Profile picture endpoints

[spokonya]

Description

Adds backend endpoints for user profile picture management with S3 integration. Enables uploading, viewing, and deleting profile pictures.

Why:

1. Users need profile pictures for identity and personalization.
2. S3 provides scalable storage without storing files in the database.
3. Presigned URLs enable direct client-to-S3 uploads, reducing backend load and improving performance.

How it works:

1. Upload: Client requests a presigned upload URL via /s3/upload-url/{userId}, uploads directly to S3, then saves the S3 key to the user's profile via PUT /users/{userId}/profile-picture.
2. Client calls GET /users/{userId}/profile-picture, which retrieves the S3 key from the database and returns a presigned read URL for display.
3. Delete: DELETE /users/{userId}/profile-picture removes the file from S3 and clears the reference in the database.

Type of Change

• Bug fix (non-breaking change that fixes an issue)
• New feature (non-breaking change that adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Refactoring (code improvement without changing functionality)
• Documentation update
• Configuration/infrastructure change
• Performance improvement
• Test coverage improvement

Related Issue(s)

Closes #
Related to #51

What Changed?

-Added user profile picture endpoints GET, PUT, and DELETE (/users/{userId}/profile-picture) endpoints for retrieving, updating, and deleting user profile pictures with S3 integration
-Added the S3 presigned URL for access to objects in the bucket (building upon what was in the s3-setup branch which was only a presign URL to put objects in the bucket)
-Implemented repository methods: UpdateProfilePicture, GetKey, and DeleteProfilePicture to manage profile picture S3 keys in the database

Testing & Validation

How this was tested

Screenshots/Recordings

This show the profile picture being stored and removed from the db based on interactions with the frontend

Unfinished Work & Known Issues

• [] None, this PR is complete and production-ready

• The following items are intentionally deferred:

• Comments left on the first PR will apply to some of the files in this ex) s3storage.go still needs to be changed based on the comments left on the s3-setup PR

  • users_test.go appears rewritten: The file shows as fully rewritten due to a naming mistake. The test content is correct; the diff reflects the rename/reorganization.
  • Branch confusion during development: Initially added the Get Presigned URL endpoint on the frontend branch by mistake. After switching to the correct branch, changes were moved appropriately. This may have caused some temporary confusion in commit history.
    -There may be overlapping S3-related changes across 3 related PRs. I reviewed branch contents and believe everything is in the correct branch, but some S3 changes may appear in multiple PRs due to the branch mix-up.

Notes & Nuances

• ---

• ---

Pre-Merge Checklist

Code Quality

• Code follows the project's style guidelines and conventions
• Self-review completed (I've reviewed my own code for obvious issues)
• No debugging code, console logs, or commented-out code left behind
• [] No merge conflicts with the base branch
• Meaningful commit messages that explain the "why"

Testing & CI

• All CI checks are passing
• All new and existing tests pass locally
• Test coverage hasn't decreased (or decrease is justified)
• Linting passes without errors

Documentation

• Code is self-documenting or includes helpful comments for complex logic
• API documentation updated (if backend endpoints changed)
• Type definitions are accurate and up-to-date

Reviewer Notes

• Areas needing extra attention: ...
• Questions for reviewers: ...

[Dao-Ho]

Just two very quick changes, should be good to be merged otherwise!

[Dao-Ho]

I believe you still need to uncomment this

[Dao-Ho]

It's not really clear what differentiates this from GeneratePresignedGetURL when reading the name. I had to drill down to this logic to find what it's really doing. I think we can probably rename this to be more explicit (also rename the parent function that calls this to ensure it's consistent)

Suggested change

	func (s *Storage) GeneratePresignedURL(ctx context.Context, key string, expiration time.Duration) (string, error) {
	func (s *Storage) GeneratePresignedUploadURL(ctx context.Context, key string, expiration time.Duration) (string, error) {

[codecov]

Codecov Report

❌ Patch coverage is 21.08844% with 116 lines in your changes missing coverage. Please review.
✅ Project coverage is 9.33%. Comparing base (6033a10) to head (97c0e55).
⚠️ Report is 4 commits behind head on main.

Files with missing lines	Patch %	Lines
backend/internal/handler/s3.go	0.00%	36 Missing ⚠️
backend/internal/handler/users.go	50.00%	29 Missing and 2 partials ⚠️
backend/internal/service/s3/s3storage.go	0.00%	19 Missing ⚠️
backend/internal/repository/users.go	0.00%	14 Missing ⚠️
backend/internal/service/server.go	0.00%	9 Missing ⚠️
backend/internal/httpx/bind.go	0.00%	7 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #113       +/-   ##
==========================================
- Coverage   20.37%   9.33%   -11.04%     
==========================================
  Files          39     115       +76     
  Lines        1453    4037     +2584     
  Branches        0      24       +24     
==========================================
+ Hits          296     377       +81     
- Misses       1153    3654     +2501     
- Partials        4       6        +2     

Flag	Coverage Δ
backend	19.70% <21.08%> (-0.67%)	⬇️
mobile	84.00% <ø> (?)
web	0.75% <ø> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
backend/internal/httpx/bind.go	0.00% <0.00%> (ø)
backend/internal/service/server.go	0.00% <0.00%> (ø)
backend/internal/repository/users.go	0.00% <0.00%> (ø)
backend/internal/service/s3/s3storage.go	0.00% <0.00%> (ø)
backend/internal/handler/users.go	50.60% <50.00%> (-9.40%)	⬇️
backend/internal/handler/s3.go	0.00% <0.00%> (ø)

... and 76 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[Dao-Ho]

some more small comments

[Dao-Ho]

this should be a const somewhere, it's a config that doesn't feel right to be embedded into the logic, can we just make this a const?

[Dao-Ho]

what was wrong with BindAndValidate? validateCreateUser was an old pattern before @zaydaanjahangir implemented our validation system. Was this intentional?

[Dao-Ho]

I don't think we have clerk_id anymore, clerk id is just our id now, is it throwing for you? Make sure your code is up to date

[Dao-Ho]

same concept as above, should it be clerk id here?

[Dao-Ho]

nit so NOT necessary but since we're throwing a lot of custom errors for s3, feels like custom errors for them could be good here, not needed tho

[Dao-Ho]

one removal and it's good to go

[Dao-Ho]

LGTM ✅