Feat/mobile profile endpoint#61
Merged
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Extends
GET /user/auth/meand adds new endpoints so the mobile team's profile screen can display the user's name and profile picture, matching their expected response shape. Also includes a shared image-validation refactor and an unrelated schema decoupling fix uncovered along the way.Changes
1. Expose
nameon/user/auth/meUserSchemanow includesname: str | None, mapped from the existingdisplay_namecolumn (already present in DB, just wasn't exposed).2. New avatar upload/serve endpoints
POST /user/auth/me/avatar— accepts a single image file, validates it (MIME sniffing, size limit, dimension checks, filename sanitization), stores it in MinIO (imagesbucket,avatars/prefix, keyed byuser_idso re-upload overwrites), and persists the storage key to the newavatar_keycolumn. Rolls back the MinIO write if the subsequent DB update fails, avoiding orphaned objects.GET /user/auth/me/avatar/image— streams the authenticated user's avatar back. Returns 404 if no avatar has been uploaded yet.UserSchema.avatar_urlreturns/user/auth/me/avatar/imageifavatar_keyis set, elsenull.3. New
avatar_keycolumnf0fa13623f6c_add_avatar_key_to_users— nullableavatar_keyonusers.UpdateUserAvatar.4. Extracted shared image validation
app/router/mobile/enrollement.pyintoapp/core/image_validation.py.enrollement.pynow imports and uses the sharedbuild_image_payload(); no behavior change to/enroll.5. Decoupled
AuditActorSchemafromUserSchemaAuditActorSchemapreviously inheritedUserSchema, so addingname/avatar_urlto the latter broke audit schema construction (mypy: missing required args).avatar_url; changedAuditActorSchemato stand alone as its ownBaseModelwith justid/email/display_name, so it's insulated from futureUserSchemachanges.