33 lines
1.4 KiB
JavaScript
33 lines
1.4 KiB
JavaScript
import { writeFile, unlink } from 'node:fs/promises'
|
|
import { join } from 'node:path'
|
|
import { readMultipartFormData } from 'h3'
|
|
import { getDb, getAvatarsDir } from '../../utils/db.js'
|
|
import { requireAuth } from '../../utils/authHelpers.js'
|
|
|
|
const MAX_SIZE = 2 * 1024 * 1024
|
|
const ALLOWED_TYPES = Object.freeze(['image/jpeg', 'image/png'])
|
|
const EXT_BY_MIME = Object.freeze({ 'image/jpeg': 'jpg', 'image/png': 'png' })
|
|
|
|
export default defineEventHandler(async (event) => {
|
|
const user = requireAuth(event)
|
|
const form = await readMultipartFormData(event)
|
|
const file = form?.find(f => f.name === 'avatar' && f.data)
|
|
if (!file || !file.filename) throw createError({ statusCode: 400, message: 'Missing avatar file' })
|
|
if (file.data.length > MAX_SIZE) throw createError({ statusCode: 400, message: 'File too large' })
|
|
const mime = file.type ?? ''
|
|
if (!ALLOWED_TYPES.includes(mime)) throw createError({ statusCode: 400, message: 'Invalid type; use JPEG or PNG' })
|
|
const ext = EXT_BY_MIME[mime] ?? 'jpg'
|
|
const filename = `${user.id}.${ext}`
|
|
const dir = getAvatarsDir()
|
|
const path = join(dir, filename)
|
|
await writeFile(path, file.data)
|
|
const { run } = await getDb()
|
|
const previous = user.avatar_path
|
|
await run('UPDATE users SET avatar_path = ? WHERE id = ?', [filename, user.id])
|
|
if (previous && previous !== filename) {
|
|
const oldPath = join(dir, previous)
|
|
await unlink(oldPath).catch(() => {})
|
|
}
|
|
return { ok: true }
|
|
})
|