feat(backend): some member routes, half-broken avatar uploading

backend/db/avatars.go

@@ -0,0 +1,166 @@
+package db
+
+import (
+	"bytes"
+	"context"
+	"encoding/base64"
+	"io"
+	"os/exec"
+	"strings"
+
+	"emperror.dev/errors"
+	"github.com/minio/minio-go/v7"
+	"github.com/rs/xid"
+)
+
+var (
+	webpArgs = []string{"-quality", "50", "webp:-"}
+	jpgArgs  = []string{"-quality", "50", "jpg:-"}
+)
+
+const ErrInvalidDataURI = errors.Sentinel("invalid data URI")
+const ErrInvalidContentType = errors.Sentinel("invalid avatar content type")
+
+// ConvertAvatar parses an avatar from a data URI, converts it to WebP and JPEG, and returns the results.
+func (db *DB) ConvertAvatar(data string) (
+	webp io.Reader,
+	jpg io.Reader,
+	err error,
+) {
+	data = strings.TrimSpace(data)
+	if !strings.Contains(data, ",") || !strings.Contains(data, ":") || !strings.Contains(data, ";") {
+		return nil, nil, ErrInvalidDataURI
+	}
+	split := strings.Split(data, ",")
+	rest, b64 := split[0], split[1]
+
+	rest = strings.Split(rest, ":")[1]
+	contentType := strings.Split(rest, ";")[0]
+
+	var contentArg []string
+	switch contentType {
+	case "image/png":
+		contentArg = []string{"png:-"}
+	case "image/jpeg":
+		contentArg = []string{"jpg:-"}
+	case "image/gif":
+		contentArg = []string{"gif:-"}
+	case "image/webp":
+		contentArg = []string{"webp:-"}
+	default:
+		return nil, nil, ErrInvalidContentType
+	}
+
+	rawData, err := base64.StdEncoding.DecodeString(b64)
+	if err != nil {
+		return nil, nil, errors.Wrap(err, "invalid base64 data")
+	}
+
+	// create webp convert command and get its pipes
+	webpConvert := exec.Command("convert", append(contentArg, webpArgs...)...)
+	stdIn, err := webpConvert.StdinPipe()
+	if err != nil {
+		return nil, nil, errors.Wrap(err, "getting webp stdin")
+	}
+	stdOut, err := webpConvert.StdoutPipe()
+	if err != nil {
+		return nil, nil, errors.Wrap(err, "getting webp stdout")
+	}
+
+	// start webp command
+	err = webpConvert.Start()
+	if err != nil {
+		return nil, nil, errors.Wrap(err, "starting webp command")
+	}
+
+	// write data
+	_, err = stdIn.Write(rawData)
+	if err != nil {
+		return nil, nil, errors.Wrap(err, "writing webp data")
+	}
+	err = stdIn.Close()
+	if err != nil {
+		return nil, nil, errors.Wrap(err, "closing webp stdin")
+	}
+
+	// read webp output
+	webpBuffer := new(bytes.Buffer)
+	_, err = io.Copy(webpBuffer, stdOut)
+	if err != nil {
+		return nil, nil, errors.Wrap(err, "reading webp data")
+	}
+	webp = webpBuffer
+
+	// finish webp command
+	err = webpConvert.Wait()
+	if err != nil {
+		return nil, nil, errors.Wrap(err, "running webp command")
+	}
+
+	// create jpg convert command and get its pipes
+	jpgConvert := exec.Command("convert", append(contentArg, jpgArgs...)...)
+	stdIn, err = jpgConvert.StdinPipe()
+	if err != nil {
+		return nil, nil, errors.Wrap(err, "getting jpg stdin")
+	}
+	stdOut, err = jpgConvert.StdoutPipe()
+	if err != nil {
+		return nil, nil, errors.Wrap(err, "getting jpg stdout")
+	}
+
+	// start jpg command
+	err = jpgConvert.Start()
+	if err != nil {
+		return nil, nil, errors.Wrap(err, "starting jpg command")
+	}
+
+	// write data
+	_, err = stdIn.Write(rawData)
+	if err != nil {
+		return nil, nil, errors.Wrap(err, "writing jpg data")
+	}
+	err = stdIn.Close()
+	if err != nil {
+		return nil, nil, errors.Wrap(err, "closing jpg stdin")
+	}
+
+	// read jpg output
+	jpgBuffer := new(bytes.Buffer)
+	_, err = io.Copy(jpgBuffer, stdOut)
+	if err != nil {
+		return nil, nil, errors.Wrap(err, "reading jpg data")
+	}
+	jpg = jpgBuffer
+
+	// finish jpg command
+	err = jpgConvert.Wait()
+	if err != nil {
+		return nil, nil, errors.Wrap(err, "running jpg command")
+	}
+
+	return webp, jpg, nil
+}
+
+func (db *DB) WriteUserAvatar(ctx context.Context,
+	userID xid.ID, webp io.Reader, jpeg io.Reader,
+) (
+	webpLocation string,
+	jpegLocation string,
+	err error,
+) {
+	webpInfo, err := db.minio.PutObject(ctx, db.minioBucket, "/users/"+userID.String()+".webp", webp, -1, minio.PutObjectOptions{
+		ContentType: "image/webp",
+	})
+	if err != nil {
+		return "", "", errors.Wrap(err, "uploading webp avatar")
+	}
+
+	jpegInfo, err := db.minio.PutObject(ctx, db.minioBucket, "/users/"+userID.String()+".jpg", jpeg, -1, minio.PutObjectOptions{
+		ContentType: "image/jpeg",
+	})
+	if err != nil {
+		return "", "", errors.Wrap(err, "uploading jpeg avatar")
+	}
+
+	return webpInfo.Location, jpegInfo.Location, nil
+}

