1

server-rs/crates/api-server/src/profile_identity.rs

@@ -0,0 +1,105 @@
+use axum::{
+    Json,
+    extract::{Extension, State},
+    http::StatusCode,
+};
+use base64::{Engine as _, engine::general_purpose::STANDARD as BASE64_STANDARD};
+use image::GenericImageView;
+use module_auth::{PasswordEntryError, UpdateProfileInput};
+use shared_contracts::auth::{ProfileUpdateRequest, ProfileUpdateResponse};
+
+use crate::{
+    api_response::json_success_body, auth::AuthenticatedAccessToken,
+    auth_payload::map_auth_user_payload, http_error::AppError, request_context::RequestContext,
+    state::AppState,
+};
+
+const MAX_AVATAR_BYTES: usize = 5 * 1024 * 1024;
+const AVATAR_SIZE_PX: u32 = 256;
+
+pub async fn update_profile_identity(
+    State(state): State<AppState>,
+    Extension(request_context): Extension<RequestContext>,
+    Extension(authenticated): Extension<AuthenticatedAccessToken>,
+    Json(payload): Json<ProfileUpdateRequest>,
+) -> Result<Json<serde_json::Value>, AppError> {
+    if let Some(avatar_data_url) = payload.avatar_data_url.as_deref() {
+        validate_avatar_data_url(avatar_data_url)?;
+    }
+
+    let result = state
+        .password_entry_service()
+        .update_profile(UpdateProfileInput {
+            user_id: authenticated.claims().user_id().to_string(),
+            display_name: payload.display_name,
+            avatar_url: payload.avatar_data_url,
+        })
+        .map_err(map_profile_update_error)?;
+
+    state
+        .sync_auth_store_snapshot_to_spacetime()
+        .await
+        .map_err(|error| {
+            AppError::from_status(StatusCode::INTERNAL_SERVER_ERROR).with_message(error.to_string())
+        })?;
+
+    Ok(json_success_body(
+        Some(&request_context),
+        ProfileUpdateResponse {
+            user: map_auth_user_payload(result.user),
+        },
+    ))
+}
+
+fn validate_avatar_data_url(value: &str) -> Result<(), AppError> {
+    let Some((header, payload)) = value.trim().split_once(',') else {
+        return Err(invalid_avatar_error("头像图片格式不正确"));
+    };
+    if !matches!(
+        header,
+        "data:image/png;base64" | "data:image/jpeg;base64" | "data:image/webp;base64"
+    ) {
+        return Err(invalid_avatar_error("头像仅支持 jpg、png、webp"));
+    }
+
+    let bytes = BASE64_STANDARD
+        .decode(payload)
+        .map_err(|_| invalid_avatar_error("头像图片格式不正确"))?;
+    if bytes.len() > MAX_AVATAR_BYTES {
+        return Err(invalid_avatar_error("头像图片不能超过 5MB"));
+    }
+
+    let image =
+        image::load_from_memory(&bytes).map_err(|_| invalid_avatar_error("头像图片格式不正确"))?;
+    let (width, height) = image.dimensions();
+    if width != AVATAR_SIZE_PX || height != AVATAR_SIZE_PX {
+        return Err(invalid_avatar_error("头像裁剪尺寸需要为 256x256"));
+    }
+
+    Ok(())
+}
+
+fn invalid_avatar_error(message: &'static str) -> AppError {
+    AppError::from_status(StatusCode::BAD_REQUEST).with_message(message)
+}
+
+fn map_profile_update_error(error: PasswordEntryError) -> AppError {
+    match error {
+        PasswordEntryError::InvalidDisplayName
+        | PasswordEntryError::InvalidAvatarDataUrl
+        | PasswordEntryError::EmptyProfileUpdate => {
+            AppError::from_status(StatusCode::BAD_REQUEST).with_message(error.to_string())
+        }
+        PasswordEntryError::UserNotFound => AppError::from_status(StatusCode::UNAUTHORIZED)
+            .with_message("当前登录态已失效，请重新登录"),
+        PasswordEntryError::Store(_) | PasswordEntryError::PasswordHash(_) => {
+            AppError::from_status(StatusCode::INTERNAL_SERVER_ERROR).with_message(error.to_string())
+        }
+        PasswordEntryError::InvalidPhoneNumber
+        | PasswordEntryError::InvalidPasswordLength
+        | PasswordEntryError::InvalidPublicUserCode
+        | PasswordEntryError::InvalidCredentials => {
+            AppError::from_status(StatusCode::BAD_REQUEST).with_message(error.to_string())
+        }
+    }
+}