feat: add branding module for custom logo, favicon, and settings

Add BrandingController with upload/serve/delete endpoints for custom
branding assets (logo, favicon) stored in S3/MinIO. Supports admin-only
uploads with file type validation, streaming serve with cache headers,
and settings upsert via Hasura for live branding updates.

Author: Flegma

src/app.module.ts

@@ -41,6 +41,7 @@ import { Transport } from "@nestjs/microservices";
 import { DedicatedServersModule } from "./dedicated-servers/dedicated-servers.module";
 import { K8sModule } from "./k8s/k8s.module";
 import { FileManagerModule } from "./file-manager/file-manager.module";
+import { BrandingModule } from "./branding/branding.module";
 
 @Module({
   imports: [
@@ -122,6 +123,7 @@ import { FileManagerModule } from "./file-manager/file-manager.module";
     DedicatedServersModule,
     K8sModule,
     FileManagerModule,
+    BrandingModule,
   ],
   providers: [loggerFactory()],
   controllers: [AppController, QuickConnectController],

src/branding/branding.controller.ts

@@ -0,0 +1,107 @@
+import {
+  Controller,
+  Post,
+  Get,
+  Delete,
+  Param,
+  Body,
+  UploadedFile,
+  UseInterceptors,
+  ParseFilePipe,
+  MaxFileSizeValidator,
+  FileTypeValidator,
+  Req,
+  Res,
+  ForbiddenException,
+  NotFoundException,
+  BadRequestException,
+} from "@nestjs/common";
+import { FileInterceptor } from "@nestjs/platform-express";
+import { Request, Response } from "express";
+import { BrandingService } from "./branding.service";
+
+@Controller("branding")
+export class BrandingController {
+  constructor(private readonly brandingService: BrandingService) {}
+
+  @Post("upload")
+  @UseInterceptors(FileInterceptor("file"))
+  async upload(
+    @Req() request: Request,
+    @UploadedFile(
+      new ParseFilePipe({
+        validators: [
+          new MaxFileSizeValidator({ maxSize: 5 * 1024 * 1024 }),
+          new FileTypeValidator({
+            fileType: /image\/(png|jpeg|svg\+xml|webp|x-icon)/,
+          }),
+        ],
+      }),
+    )
+    file: Express.Multer.File,
+    @Body("type") type: string,
+  ) {
+    this.requireAdmin(request);
+
+    if (type !== "logo" && type !== "favicon") {
+      throw new BadRequestException("Type must be 'logo' or 'favicon'");
+    }
+
+    const path = await this.brandingService.uploadFile(
+      type,
+      file.buffer,
+      file.mimetype,
+    );
+
+    return { success: true, path };
+  }
+
+  @Get(":type")
+  async serve(
+    @Param("type") type: string,
+    @Res() res: Response,
+  ) {
+    if (type !== "logo" && type !== "favicon") {
+      throw new NotFoundException();
+    }
+
+    const result = await this.brandingService.getFile(type);
+
+    if (!result) {
+      throw new NotFoundException("No custom branding found");
+    }
+
+    res.setHeader("Content-Type", result.contentType);
+    res.setHeader("Cache-Control", "public, max-age=3600");
+    if (result.etag) {
+      res.setHeader("ETag", result.etag);
+    }
+
+    result.stream.pipe(res);
+  }
+
+  @Delete(":type")
+  async remove(
+    @Param("type") type: string,
+    @Req() request: Request,
+  ) {
+    this.requireAdmin(request);
+
+    if (type !== "logo" && type !== "favicon") {
+      throw new BadRequestException("Type must be 'logo' or 'favicon'");
+    }
+
+    await this.brandingService.deleteFile(type);
+    return { success: true };
+  }
+
+  private requireAdmin(request: Request) {
+    const user = request.user as any;
+    if (!user) {
+      throw new ForbiddenException("Authentication required");
+    }
+    if (user.role !== "administrator") {
+      throw new ForbiddenException("Administrator access required");
+    }
+  }
+}

