Skip to content

Feat/mobile profile endpoint#61

Merged
ademboukabes merged 7 commits into
developfrom
feat/mobile_profile_endpoint
Jul 3, 2026
Merged

Feat/mobile profile endpoint#61
ademboukabes merged 7 commits into
developfrom
feat/mobile_profile_endpoint

Conversation

@Tyjfre-j

@Tyjfre-j Tyjfre-j commented Jul 3, 2026

Copy link
Copy Markdown
Collaborator

Summary

Extends GET /user/auth/me and adds new endpoints so the mobile team's profile screen can display the user's name and profile picture, matching their expected response shape. Also includes a shared image-validation refactor and an unrelated schema decoupling fix uncovered along the way.

Changes

1. Expose name on /user/auth/me

  • UserSchema now includes name: str | None, mapped from the existing display_name column (already present in DB, just wasn't exposed).
  • No migration needed.

2. New avatar upload/serve endpoints

  • POST /user/auth/me/avatar — accepts a single image file, validates it (MIME sniffing, size limit, dimension checks, filename sanitization), stores it in MinIO (images bucket, avatars/ prefix, keyed by user_id so re-upload overwrites), and persists the storage key to the new avatar_key column. Rolls back the MinIO write if the subsequent DB update fails, avoiding orphaned objects.
  • GET /user/auth/me/avatar/image — streams the authenticated user's avatar back. Returns 404 if no avatar has been uploaded yet.
  • UserSchema.avatar_url returns /user/auth/me/avatar/image if avatar_key is set, else null.

3. New avatar_key column

  • Migration f0fa13623f6c_add_avatar_key_to_users — nullable avatar_key on users.
  • New sqlc query UpdateUserAvatar.

4. Extracted shared image validation

  • Moved MIME sniffing, chunked size-limited reads, dimension validation, and filename sanitization out of app/router/mobile/enrollement.py into app/core/image_validation.py.
  • enrollement.py now imports and uses the shared build_image_payload(); no behavior change to /enroll.
  • Avoids duplicating this logic for the new avatar endpoint.

5. Decoupled AuditActorSchema from UserSchema

  • AuditActorSchema previously inherited UserSchema, so adding name/avatar_url to the latter broke audit schema construction (mypy: missing required args).
  • Audit entries don't need avatar_url; changed AuditActorSchema to stand alone as its own BaseModel with just id/email/display_name, so it's insulated from future UserSchema changes.
  • No behavior change to audit responses.

@ademboukabes ademboukabes merged commit d682899 into develop Jul 3, 2026
1 check passed
@ademboukabes ademboukabes deleted the feat/mobile_profile_endpoint branch July 3, 2026 22:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants