v3: code quality pass, various bug fixes

2026-03-23 07:47:49 +00:00
parent d94a319d96
commit fbbbb43258
44 changed files with 1060 additions and 698 deletions
--- a/api/routes/avatars.ts
+++ b/api/routes/avatars.ts
@@ -5,9 +5,8 @@ import { updateClientAvatar } from "../services/ws-service.ts";
 import { APIErrorCode, APIException } from "../model/interfaces.ts";
 import {
  AVATARS_DIR,
-  detectImageMime,
-  MAX_IMAGE_SIZE,
  serveUploadedFile,
+  validateImageUpload,
 } from "../utils/upload.ts";

 const router = new Router();
@@ -30,28 +29,19 @@ router.post("/api/avatars/me", authMiddleware, async (ctx) => {
    throw new APIException(APIErrorCode.BAD_REQUEST, 400, "Missing file field");
  }

-  if (file.size > MAX_IMAGE_SIZE) {
-    throw new APIException(
-      APIErrorCode.BAD_REQUEST,
-      400,
-      "File too large (max 5 MB)",
-    );
-  }
-
  const data = new Uint8Array(await file.arrayBuffer());
+  const mime = validateImageUpload(data);

-  const mime = detectImageMime(data);
-  if (!mime) {
-    throw new APIException(
-      APIErrorCode.BAD_REQUEST,
-      400,
-      "File content is not a recognised image (JPEG, PNG, GIF, WebP)",
-    );
-  }
-
+  const filePath = `${AVATARS_DIR}/${authPayload.userId}`;
  await Deno.mkdir(AVATARS_DIR, { recursive: true });
-  await Deno.writeFile(`${AVATARS_DIR}/${authPayload.userId}`, data);
-  updateUserAvatar(authPayload.userId, mime);
+  await Deno.writeFile(filePath, data);
+  try {
+    updateUserAvatar(authPayload.userId, mime);
+  } catch (err) {
+    // DB write failed — clean up the orphaned file
+    await Deno.remove(filePath).catch(() => {});
+    throw err;
+  }
  updateClientAvatar(authPayload.userId, mime);

  const user = getUserById(authPayload.userId);