10 files changed, 258 insertions, 80 deletions

diff --git a/src/api/routes/guilds/#guild_id/members/#member_id/index.ts b/src/api/routes/guilds/#guild_id/members/#member_id/index.ts
index 28085752..8e6c3ce7 100644
--- a/src/api/routes/guilds/#guild_id/members/#member_id/index.ts
+++ b/src/api/routes/guilds/#guild_id/members/#member_id/index.ts
@@ -9,6 +9,7 @@ import {
 	Sticker,
 	Emoji,
 	Guild,
+	handleFile,
 	MemberChangeSchema,
 } from "@fosscord/util";
 import { route } from "@fosscord/api";
@@ -26,54 +27,39 @@ router.get("/", route({}), async (req: Request, res: Response) => {
 	return res.json(member);
 });
 
-router.patch(
-	"/",
-	route({ body: "MemberChangeSchema" }),
-	async (req: Request, res: Response) => {
-		let { guild_id, member_id } = req.params;
-		if (member_id === "@me") member_id = req.user_id;
-		const body = req.body as MemberChangeSchema;
-
-		const member = await Member.findOneOrFail({
-			where: { id: member_id, guild_id },
-			relations: ["roles", "user"],
-		});
-		const permission = await getPermission(req.user_id, guild_id);
-		const everyone = await Role.findOneOrFail({
-			where: { guild_id: guild_id, name: "@everyone", position: 0 },
-		});
-
-		if (body.roles) {
-			permission.hasThrow("MANAGE_ROLES");
-
-			if (body.roles.indexOf(everyone.id) === -1)
-				body.roles.push(everyone.id);
-			member.roles = body.roles.map((x) => Role.create({ id: x })); // foreign key constraint will fail if role doesn't exist
-		}
-
-		if ("nick" in body) {
-			permission.hasThrow(
-				req.user_id == member.user.id
-					? "CHANGE_NICKNAME"
-					: "MANAGE_NICKNAMES",
-			);
-			member.nick = body.nick?.trim() || undefined;
-		}
-
-		await member.save();
-
-		member.roles = member.roles.filter((x) => x.id !== everyone.id);
-
-		// do not use promise.all as we have to first write to db before emitting the event to catch errors
-		await emitEvent({
-			event: "GUILD_MEMBER_UPDATE",
-			guild_id,
-			data: { ...member, roles: member.roles.map((x) => x.id) },
-		} as GuildMemberUpdateEvent);
-
-		res.json(member);
-	},
-);
+router.patch("/", route({ body: "MemberChangeSchema" }), async (req: Request, res: Response) => {
+	let { guild_id, member_id } = req.params;
+	if (member_id === "@me") member_id = req.user_id;
+	const body = req.body as MemberChangeSchema;
+
+	let member = await Member.findOneOrFail({ where: { id: member_id, guild_id }, relations: ["roles", "user"] });
+	const permission = await getPermission(req.user_id, guild_id);
+	const everyone = await Role.findOneOrFail({ where: { guild_id: guild_id, name: "@everyone", position: 0 } });
+
+	if (body.roles) {
+		permission.hasThrow("MANAGE_ROLES");
+
+		if (body.roles.indexOf(everyone.id) === -1) body.roles.push(everyone.id);
+		member.roles = body.roles.map((x) => Role.create({ id: x })); // foreign key constraint will fail if role doesn't exist
+	}
+
+	if (body.avatar) body.avatar = await handleFile(`/guilds/${guild_id}/users/${member_id}/avatars`, body.avatar as string);
+
+	member.assign(body);
+
+	await member.save();
+
+	member.roles = member.roles.filter((x) => x.id !== everyone.id);
+
+	// do not use promise.all as we have to first write to db before emitting the event to catch errors
+	await emitEvent({
+		event: "GUILD_MEMBER_UPDATE",
+		guild_id,
+		data: { ...member, roles: member.roles.map((x) => x.id) }
+	} as GuildMemberUpdateEvent);
+
+	res.json(member);
+});
 
