[feature] Make instance thumbnail configurable via admin panel (#973)

* [feature] Make instance thumbnail configurable via admin panel

* log db errors in InstanceToAPIInstance

* only update instance in db if necessary

* start adding tests

* finish test

2 files changed, 80 insertions, 5 deletions

diff --git a/internal/api/client/instance/instancepatch.go b/internal/api/client/instance/instancepatch.go
index 080327852..d4fa8ca5d 100644
--- a/internal/api/client/instance/instancepatch.go
+++ b/internal/api/client/instance/instancepatch.go
@@ -20,11 +20,13 @@ package instance
 
 import (
 	"errors"
+	"fmt"
 	"net/http"
 
 	"github.com/gin-gonic/gin"
 	"github.com/superseriousbusiness/gotosocial/internal/api"
 	"github.com/superseriousbusiness/gotosocial/internal/api/model"
+	"github.com/superseriousbusiness/gotosocial/internal/config"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
 	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
@@ -89,14 +91,19 @@ import (
 //		maximum: 5000
 //		allowEmptyValue: true
 //	-
-//		name: avatar
+//		name: thumbnail
 //		in: formData
-//		description: Avatar of the instance.
+//		description: Thumbnail image to use for the instance.
 //		type: file
 //	-
+//		name: thumbnail_description
+//		in: formData
+//		description: Image description of the submitted instance thumbnail.
+//		type: string
+//	-
 //		name: header
 //		in: formData
-//		description: Header of the instance.
+//		description: Header image to use for the instance.
 //		type: file
 //
 //	security:
@@ -144,8 +151,7 @@ func (m *Module) InstanceUpdatePATCHHandler(c *gin.Context) {
 		return
 	}
 
-	if form.Title == nil && form.ContactUsername == nil && form.ContactEmail == nil && form.ShortDescription == nil && form.Description == nil && form.Terms == nil && form.Avatar == nil && form.Header == nil {
-		err := errors.New("empty form submitted")
+	if err := validateInstanceUpdate(form); err != nil {
 		api.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGet)
 		return
 	}
@@ -158,3 +164,35 @@ func (m *Module) InstanceUpdatePATCHHandler(c *gin.Context) {
 
 	c.JSON(http.StatusOK, i)
 }
+
+func validateInstanceUpdate(form *model.InstanceSettingsUpdateRequest) error {
+	if form.Title == nil &&
+		form.ContactUsername == nil &&
+		form.ContactEmail == nil &&
+		form.ShortDescription == nil &&
+		form.Description == nil &&
+		form.Terms == nil &&
+		form.Avatar == nil &&
+		form.AvatarDescription == nil &&
+		form.Header == nil {
+		return errors.New("empty form submitted")
+	}
+
+	maxImageSize := config.GetMediaImageMaxSize()
+	maxDescriptionChars := config.GetMediaDescriptionMaxChars()
+
+	// validate avatar if present
+	if form.Avatar != nil {
+		if size := form.Avatar.Size; size > int64(maxImageSize) {
+			return fmt.Errorf("file size limit exceeded: limit is %d bytes but desired instance avatar was %d bytes", maxImageSize, size)
+		}
+
+		if form.AvatarDescription != nil {
+			if length := len([]rune(*form.AvatarDescription)); length > maxDescriptionChars {
+				return fmt.Errorf("avatar description length must be less than %d characters (inclusive), but provided avatar description was %d chars", maxDescriptionChars, length)
+			}
+		}
+	}
+
+	return nil
+}
diff --git a/internal/api/client/instance/instancepatch_test.go b/internal/api/client/instance/instancepatch_test.go
index 50b19c079..a3306d297 100644
--- a/internal/api/client/instance/instancepatch_test.go
+++ b/internal/api/client/instance/instancepatch_test.go
@@ -19,6 +19,8 @@
 package instance_test
 
 import (
+	"context"
+	"fmt"
 	"io"
 	"net/http"
 	"net/http/httptest"
@@ -246,6 +248,41 @@ func (suite *InstancePatchTestSuite) TestInstancePatch7() {
 	suite.Equal(`{"error":"Bad Request: mail: missing '@' or angle-addr"}`, string(b))
 }
 
