platform(fix): Fix missing Profiles (#9424)

### What's This PR About?

This PR makes a few simple improvements to how user profiles are handled
in the app:

- **Always Have a Profile:**  
If a user doesn't already have a profile, the system now automatically
creates one with some default info (including a fun, randomly generated
username). This way, you never end up with a missing profile.

- **Better Profile Updates:**  
  Removes the creation of profiles on failed get requests

Author: Swiftyos

autogpt_platform/backend/backend/server/v2/store/db.py

@@ -1,5 +1,4 @@
 import logging
-import random
 from datetime import datetime
 from typing import Optional
 
@@ -17,6 +16,25 @@
 logger = logging.getLogger(__name__)
 
 
+def sanitize_query(query: str | None) -> str | None:
+    if query is None:
+        return query
+    query = query.strip()[:100]
+    return (
+        query.replace("\\", "\\\\")
+        .replace("%", "\\%")
+        .replace("_", "\\_")
+        .replace("[", "\\[")
+        .replace("]", "\\]")
+        .replace("'", "\\'")
+        .replace('"', '\\"')
+        .replace(";", "\\;")
+        .replace("--", "\\--")
+        .replace("/*", "\\/*")
+        .replace("*/", "\\*/")
+    )
+
+
 async def get_store_agents(
     featured: bool = False,
     creator: str | None = None,
@@ -29,29 +47,7 @@ async def get_store_agents(
     logger.debug(
         f"Getting store agents. featured={featured}, creator={creator}, sorted_by={sorted_by}, search={search_query}, category={category}, page={page}"
     )
-    sanitized_query = None
-    # Sanitize and validate search query by escaping special characters
-    if search_query is not None:
-        sanitized_query = search_query.strip()
-        if not sanitized_query or len(sanitized_query) > 100:  # Reasonable length limit
-            raise backend.server.v2.store.exceptions.DatabaseError(
-                f"Invalid search query: len({len(sanitized_query)}) query: {search_query}"
-            )
-
-        # Escape special SQL characters
-        sanitized_query = (
-            sanitized_query.replace("\\", "\\\\")
-            .replace("%", "\\%")
-            .replace("_", "\\_")
-            .replace("[", "\\[")
-            .replace("]", "\\]")
-            .replace("'", "\\'")
-            .replace('"', '\\"')
-            .replace(";", "\\;")
-            .replace("--", "\\--")
-            .replace("/*", "\\/*")
-            .replace("*/", "\\*/")
-        )
+    sanitized_query = sanitize_query(search_query)
 
     where_clause = {}
     if featured:
@@ -93,8 +89,8 @@ async def get_store_agents(
                 slug=agent.slug,
                 agent_name=agent.agent_name,
                 agent_image=agent.agent_image[0] if agent.agent_image else "",
-                creator=agent.creator_username,
-                creator_avatar=agent.creator_avatar,
+                creator=agent.creator_username or "Needs Profile",
+                creator_avatar=agent.creator_avatar or "",
                 sub_heading=agent.sub_heading,
                 description=agent.description,
                 runs=agent.runs,
@@ -114,7 +110,7 @@ async def get_store_agents(
             ),
         )
     except Exception as e:
-        logger.error(f"Error getting store agents: {str(e)}")
+        logger.error(f"Error getting store agents: {e}")
         raise backend.server.v2.store.exceptions.DatabaseError(
             "Failed to fetch store agents"
         ) from e
@@ -156,7 +152,7 @@ async def get_store_agent_details(
     except backend.server.v2.store.exceptions.AgentNotFoundError:
         raise
     except Exception as e:
-        logger.error(f"Error getting store agent details: {str(e)}")
+        logger.error(f"Error getting store agent details: {e}")
         raise backend.server.v2.store.exceptions.DatabaseError(
             "Failed to fetch agent details"
         ) from e
@@ -270,7 +266,7 @@ async def get_store_creators(
             ),
         )
     except Exception as e:
-        logger.error(f"Error getting store creators: {str(e)}")
+        logger.error(f"Error getting store creators: {e}")
         raise backend.server.v2.store.exceptions.DatabaseError(
             "Failed to fetch store creators"
         ) from e
@@ -307,7 +303,7 @@ async def get_store_creator_details(
     except backend.server.v2.store.exceptions.CreatorNotFoundError:
         raise
     except Exception as e:
-        logger.error(f"Error getting store creator details: {str(e)}")
+        logger.error(f"Error getting store creator details: {e}")
         raise backend.server.v2.store.exceptions.DatabaseError(
             "Failed to fetch creator details"
         ) from e
@@ -366,7 +362,7 @@ async def get_store_submissions(
         )
 
     except Exception as e:
-        logger.error(f"Error fetching store submissions: {str(e)}")
+        logger.error(f"Error fetching store submissions: {e}")
         # Return empty response rather than exposing internal errors
         return backend.server.v2.store.model.StoreSubmissionsResponse(
             submissions=[],
@@ -416,7 +412,7 @@ async def delete_store_submission(
         return True
 
     except Exception as e:
-        logger.error(f"Error deleting store submission: {str(e)}")
+        logger.error(f"Error deleting store submission: {e}")
         return False
 