 router.put("/", route({}), async (req: Request, res: Response) => {
 	// TODO: Lurker mode
diff --git a/src/api/routes/guilds/#guild_id/profile/index.ts b/src/api/routes/guilds/#guild_id/profile/index.ts
new file mode 100644
index 00000000..ddc30943
--- /dev/null
+++ b/src/api/routes/guilds/#guild_id/profile/index.ts
@@ -0,0 +1,30 @@
+import { route } from "@fosscord/api";
+import { emitEvent, GuildMemberUpdateEvent, handleFile, Member, MemberChangeProfileSchema, OrmUtils } from "@fosscord/util";
+import { Request, Response, Router } from "express";
+
+const router = Router();
+
+router.patch("/:member_id", route({ body: "MemberChangeProfileSchema" }), async (req: Request, res: Response) => {
+	let { guild_id, member_id } = req.params;
+	if (member_id === "@me") member_id = req.user_id;
+	const body = req.body as MemberChangeProfileSchema;
+
+	let member = await Member.findOneOrFail({ where: { id: req.user_id, guild_id }, relations: ["roles", "user"] });
+
+	if (body.banner) body.banner = await handleFile(`/guilds/${guild_id}/users/${req.user_id}/avatars`, body.banner as string);
+
+	member = await OrmUtils.mergeDeep(member, body);
+
+	await member.save();
+
+	// do not use promise.all as we have to first write to db before emitting the event to catch errors
+	await emitEvent({
+		event: "GUILD_MEMBER_UPDATE",
+		guild_id,
+		data: { ...member, roles: member.roles.map((x) => x.id) }
+	} as GuildMemberUpdateEvent);
+
+	res.json(member);
+});
+
+export default router;
diff --git a/src/api/routes/users/#id/profile.ts b/src/api/routes/users/#id/profile.ts
index ebea805b..45cc4412 100644
--- a/src/api/routes/users/#id/profile.ts
+++ b/src/api/routes/users/#id/profile.ts
@@ -6,6 +6,11 @@ import {
 	UserPublic,
 	Member,
 	Guild,
+	UserProfileModifySchema,
+	handleFile,
+	PrivateUserProjection,
+	emitEvent,
+	UserUpdateEvent,
 } from "@fosscord/util";
 import { route } from "@fosscord/api";
 
@@ -84,36 +89,66 @@ router.get(
 			bot: user.bot,
 		};
 
-		const guildMemberDto = guild_member
-			? {
-					avatar: user.avatar, // TODO
-					banner: user.banner, // TODO
-					bio: req.user_bot ? null : user.bio, // TODO
-					communication_disabled_until: null, // TODO
-					deaf: guild_member.deaf,
-					flags: user.flags,
-					is_pending: guild_member.pending,
-					pending: guild_member.pending, // why is this here twice, discord?
-					joined_at: guild_member.joined_at,
-					mute: guild_member.mute,
-					nick: guild_member.nick,
-					premium_since: guild_member.premium_since,
-					roles: guild_member.roles
-						.map((x) => x.id)
-						.filter((id) => id != guild_id),
-					user: userDto,
-			  }
-			: undefined;
-
-		res.json({
-			connected_accounts: user.connected_accounts,
-			premium_guild_since: premium_guild_since, // TODO
-			premium_since: user.premium_since, // TODO
-			mutual_guilds: mutual_guilds, // TODO {id: "", nick: null} when ?with_mutual_guilds=true
-			user: userDto,
-			guild_member: guildMemberDto,
-		});
-	},
-);
+	const guildMemberDto = guild_member
+		? {
+				avatar: guild_member.avatar,
+				banner: guild_member.banner,
+				bio: req.user_bot ? null : guild_member.bio,
+				communication_disabled_until: guild_member.communication_disabled_until,
+				deaf: guild_member.deaf,
+				flags: user.flags,
+				is_pending: guild_member.pending,
+				pending: guild_member.pending, // why is this here twice, discord?
+				joined_at: guild_member.joined_at,
+				mute: guild_member.mute,
+				nick: guild_member.nick,
+				premium_since: guild_member.premium_since,
+				roles: guild_member.roles.map((x) => x.id).filter((id) => id != guild_id),
+				user: userDto
+		  }
+		: undefined;
+
+	const guildMemberProfile = {
+		accent_color: null,
+		banner: guild_member?.banner || null,
+		bio: guild_member?.bio || "",
+		guild_id
+	};
+	res.json({
+		connected_accounts: user.connected_accounts,
+		premium_guild_since: premium_guild_since, // TODO
+		premium_since: user.premium_since, // TODO
+		mutual_guilds: mutual_guilds, // TODO {id: "", nick: null} when ?with_mutual_guilds=true
+		user: userDto,
+		guild_member: guildMemberDto,
+		guild_member_profile: guildMemberProfile
+	});
+});
+
+router.patch("/", route({ body: "UserProfileModifySchema" }), async (req: Request, res: Response) => {
+	const body = req.body as UserProfileModifySchema;
+
+	if (body.banner) body.banner = await handleFile(`/banners/${req.user_id}`, body.banner as string);
+	let user = await User.findOneOrFail({ where: { id: req.user_id }, select: [...PrivateUserProjection, "data"] });
+
+	user.assign(body);
+	await user.save();
+
+	// @ts-ignore
+	delete user.data;
+
+	// TODO: send update member list event in gateway
+	await emitEvent({
+		event: "USER_UPDATE",
+		user_id: req.user_id,
+		data: user
+	} as UserUpdateEvent);
+
+	res.json({
+		accent_color: user.accent_color,
+		bio: user.bio,
+		banner: user.banner
+	});
+});
 