backend/db/db.go

@@ -10,6 +10,8 @@ import (
 	"github.com/Masterminds/squirrel"
 	"github.com/jackc/pgx/v4/pgxpool"
 	"github.com/mediocregopher/radix/v4"
+	"github.com/minio/minio-go/v7"
+	"github.com/minio/minio-go/v7/pkg/credentials"
 )
 
 var sq = squirrel.StatementBuilder.PlaceholderFormat(squirrel.Dollar)
@@ -20,22 +22,36 @@ type DB struct {
 	*pgxpool.Pool
 
 	Redis radix.Client
+
+	minio       *minio.Client
+	minioBucket string
 }
 
-func New(dsn string) (*DB, error) {
-	pool, err := pgxpool.Connect(context.Background(), dsn)
+func New() (*DB, error) {
+	pool, err := pgxpool.Connect(context.Background(), os.Getenv("DATABASE_URL"))
 	if err != nil {
-		return nil, err
+		return nil, errors.Wrap(err, "creating postgres client")
 	}
 
 	redis, err := (&radix.PoolConfig{}).New(context.Background(), "tcp", os.Getenv("REDIS"))
 	if err != nil {
-		return nil, err
+		return nil, errors.Wrap(err, "creating redis client")
+	}
+
+	minioClient, err := minio.New(os.Getenv("MINIO_ENDPOINT"), &minio.Options{
+		Creds:  credentials.NewStaticV4(os.Getenv("MINIO_ACCESS_KEY_ID"), os.Getenv("MINIO_ACCESS_KEY_SECRET"), ""),
+		Secure: os.Getenv("MINIO_SSL") == "true",
+	})
+	if err != nil {
+		return nil, errors.Wrap(err, "creating minio client")
 	}
 
 	db := &DB{
 		Pool:  pool,
 		Redis: redis,
+
+		minio:       minioClient,
+		minioBucket: os.Getenv("MINIO_BUCKET"),
 	}
 
