posta/server
0
0
Fork 0
Code Issues 13 Pull requests Projects Releases Packages Wiki Activity

S2: DELETE /api/v1/identity/avatar #18

New issue
Open
opened 2026-05-12 23:44:53 +02:00 by arne · 1 comment
arne commented 2026-05-12 23:44:53 +02:00
Owner
Copy link

Parent

posta/server#15 — Operator-uploaded avatar served from the identity's URL

What to build

A DELETE /api/v1/identity/avatar endpoint that removes the on-disk
avatar file and clears the identity.avatar column. Backs the
iOS "Remove photo" affordance and the symmetric ops case (operator
wants to unset an avatar without replacing it).

End-to-end behaviour after this slice:

  • DELETE /api/v1/identity/avatar (authenticated) removes the
    avatar-<hash>.<ext> file under the per-identity directory and
    clears identity.avatar to ''. Publishes an identity-changed
    SSE event. Returns 204 No Content.
  • A subsequent fetch of the actor doc shows the avatar field empty
    (omitted on the wire, since ActorDoc.Avatar has the omitempty JSON
    tag).
  • A subsequent GET /avatar-<previous-hash>.<ext> returns 404 no-avatar.
  • Calling DELETE again when no avatar is set is a no-op: still returns
    204 (idempotent — same shape as PUT being idempotent on identical
    bytes).

Acceptance criteria

  • DELETE /api/v1/identity/avatar registered on the authenticated
    mux.
  • On request: avatar-storage module removes the current file
    (tolerating "already absent"); store call clears the
    identity.avatar column.
  • identity-changed SSE event published, same code path as PATCH /api/v1/identity and the new PUT /api/v1/identity/avatar.
  • Response is 204 No Content. Empty body.
  • Idempotent: DELETE when no avatar is set returns 204 and is a
    no-op on disk and on the column.
  • Test (against the existing newRig pattern) covers: PUT a PNG
    → DELETE → identity.avatar column is empty → GET on the
    previous URL returns 404 → DELETE again returns 204.
  • go build ./... and go test ./... pass.

Blocked by

posta/server#16 (S1: PNG avatar upload + public GET). The
avatar-storage module's remove path and the per-identity-mux 404
behaviour for the GET route both land in S1.

## Parent posta/server#15 — Operator-uploaded avatar served from the identity's URL ## What to build A `DELETE /api/v1/identity/avatar` endpoint that removes the on-disk avatar file and clears the `identity.avatar` column. Backs the iOS "Remove photo" affordance and the symmetric ops case (operator wants to unset an avatar without replacing it). End-to-end behaviour after this slice: - `DELETE /api/v1/identity/avatar` (authenticated) removes the `avatar-<hash>.<ext>` file under the per-identity directory and clears `identity.avatar` to `''`. Publishes an `identity-changed` SSE event. Returns `204 No Content`. - A subsequent fetch of the actor doc shows the `avatar` field empty (omitted on the wire, since `ActorDoc.Avatar` has the omitempty JSON tag). - A subsequent `GET /avatar-<previous-hash>.<ext>` returns `404 no-avatar`. - Calling `DELETE` again when no avatar is set is a no-op: still returns `204` (idempotent — same shape as PUT being idempotent on identical bytes). ## Acceptance criteria - [ ] `DELETE /api/v1/identity/avatar` registered on the authenticated mux. - [ ] On request: avatar-storage module removes the current file (tolerating "already absent"); store call clears the `identity.avatar` column. - [ ] `identity-changed` SSE event published, same code path as `PATCH /api/v1/identity` and the new `PUT /api/v1/identity/avatar`. - [ ] Response is `204 No Content`. Empty body. - [ ] Idempotent: DELETE when no avatar is set returns `204` and is a no-op on disk and on the column. - [ ] Test (against the existing `newRig` pattern) covers: PUT a PNG → DELETE → identity.avatar column is empty → GET on the previous URL returns `404` → DELETE again returns `204`. - [ ] `go build ./...` and `go test ./...` pass. ## Blocked by posta/server#16 (S1: PNG avatar upload + public GET). The avatar-storage module's remove path and the per-identity-mux `404` behaviour for the GET route both land in S1.
arne commented 2026-05-13 01:21:18 +02:00
Author
Owner
Copy link

This was generated by AI during triage.

Small follow-on to #16. Adds DELETE /api/v1/identity/avatar for the iOS "Remove photo" affordance — relies on the avatar-storage module's remove path and the per-identity GET route's 404 no-avatar behaviour landing in #16.

Acceptance criteria above already function as an agent brief.

Category: enhancement
State: ready-for-agent

> *This was generated by AI during triage.* Small follow-on to #16. Adds `DELETE /api/v1/identity/avatar` for the iOS "Remove photo" affordance — relies on the avatar-storage module's remove path and the per-identity GET route's `404 no-avatar` behaviour landing in #16. Acceptance criteria above already function as an agent brief. **Category:** enhancement **State:** ready-for-agent
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
marcus/allow_embed
bases
No results found.
Labels
Clear labels   
bug
Something is broken

  
enhancement
New feature or improvement

  
needs-info
Waiting on reporter for more information

  
needs-triage
Awaiting triage

  
ready-for-agent
Fully specified, ready for an AFK agent

  
ready-for-human
Needs human implementation

  
wontfix
Will not be actioned

No labels
bug
enhancement
needs-info
needs-triage
ready-for-agent
ready-for-human
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
posta/server#18
No description provided.