Add API for changing Avatars (#25369)

This adds an API for uploading and Deleting Avatars for of Users, Repos
and Organisations. I'm not sure, if this should also be added to the
Admin API.

Resolves #25344

---------

Co-authored-by: silverwind <[email protected]>
Co-authored-by: Giteabot <[email protected]>

Author: 3 people

modules/structs/repo.go

@@ -380,3 +380,9 @@ type NewIssuePinsAllowed struct {
 	Issues       bool `json:"issues"`
 	PullRequests bool `json:"pull_requests"`
 }
+
+// UpdateRepoAvatarUserOption options when updating the repo avatar
+type UpdateRepoAvatarOption struct {
+	// image must be base64 encoded
+	Image string `json:"image" binding:"Required"`
+}

modules/structs/user.go

@@ -102,3 +102,9 @@ type RenameUserOption struct {
 	// unique: true
 	NewName string `json:"new_username" binding:"Required"`
 }
+
+// UpdateUserAvatarUserOption options when updating the user avatar
+type UpdateUserAvatarOption struct {
+	// image must be base64 encoded
+	Image string `json:"image" binding:"Required"`
+}

routers/api/v1/api.go

@@ -899,6 +899,11 @@ func Routes() *web.Route {
 					Patch(bind(api.EditHookOption{}), user.EditHook).
 					Delete(user.DeleteHook)
 			}, reqWebhooksEnabled())
+
+			m.Group("/avatar", func() {
+				m.Post("", bind(api.UpdateUserAvatarOption{}), user.UpdateAvatar)
+				m.Delete("", user.DeleteAvatar)
+			}, reqToken())
 		}, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryUser), reqToken())
 
 		// Repositories (requires repo scope, org scope)
@@ -1134,6 +1139,10 @@ func Routes() *web.Route {
 				m.Get("/languages", reqRepoReader(unit.TypeCode), repo.GetLanguages)
 				m.Get("/activities/feeds", repo.ListRepoActivityFeeds)
 				m.Get("/new_pin_allowed", repo.AreNewIssuePinsAllowed)
+				m.Group("/avatar", func() {
+					m.Post("", bind(api.UpdateRepoAvatarOption{}), repo.UpdateAvatar)
+					m.Delete("", repo.DeleteAvatar)
+				}, reqAdmin(), reqToken())
 			}, repoAssignment())
 		}, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryRepository))
 
@@ -1314,6 +1323,10 @@ func Routes() *web.Route {
 					Patch(bind(api.EditHookOption{}), org.EditHook).
 					Delete(org.DeleteHook)
 			}, reqToken(), reqOrgOwnership(), reqWebhooksEnabled())
+			m.Group("/avatar", func() {
+				m.Post("", bind(api.UpdateUserAvatarOption{}), org.UpdateAvatar)
+				m.Delete("", org.DeleteAvatar)
+			}, reqToken(), reqOrgOwnership())
 			m.Get("/activities/feeds", org.ListOrgActivityFeeds)
 		}, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryOrganization), orgAssignment(true))
 		m.Group("/teams/{teamid}", func() {

routers/api/v1/org/avatar.go

@@ -0,0 +1,74 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package org
+
+import (
+	"encoding/base64"
+	"net/http"
+
+	"code.gitea.io/gitea/modules/context"
+	api "code.gitea.io/gitea/modules/structs"
+	"code.gitea.io/gitea/modules/web"
+	user_service "code.gitea.io/gitea/services/user"
+)
+
+// UpdateAvatarupdates the Avatar of an Organisation
+func UpdateAvatar(ctx *context.APIContext) {
+	// swagger:operation POST /orgs/{org}/avatar organization orgUpdateAvatar
+	// ---
+	// summary: Update Avatar
+	// produces:
+	// - application/json
+	// parameters:
+	// - name: org
+	//   in: path
+	//   description: name of the organization
+	//   type: string
+	//   required: true
+	// - name: body
+	//   in: body
+	//   schema:
+	//     "$ref": "#/definitions/UpdateUserAvatarOption"
+	// responses:
+	//   "204":
+	//     "$ref": "#/responses/empty"
+	form := web.GetForm(ctx).(*api.UpdateUserAvatarOption)
+
+	content, err := base64.StdEncoding.DecodeString(form.Image)
+	if err != nil {
+		ctx.Error(http.StatusBadRequest, "DecodeImage", err)
+		return
+	}
+
+	err = user_service.UploadAvatar(ctx.Org.Organization.AsUser(), content)
+	if err != nil {
+		ctx.Error(http.StatusInternalServerError, "UploadAvatar", err)
+	}
+
+	ctx.Status(http.StatusNoContent)
+}
+
+// DeleteAvatar deletes the Avatar of an Organisation
+func DeleteAvatar(ctx *context.APIContext) {
+	// swagger:operation DELETE /orgs/{org}/avatar organization orgDeleteAvatar
+	// ---
+	// summary: Delete Avatar
+	// produces:
+	// - application/json
+	// parameters:
+	// - name: org
+	//   in: path
+	//   description: name of the organization
+	//   type: string
+	//   required: true
+	// responses:
+	//   "204":
+	//     "$ref": "#/responses/empty"
+	err := user_service.DeleteAvatar(ctx.Org.Organization.AsUser())
+	if err != nil {
+		ctx.Error(http.StatusInternalServerError, "DeleteAvatar", err)
+	}
+
+	ctx.Status(http.StatusNoContent)
+}

