From bcc150a24d3ddab7bc6940eaeeed09bbe830bcfe Mon Sep 17 00:00:00 2001
From: Oliver Bryan <04oliverbryan@gmail.com>
Date: Thu, 1 Jan 2026 06:58:13 +0000
Subject: [PATCH] avatarURL for register and update routes

---
 packages/backend/src/routes/auth/register.ts | 4 ++--
 packages/backend/src/routes/user/update.ts   | 5 +++--
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/packages/backend/src/routes/auth/register.ts b/packages/backend/src/routes/auth/register.ts
index 879484d..c3c1d85 100644
--- a/packages/backend/src/routes/auth/register.ts
+++ b/packages/backend/src/routes/auth/register.ts
@@ -21,7 +21,7 @@ export default async function register(req: BunRequest) {
         return new Response("invalid request body", { status: 400 });
     }
 
-    const { name, username, password } = body as Record<string, unknown>;
+    const { name, username, password, avatarURL } = body as Record<string, unknown>;
 
     if (!isNonEmptyString(name) || !isNonEmptyString(username) || !isNonEmptyString(password)) {
         return new Response("name, username, and password are required", { status: 400 });
@@ -41,7 +41,7 @@ export default async function register(req: BunRequest) {
     }
 
     const passwordHash = await hashPassword(password);
-    const user = await createUser(name, username, passwordHash);
+    const user = await createUser(name, username, passwordHash, avatarURL as string | undefined);
     if (!user) {
         return new Response("failed to create user", { status: 500 });
     }
diff --git a/packages/backend/src/routes/user/update.ts b/packages/backend/src/routes/user/update.ts
index 91f889f..3111072 100644
--- a/packages/backend/src/routes/user/update.ts
+++ b/packages/backend/src/routes/user/update.ts
@@ -3,7 +3,7 @@ import type { AuthedRequest } from "../../auth/middleware";
 import { hashPassword } from "../../auth/utils";
 import { getUserById } from "../../db/queries";
 
-// /user/update?id=1&name=NewName&password=NewPassword
+// /user/update?id=1&name=NewName&password=NewPassword&avatarURL=...
 export default async function update(req: AuthedRequest) {
     const url = new URL(req.url);
     const id = url.searchParams.get("id");
@@ -18,13 +18,14 @@ export default async function update(req: AuthedRequest) {
 
     const name = url.searchParams.get("name") || undefined;
     const password = url.searchParams.get("password") || undefined;
+    const avatarURL = url.searchParams.get("avatarURL") || undefined;
     let passwordHash: string | undefined;
     if (password !== undefined) {
         passwordHash = await hashPassword(password);
     }
 
     const { updateById } = await import("../../db/queries/users");
-    const updatedUser = await updateById(user.id, { name, passwordHash });
+    const updatedUser = await updateById(user.id, { name, passwordHash, avatarURL });
 
     if (!updatedUser) {
         return new Response("failed to update user", { status: 500 });