diff --git a/docs/api/swagger.yaml b/docs/api/swagger.yaml
index b86d4b9eb..7e61dcf1c 100644
--- a/docs/api/swagger.yaml
+++ b/docs/api/swagger.yaml
@@ -7276,6 +7276,60 @@ paths:
summary: Return an object of user preferences.
tags:
- preferences
+ /api/v1/profile/avatar:
+ delete:
+ description: If the account doesn't have an avatar, the call succeeds anyway.
+ operationId: accountAvatarDelete
+ produces:
+ - application/json
+ responses:
+ "200":
+ description: The updated account, including profile source information.
+ schema:
+ $ref: '#/definitions/account'
+ "400":
+ description: bad request
+ "401":
+ description: unauthorized
+ "403":
+ description: forbidden
+ "406":
+ description: not acceptable
+ "500":
+ description: internal server error
+ security:
+ - OAuth2 Bearer:
+ - admin
+ summary: Delete the authenticated account's avatar.
+ tags:
+ - accounts
+ /api/v1/profile/header:
+ delete:
+ description: If the account doesn't have a header, the call succeeds anyway.
+ operationId: accountHeaderDelete
+ produces:
+ - application/json
+ responses:
+ "200":
+ description: The updated account, including profile source information.
+ schema:
+ $ref: '#/definitions/account'
+ "400":
+ description: bad request
+ "401":
+ description: unauthorized
+ "403":
+ description: forbidden
+ "406":
+ description: not acceptable
+ "500":
+ description: internal server error
+ security:
+ - OAuth2 Bearer:
+ - admin
+ summary: Delete the authenticated account's header.
+ tags:
+ - accounts
/api/v1/reports:
get:
description: |-
diff --git a/internal/api/client/accounts/accounts.go b/internal/api/client/accounts/accounts.go
index 8b92bd7a5..61fdc41ad 100644
--- a/internal/api/client/accounts/accounts.go
+++ b/internal/api/client/accounts/accounts.go
@@ -56,6 +56,11 @@
MovePath = BasePath + "/move"
AliasPath = BasePath + "/alias"
ThemesPath = BasePath + "/themes"
+
+ // ProfileBasePath for the profile API, an extension of the account update API with a different path.
+ ProfileBasePath = "/v1/profile"
+ AvatarPath = ProfileBasePath + "/avatar"
+ HeaderPath = ProfileBasePath + "/header"
)
type Module struct {
@@ -84,6 +89,10 @@ func (m *Module) Route(attachHandler func(method string, path string, f ...gin.H
// modify account
attachHandler(http.MethodPatch, UpdatePath, m.AccountUpdateCredentialsPATCHHandler)
+ // modify account profile media
+ attachHandler(http.MethodDelete, AvatarPath, m.AccountAvatarDELETEHandler)
+ attachHandler(http.MethodDelete, HeaderPath, m.AccountHeaderDELETEHandler)
+
// get account's statuses
attachHandler(http.MethodGet, StatusesPath, m.AccountStatusesGETHandler)
diff --git a/internal/api/client/accounts/profile.go b/internal/api/client/accounts/profile.go
new file mode 100644
index 000000000..8ff59a23b
--- /dev/null
+++ b/internal/api/client/accounts/profile.go
@@ -0,0 +1,123 @@
+// GoToSocial
+// Copyright (C) GoToSocial Authors admin@gotosocial.org
+// SPDX-License-Identifier: AGPL-3.0-or-later
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program. If not, see .
+
+package accounts
+
+import (
+ "context"
+ "net/http"
+
+ "github.com/gin-gonic/gin"
+ apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
+ apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
+ "github.com/superseriousbusiness/gotosocial/internal/gtserror"
+ "github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
+ "github.com/superseriousbusiness/gotosocial/internal/oauth"
+)
+
+// AccountAvatarDELETEHandler swagger:operation DELETE /api/v1/profile/avatar accountAvatarDelete
+//
+// Delete the authenticated account's avatar.
+// If the account doesn't have an avatar, the call succeeds anyway.
+//
+// ---
+// tags:
+// - accounts
+//
+// produces:
+// - application/json
+//
+// security:
+// - OAuth2 Bearer:
+// - admin
+//
+// responses:
+// '200':
+// description: The updated account, including profile source information.
+// schema:
+// "$ref": "#/definitions/account"
+// '400':
+// description: bad request
+// '401':
+// description: unauthorized
+// '403':
+// description: forbidden
+// '406':
+// description: not acceptable
+// '500':
+// description: internal server error
+func (m *Module) AccountAvatarDELETEHandler(c *gin.Context) {
+ m.accountDeleteProfileAttachment(c, m.processor.Media().DeleteAvatar)
+}
+
+// AccountHeaderDELETEHandler swagger:operation DELETE /api/v1/profile/header accountHeaderDelete
+//
+// Delete the authenticated account's header.
+// If the account doesn't have a header, the call succeeds anyway.
+//
+// ---
+// tags:
+// - accounts
+//
+// produces:
+// - application/json
+//
+// security:
+// - OAuth2 Bearer:
+// - admin
+//
+// responses:
+// '200':
+// description: The updated account, including profile source information.
