From de20dce73540d81faf53ba7de3abee4092cbe923 Mon Sep 17 00:00:00 2001
From: garrettmills <shout@garrettmills.dev>
Date: Mon, 19 Apr 2021 13:32:35 -0500
Subject: [PATCH] Add public endpoint to get user photo

---
 app/controllers/api/v1/Auth.controller.js | 22 ++++++++++++++++++++++
 app/routing/routers/api/v1/auth.routes.js |  3 +++
 locale/en_US/api.locale.js                |  1 +
 3 files changed, 26 insertions(+)

diff --git a/app/controllers/api/v1/Auth.controller.js b/app/controllers/api/v1/Auth.controller.js
index 9c6b633..25ca701 100644
--- a/app/controllers/api/v1/Auth.controller.js
+++ b/app/controllers/api/v1/Auth.controller.js
@@ -220,6 +220,28 @@ class AuthController extends Controller {
         return res.api(await user.to_api())
     }
 
+    async get_user_photo(req, res, next) {
+        let user
+        if ( req.params.id === 'me' ) {
+            user = req.user
+        } else {
+            const User = this.models.get('auth:User')
+            user = await User.findOne({ uid: req.params.id })
+        }
+
+        if ( !user )
+            return res.status(404)
+                .message(req.T('api.user_not_found'))
+                .api()
+
+        const file = await user.photo()
+        if ( !file )
+            // The user does not have a profile. Send the default.
+            return res.sendFile(this.utility.path('app/assets/people.png'))
+
+        await file.send(res)
+    }
+
     async create_group(req, res, next) {
         if ( !req.user.can(`auth:group:create`) )
             return res.status(401)
diff --git a/app/routing/routers/api/v1/auth.routes.js b/app/routing/routers/api/v1/auth.routes.js
index c70f2f1..94055cf 100644
--- a/app/routing/routers/api/v1/auth.routes.js
+++ b/app/routing/routers/api/v1/auth.routes.js
@@ -36,6 +36,9 @@ const auth_routes = {
             ['middleware::api:Permission', { check: 'v1:auth:users:get' }],
             'controller::api:v1:Auth.get_user',
         ],
+        '/users/:id/photo': [
+            'controller::api:v1:Auth.get_user_photo',
+        ],
         '/groups/:id': [
             'middleware::auth:APIRoute',
             ['middleware::api:Permission', { check: 'v1:auth:groups:get' }],
diff --git a/locale/en_US/api.locale.js b/locale/en_US/api.locale.js
index 25ada0c..50b659f 100644
--- a/locale/en_US/api.locale.js
+++ b/locale/en_US/api.locale.js
@@ -9,6 +9,7 @@ module.exports = exports = {
     vault_not_found: 'A vault with that ID not found.',
 
     user_not_found: 'User not found with that ID.',
+    photo_not_found: 'This user has no photo.',
     user_already_exists: 'A user with that identifier already exists.',
 
     client_not_found: 'Client not found with that ID.',