Fixing uploadProfilePicture to use presignedURLs

[gwen-f]

Summary by CodeRabbit

• Refactor
  • Updated profile picture upload flow to use pre-signed upload data. The request no longer accepts image or user ID fields. The response now returns url_info with upload instructions.
• New Features
  • Enables direct upload of profile pictures using provided pre-signed form data.
• Documentation
  • Clarified the new upload response format and request expectations.
• Chores
  • Removed deprecated request/response fields related to image, user ID, message, and picture ID.

[coderabbitai]

Walkthrough

This PR refactors the UploadProfilePicture API: the input becomes empty, and the output now returns a required PresignedPostData object (url_info). Corresponding Python and TypeScript models/types are updated, and the operation’s requestBody is removed from the TS OpenAPI models.

Changes

Cohort / File(s)	Summary of Changes
Smithy model update model/profiles.smithy	UploadProfilePictureInput fields removed (image, userId), leaving an empty structure. UploadProfilePictureOutput changed to a single required field url_info: PresignedPostData, replacing message and pictureId.
Python API models python/api_model/types/models.py	Removed UploadProfilePictureRequestContent model. Updated UploadProfilePictureResponseContent to expose url_info: PresignedPostData; removed message and pictureId.
TypeScript public types typescript/src/index.ts	Deleted UploadProfilePictureRequestContent type. Updated UploadProfilePictureResponseContent to { url_info: PresignedPostData }.
TypeScript OpenAPI models typescript/src/models.ts	Removed UploadProfilePictureRequestContent schema and requestBody for the operation. Updated response schema to { url_info: PresignedPostData }.

Sequence Diagram(s)

sequenceDiagram
  participant Client
  participant API
  participant ObjectStorage

  Client->>API: POST /profiles/upload-picture (no body)
  API-->>Client: 200 { url_info: PresignedPostData }
  Client->>ObjectStorage: Upload using PresignedPostData
  ObjectStorage-->>Client: 204/201 Upload success

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~9 minutes

Possibly related PRs

• Refactor Smithy (NO API CHANGE) #6 — Introduced the original UploadProfilePicture with image/userId request and message/pictureId response, which this PR supersedes with a presigned upload flow.

Poem

A picture to the cloud, not through our gate,
The client asks for keys, the server hands their fate.
A signed breeze whispers, “Upload here, be swift,”
No payload carried—just a presigned gift.
Clean seams, lean streams, scaling set to lift.

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 957c571 and 6bd0559.

📒 Files selected for processing (4)

• model/profiles.smithy (1 hunks)
• python/api_model/types/models.py (1 hunks)
• typescript/src/index.ts (1 hunks)
• typescript/src/models.ts (2 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

**/*.smithy

📄 CodeRabbit Inference Engine (.rules/001_prefermap)

When creating a set of uniquely named/id objects in the smithy model, prefer to use Map over List.

Files:

• model/profiles.smithy

🧠 Learnings (1)

📚 Learning: 2025-07-19T02:03:53.681Z

Learnt from: ParkerVR
PR: Equal-IQ/api-model#10
File: typescript/src/index.ts:280-281
Timestamp: 2025-07-19T02:03:53.681Z
Learning: In the Equal-IQ/api-model repository, TypeScript code in typescript/src/index.ts is auto-generated from Smithy models. Type safety issues like `unknown` types should be addressed by improving the Smithy model definitions rather than modifying the generated TypeScript code.

Applied to files:

• typescript/src/index.ts

🧬 Code Graph Analysis (3)

typescript/src/index.ts (1)

python/api_model/types/models.py (1)

• PresignedPostData (198-203)

typescript/src/models.ts (1)

typescript/src/index.ts (1)

• components (4-4)

python/api_model/types/models.py (2)

typescript/src/index.ts (1)

• PresignedPostData (365-368)

python/build/lib/api_model/types/models.py (1)

• PresignedPostData (79-81)

🔇 Additional comments (5)

python/api_model/types/models.py (1)

283-285: LGTM: Response now returns presigned POST data (secure, scalable).

This aligns with the Smithy contract and shifts the heavy upload path off the API, which is better for security and scalability.

model/profiles.smithy (1)

82-84: Good change: required presigned POST output enables secure, scalable direct uploads.

Returning PresignedPostData as the sole required member is clear and aligns all SDKs on the new flow.

typescript/src/models.ts (2)

591-592: TS schema update is correct and consistent with the Smithy/Python models.

UploadProfilePictureResponseContent now exposes url_info: PresignedPostData; this is the right design for presigned uploads.

---

1115-1115: Correct: requestBody removed (never) for UploadProfilePicture.

Matches the empty input shape; avoids accidental client body sends and keeps the contract tight.

typescript/src/index.ts (1)

434-436: LGTM: Exported response type now returns url_info, matching models.ts.

Keeps the top-level types in sync and supports the new presigned upload flow.

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch upload-profile-picture

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c811603 and 74c0039.

📒 Files selected for processing (4)

• model/profiles.smithy (1 hunks)
• python/api_model/types/models.py (1 hunks)
• typescript/src/index.ts (1 hunks)
• typescript/src/models.ts (2 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

**/*.smithy

📄 CodeRabbit Inference Engine (.rules/001_prefermap)

When creating a set of uniquely named/id objects in the smithy model, prefer to use Map over List.

