Summary
Backend should validate uploaded PNG assets instead of only accepting base64-looking strings.
Scope
- Validate that avatar, sticker, and POI picture payloads decode as PNG.
- Enforce dimensions: avatars/stickers 64x64, POI pictures 128x128.
- Enforce reasonable byte-size limits before storing inline in Postgres.
- Validate sticker palette metadata against the fixed app palette.
- Return clear validation errors before moderation/storage.
Context
Phase 0 stores image payloads as base64 PNG strings. The shared schemas can check shape lightly, but real image decoding and dimension checks belong in the API backend.
Summary
Backend should validate uploaded PNG assets instead of only accepting base64-looking strings.
Scope
Context
Phase 0 stores image payloads as base64 PNG strings. The shared schemas can check shape lightly, but real image decoding and dimension checks belong in the API backend.