src/branding/branding.module.ts

@@ -0,0 +1,13 @@
+import { Module } from "@nestjs/common";
+import { BrandingService } from "./branding.service";
+import { BrandingController } from "./branding.controller";
+import { S3Module } from "../s3/s3.module";
+import { HasuraModule } from "../hasura/hasura.module";
+import { loggerFactory } from "../utilities/LoggerFactory";
+
+@Module({
+  imports: [S3Module, HasuraModule],
+  providers: [BrandingService, loggerFactory()],
+  controllers: [BrandingController],
+})
+export class BrandingModule {}

src/branding/branding.service.ts

@@ -0,0 +1,129 @@
+import { Injectable, Logger } from "@nestjs/common";
+import { S3Service } from "../s3/s3.service";
+import { HasuraService } from "../hasura/hasura.service";
+
+@Injectable()
+export class BrandingService {
+  constructor(
+    private readonly logger: Logger,
+    private readonly s3: S3Service,
+    private readonly hasura: HasuraService,
+  ) {}
+
+  async uploadFile(
+    type: "logo" | "favicon",
+    buffer: Buffer,
+    mimetype: string,
+  ): Promise<string> {
+    const extension = this.getExtension(mimetype);
+    const path = `branding/${type}.${extension}`;
+
+    await this.s3.put(path, buffer);
+
+    const settingName =
+      type === "logo" ? "public.logo_url" : "public.favicon_url";
+
+    await this.upsertSetting(settingName, path);
+
+    this.logger.log(`Uploaded branding ${type} to ${path}`);
+    return path;
+  }
+
+  async getFile(type: "logo" | "favicon") {
+    const settingName =
+      type === "logo" ? "public.logo_url" : "public.favicon_url";
+
+    const { settings_by_pk } = await this.hasura.query({
+      settings_by_pk: {
+        __args: { name: settingName },
+        value: true,
+      },
+    });
+
+    if (!settings_by_pk?.value) {
+      return null;
+    }
+
+    const filePath = settings_by_pk.value;
+
+    const exists = await this.s3.has(filePath);
+    if (!exists) {
+      return null;
+    }
+
+    const stream = await this.s3.get(filePath);
+    const stat = await this.s3.stat(filePath);
+
+    return {
+      stream,
+      contentType: stat.metaData?.["content-type"] || this.guessContentType(filePath),
+      etag: stat.etag,
+    };
+  }
+
+  async deleteFile(type: "logo" | "favicon"): Promise<boolean> {
+    const settingName =
+      type === "logo" ? "public.logo_url" : "public.favicon_url";
+
+    const { settings_by_pk } = await this.hasura.query({
+      settings_by_pk: {
+        __args: { name: settingName },
+        value: true,
+      },
+    });
+
+    if (settings_by_pk?.value) {
+      await this.s3.remove(settings_by_pk.value);
+    }
+
+    await this.deleteSetting(settingName);
+
+    this.logger.log(`Deleted branding ${type}`);
+    return true;
+  }
+
+  private async upsertSetting(name: string, value: string) {
+    await this.hasura.mutation({
+      insert_settings_one: {
+        __args: {
+          object: { name, value },
+          on_conflict: {
+            constraint: "settings_pkey",
+            update_columns: ["value"],
+          },
+        },
+        __typename: true,
+      },
+    });
+  }
+
+  private async deleteSetting(name: string) {
+    await this.hasura.mutation({
+      delete_settings_by_pk: {
+        __args: { name },
+        __typename: true,
+      },
+    });
+  }
+
+  private getExtension(mimetype: string): string {
+    const map: Record<string, string> = {
+      "image/png": "png",
+      "image/jpeg": "jpg",
+      "image/svg+xml": "svg",
+      "image/webp": "webp",
+      "image/x-icon": "ico",
+    };
+    return map[mimetype] || "png";
+  }
+
+  private guessContentType(filePath: string): string {
+    if (filePath.endsWith(".svg")) return "image/svg+xml";
+    if (filePath.endsWith(".png")) return "image/png";
+    if (filePath.endsWith(".jpg") || filePath.endsWith(".jpeg"))
+      return "image/jpeg";
+    if (filePath.endsWith(".webp")) return "image/webp";
+    if (filePath.endsWith(".ico")) return "image/x-icon";
+    return "application/octet-stream";
+  }
+}