routers/api/v1/repo/avatar.go

@@ -0,0 +1,84 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"encoding/base64"
+	"net/http"
+
+	"code.gitea.io/gitea/modules/context"
+	api "code.gitea.io/gitea/modules/structs"
+	"code.gitea.io/gitea/modules/web"
+	repo_service "code.gitea.io/gitea/services/repository"
+)
+
+// UpdateVatar updates the Avatar of an Repo
+func UpdateAvatar(ctx *context.APIContext) {
+	// swagger:operation POST /repos/{owner}/{repo}/avatar repository repoUpdateAvatar
+	// ---
+	// summary: Update avatar
+	// produces:
+	// - application/json
+	// parameters:
+	// - name: owner
+	//   in: path
+	//   description: owner of the repo
+	//   type: string
+	//   required: true
+	// - name: repo
+	//   in: path
+	//   description: name of the repo
+	//   type: string
+	//   required: true
+	// - name: body
+	//   in: body
+	//   schema:
+	//     "$ref": "#/definitions/UpdateRepoAvatarOption"
+	// responses:
+	//   "204":
+	//     "$ref": "#/responses/empty"
+	form := web.GetForm(ctx).(*api.UpdateRepoAvatarOption)
+
+	content, err := base64.StdEncoding.DecodeString(form.Image)
+	if err != nil {
+		ctx.Error(http.StatusBadRequest, "DecodeImage", err)
+		return
+	}
+
+	err = repo_service.UploadAvatar(ctx, ctx.Repo.Repository, content)
+	if err != nil {
+		ctx.Error(http.StatusInternalServerError, "UploadAvatar", err)
+	}
+
+	ctx.Status(http.StatusNoContent)
+}
+
+// UpdateAvatar deletes the Avatar of an Repo
+func DeleteAvatar(ctx *context.APIContext) {
+	// swagger:operation DELETE /repos/{owner}/{repo}/avatar repository repoDeleteAvatar
+	// ---
+	// summary: Delete avatar
+	// produces:
+	// - application/json
+	// parameters:
+	// - name: owner
+	//   in: path
+	//   description: owner of the repo
+	//   type: string
+	//   required: true
+	// - name: repo
+	//   in: path
+	//   description: name of the repo
+	//   type: string
+	//   required: true
+	// responses:
+	//   "204":
+	//     "$ref": "#/responses/empty"
+	err := repo_service.DeleteAvatar(ctx, ctx.Repo.Repository)
+	if err != nil {
+		ctx.Error(http.StatusInternalServerError, "DeleteAvatar", err)
+	}
+
+	ctx.Status(http.StatusNoContent)
+}

routers/api/v1/swagger/options.go

@@ -181,4 +181,10 @@ type swaggerParameterBodies struct {
 
 	// in:body
 	CreatePushMirrorOption api.CreatePushMirrorOption
+
+	// in:body
+	UpdateUserAvatarOptions api.UpdateUserAvatarOption
+
+	// in:body
+	UpdateRepoAvatarOptions api.UpdateRepoAvatarOption
 }

routers/api/v1/user/avatar.go

@@ -0,0 +1,63 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package user
+
+import (
+	"encoding/base64"
+	"net/http"
+
+	"code.gitea.io/gitea/modules/context"
+	api "code.gitea.io/gitea/modules/structs"
+	"code.gitea.io/gitea/modules/web"
+	user_service "code.gitea.io/gitea/services/user"
+)
+
+// UpdateAvatar updates the Avatar of an User
+func UpdateAvatar(ctx *context.APIContext) {
+	// swagger:operation POST /user/avatar user userUpdateAvatar
+	// ---
+	// summary: Update Avatar
+	// produces:
+	// - application/json
+	// parameters:
+	// - name: body
+	//   in: body
+	//   schema:
+	//     "$ref": "#/definitions/UpdateUserAvatarOption"
+	// responses:
+	//   "204":
+	//     "$ref": "#/responses/empty"
+	form := web.GetForm(ctx).(*api.UpdateUserAvatarOption)
+
+	content, err := base64.StdEncoding.DecodeString(form.Image)
+	if err != nil {
+		ctx.Error(http.StatusBadRequest, "DecodeImage", err)
+		return
+	}
+
+	err = user_service.UploadAvatar(ctx.Doer, content)
+	if err != nil {
+		ctx.Error(http.StatusInternalServerError, "UploadAvatar", err)
+	}
+
+	ctx.Status(http.StatusNoContent)
+}
+
+// DeleteAvatar deletes the Avatar of an User
+func DeleteAvatar(ctx *context.APIContext) {
+	// swagger:operation DELETE /user/avatar user userDeleteAvatar
+	// ---
+	// summary: Delete Avatar
+	// produces:
+	// - application/json
+	// responses:
+	//   "204":
+	//     "$ref": "#/responses/empty"
+	err := user_service.DeleteAvatar(ctx.Doer)
+	if err != nil {
+		ctx.Error(http.StatusInternalServerError, "DeleteAvatar", err)
+	}
+
+	ctx.Status(http.StatusNoContent)
+}