coinstorge/website/src/routes/api/settings/+server.ts

import { auth } from '$lib/auth';
import { uploadProfilePicture } from '$lib/server/s3';
import { error, json } from '@sveltejs/kit';
import { db } from '$lib/server/db';
import { user } from '$lib/server/db/schema';
import { eq } from 'drizzle-orm';
import { MAX_FILE_SIZE } from '$lib/data/constants';
import { isNameAppropriate } from '$lib/server/moderation';

async function validateInputs(name: string, bio: string, username: string, avatarFile: File | null) {
    if (name && name.length < 1) {
        throw error(400, 'Name cannot be empty');
    }

    if (name && !(await isNameAppropriate(name))) {
        throw error(400, 'Name contains inappropriate content');
    }

    if (bio && bio.length > 160) {
        throw error(400, 'Bio must be 160 characters or less');
    }

    if (username && (username.length < 3 || username.length > 30)) {
        throw error(400, 'Username must be between 3 and 30 characters');
    }

    if (username && !(await isNameAppropriate(username))) {
        throw error(400, 'Username contains inappropriate content');
    }

    if (bio && !(await isNameAppropriate(bio))) {
        throw error(400, 'Bio contains inappropriate content');
    }

    if (avatarFile && avatarFile.size > MAX_FILE_SIZE) {
        throw error(400, 'Avatar file must be smaller than 1MB');
    }
}

export async function POST({ request }) {
    const session = await auth.api.getSession({
        headers: request.headers
    });

    if (!session?.user) {
        throw error(401, 'Not authenticated');
    }

    const formData = await request.formData();
    const name = formData.get('name') as string;
    const bio = formData.get('bio') as string;
    const username = formData.get('username') as string;
    const avatarFile = formData.get('avatar') as File | null;

    await validateInputs(name, bio, username, avatarFile);

    const updates: Record<string, any> = {
        name,
        bio,
        username,
        updatedAt: new Date()
    };

    if (avatarFile && avatarFile.size > 0) {
        try {
            const arrayBuffer = await avatarFile.arrayBuffer();
            const key = await uploadProfilePicture(
                session.user.id,
                new Uint8Array(arrayBuffer),
                avatarFile.type,
                avatarFile.size
            );
            updates.image = key;
        } catch (e) {
            console.error('Avatar upload failed, continuing without update:', e);
        }
    }

    await db.update(user)
        .set(updates)
        .where(eq(user.id, Number(session.user.id)));

    return json({ success: true });
}
feat: add username availability check API endpoint feat: create user image retrieval API endpoint feat: enhance coin page with dynamic data fetching and improved UI feat: implement coin creation form with validation and submission logic feat: add user settings page with profile update functionality 2025-05-23 16:26:02 +03:00			`import { auth } from '$lib/auth';`
			`import { uploadProfilePicture } from '$lib/server/s3';`
			`import { error, json } from '@sveltejs/kit';`
			`import { db } from '$lib/server/db';`
			`import { user } from '$lib/server/db/schema';`
			`import { eq } from 'drizzle-orm';`
			`import { MAX_FILE_SIZE } from '$lib/data/constants';`
feat: moderation 2025-05-30 14:35:15 +03:00			`import { isNameAppropriate } from '$lib/server/moderation';`
feat: add username availability check API endpoint feat: create user image retrieval API endpoint feat: enhance coin page with dynamic data fetching and improved UI feat: implement coin creation form with validation and submission logic feat: add user settings page with profile update functionality 2025-05-23 16:26:02 +03:00
feat: moderation 2025-05-30 14:35:15 +03:00			`async function validateInputs(name: string, bio: string, username: string, avatarFile: File \| null) {`
feat: add username availability check API endpoint feat: create user image retrieval API endpoint feat: enhance coin page with dynamic data fetching and improved UI feat: implement coin creation form with validation and submission logic feat: add user settings page with profile update functionality 2025-05-23 16:26:02 +03:00			`if (name && name.length < 1) {`
			`throw error(400, 'Name cannot be empty');`
			`}`

feat: moderation 2025-05-30 14:35:15 +03:00			`if (name && !(await isNameAppropriate(name))) {`
			`throw error(400, 'Name contains inappropriate content');`
			`}`

feat: add username availability check API endpoint feat: create user image retrieval API endpoint feat: enhance coin page with dynamic data fetching and improved UI feat: implement coin creation form with validation and submission logic feat: add user settings page with profile update functionality 2025-05-23 16:26:02 +03:00			`if (bio && bio.length > 160) {`
			`throw error(400, 'Bio must be 160 characters or less');`
			`}`

			`if (username && (username.length < 3 \|\| username.length > 30)) {`
			`throw error(400, 'Username must be between 3 and 30 characters');`
			`}`

feat: moderation 2025-05-30 14:35:15 +03:00			`if (username && !(await isNameAppropriate(username))) {`
			`throw error(400, 'Username contains inappropriate content');`
			`}`

add check for bio 2025-05-30 16:50:56 +03:00			`if (bio && !(await isNameAppropriate(bio))) {`
			`throw error(400, 'Bio contains inappropriate content');`
			`}`

feat: add username availability check API endpoint feat: create user image retrieval API endpoint feat: enhance coin page with dynamic data fetching and improved UI feat: implement coin creation form with validation and submission logic feat: add user settings page with profile update functionality 2025-05-23 16:26:02 +03:00			`if (avatarFile && avatarFile.size > MAX_FILE_SIZE) {`
			`throw error(400, 'Avatar file must be smaller than 1MB');`
			`}`
			`}`

			`export async function POST({ request }) {`
			`const session = await auth.api.getSession({`
			`headers: request.headers`
			`});`

			`if (!session?.user) {`
			`throw error(401, 'Not authenticated');`
			`}`

			`const formData = await request.formData();`
			`const name = formData.get('name') as string;`
			`const bio = formData.get('bio') as string;`
			`const username = formData.get('username') as string;`
			`const avatarFile = formData.get('avatar') as File \| null;`

feat: moderation 2025-05-30 14:35:15 +03:00			`await validateInputs(name, bio, username, avatarFile);`
feat: add username availability check API endpoint feat: create user image retrieval API endpoint feat: enhance coin page with dynamic data fetching and improved UI feat: implement coin creation form with validation and submission logic feat: add user settings page with profile update functionality 2025-05-23 16:26:02 +03:00
			`const updates: Record<string, any> = {`
			`name,`
			`bio,`
			`username,`
			`updatedAt: new Date()`
			`};`

			`if (avatarFile && avatarFile.size > 0) {`
			`try {`
			`const arrayBuffer = await avatarFile.arrayBuffer();`
			`const key = await uploadProfilePicture(`
			`session.user.id,`
			`new Uint8Array(arrayBuffer),`
			`avatarFile.type,`
			`avatarFile.size`
			`);`
			`updates.image = key;`
			`} catch (e) {`
			`console.error('Avatar upload failed, continuing without update:', e);`
			`}`
			`}`

			`await db.update(user)`
			`.set(updates)`
			`.where(eq(user.id, Number(session.user.id)));`

			`return json({ success: true });`
			`}`