mostly done

Author: aster-void

common/zod/schemas.ts

@@ -110,6 +110,7 @@ export const MessageSchema = z.object({
   creator: UserIDSchema,
   createdAt: z.date(),
   content: ContentSchema,
+  isPicture: z.boolean(),
   edited: z.boolean(),
 });
 

server/prisma/schema.prisma

@@ -41,12 +41,17 @@ model User {
   receivingUsers Relationship[] @relation("receiving") // 自分にマッチリクエストを送ったユーザー
 }
 
-// プロフィールの画像。
 model Avatar {
   guid String @id
   data Bytes
 }
 
+model Picture {
+  hash     String @id
+  data     Bytes
+  key      String // password
+}
+
 // enum Gender {
 //   MALE
 //   FEMALE
@@ -102,8 +107,6 @@ enum MatchingStatus {
   REJECTED
 }
 
-// TODO: lazy load MessageLog s.t. it doesn't need to be loaded on Overview query.
-// https://www.prisma.io/docs/orm/prisma-client/queries/select-fields
 model SharedRoom {
   id        Int       @id @default(autoincrement())
   thumbnail String // URL to thumbnail picture
@@ -114,10 +117,11 @@ model SharedRoom {
 
 model Message {
   id           Int           @id @default(autoincrement())
-  creator      Int // refers to UserId
+  creator      Int           // refers to UserId
   createdAt    DateTime      @default(now()) // @readonly
   edited       Boolean       @default(false)
   content      String
+  isPicture    Boolean // iff the message is a picture. if true, then content is a url of picture.
   relation     Relationship? @relation(fields: [relationId], references: [id], onDelete: Cascade)
   relationId   Int?
   sharedRoom   SharedRoom?   @relation(fields: [sharedRoomId], references: [id], onDelete: Cascade)

server/src/database/chat.ts

@@ -73,12 +73,13 @@ export async function getOverview(
  **/
 export async function sendDM(
   relation: RelationshipID,
-  content: Omit<Message, "id">,
+  content: Omit<Omit<Message, "id">, "isPicture">,
 ): Promise<Result<Message>> {
   try {
     const message = await prisma.message.create({
       data: {
         relationId: relation,
+        isPicture: false,
         ...content,
       },
     });
@@ -87,6 +88,26 @@ export async function sendDM(
     return Err(e);
   }
 }
+/**
+this doesn't create the image. use uploadPic in database/picture.ts to create the image.
+**/
+export async function createImageMessage(
+  sender: UserID,
+  relation: RelationshipID,
+  url: string,
+) {
+  return prisma.message
+    .create({
+      data: {
+        creator: sender,
+        relationId: relation,
+        content: url,
+        isPicture: true,
+      },
+    })
+    .then((val) => Ok(val))
+    .catch((err) => Err(err));
+}
 
 export async function createSharedRoom(
   room: InitRoom,

server/src/database/picture.ts

@@ -2,15 +2,47 @@ import { Err, Ok, type Result } from "../common/lib/result";
 import type { GUID } from "../common/types";
 import { prisma } from "./client";
 
+/**
+ * @returns URL of the uploaded file.
+ * @throws on database conn fail.
+ **/
+export async function uploadPic(
+  hash: string,
+  buf: Buffer,
+  passkey: string,
+): Promise<string> {
+  await prisma.picture.upsert({
+    where: { hash },
+    create: { hash, data: buf, key: passkey },
+    update: { data: buf, key: passkey },
+  });
+  const url = `/picture/${hash}?key=${passkey}`;
+  return url;
+}
+
+export async function getPic(hash: string, passkey: string) {
+  return prisma.picture
+    .findUnique({
+      where: {
+        hash,
+        key: passkey,
+      },
+    })
+    .then((val) => val?.data);
+}
+
 /**
  * is safe to await.
  * @returns URL of the file.
  **/
-export async function set(guid: GUID, buf: Buffer): Promise<Result<string>> {
+export async function setProf(
+  guid: GUID,
+  buf: Buffer,
+): Promise<Result<string>> {
   return prisma.avatar
     .upsert({
       where: {
-        guid: guid,
+        guid,
       },
       create: { guid, data: buf },
       update: { data: buf },
@@ -27,7 +59,7 @@ export async function set(guid: GUID, buf: Buffer): Promise<Result<string>> {
 }
 
 // is await-safe.
-export async function get(guid: GUID): Promise<Result<Buffer>> {
+export async function getProf(guid: GUID): Promise<Result<Buffer>> {
   return prisma.avatar
     .findUnique({
       where: { guid },

server/src/functions/chat.ts

@@ -46,7 +46,7 @@ export async function sendDM(
     return http.forbidden("cannot send to non-friend");
 