 	return db, nil

backend/db/field.go

@@ -121,3 +121,51 @@ func (db *DB) SetUserFields(ctx context.Context, tx pgx.Tx, userID xid.ID, field
 	}
 	return nil
 }
+
+// MemberFields returns the fields associated with the given member ID.
+func (db *DB) MemberFields(ctx context.Context, id xid.ID) (fs []Field, err error) {
+	sql, args, err := sq.
+		Select("id", "name", "favourite", "okay", "jokingly", "friends_only", "avoid").
+		From("member_fields").Where("member_id = ?", id).OrderBy("id ASC").ToSql()
+	if err != nil {
+		return nil, errors.Wrap(err, "building sql")
+	}
+
+	err = pgxscan.Select(ctx, db, &fs, sql, args...)
+	if err != nil {
+		return nil, errors.Cause(err)
+	}
+	return fs, nil
+}
+
+// SetMemberFields updates the fields for the given member.
+func (db *DB) SetMemberFields(ctx context.Context, tx pgx.Tx, memberID xid.ID, fields []Field) (err error) {
+	sql, args, err := sq.Delete("member_fields").Where("member_id = ?", memberID).ToSql()
+	if err != nil {
+		return errors.Wrap(err, "building sql")
+	}
+
+	_, err = tx.Exec(ctx, sql, args...)
+	if err != nil {
+		return errors.Wrap(err, "deleting existing fields")
+	}
+
+	_, err = tx.CopyFrom(ctx,
+		pgx.Identifier{"member_fields"},
+		[]string{"member_id", "name", "favourite", "okay", "jokingly", "friends_only", "avoid"},
+		pgx.CopyFromSlice(len(fields), func(i int) ([]any, error) {
+			return []any{
+				memberID,
+				fields[i].Name,
+				fields[i].Favourite,
+				fields[i].Okay,
+				fields[i].Jokingly,
+				fields[i].FriendsOnly,
+				fields[i].Avoid,
+			}, nil
+		}))
+	if err != nil {
+		return errors.Wrap(err, "inserting new fields")
+	}
+	return nil
+}

backend/db/member.go

@@ -0,0 +1,73 @@
+package db
+
+import (
+	"context"
+
+	"emperror.dev/errors"
+	"github.com/georgysavva/scany/pgxscan"
+	"github.com/jackc/pgx/v4"
+	"github.com/rs/xid"
+)
+
+type Member struct {
+	ID        xid.ID
+	UserID    xid.ID
+	Name      string
+	Bio       *string
+	AvatarURL *string
+	Links     []string
+}
+
+const ErrMemberNotFound = errors.Sentinel("member not found")
+
+func (db *DB) Member(ctx context.Context, id xid.ID) (m Member, err error) {
+	sql, args, err := sq.Select("*").From("members").Where("id = ?", id).ToSql()
+	if err != nil {
+		return m, errors.Wrap(err, "building sql")
+	}
+
+	err = pgxscan.Get(ctx, db, &m, sql, args...)
+	if err != nil {
+		if errors.Cause(err) == pgx.ErrNoRows {
+			return m, ErrMemberNotFound
+		}
+
+		return m, errors.Wrap(err, "retrieving member")
+	}
+	return m, nil
+}
+
+func (db *DB) UserMember(ctx context.Context, userID xid.ID, memberRef string) (m Member, err error) {
+	sql, args, err := sq.Select("*").From("members").
+		Where("user_id = ? and (id = ? or name = ?)", userID, memberRef, memberRef).ToSql()
+	if err != nil {
+		return m, errors.Wrap(err, "building sql")
+	}
+
+	err = pgxscan.Get(ctx, db, &m, sql, args...)
+	if err != nil {
+		if errors.Cause(err) == pgx.ErrNoRows {
+			return m, ErrMemberNotFound
+		}
+
+		return m, errors.Wrap(err, "retrieving member")
+	}
+	return m, nil
+}
+
+func (db *DB) UserMembers(ctx context.Context, userID xid.ID) (ms []Member, err error) {
+	sql, args, err := sq.Select("*").From("members").Where("user_id = ?", userID).ToSql()
+	if err != nil {
+		return nil, errors.Wrap(err, "building sql")
+	}
+
+	err = pgxscan.Select(ctx, db, &ms, sql, args...)
+	if err != nil {
+		return nil, errors.Wrap(err, "retrieving members")
+	}
+
+	if ms == nil {
+		ms = make([]Member, 0)
+	}
+	return ms, nil
+}

