vincent/gerbeur
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

v3: added emoji picker, various bug and layout fixes

Browse Source
This commit is contained in:
khannurien
2026-03-22 20:24:29 +00:00
parent a104113e05
commit c5051e3485
24 changed files with 384 additions and 177 deletions
Download Patch File Download Diff File Expand all files Collapse all files

67
api/routes/avatars.ts
View File

@@ -3,35 +3,12 @@ import { authMiddleware } from "../middleware/auth.ts";
import { getUserById, updateUserAvatar } from "../services/user-service.ts";
import { updateClientAvatar } from "../services/ws-service.ts";
import { APIErrorCode, APIException } from "../model/interfaces.ts";
const AVATARS_DIR = "api/uploads/avatars";
const MAX_AVATAR_SIZE = 5 * 1024 * 1024; // 5 MB
const ALLOWED_AVATAR_MIMES = new Set([
"image/jpeg",
"image/png",
"image/gif",
"image/webp",
]);
// Magic bytes for image validation
const MAGIC: Array<{ mime: string; bytes: number[]; offset?: number }> = [
{ mime: "image/jpeg", bytes: [0xFF, 0xD8, 0xFF] },
{ mime: "image/png", bytes: [0x89, 0x50, 0x4E, 0x47] },
{ mime: "image/gif", bytes: [0x47, 0x49, 0x46, 0x38] },
{ mime: "image/webp", bytes: [0x52, 0x49, 0x46, 0x46], offset: 0 }, // RIFF
];
function checkMagicBytes(data: Uint8Array, mime: string): boolean {
if (mime === "image/webp") {
// RIFF....WEBP
return data[0] === 0x52 && data[1] === 0x49 && data[2] === 0x46 &&
data[3] === 0x46 && data[8] === 0x57 && data[9] === 0x45 &&
data[10] === 0x42 && data[11] === 0x50;
}
const entry = MAGIC.find((m) => m.mime === mime);
if (!entry) return false;
return entry.bytes.every((b, i) => data[i] === b);
}
import {
AVATARS_DIR,
detectImageMime,
MAX_IMAGE_SIZE,
serveUploadedFile,
} from "../utils/upload.ts";
const router = new Router();
@@ -53,15 +30,7 @@ router.post("/api/avatars/me", authMiddleware, async (ctx) => {
throw new APIException(APIErrorCode.BAD_REQUEST, 400, "Missing file field");
}
if (!ALLOWED_AVATAR_MIMES.has(file.type)) {
throw new APIException(
APIErrorCode.BAD_REQUEST,
400,
"Only JPEG, PNG, GIF, WebP images are allowed",
);
}
if (file.size > MAX_AVATAR_SIZE) {
if (file.size > MAX_IMAGE_SIZE) {
throw new APIException(
APIErrorCode.BAD_REQUEST,
400,
@@ -71,18 +40,19 @@ router.post("/api/avatars/me", authMiddleware, async (ctx) => {
const data = new Uint8Array(await file.arrayBuffer());
if (!checkMagicBytes(data, file.type)) {
const mime = detectImageMime(data);
if (!mime) {
throw new APIException(
APIErrorCode.BAD_REQUEST,
400,
"File content does not match declared type",
"File content is not a recognised image (JPEG, PNG, GIF, WebP)",
);
}
await Deno.mkdir(AVATARS_DIR, { recursive: true });
await Deno.writeFile(`${AVATARS_DIR}/${authPayload.userId}`, data);
updateUserAvatar(authPayload.userId, file.type);
updateClientAvatar(authPayload.userId, file.type);
updateUserAvatar(authPayload.userId, mime);
updateClientAvatar(authPayload.userId, mime);
const user = getUserById(authPayload.userId);
ctx.response.status = 200;
@@ -105,18 +75,7 @@ router.get("/api/avatars/:userId", async (ctx) => {
return;
}
let data: Uint8Array;
try {
data = await Deno.readFile(`${AVATARS_DIR}/${userId}`);
} catch {
ctx.response.status = 404;
return;
}
ctx.response.headers.set("Content-Type", user.avatarMime);
ctx.response.headers.set("Content-Disposition", "inline");
ctx.response.headers.set("Cache-Control", "public, max-age=3600");
ctx.response.body = data;
await serveUploadedFile(ctx, `${AVATARS_DIR}/${userId}`, user.avatarMime);
});
export default router;