matrix-workers/src/api/profile.ts at main · Metasig/matrix-workers · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
// Matrix profile endpoints

import { Hono } from 'hono';
import type { AppEnv } from '../types';
import { Errors } from '../utils/errors';
import { requireAuth, optionalAuth } from '../middleware/auth';
import { getUserById, updateUserProfile } from '../services/database';
import { parseUserId, isLocalServerName } from '../utils/ids';

const app = new Hono<AppEnv>();

// GET /_matrix/client/v3/profile/:userId - Get user profile
app.get('/_matrix/client/v3/profile/:userId', optionalAuth(), async (c) => {
  const targetUserId = decodeURIComponent(c.req.param('userId'));

  // Check if this is a local user
  const parsed = parseUserId(targetUserId);
  if (!parsed) {
    return Errors.invalidParam('user_id', 'Invalid user ID format').toResponse();
  }

  if (!isLocalServerName(parsed.serverName, c.env.SERVER_NAME)) {
    // Remote user - would need federation lookup
    return Errors.notFound('User not found').toResponse();
  }

  const user = await getUserById(c.env.DB, targetUserId);
  if (!user) {
    return Errors.notFound('User not found').toResponse();
  }

  console.log('[profile] Fetching profile for:', targetUserId, {
    hasDisplayName: !!user.display_name,
    hasAvatar: !!user.avatar_url,
  });

  // Always return both fields (even if null) to indicate user exists
  // Element X uses this to verify users from directory search
  return c.json({
    displayname: user.display_name || null,
    avatar_url: user.avatar_url || null,
  });
});

// GET /_matrix/client/v3/profile/:userId/displayname - Get display name
app.get('/_matrix/client/v3/profile/:userId/displayname', optionalAuth(), async (c) => {
  const targetUserId = decodeURIComponent(c.req.param('userId'));

  const parsed = parseUserId(targetUserId);
  if (!parsed) {
    return Errors.invalidParam('user_id', 'Invalid user ID format').toResponse();
  }

  if (!isLocalServerName(parsed.serverName, c.env.SERVER_NAME)) {
    return Errors.notFound('User not found').toResponse();
  }

  const user = await getUserById(c.env.DB, targetUserId);
  if (!user) {
    return Errors.notFound('User not found').toResponse();
  }

  return c.json({
    displayname: user.display_name || null,
  });
});

// PUT /_matrix/client/v3/profile/:userId/displayname - Set display name
app.put('/_matrix/client/v3/profile/:userId/displayname', requireAuth(), async (c) => {
  const userId = c.get('userId');
  const targetUserId = decodeURIComponent(c.req.param('userId'));

  // Can only change own profile
  if (userId !== targetUserId) {
    return Errors.forbidden('Cannot modify another user\'s profile').toResponse();
  }

  let body: any;
  try {
    body = await c.req.json();
  } catch {
    return Errors.badJson().toResponse();
  }

  const { displayname } = body;

  await updateUserProfile(c.env.DB, userId, displayname);

  return c.json({});
});

// GET /_matrix/client/v3/profile/:userId/avatar_url - Get avatar URL
app.get('/_matrix/client/v3/profile/:userId/avatar_url', optionalAuth(), async (c) => {
  const targetUserId = decodeURIComponent(c.req.param('userId'));

  const parsed = parseUserId(targetUserId);
  if (!parsed) {
    return Errors.invalidParam('user_id', 'Invalid user ID format').toResponse();
  }

  if (!isLocalServerName(parsed.serverName, c.env.SERVER_NAME)) {
    return Errors.notFound('User not found').toResponse();
  }

  const user = await getUserById(c.env.DB, targetUserId);
  if (!user) {
    return Errors.notFound('User not found').toResponse();
  }

  return c.json({
    avatar_url: user.avatar_url || null,
  });
});

// PUT /_matrix/client/v3/profile/:userId/avatar_url - Set avatar URL
app.put('/_matrix/client/v3/profile/:userId/avatar_url', requireAuth(), async (c) => {
  const userId = c.get('userId');
  const targetUserId = decodeURIComponent(c.req.param('userId'));

  // Can only change own profile
  if (userId !== targetUserId) {
    return Errors.forbidden('Cannot modify another user\'s profile').toResponse();
  }

  let body: any;
  try {
    body = await c.req.json();
  } catch {
    return Errors.badJson().toResponse();
  }

  const { avatar_url } = body;

  await updateUserProfile(c.env.DB, userId, undefined, avatar_url);

  return c.json({});
});