backend/db/names_pronouns.go

@@ -170,3 +170,87 @@ func (db *DB) SetUserPronouns(ctx context.Context, tx pgx.Tx, userID xid.ID, nam
 	}
 	return nil
 }
+
+func (db *DB) MemberNames(ctx context.Context, memberID xid.ID) (ns []Name, err error) {
+	sql, args, err := sq.Select("id", "name", "status").From("member_names").Where("member_id = ?", memberID).OrderBy("id").ToSql()
+	if err != nil {
+		return nil, errors.Wrap(err, "building sql")
+	}
+
+	err = pgxscan.Select(ctx, db, &ns, sql, args...)
+	if err != nil {
+		return nil, errors.Wrap(err, "executing query")
+	}
+	return ns, nil
+}
+
+func (db *DB) MemberPronouns(ctx context.Context, memberID xid.ID) (ps []Pronoun, err error) {
+	sql, args, err := sq.
+		Select("id", "display_text", "pronouns", "status").
+		From("member_pronouns").Where("member_id = ?", memberID).
+		OrderBy("id").ToSql()
+	if err != nil {
+		return nil, errors.Wrap(err, "building sql")
+	}
+
+	err = pgxscan.Select(ctx, db, &ps, sql, args...)
+	if err != nil {
+		return nil, errors.Wrap(err, "executing query")
+	}
+	return ps, nil
+}
+
+func (db *DB) SetMemberNames(ctx context.Context, tx pgx.Tx, memberID xid.ID, names []Name) (err error) {
+	sql, args, err := sq.Delete("member_names").Where("member_id = ?", memberID).ToSql()
+	if err != nil {
+		return errors.Wrap(err, "building sql")
+	}
+
+	_, err = tx.Exec(ctx, sql, args...)
+	if err != nil {
+		return errors.Wrap(err, "deleting existing names")
+	}
+
+	_, err = tx.CopyFrom(ctx,
+		pgx.Identifier{"member_names"},
+		[]string{"member_id", "name", "status"},
+		pgx.CopyFromSlice(len(names), func(i int) ([]any, error) {
+			return []any{
+				memberID,
+				names[i].Name,
+				names[i].Status,
+			}, nil
+		}))
+	if err != nil {
+		return errors.Wrap(err, "inserting new names")
+	}
+	return nil
+}
+
+func (db *DB) SetMemberPronouns(ctx context.Context, tx pgx.Tx, memberID xid.ID, names []Pronoun) (err error) {
+	sql, args, err := sq.Delete("member_pronouns").Where("member_id = ?", memberID).ToSql()
+	if err != nil {
+		return errors.Wrap(err, "building sql")
+	}
+
+	_, err = tx.Exec(ctx, sql, args...)
+	if err != nil {
+		return errors.Wrap(err, "deleting existing pronouns")
+	}
+
+	_, err = tx.CopyFrom(ctx,
+		pgx.Identifier{"member_pronouns"},
+		[]string{"member_id", "pronouns", "display_text", "status"},
+		pgx.CopyFromSlice(len(names), func(i int) ([]any, error) {
+			return []any{
+				memberID,
+				names[i].Pronouns,
+				names[i].DisplayText,
+				names[i].Status,
+			}, nil
+		}))
+	if err != nil {
+		return errors.Wrap(err, "inserting new pronouns")
+	}
+	return nil
+}

backend/db/user.go

@@ -19,7 +19,7 @@ type User struct {
 	Bio         *string
 
 	AvatarSource *string
-	AvatarURL    *string
+	AvatarURLs   []string `db:"avatar_urls"`
 	Links        []string
 
