feat: add azure blob storage upload

[lorenzocorallo]

• add azure blob storage client
• add endpoint to change user profile picture

[coderabbitai]

Warning

Review limit reached

@lorenzocorallo, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 38 minutes and 5 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 25c26a42-59e5-408b-92dc-175488324e5d

📥 Commits

Reviewing files that changed from the base of the PR and between 056726a and 6f28a4f.

📒 Files selected for processing (3)

• package/package.json
• src/azure/blob.ts
• src/routers/auth.ts

Walkthrough

This PR adds Azure Blob Storage integration to enable user profile picture uploads. The version is bumped to 0.16.0 with the blob SDK dependency added. A new updateProfilePic TRPC mutation validates uploaded images and stores them in Azure, updating the user record with the image URL. The auth router is registered in the main TRPC app and the blob module is initialized at startup.

Changes

Profile Picture Upload via Azure Blob Storage

Layer / File(s)	Summary
Version and dependency updates package.json, package/package.json	Version bumped to 0.16.0; @azure/storage-blob SDK dependency added with constraint ^12.31.0.
Azure Blob Storage initialization and upload function src/env.ts, src/azure/blob.ts	Environment variables AZURE_BLOB_STORAGE_ACCOUNT and AZURE_BLOB_STORAGE_CONTAINER added; blob service and container clients initialized via DefaultAzureCredential; uploadBlob function creates timestamped filenames, uploads buffers, and returns public URLs.
Profile picture mutation with validation and database update src/routers/auth.ts	New authRouter with updateProfilePic mutation validates FormData (userId, image file), enforces PNG/JPEG types and 1MB limit, uploads via uploadBlob, updates user record with image URL, and returns success status.
Auth router registration and server initialization src/routers/index.ts, src/server.ts	authRouter imported and registered under auth namespace in main TRPC app; blob module loaded at server startup.

🚥 Pre-merge checks | ✅ 3 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'feat: add azure blob storage upload' clearly and concisely summarizes the main feature addition of Azure Blob Storage integration, which is the primary focus of the changeset.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 4

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/azure/blob.ts`:
- Line 22: The upload call currently uses blobClient.upload(buffer,
buffer.length) which stores blobs as application/octet-stream; update the upload
invocation to pass the original MIME type via the upload options by supplying
blobHTTPHeaders.blobContentType (e.g., use blobClient.upload(buffer,
buffer.length, { blobHTTPHeaders: { blobContentType: contentType } })),
threading the original contentType/mimeType value from wherever the file/origin
is provided into the call so images render in browsers.
- Line 19: The filename generation using `const filename =
\`upload_${Date.now()}.${extension}\`` can collide under concurrent uploads;
modify the logic that builds `filename` to append or replace the timestamp with
a strong random component from the existing `nanoid` dependency (e.g., combine
`Date.now()` and `nanoid()` or use `nanoid()` alone) to guarantee uniqueness and
unpredictability, ensure `nanoid` is imported where `filename` is created
(import { nanoid } from 'nanoid'), and keep the file extension from `extension`
while producing a blob-safe string.

In `@src/routers/auth.ts`:
- Around line 9-29: The updateProfilePic handler currently defined as
publicProcedure trusts input.userId and updates SCHEMA.AUTH.user, enabling IDOR;
change it to use the authenticated identity (ctx.userId) instead of the input
userId or make it a protected/authenticated procedure and assert input.userId
=== ctx.userId before performing the DB.update in updateProfilePic; ensure you
reference the trpc context user id (ctx.userId from server.ts) and only call
DB.update(SCHEMA.AUTH.user).set(...) when the authenticated id matches the
target.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 43b933e9-bba2-4dbe-b64e-e0568d0b0730

📥 Commits

Reviewing files that changed from the base of the PR and between 07aa3c1 and 056726a.

⛔ Files ignored due to path filters (1)

• bun.lock is excluded by !**/*.lock

📒 Files selected for processing (7)

• package.json
• package/package.json
• src/azure/blob.ts
• src/env.ts
• src/routers/auth.ts
• src/routers/index.ts
• src/server.ts