+// schema:
+// "$ref": "#/definitions/account"
+// '400':
+// description: bad request
+// '401':
+// description: unauthorized
+// '403':
+// description: forbidden
+// '406':
+// description: not acceptable
+// '500':
+// description: internal server error
+func (m *Module) AccountHeaderDELETEHandler(c *gin.Context) {
+ m.accountDeleteProfileAttachment(c, m.processor.Media().DeleteHeader)
+}
+
+// accountDeleteProfileAttachment checks that an authenticated account is present and allowed to alter itself,
+// runs an attachment deletion processor method, and returns the updated account.
+func (m *Module) accountDeleteProfileAttachment(c *gin.Context, processDelete func(context.Context, *gtsmodel.Account) (*apimodel.Account, gtserror.WithCode)) {
+ authed, err := oauth.Authed(c, true, true, true, true)
+ if err != nil {
+ apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
+ return
+ }
+
+ if _, err := apiutil.NegotiateAccept(c, apiutil.JSONAcceptHeaders...); err != nil {
+ apiutil.ErrorHandler(c, gtserror.NewErrorNotAcceptable(err, err.Error()), m.processor.InstanceGetV1)
+ return
+ }
+
+ acctSensitive, errWithCode := processDelete(c, authed.Account)
+ if errWithCode != nil {
+ apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
+ return
+ }
+
+ apiutil.JSON(c, http.StatusOK, acctSensitive)
+}
diff --git a/internal/api/client/accounts/profile_test.go b/internal/api/client/accounts/profile_test.go
new file mode 100644
index 000000000..62a622b37
--- /dev/null
+++ b/internal/api/client/accounts/profile_test.go
@@ -0,0 +1,141 @@
+// GoToSocial
+// Copyright (C) GoToSocial Authors admin@gotosocial.org
+// SPDX-License-Identifier: AGPL-3.0-or-later
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program. If not, see .
+
+package accounts_test
+
+import (
+ "encoding/json"
+ "fmt"
+ "io"
+ "net/http"
+ "net/http/httptest"
+ "strings"
+ "testing"
+
+ "github.com/gin-gonic/gin"
+ "github.com/stretchr/testify/suite"
+ "github.com/superseriousbusiness/gotosocial/internal/api/client/accounts"
+ apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
+ "github.com/superseriousbusiness/gotosocial/internal/config"
+ "github.com/superseriousbusiness/gotosocial/internal/oauth"
+ "github.com/superseriousbusiness/gotosocial/testrig"
+)
+
+type AccountProfileTestSuite struct {
+ AccountStandardTestSuite
+}
+
+func (suite *AccountProfileTestSuite) deleteProfileAttachment(
+ testAccountFixtureName string,
+ profileSubpath string,
+ handler func(*gin.Context),
+ expectedHTTPStatus int,
+) (*apimodel.Account, error) {
+ // instantiate recorder + test context
+ recorder := httptest.NewRecorder()
+ ctx, _ := testrig.CreateGinTestContext(recorder, nil)
+ ctx.Set(oauth.SessionAuthorizedAccount, suite.testAccounts[testAccountFixtureName])
+ ctx.Set(oauth.SessionAuthorizedToken, oauth.DBTokenToToken(suite.testTokens[testAccountFixtureName]))
+ ctx.Set(oauth.SessionAuthorizedApplication, suite.testApplications["application_1"])
+ ctx.Set(oauth.SessionAuthorizedUser, suite.testUsers[testAccountFixtureName])
+
+ // create the request
+ ctx.Request = httptest.NewRequest(http.MethodDelete, config.GetProtocol()+"://"+config.GetHost()+"/api"+accounts.ProfileBasePath+"/"+profileSubpath, nil)
+ ctx.Request.Header.Set("accept", "application/json")
+
+ // trigger the handler
+ handler(ctx)
+
+ // read the response
+ result := recorder.Result()
+ defer result.Body.Close()
+
+ b, err := io.ReadAll(result.Body)
+ if err != nil {
+ return nil, err
+ }
+
+ // check code
+ if resultCode := recorder.Code; expectedHTTPStatus != resultCode {
+ return nil, fmt.Errorf("expected %d got %d", expectedHTTPStatus, resultCode)
+ }
+
+ resp := &apimodel.Account{}
+ if err := json.Unmarshal(b, resp); err != nil {
+ return nil, err
+ }
+
+ return resp, nil
+}
+
+// Delete the avatar of a user that has an avatar. Should succeed.
+func (suite *AccountProfileTestSuite) TestDeleteAvatar() {
+ account, err := suite.deleteProfileAttachment(
+ "local_account_1",
+ "avatar",
+ suite.accountsModule.AccountAvatarDELETEHandler,
+ http.StatusOK,
+ )
+ if suite.NoError(err) {
+ // An empty URL is legal *only* in the test environment, which may have no default avatars.
+ suite.True(account.Avatar == "" || strings.HasPrefix(account.Avatar, "http://localhost:8080/assets/default_avatars/"))
+ }
+}
+
+// Delete the avatar of a user that doesn't have an avatar. Should succeed.