 	Discord         *string
@@ -103,12 +103,6 @@ func (u *User) UpdateFromDiscord(ctx context.Context, db pgxscan.Querier, du *di
 		Where("id = ?", u.ID).
 		Suffix("RETURNING *")
 
-	if u.AvatarSource == nil || *u.AvatarSource == "discord" {
-		builder = builder.
-			Set("avatar_source", "discord").
-			Set("avatar_url", du.AvatarURL("1024"))
-	}
-
 	sql, args, err := builder.ToSql()
 	if err != nil {
 		return errors.Wrap(err, "building sql")
@@ -160,6 +154,7 @@ func (db *DB) UpdateUser(
 	tx pgx.Tx, id xid.ID,
 	displayName, bio *string,
 	links *[]string,
+	avatarURLs []string,
 ) (u User, err error) {
 	if displayName == nil && bio == nil && links == nil {
 		return u, ErrNothingToUpdate
@@ -188,6 +183,14 @@ func (db *DB) UpdateUser(
 		}
 	}
 
+	if avatarURLs != nil {
+		if len(avatarURLs) == 0 {
+			builder = builder.Set("avatar_urls", nil)
+		} else {
+			builder = builder.Set("avatar_urls", avatarURLs)
+		}
+	}
+
 	sql, args, err := builder.Suffix("RETURNING *").ToSql()
 	if err != nil {
 		return u, errors.Wrap(err, "building sql")

backend/routes/auth/routes.go

@@ -24,7 +24,7 @@ type userResponse struct {
 	Username    string   `json:"username"`
 	DisplayName *string  `json:"display_name"`
 	Bio         *string  `json:"bio"`
-	AvatarURL   *string  `json:"avatar_url"`
+	AvatarURLs  []string `json:"avatar_urls"`
 	Links       []string `json:"links"`
 
 	Discord         *string `json:"discord"`
@@ -37,7 +37,7 @@ func dbUserToUserResponse(u db.User) *userResponse {
 		Username:        u.Username,
 		DisplayName:     u.DisplayName,
 		Bio:             u.Bio,
-		AvatarURL:       u.AvatarURL,
+		AvatarURLs:      u.AvatarURLs,
 		Links:           u.Links,
 		Discord:         u.Discord,
 		DiscordUsername: u.DiscordUsername,

backend/routes/bot/bot.go

@@ -97,8 +97,8 @@ func (bot *Bot) userPronouns(w http.ResponseWriter, r *http.Request, ev *discord
 	}
 
 	avatarURL := du.AvatarURL("")
-	if u.AvatarURL != nil {
-		avatarURL = *u.AvatarURL
+	if len(u.AvatarURLs) > 0 {
+		avatarURL = u.AvatarURLs[0]
 	}
 	name := u.Username
 	if u.DisplayName != nil {

backend/routes/member/create_member.go

@@ -0,0 +1,39 @@
+package member
+
+import (
+	"context"
+	"net/http"
+
+	"codeberg.org/u1f320/pronouns.cc/backend/db"
+	"codeberg.org/u1f320/pronouns.cc/backend/server"
+	"github.com/go-chi/render"
+)
+
+type CreateMemberRequest struct {
+	Name      string       `json:"name"`
+	Bio       *string      `json:"bio"`
+	AvatarURL *string      `json:"avatar_url"`
+	Links     []string     `json:"links"`
+	Names     []db.Name    `json:"names"`
+	Pronouns  []db.Pronoun `json:"pronouns"`
+	Fields    []db.Field   `json:"fields"`
+}
+
+func (s *Server) createMember(w http.ResponseWriter, r *http.Request) (err error) {
+	ctx := r.Context()
+
+	var cmr CreateMemberRequest
+	err = render.Decode(r, &cmr)
+	if err != nil {
+		if _, ok := err.(server.APIError); ok {
+			return err
+		}
+
+		return server.APIError{Code: server.ErrBadRequest}
+	}
+
+	ctx = context.WithValue(ctx, render.StatusCtxKey, 204)
+	render.NoContent(w, r)
+
+	return nil
+}