 export default router;
diff --git a/src/cdn/Server.ts b/src/cdn/Server.ts
index 45d3abd9..1fd9ca38 100644
--- a/src/cdn/Server.ts
+++ b/src/cdn/Server.ts
@@ -2,6 +2,7 @@ import { Server, ServerOptions } from "lambert-server";
 import { Config, initDatabase, registerRoutes } from "@fosscord/util";
 import path from "path";
 import avatarsRoute from "./routes/avatars";
+import guildProfilesRoute from "./routes/guild-profiles";
 import iconsRoute from "./routes/role-icons";
 import bodyParser from "body-parser";
 
@@ -74,6 +75,12 @@ export class CDNServer extends Server {
 		this.app.use("/channel-icons/", avatarsRoute);
 		this.log("verbose", "[Server] Route /channel-icons registered");
 
+		this.app.use("/guilds/:guild_id/users/:user_id/avatars", guildProfilesRoute);
+		this.log("verbose", "[Server] Route /guilds/avatars registered");
+
+		this.app.use("/guilds/:guild_id/users/:user_id/banners", guildProfilesRoute);
+		this.log("verbose", "[Server] Route /guilds/banners registered");
+
 		return super.start();
 	}
 
diff --git a/src/cdn/routes/guild-profiles.ts b/src/cdn/routes/guild-profiles.ts
new file mode 100644
index 00000000..98af7f69
--- /dev/null
+++ b/src/cdn/routes/guild-profiles.ts
@@ -0,0 +1,85 @@
+import { Config, Snowflake } from "@fosscord/util";
+import crypto from "crypto";
+import { Request, Response, Router } from "express";
+import FileType from "file-type";
+import { HTTPError } from "lambert-server";
+import { multer } from "../util/multer";
+import { storage } from "../util/Storage";
+
+// TODO: check premium and animated pfp are allowed in the config
+// TODO: generate different sizes of icon
+// TODO: generate different image types of icon
+// TODO: delete old icons
+
+const ANIMATED_MIME_TYPES = ["image/apng", "image/gif", "image/gifv"];
+const STATIC_MIME_TYPES = ["image/png", "image/jpeg", "image/webp", "image/svg+xml", "image/svg"];
+const ALLOWED_MIME_TYPES = [...ANIMATED_MIME_TYPES, ...STATIC_MIME_TYPES];
+
+const router = Router();
+
+router.post("/", multer.single("file"), async (req: Request, res: Response) => {
+	if (req.headers.signature !== Config.get().security.requestSignature) throw new HTTPError("Invalid request signature");
+	if (!req.file) throw new HTTPError("Missing file");
+	const { buffer, mimetype, size, originalname, fieldname } = req.file;
+	const { guild_id, user_id } = req.params;
+
+	let hash = crypto.createHash("md5").update(Snowflake.generate()).digest("hex");
+
+	const type = await FileType.fromBuffer(buffer);
+	if (!type || !ALLOWED_MIME_TYPES.includes(type.mime)) throw new HTTPError("Invalid file type");
+	if (ANIMATED_MIME_TYPES.includes(type.mime)) hash = `a_${hash}`; // animated icons have a_ infront of the hash
+
+	const path = `guilds/${guild_id}/users/${user_id}/avatars/${hash}`;
+	const endpoint = Config.get().cdn.endpointPublic || "http://localhost:3003";
+
+	await storage.set(path, buffer);
+
+	return res.json({
+		id: hash,
+		content_type: type.mime,
+		size,
+		url: `${endpoint}${req.baseUrl}/${user_id}/${hash}`
+	});
+});
+
+router.get("/", async (req: Request, res: Response) => {
+	let { guild_id, user_id } = req.params;
+	user_id = user_id.split(".")[0]; // remove .file extension
+	const path = `guilds/${guild_id}/users/${user_id}/avatars`;
+
+	const file = await storage.get(path);
+	if (!file) throw new HTTPError("not found", 404);
+	const type = await FileType.fromBuffer(file);
+
+	res.set("Content-Type", type?.mime);
+	res.set("Cache-Control", "public, max-age=31536000");
+
+	return res.send(file);
+});
+
+router.get("/:hash", async (req: Request, res: Response) => {
+	let { guild_id, user_id, hash } = req.params;
+	hash = hash.split(".")[0]; // remove .file extension
+	const path = `guilds/${guild_id}/users/${user_id}/avatars/${hash}`;
+
+	const file = await storage.get(path);
+	if (!file) throw new HTTPError("not found", 404);
+	const type = await FileType.fromBuffer(file);
+
+	res.set("Content-Type", type?.mime);
+	res.set("Cache-Control", "public, max-age=31536000");
+
+	return res.send(file);
+});
+
+router.delete("/:id", async (req: Request, res: Response) => {
+	if (req.headers.signature !== Config.get().security.requestSignature) throw new HTTPError("Invalid request signature");
+	const { guild_id, user_id, id } = req.params;
+	const path = `guilds/${guild_id}/users/${user_id}/avatars/${id}`;
+
+	await storage.delete(path);
+
+	return res.send({ success: true });
+});
+
+export default router;
diff --git a/src/util/entities/Member.ts b/src/util/entities/Member.ts
index ae2a6803..1c8bfbef 100644
--- a/src/util/entities/Member.ts
+++ b/src/util/entities/Member.ts
@@ -114,7 +114,19 @@ export class Member extends BaseClassWithoutId {
 	// do not auto-kick force-joined members just because their joiners left the server
 	}) **/
 	@Column({ nullable: true })
-	joined_by?: string;
+	joined_by: string;
+
+	@Column({ nullable: true })
+	avatar: string;
+
+	@Column({ nullable: true })
+	banner: string;
+
+	@Column()
+	bio: string;
+
+	@Column({ nullable: true })
+	communication_disabled_until: Date;
 
