Skip to content
d3cloud Docs

API - User Routes

Source of truth: d3chat/backend/app/routers/users.py

Prefix: /api/v1/users

All routes below require Bearer auth.

GET /me

Returns current user profile.

PATCH /me

Partial profile update.

Allowed fields:

  • username
  • email
  • display_name
  • bio
  • status_message
  • email_visible
  • preferences

Request example:

{
  "display_name": "Alice L",
  "bio": "Building federated chat",
  "email_visible": false
}

POST /me/avatar

Multipart upload endpoint.

  • allowed MIME: image/jpeg, image/png, image/webp, image/gif
  • max size from MAX_AVATAR_SIZE_BYTES (default 2MB)
  • stored under <upload_dir>/avatars/<user_id>.<ext>

Returns updated user response including avatar_url.

DELETE /me/avatar

Deletes avatar file and clears avatar path.

POST /me/password

Changes local password.

Request:

{
  "old_password": "CurrentPass123",
  "new_password": "NewPass123"
}

Notes:

  • Returns 400 if old password is wrong.
  • Returns 400 for remote users (no local password hash).
  • Returns 204 on success.

GET /search?q=<term>

Searches users by username (ilike), returns up to 20 profiles.

GET /lookup?identity=user@server

Lookup flow:

  1. checks local DB for exact username + server_domain
  2. if missing and server is remote, performs signed federation lookup
  3. if found remotely, creates local remote-user record (is_local=false)

Returns 404 when user cannot be resolved.

GET /{user_id}

Returns public profile by UUID, respecting email_visible policy.