayName,
 +		Bio:         row.Bio,
 +		Location:    row.Location,
 +		Website:     row.Website,
 +		Company:     row.Company,
 +		Pronouns:    row.Pronouns,
 +	}, msg, "")
 +}
++
 +func friendlyAvatarError(err error) string {
 +	switch {
 +	case errors.Is(err, avatars.ErrTooLarge):
 +		return "Image is too large (max 5 MB)."
 +	case errors.Is(err, avatars.ErrUnsupported):
 +		return "That format isn't accepted. Use PNG, JPEG, or GIF."
 +	case errors.Is(err, avatars.ErrDecompression):
 +		return "Image dimensions are too large."
 +	case errors.Is(err, avatars.ErrDecode):
 +		return "We couldn't decode that image."
 +	default:
 +		return "Could not process upload."
 +	}
 +}

internal/web/handlers/auth/avatar_test.goadded

 +// SPDX-License-Identifier: AGPL-3.0-or-later
++
 +package auth_test
++
 +import (
 +	"bytes"
 +	"image"
 +	"image/color"
 +	"image/png"
 +	"io"
 +	"mime/multipart"
 +	"net/http"
 +	"net/url"
 +	"strings"
 +	"testing"
 +)
++
 +func makeTestPNG(t *testing.T, w, h int) []byte {
 +	t.Helper()
 +	img := image.NewRGBA(image.Rect(0, 0, w, h))
 +	for y := 0; y < h; y++ {
 +		for x := 0; x < w; x++ {
 +			img.Set(x, y, color.RGBA{R: 30, G: 60, B: 90, A: 255})
 +		}
 +	}
 +	buf := &bytes.Buffer{}
 +	if err := png.Encode(buf, img); err != nil {
 +		t.Fatalf("encode: %v", err)
 +	}
 +	return buf.Bytes()
 +}
++
 +// uploadAvatar posts a multipart form to /settings/profile/avatar carrying
 +// the PNG body under "avatar". Returns the http response.
 +func uploadAvatar(t *testing.T, cli *client, csrf string, png []byte) *http.Response {
 +	t.Helper()
 +	body := &bytes.Buffer{}
 +	mw := multipart.NewWriter(body)
 +	if err := mw.WriteField("csrf_token", csrf); err != nil {
 +		t.Fatalf("write csrf: %v", err)
 +	}
 +	part, err := mw.CreateFormFile("avatar", "test.png")
 +	if err != nil {
 +		t.Fatalf("create form file: %v", err)
 +	}
 +	if _, err := part.Write(png); err != nil {
 +		t.Fatalf("write file: %v", err)
 +	}
 +	if err := mw.Close(); err != nil {
 +		t.Fatalf("close mw: %v", err)
 +	}
 +	req, err := http.NewRequest("POST", cli.srv.URL+"/settings/profile/avatar", body)
 +	if err != nil {
 +		t.Fatalf("new req: %v", err)
 +	}
 +	req.Header.Set("Content-Type", mw.FormDataContentType())
 +	req.Header.Set("Referer", cli.srv.URL+"/settings/profile")
 +	resp, err := cli.c.Do(req)
 +	if err != nil {
 +		t.Fatalf("do: %v", err)
 +	}
 +	return resp
 +}
++
 +func TestAvatarUpload_Roundtrip(t *testing.T) {
 +	t.Parallel()
 +	cli := loginProfileUser(t)
 +	csrf := cli.extractCSRF(t, "/settings/profile")
 +	resp := uploadAvatar(t, cli, csrf, makeTestPNG(t, 600, 600))
 +	defer func() { _ = resp.Body.Close() }()
 +	if resp.StatusCode != http.StatusSeeOther {
 +		body, _ := io.ReadAll(resp.Body)
 +		t.Fatalf("status=%d body=%s", resp.StatusCode, body)
 +	}
 +	if got := resp.Header.Get("Location"); got != "/settings/profile" {
 +		t.Fatalf("Location=%q", got)
 +	}
++
 +	// After upload, the profile page should now show the Remove button
 +	// (HasAvatar=true).
 +	resp = cli.get(t, "/settings/profile")
 +	defer func() { _ = resp.Body.Close() }()
 +	body, _ := io.ReadAll(resp.Body)
 +	if !strings.Contains(string(body), "/settings/profile/avatar/remove") {
 +		t.Fatalf("expected remove form post-upload, got: %s", body)
 +	}
 +}
++
 +func TestAvatarUpload_RejectsNonImage(t *testing.T) {
 +	t.Parallel()
 +	cli := loginProfileUser(t)
 +	csrf := cli.extractCSRF(t, "/settings/profile")
 +	resp := uploadAvatar(t, cli, csrf, []byte("this is not an image"))
 +	defer func() { _ = resp.Body.Close() }()
 +	body, _ := io.ReadAll(resp.Body)
 +	if !strings.Contains(string(body), "decode") && !strings.Contains(string(body), "format") {
 +		t.Fatalf("expected decode/format error, got: %s", body)
 +	}
 +}
++
 +func TestAvatarRemove_ClearsKey(t *testing.T) {
 +	t.Parallel()
 +	cli := loginProfileUser(t)
 +	csrf := cli.extractCSRF(t, "/settings/profile")
 +	resp := uploadAvatar(t, cli, csrf, makeTestPNG(t, 400, 400))
 +	_ = resp.Body.Close()
++
 +	csrf = cli.extractCSRF(t, "/settings/profile")
 +	resp = cli.post(t, "/settings/profile/avatar/remove", url.Values{
 +		"csrf_token": {csrf},
 +	})
 +	defer func() { _ = resp.Body.Close() }()
 +	if resp.StatusCode != http.StatusSeeOther {
 +		t.Fatalf("status=%d", resp.StatusCode)
 +	}
++
 +	// After remove, the profile page should NOT show the remove form.
 +	resp = cli.get(t, "/settings/profile")
 +	defer func() { _ = resp.Body.Close() }()
 +	body, _ := io.ReadAll(resp.Body)
 +	if strings.Contains(string(body), "/settings/profile/avatar/remove") {
 +		t.Fatalf("expected no remove form after clearing avatar, got: %s", body)
 +	}
 +}