feat(db, webserver): Support user avatars

ee/tabby-db/migrations/0019_user-avatar.down.sql

@@ -0,0 +1 @@
+ALTER TABLE users DROP COLUMN avatar;

ee/tabby-db/migrations/0019_user-avatar.up.sql

@@ -0,0 +1 @@
+ALTER TABLE users ADD COLUMN avatar TEXT;

ee/tabby-db/src/users.rs

@@ -20,6 +20,7 @@ pub struct UserDAO {
     /// To authenticate IDE extensions / plugins to access code completion / chat api endpoints.
     pub auth_token: String,
     pub active: bool,
+    pub avatar: Option<String>,
 }
 
 static OWNER_USER_ID: i32 = 1;
@@ -130,6 +131,7 @@ impl DbConn {
                 "updated_at",
                 "auth_token",
                 "active",
+                "avatar",
             ],
             limit,
             skip_id,
@@ -221,6 +223,17 @@ impl DbConn {
         Ok(())
     }
 
+    pub async fn update_user_avatar(&self, id: i32, avatar_base64: Option<String>) -> Result<()> {
+        query!(
+            "UPDATE users SET avatar = ? WHERE id = ?;",
+            avatar_base64,
+            id
+        )
+        .execute(&self.pool)
+        .await?;
+        Ok(())
+    }
+
     pub async fn count_active_users(&self) -> Result<usize> {
         self.cache
             .active_user_count

ee/tabby-webserver/src/schema/auth.rs

@@ -244,6 +244,7 @@ pub struct User {
     pub created_at: DateTime<Utc>,
     pub active: bool,
     pub is_password_set: bool,
+    pub avatar: Option<String>,
 }
 
 impl relay::NodeType for User {
@@ -467,6 +468,7 @@ pub trait AuthenticationService: Send + Sync {
     async fn delete_oauth_credential(&self, provider: OAuthProvider) -> Result<()>;
     async fn update_user_active(&self, id: &ID, active: bool) -> Result<()>;
     async fn update_user_role(&self, id: &ID, is_admin: bool) -> Result<()>;
+    async fn update_user_avatar(&self, id: &ID, avatar: Option<String>) -> Result<()>;
 }
 
 fn validate_password(value: &str) -> Result<(), validator::ValidationError> {

ee/tabby-webserver/src/schema/mod.rs

@@ -419,6 +419,17 @@ impl Mutation {
         Ok(true)
     }
 
+    async fn update_user_avatar(ctx: &Context, id: ID, avatar: Option<String>) -> Result<bool> {
+        let claims = check_claims(ctx)?;
+        if claims.sub.0 != id && !check_admin(ctx).is_ok() {
+            return Err(CoreError::Unauthorized(
+                "You cannot change another user's avatar",
+            ));
+        }
+        ctx.locator.auth().update_user_avatar(&id, avatar).await?;
+        Ok(true)
+    }
+
     async fn register(
         ctx: &Context,
         email: String,

ee/tabby-webserver/src/service/auth.rs

@@ -192,6 +192,12 @@ impl AuthenticationService for AuthenticationServiceImpl {
         Ok(())
     }
 
+    async fn update_user_avatar(&self, id: &ID, avatar: Option<String>) -> Result<()> {
+        let id = id.as_rowid()?;
+        self.db.update_user_avatar(id, avatar).await?;
+        Ok(())
+    }
+
     async fn token_auth(&self, email: String, password: String) -> Result<TokenAuthResponse> {
         let Some(user) = self.db.get_user_by_email(&email).await? else {
             return Err(anyhow!("Invalid email address or password").into());

ee/tabby-webserver/src/service/dao.rs

@@ -53,6 +53,7 @@ impl From<UserDAO> for auth::User {
             created_at: val.created_at,
             active: val.active,
             is_password_set: val.password_encrypted.is_some(),
+            avatar: val.avatar,
         }
     }
 }