Files:

• model/profiles.smithy

🧬 Code Graph Analysis (2)

typescript/src/index.ts (1)

python/api_model/types/models.py (1)

• PresignedPostData (198-203)

python/api_model/types/models.py (2)

typescript/src/index.ts (1)

• PresignedPostData (365-368)

python/build/lib/api_model/types/models.py (1)

• PresignedPostData (79-81)

🔇 Additional comments (5)

python/api_model/types/models.py (1)

283-285: Presigned URL response model aligns with presigned-post pattern (good for security and scalability).

Returning url_info: PresignedPostData is consistent with the rest of the API and reduces server load and data handling risk. Type matches the shared PresignedPostData.

model/profiles.smithy (1)

82-84: UploadProfilePictureOutput returning PresignedPostData is the right design move.

The @required url_info: PresignedPostData output cleanly supports client-side uploads and minimizes sensitive data handling server-side.

typescript/src/index.ts (1)

434-436: TS type updated to url_info: PresignedPostData — consistent and correct.

Matches the Smithy and Python models; unknown for fields is acceptable given provider variability.

typescript/src/models.ts (2)

591-592: Schema updated to url_info: PresignedPostData — consistent across stacks.

This keeps parity with GetUploadURLResponseContent and the new Smithy definition.

---

1115-1115: ✅ UploadProfilePicture empty-input verified; no lingering references found

All checks are green for removing the request body on the UploadProfilePicture operation:

• requestBody?: never is correctly applied in typescript/src/models.ts:1115.
• No occurrences of the old UploadProfilePictureRequestContent remain.
• No client code still posts a body to /uploadProfilePicture.
• PresignedPostData usage is consistent across TypeScript and Python models.

Approving these changes.

[coderabbitai]

Actionable comments posted: 4

♻️ Duplicate comments (1)

model/profiles.smithy (1)

83-85: Expose presigned URL metadata (expiry and constraints) to harden clients

Adding optional metadata (expiresAt, max size, allowed content types) improves client-side security and UX (Security: enforce size/type constraints; Design: clearer contract). This was requested previously; repeating here for visibility.

 structure UploadProfilePictureOutput {
     @required
     url_info: PresignedPostData
+    // Optional metadata for client guidance & validation
+    expiresAt: Timestamp
+    maxSizeBytes: Long
+    allowedContentTypes: StringList
 }

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 74c0039 and 957c571.

📒 Files selected for processing (5)

• model/equaliq.smithy (1 hunks)
• model/profiles.smithy (1 hunks)
• python/api_model/types/models.py (2 hunks)
• typescript/src/index.ts (2 hunks)
• typescript/src/models.ts (3 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

**/*.smithy

📄 CodeRabbit Inference Engine (.rules/001_prefermap)

When creating a set of uniquely named/id objects in the smithy model, prefer to use Map over List.

Files:

• model/equaliq.smithy
• model/profiles.smithy

🧬 Code Graph Analysis (3)

python/api_model/types/models.py (2)

typescript/src/index.ts (3)

• UploadProfilePictureInput (435-435)
• UploadProfilePictureResponseContent (437-439)
• PresignedPostData (366-369)

python/build/lib/api_model/types/models.py (1)

• PresignedPostData (79-81)

typescript/src/index.ts (1)

python/api_model/types/models.py (3)

• UploadProfilePictureInput (283-284)
• UploadProfilePictureResponseContent (287-288)
• PresignedPostData (198-203)

typescript/src/models.ts (1)

typescript/src/index.ts (1)

• components (4-4)

🔇 Additional comments (8)

model/equaliq.smithy (1)

39-40: LGTM: Exposing UploadProfilePictureInput is consistent and useful

Good addition to ExposedTypes; this keeps SDKs consistent and scalable when evolving public surface types.

typescript/src/index.ts (2)

223-226: LGTM: ExposeTypes includes uploadProfilePictureInput

Matches Smithy and models.ts. This keeps the unwrapped types in sync.

---

437-439: Verify clients handle required url_info for uploadProfilePicture

The UploadProfilePictureResponseContent type now only includes the url_info field (see typescript/src/index.ts:438). Please confirm that:

• All client implementations have been updated to consume url_info instead of the removed message and pictureId fields.
• Any legacy references or parsing logic for message or pictureId (e.g. in tests or shared utility functions) have been removed.
• Consumers are using the presigned POST data to submit multipart/form-data, not sending a JSON body to /uploadProfilePicture.
• Integration tests or downstream services no longer expect the old response shape.

python/api_model/types/models.py (2)

283-285: LGTM: Empty UploadProfilePictureInput matches Smithy and exposed types

This keeps the surface stable without requiring a request body.

---

535-538: LGTM: ExposeTypes includes uploadProfilePictureInput

Consistent with Smithy and TS models; helps SDK consumers discover the type.

typescript/src/models.ts (3)

406-409: LGTM: ExposeTypes schema extended with uploadProfilePictureInput

In sync with the service model; no issues.

---

593-594: LGTM: Response shape returns required url_info (PresignedPostData)

This is consistent with GetUploadURL and improves scalability by delegating file transfer to storage.

---

1117-1117: No breaking changes detected—UploadProfilePicture’s requestBody removal is safe

• Searches in TypeScript and Python client code found no invocations of uploadProfilePicture (no .uploadProfilePicture( or upload_profile_picture( calls).
• This repository is a client SDK; there are no server handler implementations here to update.
• Since no clients send a JSON body, removing requestBody from the model is backward-compatible.