repo details page mostly working

internal/api/handlers/repos.go

@@ -2,10 +2,13 @@ package handlers
 
 import (
 	"encoding/json"
+	"io"
 	"net/http"
 	"net/url"
+	"os"
 	"path/filepath"
 	"strconv"
+	"strings"
 
 	"github.com/go-chi/chi/v5"
 	"xorm.io/xorm"
@@ -21,15 +24,40 @@ type repoResponse struct {
 	models.Repository
 	OwnerName string `json:"ownerName"`
 	IsEmpty   bool   `json:"isEmpty"`
+	AvatarURL string `json:"avatarUrl"`
 	Size      int64  `json:"size"`
 }
 
+func avatarPath(repoRoot string, repoID int64) string {
+	return filepath.Join(repoRoot, ".avatars", strconv.FormatInt(repoID, 10))
+}
+
+func isValidRepoName(name string) bool {
+	if len(name) == 0 || len(name) > 100 {
+		return false
+	}
+	for _, c := range name {
+		if !((c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z') ||
+			(c >= '0' && c <= '9') || c == '.' || c == '_' || c == '-') {
+			return false
+		}
+	}
+	return true
+}
+
 func (h *RepoHandler) withOwnerName(repo *models.Repository) repoResponse {
 	var owner models.User
 	h.db.ID(repo.OwnerID).Get(&owner)
 	gitdomain.SetRepoRoot(h.cfg.RepoRoot)
+
+	avURL := ""
+	if _, err := os.Stat(avatarPath(h.cfg.RepoRoot, repo.ID)); err == nil {
+		avURL = "/api/v1/repos/" + owner.Username + "/" + repo.Name + "/avatar"
+	}
+
 	return repoResponse{
 		Repository: *repo,
+		AvatarURL:  avURL,
 		OwnerName:  owner.Username,
 		IsEmpty:    gitdomain.IsEmpty(repo.DiskPath),
 	}
@@ -354,10 +382,16 @@ func (h *RepoHandler) Update(w http.ResponseWriter, r *http.Request) {
 	if !ok {
 		return
 	}
+	callerID, _ := middleware.UserIDFromContext(r.Context())
+	if callerID != repo.OwnerID {
+		jsonError(w, "only the owner can update a repository", http.StatusForbidden)
+		return
+	}
 
 	var body struct {
-		Description *string `json:"description"`
-		IsPrivate   *bool   `json:"isPrivate"`
+		Name          *string `json:"name"`
+		Description   *string `json:"description"`
+		IsPrivate     *bool   `json:"isPrivate"`
 		DefaultBranch *string `json:"defaultBranch"`
 	}
 	if err := json.NewDecoder(r.Body).Decode(&body); err != nil {
@@ -366,6 +400,27 @@ func (h *RepoHandler) Update(w http.ResponseWriter, r *http.Request) {
 	}
 
 	cols := []string{}
+
+	// Rename: update disk path and DB name atomically.
+	if body.Name != nil && *body.Name != "" && *body.Name != repo.Name {
+		newName := strings.TrimSpace(*body.Name)
+		if !isValidRepoName(newName) {
+			jsonError(w, "invalid repository name: use letters, numbers, hyphens, underscores, and dots only", http.StatusBadRequest)
+			return
+		}
+		newDiskPath := filepath.Join(filepath.Dir(repo.DiskPath), newName+".git")
+		if _, err := os.Stat(newDiskPath); !os.IsNotExist(err) {
+			jsonError(w, "a repository with that name already exists", http.StatusConflict)
+			return
+		}
+		if err := os.Rename(repo.DiskPath, newDiskPath); err != nil {
+			jsonError(w, "could not rename repository on disk", http.StatusInternalServerError)
+			return
+		}
+		repo.DiskPath = newDiskPath
+		repo.Name = newName
+		cols = append(cols, "name", "disk_path")
+	}
 	if body.Description != nil {
 		repo.Description = *body.Description
 		cols = append(cols, "description")
@@ -388,6 +443,78 @@ func (h *RepoHandler) Update(w http.ResponseWriter, r *http.Request) {
 	jsonOK(w, h.withOwnerName(repo))
 }
 
+// GetAvatar serves the repository avatar image stored on disk.
+func (h *RepoHandler) GetAvatar(w http.ResponseWriter, r *http.Request) {
+	repo, ok := h.lookupRepo(w, r)
+	if !ok {
+		return
+	}
+	data, err := os.ReadFile(avatarPath(h.cfg.RepoRoot, repo.ID))
+	if err != nil {
+		http.NotFound(w, r)
+		return
+	}
+	w.Header().Set("Content-Type", http.DetectContentType(data))
+	w.Header().Set("Cache-Control", "public, max-age=86400")
+	w.Write(data)
+}
+
+// UploadAvatar accepts a multipart image upload and stores it as the repo avatar.
+func (h *RepoHandler) UploadAvatar(w http.ResponseWriter, r *http.Request) {
+	repo, ok := h.lookupRepo(w, r)
+	if !ok {
+		return
+	}
+	callerID, _ := middleware.UserIDFromContext(r.Context())
+	if callerID != repo.OwnerID {
+		jsonError(w, "only the owner can change the avatar", http.StatusForbidden)
+		return
+	}
+
+	r.Body = http.MaxBytesReader(w, r.Body, 5<<20)
+	if err := r.ParseMultipartForm(5 << 20); err != nil {
+		jsonError(w, "file too large (max 5 MB)", http.StatusBadRequest)
+		return
+	}
+	file, _, err := r.FormFile("avatar")
+	if err != nil {
+		jsonError(w, "avatar file is required", http.StatusBadRequest)
+		return
+	}
+	defer file.Close()
+
+	// Sniff content type from first 512 bytes, then read the rest.
+	sniff := make([]byte, 512)
+	n, _ := file.Read(sniff)
+	ct := http.DetectContentType(sniff[:n])
+	if ct != "image/jpeg" && ct != "image/png" && ct != "image/gif" && ct != "image/webp" {
+		jsonError(w, "unsupported image type; use JPEG, PNG, GIF, or WebP", http.StatusBadRequest)
+		return
+	}
+	rest, err := io.ReadAll(file)
+	if err != nil {
+		jsonError(w, "could not read file", http.StatusInternalServerError)
+		return
+	}
+	data := append(sniff[:n], rest...)
+
+	avatarDir := filepath.Join(h.cfg.RepoRoot, ".avatars")
+	if err := os.MkdirAll(avatarDir, 0755); err != nil {
+		jsonError(w, "could not create avatar directory", http.StatusInternalServerError)
+		return
+	}
+	if err := os.WriteFile(avatarPath(h.cfg.RepoRoot, repo.ID), data, 0644); err != nil {
+		jsonError(w, "could not save avatar", http.StatusInternalServerError)
+		return
+	}
+
+	var ownerUser models.User
+	h.db.ID(repo.OwnerID).Get(&ownerUser)
+	jsonOK(w, map[string]string{
+		"avatarUrl": "/api/v1/repos/" + ownerUser.Username + "/" + repo.Name + "/avatar",
+	})
+}
+
 func (h *RepoHandler) Delete(w http.ResponseWriter, r *http.Request) {
 	repo, ok := h.lookupRepo(w, r)
 	if !ok {