 
@@ -539,7 +535,7 @@ async def create_store_submission(
     ):
         raise
     except prisma.errors.PrismaError as e:
-        logger.error(f"Database error creating store submission: {str(e)}")
+        logger.error(f"Database error creating store submission: {e}")
         raise backend.server.v2.store.exceptions.DatabaseError(
             "Failed to create store submission"
         ) from e
@@ -579,15 +575,15 @@ async def create_store_review(
         )
 
     except prisma.errors.PrismaError as e:
-        logger.error(f"Database error creating store review: {str(e)}")
+        logger.error(f"Database error creating store review: {e}")
         raise backend.server.v2.store.exceptions.DatabaseError(
             "Failed to create store review"
         ) from e
 
 
 async def get_user_profile(
     user_id: str,
-) -> backend.server.v2.store.model.ProfileDetails:
+) -> backend.server.v2.store.model.ProfileDetails | None:
     logger.debug(f"Getting user profile for {user_id}")
 
     try:
@@ -596,25 +592,7 @@ async def get_user_profile(
         )
 
         if not profile:
-            logger.warning(f"Profile not found for user {user_id}")
-            new_profile = await prisma.models.Profile.prisma().create(
-                data=prisma.types.ProfileCreateInput(
-                    userId=user_id,
-                    name="No Profile Data",
-                    username=f"{random.choice(['happy', 'clever', 'swift', 'bright', 'wise'])}-{random.choice(['fox', 'wolf', 'bear', 'eagle', 'owl'])}_{random.randint(1000,9999)}".lower(),
-                    description="No Profile Data",
-                    links=[],
-                    avatarUrl="",
-                )
-            )
-            return backend.server.v2.store.model.ProfileDetails(
-                name=new_profile.name,
-                username=new_profile.username,
-                description=new_profile.description,
-                links=new_profile.links,
-                avatar_url=new_profile.avatarUrl,
-            )
-
+            return None
         return backend.server.v2.store.model.ProfileDetails(
             name=profile.name,
             username=profile.username,
@@ -623,115 +601,90 @@ async def get_user_profile(
             avatar_url=profile.avatarUrl,
         )
     except Exception as e:
-        logger.error(f"Error getting user profile: {str(e)}")
-        return backend.server.v2.store.model.ProfileDetails(
-            name="No Profile Data",
-            username="No Profile Data",
-            description="No Profile Data",
-            links=[],
-            avatar_url="",
-        )
+        logger.error("Error getting user profile: %s", e)
+        raise backend.server.v2.store.exceptions.DatabaseError(
+            "Failed to get user profile"
+        ) from e
 
 
-async def update_or_create_profile(
+async def update_profile(
     user_id: str, profile: backend.server.v2.store.model.Profile
 ) -> backend.server.v2.store.model.CreatorDetails:
     """
-    Update the store profile for a user. Creates a new profile if one doesn't exist.
-    Only allows updating if the user_id matches the owning user.
-    If a field is None, it will not overwrite the existing value in the case of an update.
-
+    Update the store profile for a user or create a new one if it doesn't exist.
     Args:
         user_id: ID of the authenticated user
         profile: Updated profile details
-
     Returns:
-        CreatorDetails: The updated profile
-
+        CreatorDetails: The updated or created profile details
     Raises:
-        HTTPException: If user is not authorized to update this profile
-        DatabaseError: If profile cannot be updated due to database issues
+        DatabaseError: If there's an issue updating or creating the profile
     """
-    logger.info(f"Updating profile for user {user_id} data: {profile}")
-
+    logger.info("Updating profile for user %s with data: %s", user_id, profile)
     try:
-        # Sanitize username to only allow letters and hyphens
+        # Sanitize username to allow only letters, numbers, and hyphens
         username = "".join(
             c if c.isalpha() or c == "-" or c.isnumeric() else ""
             for c in profile.username
         ).lower()
-
+        # Check if profile exists for the given user_id
         existing_profile = await prisma.models.Profile.prisma().find_first(
             where={"userId": user_id}
         )
-
-        # If no profile exists, create a new one
         if not existing_profile:
-            logger.debug(
-                f"No existing profile found. Creating new profile for user {user_id}"
-            )
-            # Create new profile since one doesn't exist
-            new_profile = await prisma.models.Profile.prisma().create(
-                data={
-                    "userId": user_id,
-                    "name": profile.name,
-                    "username": username,
-                    "description": profile.description,
-                    "links": profile.links or [],
-                    "avatarUrl": profile.avatar_url,
-                    "isFeatured": False,
-                }
+            raise backend.server.v2.store.exceptions.ProfileNotFoundError(
+                f"Profile not found for user {user_id}. This should not be possible."
             )
 