backend/routes/member/get_member.go

@@ -0,0 +1,142 @@
+package member
+
+import (
+	"context"
+	"net/http"
+
+	"codeberg.org/u1f320/pronouns.cc/backend/db"
+	"codeberg.org/u1f320/pronouns.cc/backend/server"
+	"github.com/go-chi/chi/v5"
+	"github.com/go-chi/render"
+	"github.com/rs/xid"
+)
+
+type GetMemberResponse struct {
+	ID        xid.ID   `json:"id"`
+	Name      string   `json:"name"`
+	Bio       *string  `json:"bio"`
+	AvatarURL *string  `json:"avatar_url"`
+	Links     []string `json:"links"`
+
+	Names    []db.Name    `json:"names"`
+	Pronouns []db.Pronoun `json:"pronouns"`
+	Fields   []db.Field   `json:"fields"`
+
+	User PartialUser `json:"user"`
+}
+
+func dbMemberToMember(u db.User, m db.Member, names []db.Name, pronouns []db.Pronoun, fields []db.Field) GetMemberResponse {
+	return GetMemberResponse{
+		ID:        m.ID,
+		Name:      m.Name,
+		Bio:       m.Bio,
+		AvatarURL: m.AvatarURL,
+		Links:     m.Links,
+
+		Names:    names,
+		Pronouns: pronouns,
+		Fields:   fields,
+
+		User: PartialUser{
+			ID:          u.ID,
+			Username:    u.Username,
+			DisplayName: u.DisplayName,
+			AvatarURLs:  u.AvatarURLs,
+		},
+	}
+}
+
+type PartialUser struct {
+	ID          xid.ID   `json:"id"`
+	Username    string   `json:"username"`
+	DisplayName *string  `json:"display_name"`
+	AvatarURLs  []string `json:"avatar_urls"`
+}
+
+func (s *Server) getMember(w http.ResponseWriter, r *http.Request) error {
+	ctx := r.Context()
+
+	id, err := xid.FromString(chi.URLParam(r, "memberRef"))
+	if err != nil {
+		return server.APIError{
+			Code: server.ErrMemberNotFound,
+		}
+	}
+
+	m, err := s.DB.Member(ctx, id)
+	if err != nil {
+		return server.APIError{
+			Code: server.ErrMemberNotFound,
+		}
+	}
+
+	u, err := s.DB.User(ctx, m.UserID)
+	if err != nil {
+		return err
+	}
+
+	names, err := s.DB.MemberNames(ctx, m.ID)
+	if err != nil {
+		return err
+	}
+
+	pronouns, err := s.DB.MemberPronouns(ctx, m.ID)
+	if err != nil {
+		return err
+	}
+
+	fields, err := s.DB.MemberFields(ctx, m.ID)
+	if err != nil {
+		return err
+	}
+
+	render.JSON(w, r, dbMemberToMember(u, m, names, pronouns, fields))
+	return nil
+}
+
+func (s *Server) getUserMember(w http.ResponseWriter, r *http.Request) error {
+	ctx := r.Context()
+
+	u, err := s.parseUser(ctx, chi.URLParam(r, "userRef"))
+	if err != nil {
+		return server.APIError{
+			Code: server.ErrUserNotFound,
+		}
+	}
+
+	m, err := s.DB.UserMember(ctx, u.ID, chi.URLParam(r, "memberRef"))
+	if err != nil {
+		return server.APIError{
+			Code: server.ErrMemberNotFound,
+		}
+	}
+
+	names, err := s.DB.MemberNames(ctx, m.ID)
+	if err != nil {
+		return err
+	}
+
+	pronouns, err := s.DB.MemberPronouns(ctx, m.ID)
+	if err != nil {
+		return err
+	}
+
+	fields, err := s.DB.MemberFields(ctx, m.ID)
+	if err != nil {
+		return err
+	}
+
+	render.JSON(w, r, dbMemberToMember(u, m, names, pronouns, fields))
+	return nil
+}
+
+func (s *Server) parseUser(ctx context.Context, userRef string) (u db.User, err error) {
+	if id, err := xid.FromString(userRef); err != nil {
+		u, err := s.DB.User(ctx, id)
+		if err == nil {
+			return u, nil
+		}
+	}
+
+	return s.DB.Username(ctx, userRef)
+}

