vikunja/pkg/routes/api/v2
kolaente cfac0773d7 fix(api/v2): accept real image content-types on avatar upload
Browsers set a real image Content-Type (image/png, image/jpeg, ...) on
the multipart avatar part, while programmatic clients often send
application/octet-stream. The part contentType tag is an allow-list for
Huma's MimeTypeValidator, which runs before the handler; broaden it so
both cases are accepted instead of being rejected with a 422.

The byte-level mimetype.DetectReader check in the handler remains the
real security gate and is unchanged.

Extend the webtest with a case that sends a part declared as image/png
and asserts it reaches the handler successfully.
2026-06-02 11:55:25 +00:00
..
scalar feat(api-v2): vendor scalar api docs bundle 2026-05-31 15:23:32 +02:00
admin_projects.go test(api/v2): assert admin project id via structured json 2026-06-02 07:38:08 +00:00
avatar.go refactor(avatar): share avatar resolution between v1 and v2 handlers 2026-06-02 08:17:00 +00:00
avatar_upload.go fix(api/v2): accept real image content-types on avatar upload 2026-06-02 11:55:25 +00:00
docs.go feat(api/v2): serve Scalar docs UI at /api/v2/docs 2026-05-31 12:56:57 +00:00
errors.go docs(api/v2): mark error code field read-only 2026-05-31 15:29:46 +02:00
errors_test.go fix(api/v2): don't leak internal error detail in 5xx responses 2026-05-31 12:56:57 +00:00
huma.go docs(api/v2): add field and operation descriptions for labels 2026-05-31 12:56:57 +00:00
labels.go docs(api/v2): add field and operation descriptions for labels 2026-05-31 12:56:57 +00:00
project_views.go feat(api/v2): add project view routes 2026-06-01 13:04:34 +00:00
task_duplicate.go feat(api/v2): add task duplicate action (#2815) 2026-06-01 14:13:39 +02:00
types.go feat(api/v2): port Label to per-operation Huma handlers 2026-05-31 12:56:57 +00:00