-            return backend.server.v2.store.model.CreatorDetails(
-                name=new_profile.name,
-                username=new_profile.username,
-                description=new_profile.description,
-                links=new_profile.links,
-                avatar_url=new_profile.avatarUrl or "",
-                agent_rating=0.0,
-                agent_runs=0,
-                top_categories=[],
+        # Verify that the user is authorized to update this profile
+        if existing_profile.userId != user_id:
+            logger.error(
+                "Unauthorized update attempt for profile %s by user %s",
+                existing_profile.userId,
+                user_id,
             )
-        else:
-            logger.debug(f"Updating existing profile for user {user_id}")
-            # Update only provided fields for the existing profile
-            update_data = {}
-            if profile.name is not None:
-                update_data["name"] = profile.name
-            if profile.username is not None:
-                update_data["username"] = username
-            if profile.description is not None:
-                update_data["description"] = profile.description
-            if profile.links is not None:
-                update_data["links"] = profile.links
-            if profile.avatar_url is not None:
-                update_data["avatarUrl"] = profile.avatar_url
-
-            # Update the existing profile
-            updated_profile = await prisma.models.Profile.prisma().update(
-                where={"id": existing_profile.id},
-                data=prisma.types.ProfileUpdateInput(**update_data),
+            raise backend.server.v2.store.exceptions.DatabaseError(
+                f"Unauthorized update attempt for profile {existing_profile.id} by user {user_id}"
             )
-            if updated_profile is None:
-                logger.error(f"Failed to update profile for user {user_id}")
-                raise backend.server.v2.store.exceptions.DatabaseError(
-                    "Failed to update profile"
-                )
-
-            return backend.server.v2.store.model.CreatorDetails(
-                name=updated_profile.name,
-                username=updated_profile.username,
-                description=updated_profile.description,
-                links=updated_profile.links,
-                avatar_url=updated_profile.avatarUrl or "",
-                agent_rating=0.0,
-                agent_runs=0,
-                top_categories=[],
+
+        logger.debug("Updating existing profile for user %s", user_id)
+        # Prepare update data, only including non-None values
+        update_data = {}
+        if profile.name is not None:
+            update_data["name"] = profile.name
+        if profile.username is not None:
+            update_data["username"] = username
+        if profile.description is not None:
+            update_data["description"] = profile.description
+        if profile.links is not None:
+            update_data["links"] = profile.links
+        if profile.avatar_url is not None:
+            update_data["avatarUrl"] = profile.avatar_url
+
+        # Update the existing profile
+        updated_profile = await prisma.models.Profile.prisma().update(
+            where={"id": existing_profile.id},
+            data=prisma.types.ProfileUpdateInput(**update_data),
+        )
+        if updated_profile is None:
+            logger.error("Failed to update profile for user %s", user_id)
+            raise backend.server.v2.store.exceptions.DatabaseError(
+                "Failed to update profile"
             )
 
+        return backend.server.v2.store.model.CreatorDetails(
+            name=updated_profile.name,
+            username=updated_profile.username,
+            description=updated_profile.description,
+            links=updated_profile.links,
+            avatar_url=updated_profile.avatarUrl or "",
+            agent_rating=0.0,
+            agent_runs=0,
+            top_categories=[],
+        )
+
     except prisma.errors.PrismaError as e:
-        logger.error(f"Database error updating profile: {str(e)}")
+        logger.error("Database error updating profile: %s", e)
         raise backend.server.v2.store.exceptions.DatabaseError(
             "Failed to update profile"
         ) from e
@@ -796,7 +749,7 @@ async def get_my_agents(
             ),
         )
     except Exception as e:
-        logger.error(f"Error getting my agents: {str(e)}")
+        logger.error(f"Error getting my agents: {e}")
         raise backend.server.v2.store.exceptions.DatabaseError(
             "Failed to fetch my agents"
         ) from e
@@ -840,7 +793,7 @@ async def get_agent(
         return graph
 
     except Exception as e:
-        logger.error(f"Error getting agent: {str(e)}")
+        logger.error(f"Error getting agent: {e}")
         raise backend.server.v2.store.exceptions.DatabaseError(
             "Failed to fetch agent"
         ) from e
@@ -905,7 +858,7 @@ async def review_store_submission(
         return submission
 
     except Exception as e:
-        logger.error(f"Could not create store submission review: {str(e)}")
+        logger.error(f"Could not create store submission review: {e}")
         raise backend.server.v2.store.exceptions.DatabaseError(
             "Failed to create store submission review"
         ) from e