backend/routes/member/get_members.go

@@ -0,0 +1,41 @@
+package member
+
+import (
+	"net/http"
+
+	"codeberg.org/u1f320/pronouns.cc/backend/server"
+	"github.com/go-chi/chi/v5"
+	"github.com/go-chi/render"
+)
+
+func (s *Server) getUserMembers(w http.ResponseWriter, r *http.Request) error {
+	ctx := r.Context()
+
+	u, err := s.parseUser(ctx, chi.URLParam(r, "userRef"))
+	if err != nil {
+		return server.APIError{
+			Code: server.ErrUserNotFound,
+		}
+	}
+
+	ms, err := s.DB.UserMembers(ctx, u.ID)
+	if err != nil {
+		return err
+	}
+
+	render.JSON(w, r, ms)
+	return nil
+}
+
+func (s *Server) getMeMembers(w http.ResponseWriter, r *http.Request) error {
+	ctx := r.Context()
+	claims, _ := server.ClaimsFromContext(ctx)
+
+	ms, err := s.DB.UserMembers(ctx, claims.UserID)
+	if err != nil {
+		return err
+	}
+
+	render.JSON(w, r, ms)
+	return nil
+}

backend/routes/member/routes.go

@@ -0,0 +1,31 @@
+package member
+
+import (
+	"codeberg.org/u1f320/pronouns.cc/backend/server"
+	"github.com/go-chi/chi/v5"
+)
+
+type Server struct {
+	*server.Server
+}
+
+func Mount(srv *server.Server, r chi.Router) {
+	s := &Server{Server: srv}
+
+	// member list
+	r.Get("/users/{userRef}/members", server.WrapHandler(s.getUserMembers))
+	r.With(server.MustAuth).Get("/users/@me/members", server.WrapHandler(s.getMeMembers))
+
+	// user-scoped member lookup (including custom urls)
+	r.Get("/users/{userRef}/members/{memberRef}", server.WrapHandler(s.getUserMember))
+
+	r.Route("/members", func(r chi.Router) {
+		// any member by ID
+		r.Get("/{memberRef}", server.WrapHandler(s.getMember))
+
+		// create, edit, and delete members
+		r.With(server.MustAuth).Post("/", server.WrapHandler(s.createMember))
+		r.With(server.MustAuth).Patch("/{memberRef}", nil)
+		r.With(server.MustAuth).Delete("/{memberRef}", nil)
+	})
+}

backend/routes/user/get_user.go

@@ -16,7 +16,7 @@ type GetUserResponse struct {
 	Username    string          `json:"username"`
 	DisplayName *string         `json:"display_name"`
 	Bio         *string         `json:"bio"`
-	AvatarURL   *string         `json:"avatar_url"`
+	AvatarURLs  []string        `json:"avatar_urls"`
 	Links       []string        `json:"links"`
 	Names       []db.Name       `json:"names"`
 	Pronouns    []db.Pronoun    `json:"pronouns"`
@@ -43,7 +43,7 @@ func dbUserToResponse(u db.User, fields []db.Field, names []db.Name, pronouns []
 		Username:    u.Username,
 		DisplayName: u.DisplayName,
 		Bio:         u.Bio,
-		AvatarURL:   u.AvatarURL,
+		AvatarURLs:  u.AvatarURLs,
 		Links:       u.Links,
 		Names:       names,
 		Pronouns:    pronouns,

backend/routes/user/patch_user.go

@@ -18,6 +18,7 @@ type PatchUserRequest struct {
 	Names       *[]db.Name    `json:"names"`
 	Pronouns    *[]db.Pronoun `json:"pronouns"`
 	Fields      *[]db.Field   `json:"fields"`
+	Avatar      *string       `json:"avatar"`
 }
 
