Image api rework

[Nutomic]

• Move all image related endpoints under /api/v4/image/
• Image parameters and responses are now in crates/api_common/src/image.rs, no more exposing of pictrs data structures
• Reorganize code in crates/routes/images
• Only use adapt_request() for image upload, not for simple things like delete or health check
• New endpoints POST /api/v4/account/avatar which directly takes image upload, instead of setting avatar url via /api/v4/account/settings/save
• Also POST /api/v4/account/banner, POST /api/v4/community/icon, POST /api/v4/community/banner, POST /api/v4/site/icon and POST /api/v4/site/banner

[Nutomic]

Indentation was changed in this file, use "hide whitespace" in github to review it.

[Nutomic]

Ready to review.

[dessalines]

Nice job, adding these as API actions is going to be much better.

• We still need a way to clear images. I'd add some POST or DELETE endpoints, that just delete the images and return that item. IE POST /site/icon/delete, /community/banner/delete...
  • Speaking of which, I see that this PR is the first one that adds HTTP DELETE. Maybe we should use that instead of POST for all our delete API actions.
• Banners can't be square. So whether that means adding both a max height and max width, or just unfortunately not being able to resize them.
• We're gonna need a DB migration to fix the history of all proxied images. So unfortunately that means doing a DB replace for comment.content, and post.body, where local = true. I believe the regular image endpoints stayed the same, so no need to correct those.

[dessalines]

Need to run scripts/./update_config_defaults.sh

[dessalines]

So how are we clearing these now?

You removed the code that sent an empty string to be able to set Some(None) for these fields, so postgres can clear / unset an image. You need to have some way to be able to do this now.

[dessalines]

By removing this, we don't have a way to clear / unset images, see comment above.

[dessalines]

This scares me, using a global static for a client. We should be trying to avoid these as much as possible, and instantiating a single client in the context and passing that around explicitly.

[dessalines]

Banners should never be square, so we probably should do max width + max height.

I found some banner sizes for current websites here.

[dessalines]

👍

[dessalines]

This will be the right endpoint for new ones, but what about for all the past post bodies and comments? This is probably going to need a DB migration that fixes all the past ones, at least for our local images.

[dessalines]

I guess the filename one is the same, but the /proxy is new, correct? That means we're going to need to do a DB migration to correct all the past ones, or we're going to have broken proxied images.

[Nothing4You]

is there a reason to expose the pict-rs delete token to the user?

i guess this was historically exposed to the user during upload before it got used in the media listing, but there isn't really any need to keep that, now that we have the media listing.
instead, the deletion api should probably just accept the image url itself and fetch the delete token from the user upload table, which can be combined with verifying that either the user is an admin or the user is the uploader.
for older uploads, in the unlikely case that someone recorded deletion tokens prior to lemmy recording which user the upload is associated with, a compatibility api could exist that allows deletion when the token is provided and the upload does not exist in the table.

[dullbananas]

For handling old image proxy links, I would prefer keeping both the old and new image proxy api endpoints permanently. Replacing old links in markdown content is slow, complicated, error prone, and might break a few image links from outside of Lemmy.

[dullbananas]

optimization

Suggested change

	let local_site = LocalSite::read(&mut context.pool()).await?;
	if local_site.private_instance && local_user_view.is_none() {
	return Ok(HttpResponse::Unauthorized().finish());
	}
	if local_user_view.is_none() {
	let local_site = LocalSite::read(&mut context.pool()).await?;
	if local_site.private_instance {
	return Ok(HttpResponse::Unauthorized().finish());
	}
	}

[dullbananas]

I'm not totally sure yet, but the calls to clone and unwrap_or_else probably shouldn't be in this function's body. The meaning of file_type.clone.unwrap_or_else(|| file_type(name)) could be more intuitive than file_type(file_type, name)