 	// TODO: add this when we have proper read receipts
 	// @Column({ type: "simple-json" })
@@ -313,6 +325,7 @@ export class Member extends BaseClassWithoutId {
 			deaf: false,
 			mute: false,
 			pending: false,
+			bio: "",
 		};
 
 		await Promise.all([
diff --git a/src/util/schemas/MemberChangeProfileSchema.ts b/src/util/schemas/MemberChangeProfileSchema.ts
new file mode 100644
index 00000000..3e85174d
--- /dev/null
+++ b/src/util/schemas/MemberChangeProfileSchema.ts
@@ -0,0 +1,5 @@
+export interface MemberChangeProfileSchema {
+	banner?: string | null;
+	nick?: string;
+	bio?: string;
+}
diff --git a/src/util/schemas/MemberChangeSchema.ts b/src/util/schemas/MemberChangeSchema.ts
index 2367bef3..4156c8c1 100644
--- a/src/util/schemas/MemberChangeSchema.ts
+++ b/src/util/schemas/MemberChangeSchema.ts
@@ -1,4 +1,6 @@
 export interface MemberChangeSchema {
 	roles?: string[];
 	nick?: string;
+	avatar?: string | null;
+	bio?: string;
 }
diff --git a/src/util/schemas/UserProfileModifySchema.ts b/src/util/schemas/UserProfileModifySchema.ts
new file mode 100644
index 00000000..33a372c9
--- /dev/null
+++ b/src/util/schemas/UserProfileModifySchema.ts
@@ -0,0 +1,5 @@
+export interface UserProfileModifySchema {
+	bio?: string;
+	accent_color?: number | null;
+	banner?: string | null;
+}
diff --git a/src/util/schemas/index.ts b/src/util/schemas/index.ts
index 58565496..a03cebe2 100644
--- a/src/util/schemas/index.ts
+++ b/src/util/schemas/index.ts
@@ -22,6 +22,11 @@ export * from "./TemplateModifySchema";
 export * from "./VanityUrlSchema";
 export * from "./GuildUpdateWelcomeScreenSchema";
 export * from "./WidgetModifySchema";
+export * from "./IdentifySchema";
+export * from "./InviteCreateSchema";
+export * from "./LazyRequestSchema";
+export * from "./LoginSchema";
+export * from "./MemberChangeProfileSchema";
 export * from "./MemberChangeSchema";
 export * from "./RoleModifySchema";
 export * from "./GuildTemplateCreateSchema";
@@ -34,6 +39,11 @@ export * from "./MfaCodesSchema";
 export * from "./TotpDisableSchema";
 export * from "./TotpEnableSchema";
 export * from "./VoiceIdentifySchema";
+export * from "./TotpSchema";
+export * from "./UserModifySchema";
+export * from "./UserProfileModifySchema";
+export * from "./UserSettingsSchema";
+export * from "./VanityUrlSchema";
 export * from "./VoiceStateUpdateSchema";
 export * from "./VoiceVideoSchema";
 export * from "./IdentifySchema";