.

Server/Controller/UserApiController.cs

@@ -1,6 +1,7 @@
 using Blahblah.FlowerStory.Server.Data;
 using Blahblah.FlowerStory.Server.Data.Model;
 using Microsoft.AspNetCore.Mvc;
+using Microsoft.EntityFrameworkCore;
 using System.ComponentModel.DataAnnotations;
 using System.Security.Cryptography;
 
@@ -81,6 +82,9 @@ public partial class UserApiController : BaseController
             clientApp = "browser";
             expires = 20 * 60;  // 20 mins
         }
+
+        database.Tokens.Where(t => t.UserId == user.Id && t.ClientApp == clientApp).ExecuteDelete();
+
         var now = DateTimeOffset.UtcNow;
         var token = new TokenItem
         {
@@ -184,26 +188,31 @@ public partial class UserApiController : BaseController
     /// 请求示例：
     /// 
     ///     POST /api/user/register
-    ///     {
-    ///         "id": "blahblah",
-    ///         "password": "pwd123",
-    ///         "userName": "Blah blah",
-    ///         "email": "blah@example.com",
-    ///         "mobile": "18012345678"
-    ///     }
+    /// 
+    /// 参数：
+    /// 
+    ///     id: "blahblah"
+    ///     password: "pwd123"
+    ///     name: "Blah blah"
+    ///     email: "blah@example.com"
+    ///     mobile: "18012345678"
+    ///     avatar: <avatar>
     /// 
     /// </remarks>
     /// <param name="user">注册参数</param>
     /// <returns>成功注册则返回已注册的用户对象</returns>
     /// <response code="200">返回已注册的用户对象</response>
+    /// <response code="400">用户头像格式非法</response>
     /// <response code="500">用户重复或其他服务器错误</response>
     [Route("register", Name = "register")]
     [ProducesResponseType(StatusCodes.Status200OK)]
+    [ProducesResponseType(StatusCodes.Status400BadRequest)]
     [ProducesResponseType(StatusCodes.Status500InternalServerError)]
     [ProducesErrorResponseType(typeof(ErrorResponse))]
     [HttpPost]
-    [Consumes("application/json")]
-    public ActionResult<UserItem> Register([FromBody] UserParameter user)
+    [Consumes("multipart/form-data")]
+    [RequestSizeLimit(15 * 1024 * 1024)]
+    public ActionResult<UserItem> Register([FromForm] UserParameter user)
     {
 #if DEBUG
         logger?.LogInformation("user register, {user}", user);
@@ -214,6 +223,21 @@ public partial class UserApiController : BaseController
             return Problem("duplicateUser", "api/user/register");
         }
 
+        byte[]? data;
+        if (user.Avatar != null)
+        {
+            var avatar = WrapFormFile(user.Avatar);
+            if (avatar == null)
+            {
+                return BadRequest();
+            }
+            data = CreateThumbnail(avatar.Content);
+        }
+        else
+        {
+            data = null;
+        }
+
         var now = DateTimeOffset.UtcNow.ToUnixTimeMilliseconds();
         var item = new UserItem
         {
@@ -224,7 +248,8 @@ public partial class UserApiController : BaseController
             ActiveDateUnixTime = now,
             Name = user.UserName,
             Email = user.Email,
-            Mobile = user.Mobile
+            Mobile = user.Mobile,
+            Avatar = data
         };
         database.Users.Add(item);
         SaveDatabase();
@@ -281,30 +306,35 @@ public partial class UserApiController : BaseController
     /// 
     ///     PUT /api/user/update
     ///     Authorization: authorization id
-    ///     {
-    ///         "userName": "Blah blah",
-    ///         "email": "blah@example.com",
-    ///         "mobile": "18012345678"
-    ///     }
+    /// 
+    /// 参数：
+    /// 
+    ///     name": "Blah blah"
+    ///     email": "blah@example.com"
+    ///     mobile": "18012345678",
+    ///     avatar: &lt;avatar&gt;
     /// 
     /// </remarks>
     /// <param name="update">修改参数</param>
     /// <returns>修改成功则返回已修改的用户对象</returns>
     /// <response code="200">返回已修改的用户对象</response>
+    /// <response code="400">用户头像格式非法</response>
     /// <response code="401">未找到登录会话或已过期</response>
     /// <response code="403">用户已禁用</response>
     /// <response code="404">未找到关联用户</response>
     /// <response code="413">提交正文过大</response>
     [Route("update", Name = "updateProfile")]
     [ProducesResponseType(StatusCodes.Status200OK)]
+    [ProducesResponseType(StatusCodes.Status400BadRequest)]
     [ProducesResponseType(StatusCodes.Status401Unauthorized)]
     [ProducesResponseType(StatusCodes.Status403Forbidden)]
     [ProducesResponseType(StatusCodes.Status404NotFound)]
     [ProducesResponseType(StatusCodes.Status413PayloadTooLarge)]
     [ProducesErrorResponseType(typeof(ErrorResponse))]
     [HttpPut]
-    [Consumes("application/json")]
-    public ActionResult<UserItem> Update([FromBody] UpdateParameter update)
+    [Consumes("multipart/form-data")]
+    [RequestSizeLimit(15 * 1024 * 1024)]
+    public ActionResult<UserItem> Update([FromForm] UpdateParameter update)
     {
 #if DEBUG
         logger?.LogInformation("user update, {user}", update);
@@ -319,6 +349,17 @@ public partial class UserApiController : BaseController
             return NotFound();
         }
 
+        if (update.Avatar != null)
+        {
+            var avatar = WrapFormFile(update.Avatar);
+            if (avatar == null)
+            {
+                return BadRequest();
+            }
+
+            user.Avatar = CreateThumbnail(avatar.Content);
+        }
+
         user.Name = update.UserName;
         user.Email = update.Email;
         user.Mobile = update.Mobile;
@@ -382,7 +423,7 @@ public partial class UserApiController : BaseController
             {
                 return BadRequest();
             }
-            user.Avatar = file.Content;
+            user.Avatar = CreateThumbnail(file.Content);
         }
         SaveDatabase();
 
@@ -429,7 +470,7 @@ public partial class UserApiController : BaseController
         return Ok(count);
     }
 
-    //#if DEBUG
+#if !PRODUCTION
     /// <summary>
     /// #DEBUG 获取所有用户
     /// </summary>
@@ -453,5 +494,5 @@ public partial class UserApiController : BaseController
     {
         return Ok(database.Tokens.ToArray());
     }
-    //#endif
+#endif
 }