+func (suite *InstancePatchTestSuite) TestInstancePatch8() {
+	requestBody, w, err := testrig.CreateMultipartFormData(
+		"thumbnail", "../../../../testrig/media/peglin.gif",
+		map[string]string{
+			"thumbnail_description": "A bouncing little green peglin.",
+		})
+	if err != nil {
+		panic(err)
+	}
+	bodyBytes := requestBody.Bytes()
+
+	// set up the request
+	recorder := httptest.NewRecorder()
+	ctx := suite.newContext(recorder, http.MethodPatch, instance.InstanceInformationPath, bodyBytes, w.FormDataContentType(), true)
+
+	// call the handler
+	suite.instanceModule.InstanceUpdatePATCHHandler(ctx)
+	suite.Equal(http.StatusOK, recorder.Code)
+
+	result := recorder.Result()
+	defer result.Body.Close()
+
+	b, err := io.ReadAll(result.Body)
+	suite.NoError(err)
+
+	instanceAccount, err := suite.db.GetInstanceAccount(context.Background(), "")
+	if err != nil {
+		suite.FailNow(err.Error())
+	}
+	suite.NotEmpty(instanceAccount.AvatarMediaAttachmentID)
+
+	expectedInstanceResponse := fmt.Sprintf(`{"uri":"http://localhost:8080","account_domain":"localhost:8080","title":"GoToSocial Testrig Instance","description":"\u003cp\u003eThis is the GoToSocial testrig. It doesn't federate or anything.\u003c/p\u003e\u003cp\u003eWhen the testrig is shut down, all data on it will be deleted.\u003c/p\u003e\u003cp\u003eDon't use this in production!\u003c/p\u003e","short_description":"\u003cp\u003eThis is the GoToSocial testrig. It doesn't federate or anything.\u003c/p\u003e\u003cp\u003eWhen the testrig is shut down, all data on it will be deleted.\u003c/p\u003e\u003cp\u003eDon't use this in production!\u003c/p\u003e","email":"admin@example.org","version":"0.0.0-testrig","registrations":true,"approval_required":true,"invites_enabled":false,"configuration":{"statuses":{"max_characters":5000,"max_media_attachments":6,"characters_reserved_per_url":25},"media_attachments":{"supported_mime_types":["image/jpeg","image/gif","image/png"],"image_size_limit":10485760,"image_matrix_limit":16777216,"video_size_limit":41943040,"video_frame_rate_limit":60,"video_matrix_limit":16777216},"polls":{"max_options":6,"max_characters_per_option":50,"min_expiration":300,"max_expiration":2629746},"accounts":{"allow_custom_css":true},"emojis":{"emoji_size_limit":51200}},"urls":{"streaming_api":"wss://localhost:8080"},"stats":{"domain_count":2,"status_count":16,"user_count":4},"thumbnail":"http://localhost:8080/fileserver/%s/attachment/original/%s.gif","thumbnail_type":"image/gif","thumbnail_description":"A bouncing little green peglin.","contact_account":{"id":"01F8MH17FWEB39HZJ76B6VXSKF","username":"admin","acct":"admin","display_name":"","locked":false,"bot":false,"created_at":"2022-05-17T13:10:59.000Z","note":"","url":"http://localhost:8080/@admin","avatar":"","avatar_static":"","header":"http://localhost:8080/assets/default_header.png","header_static":"http://localhost:8080/assets/default_header.png","followers_count":1,"following_count":1,"statuses_count":4,"last_status_at":"2021-10-20T10:41:37.000Z","emojis":[],"fields":[],"enable_rss":true},"max_toot_chars":5000}`, instanceAccount.ID, instanceAccount.AvatarMediaAttachmentID)
+	suite.Equal(expectedInstanceResponse, string(b))
+}
+
 func TestInstancePatchTestSuite(t *testing.T) {
 	suite.Run(t, &InstancePatchTestSuite{})
 }