2022-10-17 19:07:38 +02:00
|
|
|
package api
|
|
|
|
|
|
|
|
import (
|
|
|
|
"net/http"
|
|
|
|
"path"
|
|
|
|
|
|
|
|
"github.com/gabriel-vasile/mimetype"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
|
|
|
|
|
|
"github.com/photoprism/photoprism/internal/acl"
|
2023-03-08 23:30:39 +01:00
|
|
|
"github.com/photoprism/photoprism/internal/entity"
|
|
|
|
"github.com/photoprism/photoprism/internal/event"
|
2022-10-17 19:07:38 +02:00
|
|
|
"github.com/photoprism/photoprism/internal/get"
|
|
|
|
"github.com/photoprism/photoprism/internal/i18n"
|
2023-03-08 23:30:39 +01:00
|
|
|
"github.com/photoprism/photoprism/internal/photoprism"
|
2022-10-17 19:07:38 +02:00
|
|
|
"github.com/photoprism/photoprism/pkg/clean"
|
2023-03-08 23:30:39 +01:00
|
|
|
"github.com/photoprism/photoprism/pkg/fs"
|
2022-10-17 19:07:38 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
// UploadUserAvatar updates the avatar image of the currently authenticated user.
|
|
|
|
//
|
|
|
|
// POST /api/v1/users/:uid/avatar
|
|
|
|
func UploadUserAvatar(router *gin.RouterGroup) {
|
|
|
|
router.POST("/users/:uid/avatar", func(c *gin.Context) {
|
|
|
|
conf := get.Config()
|
|
|
|
|
|
|
|
if conf.Demo() || conf.DisableSettings() {
|
|
|
|
AbortForbidden(c)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
s := AuthAny(c, acl.ResourceUsers, acl.Permissions{acl.ActionManage, acl.AccessOwn})
|
|
|
|
|
|
|
|
if s.Abort(c) {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2023-03-08 23:30:39 +01:00
|
|
|
// Check if the session user is has user management privileges.
|
|
|
|
isPrivileged := acl.Resources.AllowAll(acl.ResourceUsers, s.User().AclRole(), acl.Permissions{acl.AccessAll, acl.ActionManage})
|
2022-10-17 19:07:38 +02:00
|
|
|
uid := clean.UID(c.Param("uid"))
|
|
|
|
|
|
|
|
// Users may only change their own avatar.
|
2023-03-08 23:30:39 +01:00
|
|
|
if !isPrivileged && s.User().UserUID != uid {
|
2023-03-11 14:09:00 +01:00
|
|
|
event.AuditErr([]string{ClientIP(c), "session %s", "upload avatar", "user does not match"}, s.RefID)
|
2022-10-17 19:07:38 +02:00
|
|
|
AbortForbidden(c)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2023-03-08 23:30:39 +01:00
|
|
|
// Parse upload form.
|
2022-10-17 19:07:38 +02:00
|
|
|
f, err := c.MultipartForm()
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
event.AuditErr([]string{ClientIP(c), "session %s", "upload avatar", "%s"}, s.RefID, err)
|
|
|
|
Abort(c, http.StatusBadRequest, i18n.ErrUploadFailed)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2023-03-08 23:30:39 +01:00
|
|
|
// Check number of files.
|
2022-10-17 19:07:38 +02:00
|
|
|
files := f.File["files"]
|
|
|
|
|
|
|
|
if len(files) != 1 {
|
|
|
|
Abort(c, http.StatusBadRequest, i18n.ErrUploadFailed)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2023-03-08 23:30:39 +01:00
|
|
|
// Find user entity to update.
|
|
|
|
m := entity.FindUserByUID(uid)
|
|
|
|
|
|
|
|
if m == nil {
|
|
|
|
Abort(c, http.StatusNotFound, i18n.ErrUserNotFound)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// Get user upload folder.
|
|
|
|
uploadDir, err := conf.UserUploadPath(uid, "")
|
2022-10-17 19:07:38 +02:00
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
event.AuditErr([]string{ClientIP(c), "session %s", "upload avatar", "failed to create folder", "%s"}, s.RefID, err)
|
|
|
|
Abort(c, http.StatusBadRequest, i18n.ErrUploadFailed)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
file := files[0]
|
2023-03-08 23:30:39 +01:00
|
|
|
var fileName string
|
2022-10-17 19:07:38 +02:00
|
|
|
|
2023-03-08 23:30:39 +01:00
|
|
|
// The user avatar must be a PNG or JPEG image with a maximum size of 20 MB.
