src/app/api/user/profile-image/route.ts


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72

import { NextRequest, NextResponse } from "next/server"
import { getServerSession } from "next-auth/next"
import sharp from "sharp"
import { authOptions } from "@/lib/auth"
import dbConnect from "@/lib/mongodb"
import User from "@/model/User"
import { uploadToMinio, deleteFromMinio } from "@/lib/minio"

const MAX_FILE_SIZE = 5 * 1024 * 1024 // Reduced to 5MB
const ALLOWED_TYPES = ['image/jpeg', 'image/jpg', 'image/png', 'image/webp']

export async function POST(request: NextRequest) {
  try {
    const session = await getServerSession(authOptions)
    if (!session?.user?.id) return NextResponse.json({ error: "Unauthorized" }, { status: 401 })

    const formData = await request.formData()
    const file = formData.get('image') as File

    if (!file || !ALLOWED_TYPES.includes(file.type) || file.size > MAX_FILE_SIZE) {
      return NextResponse.json({ error: "Invalid file" }, { status: 400 })
    }

    const buffer = Buffer.from(await file.arrayBuffer())
    
    try { await sharp(buffer).metadata() } 
    catch { return NextResponse.json({ error: "Invalid image file" }, { status: 400 }) }

    const processedBuffer = await sharp(buffer)
      .resize(400, 400, { fit: 'cover' })
      .webp({ quality: 80 })
      .toBuffer()

    const key = `users/${session.user.id}/profile/avatar.webp`
    
    await dbConnect()
    const minioUrl = await uploadToMinio(key, processedBuffer, 'image/webp')

    await User.findByIdAndUpdate(
      session.user.id,
      { profileImage: { url: minioUrl, key, uploadedAt: new Date() } }
    )

    return NextResponse.json({ 
      message: "Profile image uploaded successfully", 
      profileImage: { url: minioUrl } 
    })
  } catch (error) {
    console.error("Upload error:", error)
    return NextResponse.json({ error: "Internal server error" }, { status: 500 })
  }
}

export async function DELETE() {
  try {
    const session = await getServerSession(authOptions)
    if (!session?.user?.id) return NextResponse.json({ error: "Unauthorized" }, { status: 401 })

    await dbConnect()
    const user = await User.findById(session.user.id)
    
    if (user?.profileImage?.key) {
      await deleteFromMinio(user.profileImage.key)
      await User.findByIdAndUpdate(session.user.id, { $unset: { profileImage: 1 } })
    }

    return NextResponse.json({ message: "Profile image deleted" })
  } catch (error) {
    console.error("Delete error:", error)
    return NextResponse.json({ error: "Internal server error" }, { status: 500 })
  }
}