 // patchUser parses a PatchUserRequest and updates the user with the given ID.
@@ -39,7 +40,8 @@ func (s *Server) patchUser(w http.ResponseWriter, r *http.Request) error {
 		req.Links == nil &&
 		req.Fields == nil &&
 		req.Names == nil &&
-		req.Pronouns == nil {
+		req.Pronouns == nil &&
+		req.Avatar == nil {
 		return server.APIError{
 			Code:    server.ErrBadRequest,
 			Details: "Data must not be empty",
@@ -91,6 +93,35 @@ func (s *Server) patchUser(w http.ResponseWriter, r *http.Request) error {
 		return err
 	}
 
+	// update avatar
+	var avatarURLs []string = nil
+	if req.Avatar != nil {
+		webp, jpg, err := s.DB.ConvertAvatar(*req.Avatar)
+		if err != nil {
+			if err == db.ErrInvalidDataURI {
+				return server.APIError{
+					Code:    server.ErrBadRequest,
+					Details: "invalid avatar data URI",
+				}
+			} else if err == db.ErrInvalidContentType {
+				return server.APIError{
+					Code:    server.ErrBadRequest,
+					Details: "invalid avatar content type",
+				}
+			}
+
+			log.Errorf("converting user avatar: %v", err)
+			return err
+		}
+
+		webpURL, jpgURL, err := s.DB.WriteUserAvatar(ctx, claims.UserID, webp, jpg)
+		if err != nil {
+			log.Errorf("uploading user avatar: %v", err)
+			return err
+		}
+		avatarURLs = []string{webpURL, jpgURL}
+	}
+
 	// start transaction
 	tx, err := s.DB.Begin(ctx)
 	if err != nil {
@@ -99,7 +130,7 @@ func (s *Server) patchUser(w http.ResponseWriter, r *http.Request) error {
 	}
 	defer tx.Rollback(ctx)
 
-	u, err := s.DB.UpdateUser(ctx, tx, claims.UserID, req.DisplayName, req.Bio, req.Links)
+	u, err := s.DB.UpdateUser(ctx, tx, claims.UserID, req.DisplayName, req.Bio, req.Links, avatarURLs)
 	if err != nil && errors.Cause(err) != db.ErrNothingToUpdate {
 		log.Errorf("updating user: %v", err)
 		return err
@@ -173,23 +204,28 @@ type validator interface {
 
 // validateSlicePtr validates a slice of validators.
 // If the slice is nil, a nil error is returned (assuming that the field is not required)
-func validateSlicePtr[T validator](typ string, slice *[]T) error {
+func validateSlicePtr[T validator](typ string, slice *[]T) *server.APIError {
 	if slice == nil {
 		return nil
 	}
 
+	max := db.MaxFields
+	if typ != "field" {
+		max = db.FieldEntriesLimit
+	}
+
 	// max 25 fields
-	if len(*slice) > db.MaxFields {
-		return server.APIError{
+	if len(*slice) > max {
+		return &server.APIError{
 			Code:    server.ErrBadRequest,
-			Details: fmt.Sprintf("Too many %ss (max %d, current %d)", typ, db.MaxFields, len(*slice)),
+			Details: fmt.Sprintf("Too many %ss (max %d, current %d)", typ, max, len(*slice)),
 		}
 	}
 
 	// validate all fields
 	for i, pronouns := range *slice {
 		if s := pronouns.Validate(); s != "" {
-			return server.APIError{
+			return &server.APIError{
 				Code:    server.ErrBadRequest,
 				Details: fmt.Sprintf("%s %d: %s", typ, i, s),
 			}