|
2022-10-18 14:21:23 +02:00
|
|
|
if file.Size > 20000000 {
|
2022-10-17 19:07:38 +02:00
|
|
|
event.AuditWarn([]string{ClientIP(c), "session %s", "upload avatar", "file size exceeded"}, s.RefID)
|
|
|
|
Abort(c, http.StatusBadRequest, i18n.ErrFileTooLarge)
|
|
|
|
return
|
|
|
|
} else if fReader, fErr := file.Open(); fErr != nil {
|
|
|
|
event.AuditErr([]string{ClientIP(c), "session %s", "upload avatar", "%s"}, s.RefID, err)
|
|
|
|
Abort(c, http.StatusBadRequest, i18n.ErrUploadFailed)
|
|
|
|
return
|
|
|
|
} else if mimeType, mimeErr := mimetype.DetectReader(fReader); mimeErr != nil {
|
|
|
|
event.AuditErr([]string{ClientIP(c), "session %s", "upload avatar", "%s"}, s.RefID, err)
|
|
|
|
Abort(c, http.StatusBadRequest, i18n.ErrUploadFailed)
|
|
|
|
return
|
2023-03-08 23:30:39 +01:00
|
|
|
} else {
|
|
|
|
switch {
|
|
|
|
case mimeType.Is(fs.MimeTypePNG):
|
|
|
|
fileName = "avatar.png"
|
|
|
|
case mimeType.Is(fs.MimeTypeJPEG):
|
|
|
|
fileName = "avatar.jpg"
|
|
|
|
default:
|
|
|
|
event.AuditWarn([]string{ClientIP(c), "session %s", "upload avatar", " %s not supported"}, s.RefID, mimeType)
|
|
|
|
Abort(c, http.StatusBadRequest, i18n.ErrUnsupportedFormat)
|
|
|
|
return
|
|
|
|
}
|
2022-10-17 19:07:38 +02:00
|
|
|
}
|
|
|
|
|
2023-03-08 23:30:39 +01:00
|
|
|
// Get absolute file path.
|
2022-10-17 19:07:38 +02:00
|
|
|
filePath := path.Join(uploadDir, fileName)
|
|
|
|
|
2023-03-08 23:30:39 +01:00
|
|
|
// Save avatar image.
|
2022-10-17 19:07:38 +02:00
|
|
|
if err = c.SaveUploadedFile(file, filePath); err != nil {
|
|
|
|
event.AuditErr([]string{ClientIP(c), "session %s", "upload avatar", "failed to save %s"}, s.RefID, clean.Log(filePath))
|
|
|
|
Abort(c, http.StatusBadRequest, i18n.ErrUploadFailed)
|
|
|
|
return
|
|
|
|
} else {
|
|
|
|
event.AuditInfo([]string{ClientIP(c), "session %s", "upload avatar", "saved as %s"}, s.RefID, clean.Log(filePath))
|
|
|
|
}
|
|
|
|
|
2023-03-08 23:30:39 +01:00
|
|
|
// Create avatar thumbnails.
|
2022-10-17 19:07:38 +02:00
|
|
|
if mediaFile, mediaErr := photoprism.NewMediaFile(filePath); mediaErr != nil {
|
|
|
|
event.AuditErr([]string{ClientIP(c), "session %s", "upload avatar", "%s"}, s.RefID, err)
|
2022-10-19 05:09:09 +02:00
|
|
|
Abort(c, http.StatusBadRequest, i18n.ErrUnsupportedFormat)
|
2022-10-17 19:07:38 +02:00
|
|
|
return
|
|
|
|
} else if err = mediaFile.CreateThumbnails(conf.ThumbCachePath(), false); err != nil {
|
|
|
|
event.AuditErr([]string{ClientIP(c), "session %s", "upload avatar", "%s"}, s.RefID, err)
|
2023-03-08 23:30:39 +01:00
|
|
|
} else if err = m.SetAvatar(mediaFile.Hash(), entity.SrcManual); err != nil {
|
2022-10-17 19:07:38 +02:00
|
|
|
event.AuditErr([]string{ClientIP(c), "session %s", "upload avatar", "%s"}, s.RefID, err)
|
|
|
|
}
|
|
|
|
|
2023-03-08 23:30:39 +01:00
|
|
|
// Clear session cache to update user details.
|
2022-10-17 19:07:38 +02:00
|
|
|
s.ClearCache()
|
|
|
|
|
2023-03-08 23:30:39 +01:00
|
|
|
// Show success message.
|
2022-10-17 19:07:38 +02:00
|
|
|
log.Info(i18n.Msg(i18n.MsgFileUploaded))
|
|
|
|
|
2023-03-08 23:30:39 +01:00
|
|
|
// Return updated user profile.
|
2022-10-17 19:07:38 +02:00
|
|
|
c.JSON(http.StatusOK, entity.FindUserByUID(uid))
|
|
|
|
})
|
|
|
|
}
|