// ============================================
// Custom Profile Keys (Matrix v1.17 Extension)
// ============================================

// GET /_matrix/client/v3/profile/:userId/:keyName - Get custom profile key
app.get('/_matrix/client/v3/profile/:userId/:keyName', optionalAuth(), async (c) => {
  const targetUserId = decodeURIComponent(c.req.param('userId'));
  const keyName = c.req.param('keyName');

  // These are handled by the specific endpoints above
  if (keyName === 'displayname' || keyName === 'avatar_url') {
    // Let Hono route to the correct handler
    // This shouldn't be reached due to route ordering, but defensive coding
    return c.json({ errcode: 'M_UNRECOGNIZED', error: 'Use specific endpoint' }, 400);
  }

  const parsed = parseUserId(targetUserId);
  if (!parsed) {
    return Errors.invalidParam('user_id', 'Invalid user ID format').toResponse();
  }

  if (!isLocalServerName(parsed.serverName, c.env.SERVER_NAME)) {
    return Errors.notFound('User not found').toResponse();
  }

  const user = await getUserById(c.env.DB, targetUserId);
  if (!user) {
    return Errors.notFound('User not found').toResponse();
  }

  // Get custom profile data from KV
  const profileJson = await c.env.CACHE.get(`profile:${targetUserId}:custom`);
  const profileData = profileJson ? JSON.parse(profileJson) : {};

  if (!(keyName in profileData)) {
    return Errors.notFound(`Profile key '${keyName}' not found`).toResponse();
  }

  return c.json({ [keyName]: profileData[keyName] });
});

// PUT /_matrix/client/v3/profile/:userId/:keyName - Set custom profile key
app.put('/_matrix/client/v3/profile/:userId/:keyName', requireAuth(), async (c) => {
  const authUserId = c.get('userId');
  const targetUserId = decodeURIComponent(c.req.param('userId'));
  const keyName = c.req.param('keyName');

  // Cannot modify another user's profile
  if (authUserId !== targetUserId) {
    return Errors.forbidden('Cannot modify another user\'s profile').toResponse();
  }

  // Standard keys are handled by specific endpoints
  if (keyName === 'displayname' || keyName === 'avatar_url') {
    return c.json({ errcode: 'M_UNRECOGNIZED', error: 'Use specific endpoint' }, 400);
  }

  let body: Record<string, unknown>;
  try {
    body = await c.req.json();
  } catch {
    return Errors.badJson().toResponse();
  }

  const value = body[keyName];
  if (value === undefined) {
    return c.json({ errcode: 'M_MISSING_PARAM', error: `Missing '${keyName}' in request body` }, 400);
  }

  // Get current profile data from KV
  const profileJson = await c.env.CACHE.get(`profile:${targetUserId}:custom`);
  const profileData = profileJson ? JSON.parse(profileJson) : {};

  // Update the key
  profileData[keyName] = value;

  // Store back in KV with 1-year TTL
  await c.env.CACHE.put(
    `profile:${targetUserId}:custom`,
    JSON.stringify(profileData),
    { expirationTtl: 365 * 24 * 60 * 60 }
  );

  return c.json({});
});

// DELETE /_matrix/client/v3/profile/:userId/:keyName - Delete custom profile key
app.delete('/_matrix/client/v3/profile/:userId/:keyName', requireAuth(), async (c) => {
  const authUserId = c.get('userId');
  const targetUserId = decodeURIComponent(c.req.param('userId'));
  const keyName = c.req.param('keyName');

  // Cannot modify another user's profile
  if (authUserId !== targetUserId) {
    return Errors.forbidden('Cannot modify another user\'s profile').toResponse();
  }

  // Cannot delete standard keys
  if (keyName === 'displayname' || keyName === 'avatar_url') {
    return Errors.forbidden('Cannot delete standard profile keys').toResponse();
  }

  // Get current profile data from KV
  const profileJson = await c.env.CACHE.get(`profile:${targetUserId}:custom`);
  const profileData = profileJson ? JSON.parse(profileJson) : {};

  // Remove the key
  delete profileData[keyName];

  // Store back in KV
  await c.env.CACHE.put(
    `profile:${targetUserId}:custom`,
    JSON.stringify(profileData),
    { expirationTtl: 365 * 24 * 60 * 60 }
  );

  return c.json({});
});

export default app;