feat: Add user's avatar to POST and PATCH requests in users endpoints

[HamzaFouad]

What does this PR do?

• Adds avatar to POST and PATCH requests in users endpoint
• Update users docs

Requirement/Documentation

• If there is a requirement document, please, share it here.
• If there is ab UI/UX design document, please, share it here.

Type of change

• New feature (non-breaking change which adds functionality)

How should this be tested?

• Are there environment variables that should be set?
• What are the minimal test data to have?
• What is expected (happy path) to have (input and output)?
• Any other important info that could help to test that PR

Mandatory Tasks

• Make sure you have self-reviewed the code. A decent size PR without self-review might be rejected.

Checklist

• I haven't added tests that prove my fix is effective or that my feature works
• I haven't checked if new and existing unit tests pass locally with my changes

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
ui	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Oct 9, 2023 4:37am

[vercel]

@HamzaFouad is attempting to deploy a commit to the cal Team on Vercel.

A member of the Team first needs to authorize it.

[CLAassistant]

All committers have signed the CLA.

[github-actions]

Thank you for following the naming conventions! 🙏 Feel free to join our discord and post your PR link to collect XP and win prizes!

[github-actions]

📦 Next.js Bundle Analysis for @calcom/web

This analysis was generated by the Next.js Bundle Analysis action. 🤖

This PR introduced no changes to the JavaScript bundle! 🙌

[github-actions]

This PR is being marked as stale due to inactivity.

Stale

[ThyMinimalDev]

couldn't we replace this whole thing with a regexp ?

Also I think the naming of the function is unclear, we are here checking if the data inside of the data-uri string is encoded in base64.

[HamzaFouad]

Sure we can. but why do yo prefer using regex over a native lib?

I tried to name the extension method to be as generic as possible to accommodate all base64-encoding-string checks, not just for images.

[HamzaFouad]

@alishaz-polymath Could you please take the initiative and help this PR to move forward? It has been stale for very long time with no progress in reviews.

[alishaz-polymath]

@alishaz-polymath Could you please take the initiative and help this PR to move forward? It has been stale for very long time with no progress in reviews.

I'll review it this week. Thank you @HamzaFouad 🙏

[alishaz-polymath]

Requested a few changes to improve strictness and efficiency.

Please do test locally to confirm they work and adjust accordingly. The rest looks good to me 🎉 , but I'll wait on the requested changes. 🙏

[alishaz-polymath]

Suggested change

	try {
	const base64Regex = /^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$/;
	try {

Can potentially use a regex here for strict checking for base64
This pattern assumes a character set of A-Z, a-z, 0-9, +, / and possibly ending with = or ==.

[alishaz-polymath]

Suggested change

	if (parts.length === 2) {
	// metadata and base64Data
	base64Data = parts[1]; // Extract the base64 data from the second part
	}
	if (parts.length !== 2) return false;
	base64Data = parts[1]; // Extract the base64 data from the second part

We can return false when parts length !== 2 to not go about further computations as it would be false already.

[HamzaFouad]

I made this condition to not just cover base64-images, but also to cover any base64 string checks you might have in the app, so the string may be a single part or multiple part based on the usecase.

if we are only going to make this method exclusive to base64-images then there is no need for the above check
and we can tweak the regex you implemented and implement the method similar to that:

export function isValidBase64Image(input: string): boolean { 
  const regex = /^data:image\/[^;]+;base64,(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$/;
  return regex.test(input);
}

we will also rename the method to be image exclusive isValidBase64Image

[alishaz-polymath]

Suggested change

	const buffer = Buffer.from(base64Data, "base64").toString("base64");
	if (!base64Regex.test(base64Data)) return false;
	Buffer.from(base64Data, "base64");
	return true;

We can use regex to test and return false if it doesn't adhere to the regex pattern. The next line would fail if not base64, at which point it should return false thanks to catch.

[HamzaFouad]

I think we no longer need to use this line too anymore, right?
Buffer.from(base64Data, "base64");

as the condition before it should be enough to cover base64 validity

[alishaz-polymath]

Actually we still do.

• The regex test checks if the string looks like valid base64
• The buffer conversion checks if the string can be successfully decoded as base64

[HamzaFouad]

how so?
if it is a valid base64 string, then by definition, it can be decoded into binary data. Or am I missing something?

if we needed to use Buffer.from(base64Data, "base64") then why do we need the regex check at all.
we could have passed the string to the buffer, as I did at first, and if it is decodable then it passes the validation and if not we catch the exception and return false.

[alishaz-polymath]

@ThyMinimalDev
What do you think?
The regex is fairly strict so there shouldn't be many strings that pass the regex and fail Base64, but what is the safer approach here?

[ThyMinimalDev]

I Think using a regexp is the best approach here, I don't think there is a bulletproof way to make sure that the base64 string is actually a valid image, but as long as it's a valid base64 it is fine.

[alishaz-polymath]

Suggested change

	return buffer === base64Data;

Don't need to recheck it now that all checks are already done, this is redundant.

[alishaz-polymath]

LGTM 🚀 🚀

[ThyMinimalDev]

missed this during review, this file is now named isValidBase64Image.ts not isValidBase64.ts