+func (suite *AccountProfileTestSuite) TestDeleteNonexistentAvatar() {
+ account, err := suite.deleteProfileAttachment(
+ "admin_account",
+ "avatar",
+ suite.accountsModule.AccountAvatarDELETEHandler,
+ http.StatusOK,
+ )
+ if suite.NoError(err) {
+ // An empty URL is legal *only* in the test environment, which may have no default avatars.
+ suite.True(account.Avatar == "" || strings.HasPrefix(account.Avatar, "http://localhost:8080/assets/default_avatars/"))
+ }
+}
+
+// Delete the header of a user that has a header. Should succeed.
+func (suite *AccountProfileTestSuite) TestDeleteHeader() {
+ account, err := suite.deleteProfileAttachment(
+ "local_account_2",
+ "header",
+ suite.accountsModule.AccountHeaderDELETEHandler,
+ http.StatusOK,
+ )
+ if suite.NoError(err) {
+ suite.Equal("http://localhost:8080/assets/default_header.png", account.Header)
+ }
+}
+
+// Delete the header of a user that doesn't have a header. Should succeed.
+func (suite *AccountProfileTestSuite) TestDeleteNonexistentHeader() {
+ account, err := suite.deleteProfileAttachment(
+ "admin_account",
+ "header",
+ suite.accountsModule.AccountHeaderDELETEHandler,
+ http.StatusOK,
+ )
+ if suite.NoError(err) {
+ suite.Equal("http://localhost:8080/assets/default_header.png", account.Header)
+ }
+}
+
+func TestAccountProfileTestSuite(t *testing.T) {
+ suite.Run(t, new(AccountProfileTestSuite))
+}
diff --git a/internal/processing/media/profile.go b/internal/processing/media/profile.go
new file mode 100644
index 000000000..5c266e372
--- /dev/null
+++ b/internal/processing/media/profile.go
@@ -0,0 +1,77 @@
+// GoToSocial
+// Copyright (C) GoToSocial Authors admin@gotosocial.org
+// SPDX-License-Identifier: AGPL-3.0-or-later
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program. If not, see .
+
+package media
+
+import (
+ "context"
+ "fmt"
+
+ apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
+ "github.com/superseriousbusiness/gotosocial/internal/gtserror"
+ "github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
+)
+
+// DeleteAvatar deletes the account's avatar, if one exists, and returns the updated account.
+// If no avatar exists, it returns anyway with no error.
+func (p *Processor) DeleteAvatar(
+ ctx context.Context,
+ account *gtsmodel.Account,
+) (*apimodel.Account, gtserror.WithCode) {
+ attachmentID := account.AvatarMediaAttachmentID
+ account.AvatarMediaAttachmentID = ""
+ return p.deleteProfileAttachment(ctx, account, "avatar_media_attachment_id", attachmentID)
+}
+
+// DeleteHeader deletes the account's header, if one exists, and returns the updated account.
+// If no header exists, it returns anyway with no error.
+func (p *Processor) DeleteHeader(
+ ctx context.Context,
+ account *gtsmodel.Account,
+) (*apimodel.Account, gtserror.WithCode) {
+ attachmentID := account.HeaderMediaAttachmentID
+ account.HeaderMediaAttachmentID = ""
+ return p.deleteProfileAttachment(ctx, account, "header_media_attachment_id", attachmentID)
+}
+
+// deleteProfileAttachment updates an attachment ID column and then deletes the attachment.
+// Precondition: the relevant attachment ID field of the account model has already been set to the empty string.
+func (p *Processor) deleteProfileAttachment(
+ ctx context.Context,
+ account *gtsmodel.Account,
+ attachmentIDColumn string,
+ attachmentID string,
+) (*apimodel.Account, gtserror.WithCode) {
+ if attachmentID != "" {
+ // Remove attachment from account.
+ if err := p.state.DB.UpdateAccount(ctx, account, attachmentIDColumn); err != nil {
+ return nil, gtserror.NewErrorInternalError(fmt.Errorf("could not update account: %s", err))
+ }
+
+ // Delete attachment media.
+ if err := p.Delete(ctx, attachmentID); err != nil {
+ return nil, err
+ }
+ }
+
+ acctSensitive, err := p.converter.AccountToAPIAccountSensitive(ctx, account)
+ if err != nil {
+ return nil, gtserror.NewErrorInternalError(fmt.Errorf("could not convert account into apisensitive account: %s", err))
+ }
+
+ return acctSensitive, nil
+}
diff --git a/internal/typeutils/defaulticons.go b/internal/typeutils/defaulticons.go
index bcb7b8c10..e3a090109 100644
--- a/internal/typeutils/defaulticons.go
+++ b/internal/typeutils/defaulticons.go
@@ -119,7 +119,7 @@ func (c *Converter) ensureAvatar(account *apimodel.Account) {
account.AvatarStatic = avatar
}
-// EnsureAvatar ensures that the given account has a value set
+// ensureHeader ensures that the given account has a value set
// for the header URL.
//
// If no value is set, the default header will be set.