   // they are now MATCHED
-  const msg: Omit<Message, "id"> = {
+  const msg: Omit<Omit<Message, "id">, "isPicture"> = {
     creator: from,
     createdAt: new Date(),
     edited: false,

server/src/lib/hash.ts

@@ -0,0 +1,7 @@
+import crypto from "node:crypto";
+
+export function sha256(src: string): string {
+  const hasher = crypto.createHash("sha256");
+  hasher.update(src);
+  return hasher.digest("hex");
+}

server/src/router/picture.ts

@@ -1,8 +1,13 @@
 import bodyParser from "body-parser";
 import express from "express";
+import { safeParseInt } from "../common/lib/result/safeParseInt";
+import * as chat from "../database/chat";
+import * as relation from "../database/matches";
 import * as storage from "../database/picture";
+import { safeGetUserId } from "../firebase/auth/db";
 import { safeGetGUID } from "../firebase/auth/lib";
 import { compressImage } from "../functions/img/compress";
+import * as hashing from "../lib/hash";
 
 const parseLargeBuffer = bodyParser.raw({
   type: "image/png",
@@ -12,11 +17,59 @@ const router = express.Router();
 
 /* General Pictures in chat */
 
+router.post("/to/:userId", parseLargeBuffer, async (req, res) => {
+  if (!Buffer.isBuffer(req.body)) return res.status(400).send("not buffer");
+  const buf = req.body;
+
+  const sender = await safeGetUserId(req);
+  if (!sender.ok) return res.status(401).end();
+  const recv = safeParseInt(req.params.userId);
+  if (!recv.ok) return res.status(400).end();
+
+  const rel = await relation.getRelation(sender.value, recv.value);
+  if (!rel.ok) return res.status(401).send();
+  if (rel.value.status !== "MATCHED") return res.status(401).send();
+
+  const hash = hashing.sha256(buf.toString("base64"));
+  const passkey = hashing.sha256(crypto.randomUUID());
+
+  return storage
+    .uploadPic(hash, buf, passkey)
+    .then(async (url) => {
+      await chat.createImageMessage(sender.value, rel.value.id, url);
+      res.status(201).send(url).end();
+    })
+    .catch((err) => {
+      console.log(err);
+      res.status(500).send("Failed to upload image to database").end();
+    });
+});
+
+router.get("/:id", async (req, res) => {
+  const hash = req.params.id;
+  const key = req.query.key;
+  if (!key) return res.status(400).send("key is required");
+
+  return storage
+    .getPic(hash, String(key))
+    .then((buf) => {
+      if (buf) {
+        res.status(200).send(buf).end();
+      } else {
+        res.status(404).send("not found").end();
+      }
+    })
+    .catch((err) => {
+      console.error(err);
+      res.status(500).send("Failed to get image from database").end();
+    });
+});
+
 /* Profile Pictures */
 
 router.get("/profile/:guid", async (req, res) => {
   const guid = req.params.guid;
-  const result = await storage.get(guid);
+  const result = await storage.getProf(guid);
   switch (result.ok) {
     case true:
       return res.send(result.value);
@@ -29,12 +82,12 @@ router.post("/profile", parseLargeBuffer, async (req, res) => {
   const guid = await safeGetGUID(req);
   if (!guid.ok) return res.status(401).send();
 
-  if (!Buffer.isBuffer(req.body)) return res.status(404).send("not buffer");
+  if (!Buffer.isBuffer(req.body)) return res.status(400).send("not buffer");
 
   const buf = await compressImage(req.body);
   if (!buf.ok) return res.status(500).send("failed to compress image");
 
-  const url = await storage.set(guid.value, buf.value);
+  const url = await storage.setProf(guid.value, buf.value);
   if (!url.ok) return res.status(500).send("failed to upload image");
 
   return res.status(201).type("text/plain").send(url.value);

web/bun.lockb

@@ -1 +1,13 @@
-export { uploadImage } from "./internal/fetch-func";
+import type { UserID } from "../common/types";
+import * as endpoints from "./internal/endpoints";
+import { uploadImage as uploader } from "./internal/fetch-func";
+export { MAX_IMAGE_SIZE } from "./internal/fetch-func";
+
+export async function uploadAvatar(f: File) {
+  return await uploader(endpoints.profilePicture, f);
+}
+
+/** @throws if failed to send image. **/
+export async function sendImageTo(u: UserID, f: File) {
+  await uploader(endpoints.sendPictureTo(u), f);
+}

web/src/api/image.ts

@@ -356,6 +356,11 @@ export const roomInvite = (roomId: ShareRoomID) =>
 export const message = (messageId: MessageID) =>
   `${origin}/chat/messages/id/${messageId}`;
 
+/**
+ * POST: send picture.
+ */
+export const sendPictureTo = (friendId: UserID) =>
+  `${origin}/picture/to/${friendId}`;
 /**
  * GET: get profile picture of URL (this is usually hard-encoded in pictureURL so this variable is barely used)
  */